diff options
author | Nathan S. Evans <evans@in.tum.de> | 2011-01-09 16:49:49 +0000 |
---|---|---|
committer | Nathan S. Evans <evans@in.tum.de> | 2011-01-09 16:49:49 +0000 |
commit | 55f511690ed6a383b2a5c8e22efafebc1c10fb55 (patch) | |
tree | 1c22d90ba19f55b93e148a1ef2b5fed898d7c3c4 /src/dht/gnunet-dht-driver.c | |
parent | 345005a7e50e9915da2619a2e7b619e04fdc6405 (diff) | |
download | gnunet-55f511690ed6a383b2a5c8e22efafebc1c10fb55.tar.gz gnunet-55f511690ed6a383b2a5c8e22efafebc1c10fb55.zip |
implement sybil attack for testing
Diffstat (limited to 'src/dht/gnunet-dht-driver.c')
-rw-r--r-- | src/dht/gnunet-dht-driver.c | 122 |
1 files changed, 112 insertions, 10 deletions
diff --git a/src/dht/gnunet-dht-driver.c b/src/dht/gnunet-dht-driver.c index f5848486d..80b1507a6 100644 --- a/src/dht/gnunet-dht-driver.c +++ b/src/dht/gnunet-dht-driver.c | |||
@@ -458,6 +458,21 @@ static unsigned long long round_delay; | |||
458 | static unsigned long long malicious_droppers; | 458 | static unsigned long long malicious_droppers; |
459 | 459 | ||
460 | /** | 460 | /** |
461 | * Bloom filter to restrict malicious nodes chosen. | ||
462 | */ | ||
463 | struct GNUNET_CONTAINER_BloomFilter *malicious_bloom; | ||
464 | |||
465 | /** | ||
466 | * Whether malicious droppers should be chosen based on proximity to a key. | ||
467 | */ | ||
468 | static int malicious_sybil; | ||
469 | |||
470 | /** | ||
471 | * Target for the malicious sybil nodes (choose the closest to this key). | ||
472 | */ | ||
473 | static GNUNET_HashCode sybil_target; | ||
474 | |||
475 | /** | ||
461 | * How often to send malicious GET messages. | 476 | * How often to send malicious GET messages. |
462 | */ | 477 | */ |
463 | static struct GNUNET_TIME_Relative malicious_get_frequency; | 478 | static struct GNUNET_TIME_Relative malicious_get_frequency; |
@@ -1924,7 +1939,7 @@ do_put (void *cls, const struct GNUNET_SCHEDULER_TaskContext * tc) | |||
1924 | GNUNET_DHT_put(test_put->dht_handle, | 1939 | GNUNET_DHT_put(test_put->dht_handle, |
1925 | &known_keys[test_put->uid], | 1940 | &known_keys[test_put->uid], |
1926 | put_replication, | 1941 | put_replication, |
1927 | GNUNET_DHT_RO_NONE, | 1942 | GNUNET_DHT_RO_NONE, |
1928 | GNUNET_BLOCK_TYPE_TEST, | 1943 | GNUNET_BLOCK_TYPE_TEST, |
1929 | sizeof(data), data, | 1944 | sizeof(data), data, |
1930 | GNUNET_TIME_UNIT_FOREVER_ABS, | 1945 | GNUNET_TIME_UNIT_FOREVER_ABS, |
@@ -2094,15 +2109,14 @@ schedule_find_peer_requests (void *cls, const struct GNUNET_SCHEDULER_TaskContex | |||
2094 | } | 2109 | } |
2095 | 2110 | ||
2096 | /** | 2111 | /** |
2097 | * Set up some all of the put and get operations we want | 2112 | * Set up all of the put and get operations we want to do |
2098 | * to do. Allocate data structure for each, add to list, | 2113 | * in the current round. Allocate data structure for each, |
2099 | * then call actual insert functions. | 2114 | * add to list, then schedule the actual PUT operations. |
2100 | */ | 2115 | */ |
2101 | static void | 2116 | static void |
2102 | setup_puts_and_gets (void *cls, const struct GNUNET_SCHEDULER_TaskContext * tc) | 2117 | setup_puts_and_gets (void *cls, const struct GNUNET_SCHEDULER_TaskContext * tc) |
2103 | { | 2118 | { |
2104 | int i; | 2119 | int i; |
2105 | uint32_t temp_daemon; | ||
2106 | struct TestPutContext *test_put; | 2120 | struct TestPutContext *test_put; |
2107 | struct TestGetContext *test_get; | 2121 | struct TestGetContext *test_get; |
