//public void ReduceMemoryUsage(object sender, MemoryUsageLimiter.ReduceMemoryUsageEventParameters parameters)
//{
//_ipHistoryCache.RecoverSpace(parameters.FractionOfMemoryToTryToRemove);
//}
public Simulator(DebugLogger logger, string path, ExperimentalConfiguration myExperimentalConfiguration, SimulatedPasswords simPasswords)
{
_simPasswords = simPasswords;
_logger = logger;
_AttackAttemptsWithValidPasswords = //System.IO.TextWriter.Synchronized
new ConcurrentStreamWriter(path + "AttackAttemptsWithValidPasswords.txt");
//(new StreamWriter(new FileStream(path + "AttackAttemptsWithValidPasswords.txt", FileMode.CreateNew, FileAccess.Write)));
_LegitimateAttemptsWithValidPasswords = //System.IO.TextWriter.Synchronized
new ConcurrentStreamWriter(path + "LegitimateAttemptsWithValidPasswords.txt");
//(new StreamWriter(new FileStream(path + "LegitiamteAttemptsWithValidPasswords.txt", FileMode.CreateNew, FileAccess.Write)));
_OtherAttempts = //System.IO.TextWriter.Synchronized
new ConcurrentStreamWriter(path + "OtherAttempts.txt");
//(new StreamWriter(new FileStream(path + "OtherAttempts.txt", FileMode.CreateNew, FileAccess.Write)));
_logger.WriteStatus("Entered Simulator constructor");
_experimentalConfiguration = myExperimentalConfiguration;
BlockingAlgorithmOptions options = _experimentalConfiguration.BlockingOptions;
_logger.WriteStatus("Creating binomial ladder");
_binomialLadderFilter =
new BinomialLadderFilter(options.NumberOfBitsInBinomialLadderFilter_N, options.HeightOfBinomialLadder_H);
_ipHistoryCache = new ConcurrentDictionary <IPAddress, SimIpHistory>(); // new SelfLoadingCache<IPAddress, SimIpHistory>(address => new SimIpHistory(options.NumberOfFailuresToTrackForGoingBackInTimeToIdentifyTypos));
_userAccountController = new SimulatedUserAccountController();
//_memoryUsageLimiter = new MemoryUsageLimiter();
//_memoryUsageLimiter.OnReduceMemoryUsageEventHandler += ReduceMemoryUsage;
_recentIncorrectPasswords = new AgingMembershipSketch(16, 128 * 1024);
_logger.WriteStatus("Exiting Simulator constructor");
}
public static TestConfiguration InitTest(BlockingAlgorithmOptions options = default(BlockingAlgorithmOptions))
{
if (options == null)
{
options = new BlockingAlgorithmOptions();
}
TestConfiguration configuration = new TestConfiguration();
configuration.MyBlockingAlgorithmOptions = options ?? new BlockingAlgorithmOptions();
MemoryUsageLimiter memoryUsageLimiter = new MemoryUsageLimiter();
BinomialLadderFilter localPasswordBinomialLadderFilter =
new BinomialLadderFilter(options.NumberOfBitsInBinomialLadderFilter_N, options.HeightOfBinomialLadder_H);
configuration.MyAccountFactory = new MemoryOnlyUserAccountFactory();
configuration.MemUserAccountController = new MemoryUserAccountController();
LoginAttemptController <MemoryUserAccount> myLoginAttemptController =
new LoginAttemptController <MemoryUserAccount>(
new MemoryUserAccountControllerFactory(),
configuration.MyAccountFactory,
localPasswordBinomialLadderFilter,
memoryUsageLimiter, configuration.MyBlockingAlgorithmOptions);
configuration.MyLoginAttemptClient = myLoginAttemptController;
return(configuration);
}
public void Init()
{
var builder = new ConfigurationBuilder()
.SetBasePath("")
.AddJsonFile("appsettings.json");
builder.AddEnvironmentVariables();
Configuration = builder.Build();
sqlConnectionString = Configuration["Data:ConnectionString"];
string cloudStorageConnectionString = Configuration["Data:StorageConnectionString"];
