public SimulatedPasswords(DebugLogger logger, ExperimentalConfiguration config)
{
_logger = logger;
_logger.WriteStatus("Configuring...");
LoadPasswordSelector(config.PasswordFrequencyFile);
if (config.PopularPasswordsToRemoveFromDistribution > 0)
{
_passwordSelector = _passwordSelector.TrimToRemoveInitialItems(config.PopularPasswordsToRemoveFromDistribution);
}
//_logger.WriteStatus("Loading passwords known to be common by the algorithm before the attack");
LoadKnownPopularPasswords(config.PreviouslyKnownPopularPasswordFile);
// _logger.WriteStatus("Creating common password selector");
_commonPasswordSelector = _passwordSelector.TrimToInitialItems(
(int)config.NumberOfPopularPasswordsForAttackerToExploit);
// _logger.WriteStatus("Finished creating common password selector");
// _logger.WriteStatus("Creating list of most common passwords");
OrderedListOfMostCommonPasswords =
_passwordSelector.GetItems();
//_logger.WriteStatus("Finished creating list of most common passwords");
}
public Simulator(DebugLogger logger, string path, ExperimentalConfiguration myExperimentalConfiguration, SimulatedPasswords simPasswords)
{
_simPasswords = simPasswords;
_logger = logger;
if (_Attempts == null)
{
_Attempts = new ConcurrentStreamWriter(path + "Attempts.txt");
}
_logger.WriteStatus("Entered Simulator constructor");
_experimentalConfiguration = myExperimentalConfiguration;
BlockingAlgorithmOptions options = _experimentalConfiguration.BlockingOptions;
//_logger.WriteStatus("Creating binomial ladder");
_binomialLadderFilter =
new BinomialLadderFilter(options.NumberOfBitsInBinomialLadderFilter_N, options.HeightOfBinomialLadder_H);
_ipHistoryCache = new ConcurrentDictionary <IPAddress, SimIpHistory>();
_userAccountController = new SimulatedUserAccountController();
_recentIncorrectPasswords = new AgingMembershipSketch(16, 128 * 1024);
//_logger.WriteStatus("Exiting Simulator constructor");
}
public void Generate(ExperimentalConfiguration experimentalConfiguration)
{
SimulatedUserAccountController simUserAccountController = new SimulatedUserAccountController();
_logger.WriteStatus("Creating accounts");
ConcurrentBag <SimulatedUserAccount> benignSimulatedAccountBag = new ConcurrentBag <SimulatedUserAccount>();
Parallel.For(0, (int)experimentalConfiguration.NumberOfBenignAccounts, (index) =>
{
//if (index > 0 && index % 10000 == 0)
// _logger.WriteStatus("Created {0:N0} benign accounts", index);
SimulatedUserAccount userAccount = simUserAccountController.Create(
"user_" + index.ToString(),
_simPasswords.GetPasswordFromWeightedDistribution()
);
userAccount.ClientAddresses.Add(_ipPool.GetNewRandomBenignIp());
string initialCookie = StrongRandomNumberGenerator.Get64Bits().ToString();
userAccount.Cookies.Add(initialCookie);
userAccount.HashesOfCookiesOfClientsThatHaveSuccessfullyLoggedIntoThisAccount[initialCookie] = true;
benignSimulatedAccountBag.Add(userAccount);
double inverseFrequency = Distributions.GetLogNormal(0, 1);
if (inverseFrequency < 0.01d)
{
inverseFrequency = 0.01d;
}
if (inverseFrequency > 50d)
{
inverseFrequency = 50d;
}
double frequency = 1 / inverseFrequency;
lock (BenignAccountSelector)
{
BenignAccountSelector.AddItem(userAccount, frequency);
}
});
BenignAccounts = benignSimulatedAccountBag.ToList();
// _logger.WriteStatus("Finished creating {0:N0} benign accounts",
// experimentalConfiguration.NumberOfBenignAccounts);
//_logger.WriteStatus("Creating attacker IPs");