2108 | #if REMEMBER | 2122 | #if REMEMBER |
@@ -2115,8 +2129,20 @@ setup_puts_and_gets (void *cls, const struct GNUNET_SCHEDULER_TaskContext * tc) | |||
2115 | test_put = GNUNET_malloc(sizeof(struct TestPutContext)); | 2129 | test_put = GNUNET_malloc(sizeof(struct TestPutContext)); |
2116 | test_put->uid = i; | 2130 | test_put->uid = i; |
2117 | GNUNET_CRYPTO_hash_create_random (GNUNET_CRYPTO_QUALITY_WEAK, &known_keys[i]); | 2131 | GNUNET_CRYPTO_hash_create_random (GNUNET_CRYPTO_QUALITY_WEAK, &known_keys[i]); |
2118 | temp_daemon = GNUNET_CRYPTO_random_u32(GNUNET_CRYPTO_QUALITY_WEAK, num_peers); | 2132 | /* Set first X bits to match the chosen sybil location if we want to do the sybil attack! */ |
2119 | test_put->daemon = GNUNET_TESTING_daemon_get(pg, temp_daemon); | 2133 | if (GNUNET_YES == malicious_sybil) |
2134 | { | ||
2135 | memcpy(&known_keys[i], &sybil_target, sizeof(GNUNET_HashCode) / 2); | ||
2136 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "Distance between sybil location and key is %d\n", GNUNET_CRYPTO_hash_matching_bits(&known_keys[i], &sybil_target)); | ||
2137 | } | ||
2138 | test_put->daemon = GNUNET_TESTING_daemon_get(pg, GNUNET_CRYPTO_random_u32(GNUNET_CRYPTO_QUALITY_WEAK, num_peers)); | ||
2139 | /* Don't start PUTs at malicious peers! */ | ||
2140 | if (malicious_bloom != NULL) | ||
2141 | { | ||
2142 | while (GNUNET_YES == GNUNET_CONTAINER_bloomfilter_test(malicious_bloom, &test_put->daemon->id.hashPubKey)) | ||
2143 | test_put->daemon = GNUNET_TESTING_daemon_get(pg, GNUNET_CRYPTO_random_u32(GNUNET_CRYPTO_QUALITY_WEAK, num_peers)); | ||
2144 | } | ||
2145 | |||
2120 | test_put->next = all_puts; | 2146 | test_put->next = all_puts; |
2121 | all_puts = test_put; | 2147 | all_puts = test_put; |
2122 | } | 2148 | } |
@@ -2131,6 +2157,12 @@ setup_puts_and_gets (void *cls, const struct GNUNET_SCHEDULER_TaskContext * tc) | |||
2131 | remember[test_get->uid][temp_daemon] = 1; | 2157 | remember[test_get->uid][temp_daemon] = 1; |
2132 | #endif | 2158 | #endif |
2133 | test_get->daemon = GNUNET_TESTING_daemon_get(pg, GNUNET_CRYPTO_random_u32(GNUNET_CRYPTO_QUALITY_WEAK, num_peers)); | 2159 | test_get->daemon = GNUNET_TESTING_daemon_get(pg, GNUNET_CRYPTO_random_u32(GNUNET_CRYPTO_QUALITY_WEAK, num_peers)); |
2160 | /* Don't start GETs at malicious peers! */ | ||
2161 | if (malicious_bloom != NULL) | ||
2162 | { | ||
2163 | while (GNUNET_YES == GNUNET_CONTAINER_bloomfilter_test(malicious_bloom, &test_get->daemon->id.hashPubKey)) | ||
2164 | test_get->daemon = GNUNET_TESTING_daemon_get(pg, GNUNET_CRYPTO_random_u32(GNUNET_CRYPTO_QUALITY_WEAK, num_peers)); | ||
2165 | } | ||
2134 | test_get->next = all_gets; | 2166 | test_get->next = all_gets; |
2135 | all_gets = test_get; | 2167 | all_gets = test_get; |
2136 | } | 2168 | } |
@@ -2282,6 +2314,57 @@ set_malicious (void *cls, const struct GNUNET_SCHEDULER_TaskContext * tc) | |||
2282 | } | 2314 | } |
2283 | 2315 | ||
2284 | /** | 2316 | /** |
2317 | * Choose the next peer from the peer group to set as malicious. | ||
2318 | * If we are doing a sybil attack, find the nearest peer to the | ||
2319 | * sybil location that has not already been set malicious. Otherwise | ||
2320 | * just choose a random not already chosen peer. | ||
2321 | * | ||
2322 | * @param pg the peer group | ||
2323 | * @param bloom the bloomfilter which contains all peer already | ||
2324 | * chosen to be malicious | ||
2325 | */ | ||
2326 | static uint32_t | ||
