//public void ReduceMemoryUsage(object sender, MemoryUsageLimiter.ReduceMemoryUsageEventParameters parameters) //{ //_ipHistoryCache.RecoverSpace(parameters.FractionOfMemoryToTryToRemove); //} public Simulator(DebugLogger logger, string path, ExperimentalConfiguration myExperimentalConfiguration, SimulatedPasswords simPasswords) { _simPasswords = simPasswords; _logger = logger; _AttackAttemptsWithValidPasswords = //System.IO.TextWriter.Synchronized new ConcurrentStreamWriter(path + "AttackAttemptsWithValidPasswords.txt"); //(new StreamWriter(new FileStream(path + "AttackAttemptsWithValidPasswords.txt", FileMode.CreateNew, FileAccess.Write))); _LegitimateAttemptsWithValidPasswords = //System.IO.TextWriter.Synchronized new ConcurrentStreamWriter(path + "LegitimateAttemptsWithValidPasswords.txt"); //(new StreamWriter(new FileStream(path + "LegitiamteAttemptsWithValidPasswords.txt", FileMode.CreateNew, FileAccess.Write))); _OtherAttempts = //System.IO.TextWriter.Synchronized new ConcurrentStreamWriter(path + "OtherAttempts.txt"); //(new StreamWriter(new FileStream(path + "OtherAttempts.txt", FileMode.CreateNew, FileAccess.Write))); _logger.WriteStatus("Entered Simulator constructor"); _experimentalConfiguration = myExperimentalConfiguration; BlockingAlgorithmOptions options = _experimentalConfiguration.BlockingOptions; _logger.WriteStatus("Creating binomial ladder"); _binomialLadderFilter = new BinomialLadderFilter(options.NumberOfBitsInBinomialLadderFilter_N, options.HeightOfBinomialLadder_H); _ipHistoryCache = new ConcurrentDictionary <IPAddress, SimIpHistory>(); // new SelfLoadingCache<IPAddress, SimIpHistory>(address => new SimIpHistory(options.NumberOfFailuresToTrackForGoingBackInTimeToIdentifyTypos)); _userAccountController = new SimulatedUserAccountController(); //_memoryUsageLimiter = new MemoryUsageLimiter(); //_memoryUsageLimiter.OnReduceMemoryUsageEventHandler += ReduceMemoryUsage; _recentIncorrectPasswords = new AgingMembershipSketch(16, 128 * 1024); _logger.WriteStatus("Exiting Simulator constructor"); }
public static TestConfiguration InitTest(BlockingAlgorithmOptions options = default(BlockingAlgorithmOptions)) { if (options == null) { options = new BlockingAlgorithmOptions(); } TestConfiguration configuration = new TestConfiguration(); configuration.MyBlockingAlgorithmOptions = options ?? new BlockingAlgorithmOptions(); MemoryUsageLimiter memoryUsageLimiter = new MemoryUsageLimiter(); BinomialLadderFilter localPasswordBinomialLadderFilter = new BinomialLadderFilter(options.NumberOfBitsInBinomialLadderFilter_N, options.HeightOfBinomialLadder_H); configuration.MyAccountFactory = new MemoryOnlyUserAccountFactory(); configuration.MemUserAccountController = new MemoryUserAccountController(); LoginAttemptController <MemoryUserAccount> myLoginAttemptController = new LoginAttemptController <MemoryUserAccount>( new MemoryUserAccountControllerFactory(), configuration.MyAccountFactory, localPasswordBinomialLadderFilter, memoryUsageLimiter, configuration.MyBlockingAlgorithmOptions); configuration.MyLoginAttemptClient = myLoginAttemptController; return(configuration); }