_options = new BlockingAlgorithmOptions();
DbContextOptionsBuilder <DbUserAccountContext> dbOptionsBuilder = new DbContextOptionsBuilder <DbUserAccountContext>();
dbOptionsBuilder.UseSqlServer(sqlConnectionString);
dbOptions = dbOptionsBuilder.Options;
_CloudStorageAccount = CloudStorageAccount.Parse(cloudStorageConnectionString);
userAccountControllerFactory = new DbUserAccountControllerFactory(_CloudStorageAccount, dbOptions);
userAccountController = userAccountControllerFactory.CreateDbUserAccountController();
RemoteHost localHost = new RemoteHost {
Uri = new Uri("http://localhost:35358")
};
MaxWeightHashing <RemoteHost> hosts = new MaxWeightHashing <RemoteHost>(Configuration["Data:UniqueConfigurationSecretPhrase"]);
LoginAttemptClient <DbUserAccount> loginAttemptClient = new LoginAttemptClient <DbUserAccount>(hosts, localHost);
_UserAccountRepositoryFactory = new DbUserAccountRepositoryFactory(dbOptions);
BinomialLadderFilter localPasswordBinomialLadderFilter = new BinomialLadderFilter(
_options.NumberOfBitsInBinomialLadderFilter_N, _options.HeightOfBinomialLadder_H);
_loginAttemptController = new LoginAttemptController <DbUserAccount>(
userAccountControllerFactory, _UserAccountRepositoryFactory,
localPasswordBinomialLadderFilter,
new MemoryUsageLimiter(), _options);
//services.AddEntityFramework()
// .AddSqlServer()
// .AddDbContext<DbUserAccountContext>(opt => opt.UseSqlServer(sqlConnectionString));
//DbUserAccountContext context = new DbUserAccountContext();
//var db = new DbContextOptionsBuilder();
//db.UseInMemoryDatabase();
//_context = new MyContext(db.Options);
}
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
BlockingAlgorithmOptions options = new BlockingAlgorithmOptions();
services.AddSingleton <BlockingAlgorithmOptions>(x => options);
RemoteHost localHost = new RemoteHost {
Uri = new Uri("http://localhost:35358")
};
services.AddSingleton <RemoteHost>(x => localHost);
MaxWeightHashing <RemoteHost> hosts = new MaxWeightHashing <RemoteHost>(Configuration["Data:UniqueConfigurationSecretPhrase"]);
hosts.Add("localhost", localHost);
services.AddSingleton <IDistributedResponsibilitySet <RemoteHost> >(x => hosts);
string cloudStorageConnectionString = Configuration["Data:StorageConnectionString"];
CloudStorageAccount cloudStorageAccount = CloudStorageAccount.Parse(cloudStorageConnectionString);
services.AddSingleton <CloudStorageAccount>(a => cloudStorageAccount);
services.AddSingleton <MemoryUsageLimiter, MemoryUsageLimiter>();
if (hosts.Count > 0)
{
DistributedBinomialLadderFilterClient dblfClient = new DistributedBinomialLadderFilterClient(
options.NumberOfVirtualNodesForDistributedBinomialLadder,
options.HeightOfBinomialLadder_H,
hosts,
options.PrivateConfigurationKey,
options.MinimumBinomialLadderFilterCacheFreshness);
services.AddSingleton <IBinomialLadderFilter, DistributedBinomialLadderFilterClient>(x => dblfClient);
}
else
{
BinomialLadderFilter localPasswordBinomialLadderFilter =
new BinomialLadderFilter(options.NumberOfBitsInBinomialLadderFilter_N, options.HeightOfBinomialLadder_H);
services.AddSingleton <IBinomialLadderFilter>(x => localPasswordBinomialLadderFilter);
}
LoginAttemptClient <MemoryUserAccount> loginAttemptClient = new LoginAttemptClient <MemoryUserAccount>(hosts, localHost);
services.AddSingleton <ILoginAttemptClient, LoginAttemptClient <MemoryUserAccount> >(i => loginAttemptClient);
services.AddSingleton <ILoginAttemptController, LoginAttemptController <MemoryUserAccount> >();
}