_ipPool.GenerateAttackersIps();
//_logger.WriteStatus("Creating {0:N0} attacker accounts",
// experimentalConfiguration.NumberOfAttackerControlledAccounts);
ConcurrentBag <SimulatedUserAccount> maliciousSimulatedAccountBag = new ConcurrentBag <SimulatedUserAccount>();
Parallel.For(0, (int)experimentalConfiguration.NumberOfAttackerControlledAccounts, (index) =>
{
SimulatedUserAccount userAccount = simUserAccountController.Create(
"attacker_" + index.ToString(),
_simPasswords.GetPasswordFromWeightedDistribution());
userAccount.ClientAddresses.Add(_ipPool.GetRandomMaliciousIp());
maliciousSimulatedAccountBag.Add(userAccount);
});
AttackerAccounts = maliciousSimulatedAccountBag.ToList();
_logger.WriteStatus("Finished creating accounts",
experimentalConfiguration.NumberOfAttackerControlledAccounts);
Parallel.ForEach(BenignAccounts.Union(AttackerAccounts),
(simAccount, loopState) =>
{
simAccount.CreditHalfLife = experimentalConfiguration.BlockingOptions.AccountCreditLimitHalfLife;
simAccount.CreditLimit = experimentalConfiguration.BlockingOptions.AccountCreditLimit;
foreach (string cookie in simAccount.Cookies)
{
simUserAccountController.HasClientWithThisHashedCookieSuccessfullyLoggedInBefore(
simAccount,
LoginAttempt.HashCookie(cookie));
}
});
//_logger.WriteStatus("Finished creating user accounts for each simluated account record");
}
public async Task RunAsync(DebugLogger _logger, IpPool _ipPool)
{
TestConfiguration configuration = InitTest();
_logger.WriteStatus(" "); _logger.WriteStatus(" "); _logger.WriteStatus(" ");
_logger.WriteStatus("01)--------------------------------------------------------------------------");
_logger.WriteStatus("Test With Correct User Account");
CreateTestAccount(configuration, Username1, Password1);
for (int i = 0; i < 1; i++)
{
LoginAttempt attempt = await AuthenticateAsync(configuration, Username1, Password1, Ip1);
_logger.WriteStatus("Result - " + attempt.Outcome);
}
_logger.WriteStatus("-----------------------------------------------------------------------------");
_logger.WriteStatus(" ");
_logger.WriteStatus("02)--------------------------------------------------------------------------");
_logger.WriteStatus("Test With Correct User Account with multiple login attempts ");
string[] usernames = CreateUserAccounts(configuration, 200);
foreach (string username in usernames.Skip(10))
{
await AuthenticateAsync(configuration, username, Password1, clientAddress : Ip1);
}
for (int i = 0; i < 1; i++)
{
LoginAttempt attempt = await AuthenticateAsync(configuration, Username1, Password1, Ip1);
_logger.WriteStatus("Result - " + attempt.Outcome);
}
_logger.WriteStatus("-----------------------------------------------------------------------------");
_logger.WriteStatus(" ");
_logger.WriteStatus("03)--------------------------------------------------------------------------");
_logger.WriteStatus("Test With InCorrect Username ");
for (int i = 0; i < 1; i++)
{
LoginAttempt attempt = await AuthenticateAsync(configuration, "Invalid Account", Password1, Ip2, cookieProvidedByBrowser : "GimmeCookie");
_logger.WriteStatus("Result - " + attempt.Outcome);
}
_logger.WriteStatus("-----------------------------------------------------------------------------");
_logger.WriteStatus(" ");
_logger.WriteStatus("04)--------------------------------------------------------------------------");
_logger.WriteStatus("Test With InCorrect Username Multiple Attempts ");
for (int i = 0; i < 1; i++)