public void Init() { var builder = new ConfigurationBuilder() .SetBasePath("") .AddJsonFile("appsettings.json"); builder.AddEnvironmentVariables(); Configuration = builder.Build(); sqlConnectionString = Configuration["Data:ConnectionString"]; string cloudStorageConnectionString = Configuration["Data:StorageConnectionString"]; _options = new BlockingAlgorithmOptions(); DbContextOptionsBuilder <DbUserAccountContext> dbOptionsBuilder = new DbContextOptionsBuilder <DbUserAccountContext>(); dbOptionsBuilder.UseSqlServer(sqlConnectionString); dbOptions = dbOptionsBuilder.Options; _CloudStorageAccount = CloudStorageAccount.Parse(cloudStorageConnectionString); userAccountControllerFactory = new DbUserAccountControllerFactory(_CloudStorageAccount, dbOptions); userAccountController = userAccountControllerFactory.CreateDbUserAccountController(); RemoteHost localHost = new RemoteHost { Uri = new Uri("http://localhost:35358") }; MaxWeightHashing <RemoteHost> hosts = new MaxWeightHashing <RemoteHost>(Configuration["Data:UniqueConfigurationSecretPhrase"]); LoginAttemptClient <DbUserAccount> loginAttemptClient = new LoginAttemptClient <DbUserAccount>(hosts, localHost); _UserAccountRepositoryFactory = new DbUserAccountRepositoryFactory(dbOptions); BinomialLadderFilter localPasswordBinomialLadderFilter = new BinomialLadderFilter( _options.NumberOfBitsInBinomialLadderFilter_N, _options.HeightOfBinomialLadder_H); _loginAttemptController = new LoginAttemptController <DbUserAccount>( userAccountControllerFactory, _UserAccountRepositoryFactory, localPasswordBinomialLadderFilter, new MemoryUsageLimiter(), _options); //services.AddEntityFramework() // .AddSqlServer() // .AddDbContext<DbUserAccountContext>(opt => opt.UseSqlServer(sqlConnectionString)); //DbUserAccountContext context = new DbUserAccountContext(); //var db = new DbContextOptionsBuilder(); //db.UseInMemoryDatabase(); //_context = new MyContext(db.Options); }
public void ConfigureServices(IServiceCollection services) { services.AddMvc(); BlockingAlgorithmOptions options = new BlockingAlgorithmOptions(); services.AddSingleton <BlockingAlgorithmOptions>(x => options); RemoteHost localHost = new RemoteHost { Uri = new Uri("http://localhost:35358") }; services.AddSingleton <RemoteHost>(x => localHost); MaxWeightHashing <RemoteHost> hosts = new MaxWeightHashing <RemoteHost>(Configuration["Data:UniqueConfigurationSecretPhrase"]); hosts.Add("localhost", localHost); services.AddSingleton <IDistributedResponsibilitySet <RemoteHost> >(x => hosts); string cloudStorageConnectionString = Configuration["Data:StorageConnectionString"]; CloudStorageAccount cloudStorageAccount = CloudStorageAccount.Parse(cloudStorageConnectionString); services.AddSingleton <CloudStorageAccount>(a => cloudStorageAccount); services.AddSingleton <MemoryUsageLimiter, MemoryUsageLimiter>(); if (hosts.Count > 0) { DistributedBinomialLadderFilterClient dblfClient = new DistributedBinomialLadderFilterClient( options.NumberOfVirtualNodesForDistributedBinomialLadder, options.HeightOfBinomialLadder_H, hosts, options.PrivateConfigurationKey, options.MinimumBinomialLadderFilterCacheFreshness); services.AddSingleton <IBinomialLadderFilter, DistributedBinomialLadderFilterClient>(x => dblfClient); } else { BinomialLadderFilter localPasswordBinomialLadderFilter = new BinomialLadderFilter(options.NumberOfBitsInBinomialLadderFilter_N, options.HeightOfBinomialLadder_H); services.AddSingleton <IBinomialLadderFilter>(x => localPasswordBinomialLadderFilter); } LoginAttemptClient <MemoryUserAccount> loginAttemptClient = new LoginAttemptClient <MemoryUserAccount>(hosts, localHost); services.AddSingleton <ILoginAttemptClient, LoginAttemptClient <MemoryUserAccount> >(i => loginAttemptClient); services.AddSingleton <ILoginAttemptController, LoginAttemptController <MemoryUserAccount> >(); }