2327 | choose_next_malicious (struct GNUNET_TESTING_PeerGroup *pg, struct GNUNET_CONTAINER_BloomFilter *bloom) | ||
2328 | { | ||
2329 | int i; | ||
2330 | int nearest; | ||
2331 | int bits_match; | ||
2332 | int curr_distance; | ||
2333 | struct GNUNET_TESTING_Daemon *temp_daemon; | ||
2334 | |||
2335 | curr_distance = 0; | ||
2336 | |||
2337 | if (GNUNET_YES == malicious_sybil) | ||
2338 | { | ||
2339 | for (i = 0; i < num_peers; i++) | ||
2340 | { | ||
2341 | temp_daemon = GNUNET_TESTING_daemon_get(pg, i); | ||
2342 | /* Check if this peer matches the bloomfilter */ | ||
2343 | if (GNUNET_YES == GNUNET_CONTAINER_bloomfilter_test (bloom, &temp_daemon->id.hashPubKey)) | ||
2344 | continue; | ||
2345 | |||
2346 | bits_match = GNUNET_CRYPTO_hash_matching_bits (&temp_daemon->id.hashPubKey, &sybil_target); | ||
2347 | if (bits_match >= curr_distance) | ||
2348 | { | ||
2349 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "Found nearer peer %s to %s, old matching bits %d, new %d\n", GNUNET_i2s(&temp_daemon->id), GNUNET_h2s(&sybil_target), curr_distance, bits_match); | ||
2350 | nearest = i; | ||
2351 | curr_distance = bits_match; | ||
2352 | } | ||
2353 | } | ||
2354 | } | ||
2355 | else | ||
2356 | { | ||
2357 | nearest = GNUNET_CRYPTO_random_u32(GNUNET_CRYPTO_QUALITY_WEAK, num_peers); | ||
2358 | while (GNUNET_YES == GNUNET_CONTAINER_bloomfilter_test (bloom, &temp_daemon->id.hashPubKey)) | ||
2359 | { | ||
2360 | nearest = GNUNET_CRYPTO_random_u32(GNUNET_CRYPTO_QUALITY_WEAK, num_peers); | ||
2361 | } | ||
2362 | } | ||
2363 | |||
2364 | return nearest; | ||
2365 | } | ||
2366 | |||
2367 | /** | ||
2285 | * Select randomly from set of known peers, | 2368 | * Select randomly from set of known peers, |
2286 | * set the desired number of peers to the | 2369 | * set the desired number of peers to the |
2287 | * proper malicious types. | 2370 | * proper malicious types. |
@@ -2296,8 +2379,9 @@ setup_malicious_peers (void *cls, const struct GNUNET_SCHEDULER_TaskContext * tc | |||
2296 | for (i = 0; i < malicious_getters; i++) | 2379 | for (i = 0; i < malicious_getters; i++) |
2297 | { | 2380 | { |
2298 | ctx = GNUNET_malloc(sizeof(struct MaliciousContext)); | 2381 | ctx = GNUNET_malloc(sizeof(struct MaliciousContext)); |
2299 | temp_daemon = GNUNET_CRYPTO_random_u32(GNUNET_CRYPTO_QUALITY_WEAK, num_peers); | 2382 | temp_daemon = choose_next_malicious(pg, malicious_bloom); |
2300 | ctx->daemon = GNUNET_TESTING_daemon_get(pg, temp_daemon); | 2383 | ctx->daemon = GNUNET_TESTING_daemon_get(pg, temp_daemon); |
2384 | GNUNET_CONTAINER_bloomfilter_add(malicious_bloom, &ctx->daemon->id.hashPubKey); | ||
2301 | ctx->malicious_type = GNUNET_MESSAGE_TYPE_DHT_MALICIOUS_GET; | 2385 | ctx->malicious_type = GNUNET_MESSAGE_TYPE_DHT_MALICIOUS_GET; |
2302 | GNUNET_SCHEDULER_add_now (&set_malicious, ctx); | 2386 | GNUNET_SCHEDULER_add_now (&set_malicious, ctx); |
2303 | 2387 | ||
@@ -2306,8 +2390,9 @@ setup_malicious_peers (void *cls, const struct GNUNET_SCHEDULER_TaskContext * tc | |||
2306 | for (i = 0; i < malicious_putters; i++) | 2390 | for (i = 0; i < malicious_putters; i++) |
2307 | { | 2391 | { |
2308 | ctx = GNUNET_malloc(sizeof(struct MaliciousContext)); | 2392 | ctx = GNUNET_malloc(sizeof(struct MaliciousContext)); |
2309 | temp_daemon = GNUNET_CRYPTO_random_u32(GNUNET_CRYPTO_QUALITY_WEAK, num_peers); | 2393 | temp_daemon = choose_next_malicious(pg, malicious_bloom); |
2310 | ctx->daemon = GNUNET_TESTING_daemon_get(pg, temp_daemon); | 2394 | ctx->daemon = GNUNET_TESTING_daemon_get(pg, temp_daemon); |
