City student helps to prevent a major internet attack
City University London PhD student (Electrical Engineering), Florian Adamsky, has helped to rescue BitTorrent from a catastrophic fate. BitTorrent is a collection of content distribution protocols that enable movies and television shows to be shared online. It also allows users to serve as network redistribution points.
At the influential USENIX Security Symposium in Washington DC (August 12th to 14th), Florian and co-authors (including his PhD supervisors, Professor Muttukrishnan Rajarajan and Professor Rudolf Jager) presented a paper which documented the vulnerability of the BitTorrent family of protocols - Micro Transport Protocol (uTP), Distributed Hash Table (DHT), Message Stream Encryption (MSE) and BitTorrent Sync. Ahead of public disclosure at USENIX, Florian and researchers informed BitTorrent engineers of their findings, which led to BitTorrent taking timely corrective action to mitigate the flaw which could have diverted user traffic to launch significantly amplified Distributed Reflected Denial of Service (DRDoS) attacks. Florian, an external student from the Technische Hochschule Mittelhessen (THM) University of Applied Sciences, in Friedberg, Germany, is happy about averting a possible large-scale attack on internet users:
“It feels good to know that our research has real-world impact and that we contributed to a more secure Peer-to-Peer (P2P) protocol such as BitTorrent. We followed responsible disclosure practices, which means we contacted BitTorrent a month before we presented our paper in Washington. The engineers at the company quickly realized that they had a major problem on their hands and quickly developed a patch for the vulnerability.”
Florian first heard about City from two of his friends who completed their PhDs at the University. He has been a computer user since the age of six and has been fascinated with digital technology ever since. His father wrote a few basic computer games for him and he quickly progressed to mastering a number of games. By the time he reached 12, he had installed a Linux distribution programme on his PC.
He says he is pleased to be undertaking his studies under the supervision of Professor Rajarajan.
When he is not hard at work researching issues around privacy, anonymity and network security, Florian can be found hiking and reading science fiction literature.
A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. A Distributed Reflective Denial of Service attack (DRDoS) attack makes use of a potentially legitimate third party to send attack traffic to a user, masking the attackers’ own identity. The attackers send packets of information to reflector servers with a source internet protocol (IP) address set to their victims’ IP address, overwhelming the user with the response packets.