An FPGA-based system for tracking digital information transmitted via Peer-to-Peer protocols

Karl R. Schrader, Barry E. Mullins, Gilbert L. Peterson, Robert F. Mills
2010 International Journal of Security and Networks (IJSN)  
This thesis addresses the problem of identifying and tracking digital information that is shared using peer-to-peer file transfer and Voice over IP (VoIP) protocols. The goal of the research is to develop a system for detecting and tracking the illicit dissemination of sensitive government information using file sharing applications within a target network, and tracking terrorist cells or criminal organizations that are covertly communicating using VoIP applications. A digital forensic tool is
more » ... eveloped using an FPGA-based embedded software application. The tool is designed to process file transfers using the BitTorrent peer-topeer protocol and VoIP phone calls made using the Session Initiation Protocol (SIP). The tool searches a network for selected peer-to-peer control messages using payload analysis and compares the unique identifier of the file being shared or phone number being used against a list of known contraband files or phone numbers. If the identifier is found on the list, the control packet is added to a log file for later forensic analysis. Results show that the FPGA tool processes peer-to-peer packets of interest 92% faster than a software-only configuration and is 99.0% accurate at capturing and processing BitTorrent Handshake messages under a network traffic load of at least 89.6 Mbps. When SIP is added to the system, the probability of intercept for BitTorrent Handshake messages remains at 99.0% and the probability of intercept for SIP control packets is 97.6% under a network traffic load of at least 89.6 Mbps, demonstrating that the tool can be expanded to process additional peer-to-peer protocols with minimal impact on overall performance. iv I greatly appreciate the help of Major David Olander, whose insight and assistance made the process of learning how to program and implement the experimental system a less painful experience. I would also like to thank Captain Benjamin Ramsey for reminding me that Voice over IP is also a peer-to-peer protocol. Finally, I would be remiss without thanking my wife. Her continuous support and understanding were priceless throughout this process. Karl R. Schrader v AFIOC/IO Approval for public release; distribution is unlimited. This research addresses the problem of tracking digital information that is shared using peer-to-peer file transfer and VoIP protocols for the purposes of illicitly disseminating sensitive government information and for covert communication by terrorist cells or criminal organizations. A digital forensic tool is created that searches a network for peer-to-peer control messages, extracts the unique identifier of the file or phone number being used, and compares it against a list of known contraband files or phone numbers. If the identifier is on the list, the control packet is saved for later forensic analysis. The system is implemented using an FPGA-based embedded software application, and processes file transfers using the BitTorrent protocol and VoIP phone calls made using the Session Initiation Protocol (SIP). Results show that the final design processes peer-to-peer packets of interest 92% faster than a software-only configuration, and is able to successfully capture and process BitTorrent Handshake messages with a probability of at least 99.0% and SIP control packets with a probability of at least 97.6% under a network traffic load of at least 89.6 Mbps. computer networks, peer-to-peer networking, information security, criminal investigations, forensic analysis U U U UU
doi:10.1504/ijsn.2010.037662 fatcat:z5urs75edbbiviqdz2nyulm5sa