{
LoginAttempt attempt = await AuthenticateAsync(configuration, "Invalid Account", Password1, Ip2, cookieProvidedByBrowser : "GimmeCookie");
_logger.WriteStatus("Result - " + attempt.Outcome);
}
_logger.WriteStatus("-----------------------------------------------------------------------------");
_logger.WriteStatus(" ");
_logger.WriteStatus("05)--------------------------------------------------------------------------");
_logger.WriteStatus("Test With InCorrect Password ");
for (int i = 0; i < 1; i++)
{
LoginAttempt attempt = await AuthenticateAsync(configuration, Username1, "Incorrect Password", Ip3, cookieProvidedByBrowser : "GimmeCookie");
_logger.WriteStatus("Result - " + attempt.Outcome);
}
_logger.WriteStatus("-----------------------------------------------------------------------------");
_logger.WriteStatus(" ");
_logger.WriteStatus("06)--------------------------------------------------------------------------");
_logger.WriteStatus("Test With InCorrect Password Multiple Attempts ");
for (int i = 0; i < 1; i++)
{
LoginAttempt attempt = await AuthenticateAsync(configuration, Username1, "Incorrect Password", Ip3, cookieProvidedByBrowser : "GimmeCookie");
_logger.WriteStatus("Result - " + attempt.Outcome);
}
_logger.WriteStatus("-----------------------------------------------------------------------------");
}
public async Task RunAsync()
{
_logger.WriteStatus("In RunInBackground");
//_logger.WriteStatus("Priming password-tracking with known common passwords");
_simPasswords.PrimeWithKnownPasswordsAsync(_binomialLadderFilter, 40);
//_logger.WriteStatus("Finished priming password-tracking with known common passwords");
//_logger.WriteStatus("Creating IP Pool");
_ipPool = new IpPool(_experimentalConfiguration);
//_logger.WriteStatus("Generating simualted account records");
_simAccounts = new SimulatedAccounts(_ipPool, _simPasswords, _logger);
_simAccounts.Generate(_experimentalConfiguration);
//_logger.WriteStatus("Creating login-attempt generator");
_attemptGenerator = new SimulatedLoginAttemptGenerator(_experimentalConfiguration, _simAccounts, _ipPool,
_simPasswords);
_logger.WriteStatus("Finiished creating login-attempt generator");
FricSimulator fri = new FricSimulator();
_logger.WriteStatus(" ");
_logger.WriteStatus(" ");
_logger.WriteStatus("Click Enter To First Testing Step");
_logger.WriteStatus(" ");
_logger.WriteStatus(" ");
Console.Read();
await fri.RunAsync(_logger, _ipPool);
_logger.WriteStatus(" ");
_logger.WriteStatus(" ");
_logger.WriteStatus("Click Enter To Second Testing Step");
_logger.WriteStatus(" ");
_logger.WriteStatus(" ");
Console.Read();
Console.Read();
_logger.WriteStatus("Running Password File to check");
_logger.WriteStatus(" ");
foreach (
ConcurrentStreamWriter writer in
new[]
{ _Attempts })
{
lock (writer)
{
writer.WriteLine(string.Format("{0}\t{1}\t{2}\t{3}\t{4}\t{5}",
"UserID",
"IP",
"IsFrequentlyGuessedPw",
"IsPasswordCorrect",
"IsFromAttackAttacker",
"IsAGuess"
));
}
}
TimeSpan testTimeSpan = _experimentalConfiguration.TestTimeSpan;
double ticksBetweenLogins = ((double)testTimeSpan.Ticks) /
(double)_experimentalConfiguration.TotalLoginAttemptsToIssue;
_experimentalConfiguration.TotalLoginAttemptsToIssue = 30000;
int interlockedCount = 0;
Parallel.For(0L, (long)_experimentalConfiguration.TotalLoginAttemptsToIssue, (count, pls) =>
{
interlockedCount = Interlocked.Add(ref interlockedCount, 1);
if (interlockedCount % 10000 == 0)