2395 | GNUNET_CONTAINER_bloomfilter_add(malicious_bloom, &ctx->daemon->id.hashPubKey); | ||
2311 | ctx->malicious_type = GNUNET_MESSAGE_TYPE_DHT_MALICIOUS_PUT; | 2396 | ctx->malicious_type = GNUNET_MESSAGE_TYPE_DHT_MALICIOUS_PUT; |
2312 | GNUNET_SCHEDULER_add_now (&set_malicious, ctx); | 2397 | GNUNET_SCHEDULER_add_now (&set_malicious, ctx); |
2313 | 2398 | ||
@@ -2316,8 +2401,9 @@ setup_malicious_peers (void *cls, const struct GNUNET_SCHEDULER_TaskContext * tc | |||
2316 | for (i = 0; i < malicious_droppers; i++) | 2401 | for (i = 0; i < malicious_droppers; i++) |
2317 | { | 2402 | { |
2318 | ctx = GNUNET_malloc(sizeof(struct MaliciousContext)); | 2403 | ctx = GNUNET_malloc(sizeof(struct MaliciousContext)); |
2319 | temp_daemon = GNUNET_CRYPTO_random_u32(GNUNET_CRYPTO_QUALITY_WEAK, num_peers); | 2404 | temp_daemon = choose_next_malicious(pg, malicious_bloom); |
2320 | ctx->daemon = GNUNET_TESTING_daemon_get(pg, temp_daemon); | 2405 | ctx->daemon = GNUNET_TESTING_daemon_get(pg, temp_daemon); |
2406 | GNUNET_CONTAINER_bloomfilter_add(malicious_bloom, &ctx->daemon->id.hashPubKey); | ||
2321 | ctx->malicious_type = GNUNET_MESSAGE_TYPE_DHT_MALICIOUS_DROP; | 2407 | ctx->malicious_type = GNUNET_MESSAGE_TYPE_DHT_MALICIOUS_DROP; |
2322 | GNUNET_SCHEDULER_add_now (&set_malicious, ctx); | 2408 | GNUNET_SCHEDULER_add_now (&set_malicious, ctx); |
2323 | } | 2409 | } |
@@ -2910,6 +2996,19 @@ run (void *cls, | |||
2910 | if (GNUNET_YES == GNUNET_CONFIGURATION_get_value_yesno(cfg, "DHT_TESTING", "MALICIOUS_AFTER_SETTLE")) | 2996 | if (GNUNET_YES == GNUNET_CONFIGURATION_get_value_yesno(cfg, "DHT_TESTING", "MALICIOUS_AFTER_SETTLE")) |
2911 | malicious_after_settle = GNUNET_YES; | 2997 | malicious_after_settle = GNUNET_YES; |
2912 | 2998 | ||
2999 | if (GNUNET_YES == GNUNET_CONFIGURATION_get_value_yesno(cfg, "DHT_TESTING", "MALICIOUS_SYBIL")) | ||
3000 | { | ||
3001 | /* Set up the malicious target at random for this round */ | ||
3002 | GNUNET_CRYPTO_hash_create_random (GNUNET_CRYPTO_QUALITY_WEAK, &sybil_target); | ||
3003 | malicious_sybil = GNUNET_YES; | ||
3004 | } | ||
3005 | |||
3006 | if ((malicious_droppers > 0) || (malicious_getters > 0) || (malicious_putters > 0)) | ||
3007 | { | ||
3008 | /* Create the bloomfilter for choosing which peers to set malicious */ | ||
3009 | malicious_bloom = GNUNET_CONTAINER_bloomfilter_init (NULL, DHT_BLOOM_SIZE, DHT_BLOOM_K); | ||
3010 | } | ||
3011 | |||
2913 | /* The normal behavior of the DHT is to do find peer requests | 3012 | /* The normal behavior of the DHT is to do find peer requests |
2914 | * on its own. Only if this is explicitly turned off should | 3013 | * on its own. Only if this is explicitly turned off should |
2915 | * the testing driver issue find peer requests (even though | 3014 | * the testing driver issue find peer requests (even though |
@@ -3133,6 +3232,9 @@ main (int argc, char *argv[]) | |||
3133 | options, &run, &ok); | 3232 | options, &run, &ok); |
3134 | 3233 | ||
3135 | 3234 | ||
3235 | if (malicious_bloom != NULL) | ||
3236 | GNUNET_CONTAINER_bloomfilter_free (malicious_bloom); | ||
3237 | |||
3136 | if (ret != GNUNET_OK) | 3238 | if (ret != GNUNET_OK) |
3137 | { | 3239 | { |
3138 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "`gnunet-dht-driver': Failed with error code %d\n", ret); | 3240 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, "`gnunet-dht-driver': Failed with error code %d\n", ret); |