public static TestConfiguration InitTest(BlockingAlgorithmOptions options = default(BlockingAlgorithmOptions))
{
if (options == null)
{
options = new BlockingAlgorithmOptions();
}
TestConfiguration configuration = new TestConfiguration();
configuration.MyBlockingAlgorithmOptions = options ?? new BlockingAlgorithmOptions();
//configuration.MyResponsibleHosts = new MaxWeightHashing<RemoteHost>("FIXME-uniquekeyfromconfig");
//RemoteHost localHost = new RemoteHost { Uri = new Uri("http://localhost:80") };
//configuration.MyResponsibleHosts.Add("localhost", localHost);
//IStableStore stableStore = configuration.StableStore = new MemoryOnlyStableStore();
//configuration.MyLoginAttemptClient = new LoginAttemptClient(configuration.MyResponsibleHosts, localHost);
MemoryUsageLimiter memoryUsageLimiter = new MemoryUsageLimiter();
BinomialLadderFilter localPasswordBinomialLadderFilter =
new BinomialLadderFilter(options.NumberOfBitsInBinomialLadderFilter_N, options.HeightOfBinomialLadder_H);
//MultiperiodFrequencyTracker<string> localPasswordFrequencyTracker =
// new MultiperiodFrequencyTracker<string>(
// options.NumberOfPopularityMeasurementPeriods,
// options.LengthOfShortestPopularityMeasurementPeriod,
// options.FactorOfGrowthBetweenPopularityMeasurementPeriods);
configuration.MyAccountFactory = new MemoryOnlyUserAccountFactory();
configuration.MemUserAccountController = new MemoryUserAccountController();
LoginAttemptController <MemoryUserAccount> myLoginAttemptController =
new LoginAttemptController <MemoryUserAccount>(
new MemoryUserAccountControllerFactory(),
configuration.MyAccountFactory,
localPasswordBinomialLadderFilter,
memoryUsageLimiter, configuration.MyBlockingAlgorithmOptions);
configuration.MyLoginAttemptClient = myLoginAttemptController;
//configuration.MyLoginAttemptClient.SetLocalLoginAttemptController(myLoginAttemptController);
return(configuration);
}
public async Task TestAccountingForTypoDetection()
{
BlockingAlgorithmOptions options = new BlockingAlgorithmOptions
{
PenaltyForInvalidPassword_Beta = 1,
BlockThresholdPopularPassword_T_base = 0.0099,
//BlockThresholdMultiplierForUnpopularPasswords = 1,
PenaltyMulitiplierForTypo = .1d
};
//
// Configure so that a single login attempt with an incorrect password
// login will block future logins with correct passwords... unless
// the incorrect login was the result of a typo.
//
TestConfiguration configuration = InitTest(options);
const string userName = "******";
CreateTestAccount(configuration, userName, "IRunESPStudies");
// First, make sure we are correctly blocking when the failed login is not a typo.
// Login attempt with incorrect password that is not a typo
LoginAttempt attempt = await AuthenticateAsync(configuration, userName, "AndNowForAPasswordThat'sCompletelyDifferent", clientAddress : AttackersIp);
Assert.Equal(AuthenticationOutcome.CredentialsInvalidIncorrectPassword, attempt.Outcome);
// Login attempt that should be blocked
attempt = await AuthenticateAsync(configuration, userName, "IRunESPStudies", clientAddress : AttackersIp);
Assert.Equal(AuthenticationOutcome.CredentialsValidButBlocked, attempt.Outcome);
// With another IP, lgoin with an incorrect password that IS a typo
attempt = await AuthenticateAsync(configuration, userName, "IRunEPSStudies", clientAddress : ClientsIp);
Assert.Equal(AuthenticationOutcome.CredentialsInvalidIncorrectPassword, attempt.Outcome);
// Login attempt should be allowed through once typo is accounted for.
