[p2p-hackers] Privacy issues with P2P protocols

Arnaud Legout arnaud.legout at inria.fr
Tue Nov 8 09:20:28 PST 2011


Hi,

I would like to point you to a recent work we made that we believe
might be of interest to the BitTorrent/P2P community.

In this work that was presented at IMC'11, we show what we believe
to be a significant privacy issue for most P2P protocols.

-We show that leveraging on Skype, we can map a social identity (name,
age, location, email address, etc.) to an IP address fully
inconspicuously. This attack works for all (500M) Skype users. This is
severe as an attacker does not need the ISP support (that an
individual cannot usually get) to retrieve the social identity linked
to an IP address.

-We show that we can then follow the mobility of a Skype user, and we
 found that we can indeed observe real mobility patterns for a large
 fraction of Skype users.

-Finally, we were able to link a Skype identity to a list of
 BitTorrent downloads even if the user is behind a NAT or a proxy (we
 use the predictability of the IP-ID in IP headers to make sure that
 two different applications are running on the same host).

That attack described uses Skype, but would also work with several
other popular VoIP systems.

All details are available here:

http://hal.inria.fr/inria-00632780/en/

Regards,
Arnaud.

_______________________________________________
p2p-hackers mailing list
p2p-hackers at lists.zooko.com
http://lists.zooko.com/mailman/listinfo/p2p-hackers

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE





More information about the cypherpunks-legacy mailing list