public static TestConfiguration InitTest(BlockingAlgorithmOptions options = default(BlockingAlgorithmOptions)) { if (options == null) { options = new BlockingAlgorithmOptions(); } TestConfiguration configuration = new TestConfiguration(); configuration.MyBlockingAlgorithmOptions = options ?? new BlockingAlgorithmOptions(); //configuration.MyResponsibleHosts = new MaxWeightHashing<RemoteHost>("FIXME-uniquekeyfromconfig"); //RemoteHost localHost = new RemoteHost { Uri = new Uri("http://localhost:80") }; //configuration.MyResponsibleHosts.Add("localhost", localHost); //IStableStore stableStore = configuration.StableStore = new MemoryOnlyStableStore(); //configuration.MyLoginAttemptClient = new LoginAttemptClient(configuration.MyResponsibleHosts, localHost); MemoryUsageLimiter memoryUsageLimiter = new MemoryUsageLimiter(); BinomialLadderFilter localPasswordBinomialLadderFilter = new BinomialLadderFilter(options.NumberOfBitsInBinomialLadderFilter_N, options.HeightOfBinomialLadder_H); //MultiperiodFrequencyTracker<string> localPasswordFrequencyTracker = // new MultiperiodFrequencyTracker<string>( // options.NumberOfPopularityMeasurementPeriods, // options.LengthOfShortestPopularityMeasurementPeriod, // options.FactorOfGrowthBetweenPopularityMeasurementPeriods); configuration.MyAccountFactory = new MemoryOnlyUserAccountFactory(); configuration.MemUserAccountController = new MemoryUserAccountController(); LoginAttemptController <MemoryUserAccount> myLoginAttemptController = new LoginAttemptController <MemoryUserAccount>( new MemoryUserAccountControllerFactory(), configuration.MyAccountFactory, localPasswordBinomialLadderFilter, memoryUsageLimiter, configuration.MyBlockingAlgorithmOptions); configuration.MyLoginAttemptClient = myLoginAttemptController; //configuration.MyLoginAttemptClient.SetLocalLoginAttemptController(myLoginAttemptController); return(configuration); }
public async Task TestAccountingForTypoDetection() { BlockingAlgorithmOptions options = new BlockingAlgorithmOptions { PenaltyForInvalidPassword_Beta = 1, BlockThresholdPopularPassword_T_base = 0.0099, //BlockThresholdMultiplierForUnpopularPasswords = 1, PenaltyMulitiplierForTypo = .1d }; // // Configure so that a single login attempt with an incorrect password // login will block future logins with correct passwords... unless // the incorrect login was the result of a typo. // TestConfiguration configuration = InitTest(options); const string userName = "******"; CreateTestAccount(configuration, userName, "IRunESPStudies"); // First, make sure we are correctly blocking when the failed login is not a typo. // Login attempt with incorrect password that is not a typo LoginAttempt attempt = await AuthenticateAsync(configuration, userName, "AndNowForAPasswordThat'sCompletelyDifferent", clientAddress : AttackersIp); Assert.Equal(AuthenticationOutcome.CredentialsInvalidIncorrectPassword, attempt.Outcome); // Login attempt that should be blocked attempt = await AuthenticateAsync(configuration, userName, "IRunESPStudies", clientAddress : AttackersIp); Assert.Equal(AuthenticationOutcome.CredentialsValidButBlocked, attempt.Outcome); // With another IP, lgoin with an incorrect password that IS a typo attempt = await AuthenticateAsync(configuration, userName, "IRunEPSStudies", clientAddress : ClientsIp); Assert.Equal(AuthenticationOutcome.CredentialsInvalidIncorrectPassword, attempt.Outcome); // Login attempt should be allowed through once typo is accounted for. attempt = await AuthenticateAsync(configuration, userName, "IRunESPStudies", clientAddress : ClientsIp); Assert.Equal(AuthenticationOutcome.CredentialsValid, attempt.Outcome); }