attempt = await AuthenticateAsync(configuration, userName, "IRunESPStudies", clientAddress : ClientsIp);
Assert.Equal(AuthenticationOutcome.CredentialsValid, attempt.Outcome);
}
public LoginAttemptController(
IUserAccountControllerFactory <TUserAccount> userAccountControllerFactory,
IUserAccountRepositoryFactory <TUserAccount> userAccountRepositoryFactory,
IBinomialLadderFilter binomialLadderFilter,
MemoryUsageLimiter memoryUsageLimiter,
BlockingAlgorithmOptions blockingOptions
)
{
_options = blockingOptions;
_binomialLadderFilter = binomialLadderFilter;
_userAccountRepositoryFactory = userAccountRepositoryFactory;
_userAccountControllerFactory = userAccountControllerFactory;
_recentIncorrectPasswords = new AgingMembershipSketch(blockingOptions.AgingMembershipSketchTables, blockingOptions.AgingMembershipSketchTableSize);
_ipHistoryCache = new SelfLoadingCache <IPAddress, IpHistory>(address => new IpHistory(address, _options));
memoryUsageLimiter.OnReduceMemoryUsageEventHandler += ReduceMemoryUsage;
}
/// <summary>
/// Construct the controller.
/// </summary>
/// <param name="userAccountControllerFactory">A factory for creating IUserAccountController interfaces for managing user account records.</param>
/// <param name="userAccountRepositoryFactory">A factory for creating IAccountRepository interfaces for obtaining user account records.</param>
/// <param name="binomialLadderFilter">A binomial ladder frequency that the controller should use to track frequently-guessed passwords.</param>
/// <param name="memoryUsageLimiter">A memory usage limiter that the controller should register into so that when memory is tight,
/// the controller can do its part to free up cached items it may not need anymore.</param>
/// <param name="blockingOptions">Configuration options.</param>
public LoginAttemptController(
IUserAccountControllerFactory <TUserAccount> userAccountControllerFactory,
IUserAccountRepositoryFactory <TUserAccount> userAccountRepositoryFactory,
IBinomialLadderFilter binomialLadderFilter,
MemoryUsageLimiter memoryUsageLimiter,
BlockingAlgorithmOptions blockingOptions
)
{
// Copy parameters into the controller.
_options = blockingOptions;
_binomialLadderFilter = binomialLadderFilter;
_userAccountRepositoryFactory = userAccountRepositoryFactory;
_userAccountControllerFactory = userAccountControllerFactory;
// Create a membership sketch to track username/password pairs that have failed.
_recentIncorrectPasswords = new AgingMembershipSketch(blockingOptions.AgingMembershipSketchTables, blockingOptions.AgingMembershipSketchTableSize);
// Create a cache of records storing information about the behavior of IPs that have issued login attempts.
_ipHistoryCache = new SelfLoadingCache <IPAddress, IpHistory>(address => new IpHistory(address, _options));
// When memory is low, the memeory usage limiter should call the ReduceMemoryUsage method of this controller.
memoryUsageLimiter.OnReduceMemoryUsageEventHandler += ReduceMemoryUsage;
}
public Simulator(DebugLogger logger, string path, ExperimentalConfiguration myExperimentalConfiguration, SimulatedPasswords simPasswords)
{
_simPasswords = simPasswords;
_logger = logger;
if (_Attempts == null)
{
_Attempts = new ConcurrentStreamWriter(path + "Attempts.txt");
}
_logger.WriteStatus("Entered Simulator constructor");
_experimentalConfiguration = myExperimentalConfiguration;
BlockingAlgorithmOptions options = _experimentalConfiguration.BlockingOptions;
//_logger.WriteStatus("Creating binomial ladder");
_binomialLadderFilter =
new BinomialLadderFilter(options.NumberOfBitsInBinomialLadderFilter_N, options.HeightOfBinomialLadder_H);
_ipHistoryCache = new ConcurrentDictionary <IPAddress, SimIpHistory>();
_userAccountController = new SimulatedUserAccountController();
_recentIncorrectPasswords = new AgingMembershipSketch(16, 128 * 1024);
//_logger.WriteStatus("Exiting Simulator constructor");
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
// Add framework services.