{
_logger.WriteStatus("Login Attempt {0:N0}", interlockedCount);
}
DateTime eventTimeUtc = StartTimeUtc.AddTicks((long)(ticksBetweenLogins * interlockedCount));
SimulatedLoginAttempt simAttempt;
if (StrongRandomNumberGenerator.GetFraction() <
_experimentalConfiguration.FractionOfLoginAttemptsFromAttacker)
{
switch (_experimentalConfiguration.AttackersStrategy)
{
case ExperimentalConfiguration.AttackStrategy.UseUntilLikelyPopular:
simAttempt =
_attemptGenerator.MaliciousLoginAttemptBreadthFirstAvoidMakingPopular(eventTimeUtc);
break;
case ExperimentalConfiguration.AttackStrategy.Weighted:
simAttempt = _attemptGenerator.MaliciousLoginAttemptWeighted(eventTimeUtc);
break;
case ExperimentalConfiguration.AttackStrategy.BreadthFirst:
default:
simAttempt = _attemptGenerator.MaliciousLoginAttemptBreadthFirst(eventTimeUtc);
break;
}
}
else
{
simAttempt = _attemptGenerator.BenignLoginAttempt(eventTimeUtc);
}
SimIpHistory ipHistory = _ipHistoryCache.GetOrAdd(simAttempt.AddressOfClientInitiatingRequest,
(ip) => new SimIpHistory(
_experimentalConfiguration.BlockingOptions
.NumberOfFailuresToTrackForGoingBackInTimeToIdentifyTypos));
double[] scores = ipHistory.GetAllScores(_experimentalConfiguration.BlockingOptions.BlockScoreHalfLife,
simAttempt.TimeOfAttemptUtc);
simAttempt.UpdateSimulatorState(this, ipHistory);
double decayingInvalidPasswordAttempts = 0d;
if (simAttempt.IsPasswordValid)
{
DecayingDouble incorrectPasswordAttempts;
if (_incorrectPasswordCounts.TryGetValue(simAttempt.Password, out incorrectPasswordAttempts))
{
decayingInvalidPasswordAttempts = incorrectPasswordAttempts.GetValue(_experimentalConfiguration.BlockingOptions.BlockScoreHalfLife, simAttempt.TimeOfAttemptUtc);
}
}
else
{
decayingInvalidPasswordAttempts = 1d;
DecayingDouble incorrectPasswordAttempts;
if (_incorrectPasswordCounts.TryGetValue(simAttempt.Password, out incorrectPasswordAttempts))
{
decayingInvalidPasswordAttempts += incorrectPasswordAttempts.GetValue(_experimentalConfiguration.BlockingOptions.BlockScoreHalfLife, simAttempt.TimeOfAttemptUtc);
}
_incorrectPasswordCounts[simAttempt.Password] = new DecayingDouble(decayingInvalidPasswordAttempts, simAttempt.TimeOfAttemptUtc);
}
var ipInfo = _ipPool.GetIpAddressDebugInfo(simAttempt.AddressOfClientInitiatingRequest);
string outputString = string.Format("{0}\t{1}\t{2}\t{3}\t{4}\t{5}",
simAttempt.SimAccount?.UsernameOrAccountId ?? "<null>",
simAttempt.AddressOfClientInitiatingRequest,
simAttempt.IsFrequentlyGuessedPassword ? "Frequent" : "Infrequent",
simAttempt.IsPasswordValid ? "Correct" : "Incorrect",
simAttempt.IsFromAttacker ? "FromAttacker" : "FromUser",
simAttempt.IsGuess ? "IsGuess" : "NotGuess",
simAttempt.IsFromAttacker
? (ipInfo.UsedByBenignUsers ? "IsInBenignPool" : "NotUsedByBenign")
: (ipInfo.UsedByAttackers ? "IsInAttackersIpPool" : "NotUsedByAttacker"),
ipInfo.IsPartOfProxy ? "ProxyIP" : "NotAProxy",
string.IsNullOrEmpty(simAttempt.MistakeType) ? "-" : simAttempt.MistakeType,
decayingInvalidPasswordAttempts,
simAttempt.SimAccount?.MaxConsecutiveIncorrectAttempts.GetValue(_experimentalConfiguration.BlockingOptions.BlockScoreHalfLife, simAttempt.TimeOfAttemptUtc) ?? 0d,
string.Join("\t", scores.Select(s => s.ToString(CultureInfo.InvariantCulture)).ToArray())
);
_Attempts.WriteLine(outputString);
_logger.WriteStatus(outputString);
Thread.Sleep(1300);
});
foreach (
ConcurrentStreamWriter writer in
new[]
{ _Attempts })
{
writer.Close();
}
}