public LoginAttemptController( IUserAccountControllerFactory <TUserAccount> userAccountControllerFactory, IUserAccountRepositoryFactory <TUserAccount> userAccountRepositoryFactory, IBinomialLadderFilter binomialLadderFilter, MemoryUsageLimiter memoryUsageLimiter, BlockingAlgorithmOptions blockingOptions ) { _options = blockingOptions; _binomialLadderFilter = binomialLadderFilter; _userAccountRepositoryFactory = userAccountRepositoryFactory; _userAccountControllerFactory = userAccountControllerFactory; _recentIncorrectPasswords = new AgingMembershipSketch(blockingOptions.AgingMembershipSketchTables, blockingOptions.AgingMembershipSketchTableSize); _ipHistoryCache = new SelfLoadingCache <IPAddress, IpHistory>(address => new IpHistory(address, _options)); memoryUsageLimiter.OnReduceMemoryUsageEventHandler += ReduceMemoryUsage; }
/// <summary> /// Construct the controller. /// </summary> /// <param name="userAccountControllerFactory">A factory for creating IUserAccountController interfaces for managing user account records.</param> /// <param name="userAccountRepositoryFactory">A factory for creating IAccountRepository interfaces for obtaining user account records.</param> /// <param name="binomialLadderFilter">A binomial ladder frequency that the controller should use to track frequently-guessed passwords.</param> /// <param name="memoryUsageLimiter">A memory usage limiter that the controller should register into so that when memory is tight, /// the controller can do its part to free up cached items it may not need anymore.</param> /// <param name="blockingOptions">Configuration options.</param> public LoginAttemptController( IUserAccountControllerFactory <TUserAccount> userAccountControllerFactory, IUserAccountRepositoryFactory <TUserAccount> userAccountRepositoryFactory, IBinomialLadderFilter binomialLadderFilter, MemoryUsageLimiter memoryUsageLimiter, BlockingAlgorithmOptions blockingOptions ) { // Copy parameters into the controller. _options = blockingOptions; _binomialLadderFilter = binomialLadderFilter; _userAccountRepositoryFactory = userAccountRepositoryFactory; _userAccountControllerFactory = userAccountControllerFactory; // Create a membership sketch to track username/password pairs that have failed. _recentIncorrectPasswords = new AgingMembershipSketch(blockingOptions.AgingMembershipSketchTables, blockingOptions.AgingMembershipSketchTableSize); // Create a cache of records storing information about the behavior of IPs that have issued login attempts. _ipHistoryCache = new SelfLoadingCache <IPAddress, IpHistory>(address => new IpHistory(address, _options)); // When memory is low, the memeory usage limiter should call the ReduceMemoryUsage method of this controller. memoryUsageLimiter.OnReduceMemoryUsageEventHandler += ReduceMemoryUsage; }
public Simulator(DebugLogger logger, string path, ExperimentalConfiguration myExperimentalConfiguration, SimulatedPasswords simPasswords) { _simPasswords = simPasswords; _logger = logger; if (_Attempts == null) { _Attempts = new ConcurrentStreamWriter(path + "Attempts.txt"); } _logger.WriteStatus("Entered Simulator constructor"); _experimentalConfiguration = myExperimentalConfiguration; BlockingAlgorithmOptions options = _experimentalConfiguration.BlockingOptions; //_logger.WriteStatus("Creating binomial ladder"); _binomialLadderFilter = new BinomialLadderFilter(options.NumberOfBitsInBinomialLadderFilter_N, options.HeightOfBinomialLadder_H); _ipHistoryCache = new ConcurrentDictionary <IPAddress, SimIpHistory>(); _userAccountController = new SimulatedUserAccountController(); _recentIncorrectPasswords = new AgingMembershipSketch(16, 128 * 1024); //_logger.WriteStatus("Exiting Simulator constructor"); }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { // Add framework services. services.AddMvc(); string sqlConnectionString = Configuration["Data:ConnectionString"]; services.AddDbContext <DbUserAccountContext>( opt => opt.UseSqlServer(sqlConnectionString)); // Uncomment the following line to add Web API services which makes it easier to port Web API 2 controllers. // You will also need to add the Microsoft.AspNet.Mvc.WebApiCompatShim package to the 'dependencies' section of project.json. // services.AddWebApiConventions(); BlockingAlgorithmOptions options = new BlockingAlgorithmOptions(); services.AddSingleton <BlockingAlgorithmOptions>(x => options); RemoteHost localHost = new RemoteHost { Uri = new Uri("http://localhost:35358") }; services.AddSingleton <RemoteHost>(x => localHost); MaxWeightHashing <RemoteHost> hosts = new MaxWeightHashing <RemoteHost>(Configuration["Data:UniqueConfigurationSecretPhrase"]); hosts.Add("localhost", localHost); services.AddSingleton <IDistributedResponsibilitySet <RemoteHost> >(x => hosts); string cloudStorageConnectionString = Configuration["Data:StorageConnectionString"]; CloudStorageAccount cloudStorageAccount = CloudStorageAccount.Parse(cloudStorageConnectionString); services.AddSingleton <CloudStorageAccount>(a => cloudStorageAccount); services.AddSingleton <MemoryUsageLimiter, MemoryUsageLimiter>(); if (hosts.Count > 0) { DistributedBinomialLadderFilterClient dblfClient = new DistributedBinomialLadderFilterClient( options.NumberOfVirtualNodesForDistributedBinomialLadder, options.HeightOfBinomialLadder_H, hosts, options.PrivateConfigurationKey, options.MinimumBinomialLadderFilterCacheFreshness); // If running as a distributed system services.AddSingleton <IBinomialLadderFilter, DistributedBinomialLadderFilterClient>(x => dblfClient); DistributedBinomialLadderFilterController filterController = new DistributedBinomialLadderFilterController(dblfClient, options.NumberOfBitsPerShardInBinomialLadderFilter, options.PrivateConfigurationKey); services.AddSingleton <DistributedBinomialLadderFilterController>(x => filterController); //services.AddSingleton<IFrequenciesProvider<string>>(x => // new IncorrectPasswordFrequencyClient(hosts, options.NumberOfRedundantHostsToCachePasswordPopularity)); } else { BinomialLadderFilter localPasswordBinomialLadderFilter = new BinomialLadderFilter(options.NumberOfBitsInBinomialLadderFilter_N, options.HeightOfBinomialLadder_H); services.AddSingleton <IBinomialLadderFilter>(x => localPasswordBinomialLadderFilter); } LoginAttemptClient <DbUserAccount> loginAttemptClient = new LoginAttemptClient <DbUserAccount>(hosts, localHost); services.AddSingleton <IUserAccountRepositoryFactory <DbUserAccount>, DbUserAccountRepositoryFactory>(); services.AddSingleton <IUserAccountControllerFactory <DbUserAccount>, DbUserAccountControllerFactory>(); //LoginAttemptController<DbUserAccount> loginAttemptController = new LoginAttemptController<DbUserAccount>( // new DbUserAccountControllerFactory(cloudStorageAccount), new DbUserAccountRepositoryFactory()); services.AddSingleton <ILoginAttemptClient, LoginAttemptClient <DbUserAccount> >(i => loginAttemptClient); services.AddSingleton <ILoginAttemptController, LoginAttemptController <DbUserAccount> >(); }