services.AddMvc();
string sqlConnectionString = Configuration["Data:ConnectionString"];
services.AddDbContext <DbUserAccountContext>(
opt => opt.UseSqlServer(sqlConnectionString));
// Uncomment the following line to add Web API services which makes it easier to port Web API 2 controllers.
// You will also need to add the Microsoft.AspNet.Mvc.WebApiCompatShim package to the 'dependencies' section of project.json.
// services.AddWebApiConventions();
BlockingAlgorithmOptions options = new BlockingAlgorithmOptions();
services.AddSingleton <BlockingAlgorithmOptions>(x => options);
RemoteHost localHost = new RemoteHost {
Uri = new Uri("http://localhost:35358")
};
services.AddSingleton <RemoteHost>(x => localHost);
MaxWeightHashing <RemoteHost> hosts = new MaxWeightHashing <RemoteHost>(Configuration["Data:UniqueConfigurationSecretPhrase"]);
hosts.Add("localhost", localHost);
services.AddSingleton <IDistributedResponsibilitySet <RemoteHost> >(x => hosts);
string cloudStorageConnectionString = Configuration["Data:StorageConnectionString"];
CloudStorageAccount cloudStorageAccount = CloudStorageAccount.Parse(cloudStorageConnectionString);
services.AddSingleton <CloudStorageAccount>(a => cloudStorageAccount);
services.AddSingleton <MemoryUsageLimiter, MemoryUsageLimiter>();
if (hosts.Count > 0)
{
DistributedBinomialLadderFilterClient dblfClient = new DistributedBinomialLadderFilterClient(
options.NumberOfVirtualNodesForDistributedBinomialLadder,
options.HeightOfBinomialLadder_H,
hosts,
options.PrivateConfigurationKey,
options.MinimumBinomialLadderFilterCacheFreshness);
// If running as a distributed system
services.AddSingleton <IBinomialLadderFilter, DistributedBinomialLadderFilterClient>(x => dblfClient);
DistributedBinomialLadderFilterController filterController =
new DistributedBinomialLadderFilterController(dblfClient, options.NumberOfBitsPerShardInBinomialLadderFilter, options.PrivateConfigurationKey);
services.AddSingleton <DistributedBinomialLadderFilterController>(x => filterController);
//services.AddSingleton<IFrequenciesProvider<string>>(x =>
// new IncorrectPasswordFrequencyClient(hosts, options.NumberOfRedundantHostsToCachePasswordPopularity));
}
else
{
BinomialLadderFilter localPasswordBinomialLadderFilter =
new BinomialLadderFilter(options.NumberOfBitsInBinomialLadderFilter_N, options.HeightOfBinomialLadder_H);
services.AddSingleton <IBinomialLadderFilter>(x => localPasswordBinomialLadderFilter);
}
LoginAttemptClient <DbUserAccount> loginAttemptClient = new LoginAttemptClient <DbUserAccount>(hosts, localHost);
services.AddSingleton <IUserAccountRepositoryFactory <DbUserAccount>, DbUserAccountRepositoryFactory>();
services.AddSingleton <IUserAccountControllerFactory <DbUserAccount>, DbUserAccountControllerFactory>();
//LoginAttemptController<DbUserAccount> loginAttemptController = new LoginAttemptController<DbUserAccount>(
// new DbUserAccountControllerFactory(cloudStorageAccount), new DbUserAccountRepositoryFactory());
services.AddSingleton <ILoginAttemptClient, LoginAttemptClient <DbUserAccount> >(i => loginAttemptClient);
services.AddSingleton <ILoginAttemptController, LoginAttemptController <DbUserAccount> >();
}
