def test_query_limit(self, users=None, rate_limit_only=False, rate=2):
"""Initializes a test for speed constraints
@users: a user list to be used for this experiment
@rate_limit_only: only check rate limiting (do not attempt continuous
queries but only a certain number of queries / min)
@rate: start rate limiting check with this many queries per second and
adjust accordintgly.
"""
vb.vb_print(self.verbose, "Initiating query limit test")
if users is None:
users = self._db.get_ordered_users()
if len(users) == 1:
raise SystemExit("Not enough users! At least two users required")
self.attackers = [AuditorUser(self.service_id, u) for u in users]
self.attacker = self.attackers.pop()
victim = self.attackers.pop(0)
self._db.insert_test("query_limit")
self.test_id = self._db.get_test_id("query_limit")
# limit on update location queries
self.qps_u_limit = self._query_rate_limit_update(rate_limit_only,
rate)
# limit on get_distance queries
self.qps_r_limit = self._query_rate_limit_request(rate_limit_only,
rate)
# total query limit should be the minimum of update/request limits
self.absq_limit = math.min(self.absq_u_limit, self.absq_r_limit)
self.qps_limit = math.min(self.qps_u_limit, self.qps_r_limit)
def test_rudp_attack(self, rounding_classes, victim=None, users=None,
kml=None, grid=20):
"""Run the RUDP attack and set the accuracy in the Auditor class
"""
vb.vb_print(self.verbose, "Testing accuracy of RUDP attack")
# FIXME check rounding classes
if users is None:
users = self._db.get_ordered_users()
if victim is not None:
self.victim = AuditorUser(self.service_id, victim)
# make sure that victim is not in users
#users.remove(victim)
# and create instances of AuditorUser for attackers
self.attackers = [AuditorUser(self.service_id, u) for u in users]
self.attacker = self.attackers.pop()
else:
# and create instances of AuditorUser for attackers
self.attackers = [AuditorUser(self.service_id, u) for u in users]
self.attacker = self.attackers.pop()
# pick the guy with the most queries to be the victim
self.victim = self.attackers.pop(0)
[ny_lat, ny_lon] = [40.753506, -73.988800]
ny_lat += random.uniform(-0.01, 0.01)
ny_lon += random.uniform(-0.01, 0.01)
# place victim
(success, queries) = self.auditor_handled_place_at_coords(self.victim,
ny_lat,
ny_lon,
self.test_id)
if not success:
raise SystemExit("Could not place user 1")
self._db.insert_test("rudp")
self.test_id = self._db.get_test_id("rudp")
if self.query_limit is None:
query_limit = self.absq_limit
disc_attack = auditor_discovery_attack.DiscoveryAttack(self,
self.attackers,
self.attacker,
self.victim,
self.proj,
self.oracle,
self.test_id,
self.__serv_name,
"rudp",
self.verbose,
self.query_limit,
self.speed_limit)
self.rudp_accuracy = disc_attack.rudp_attack(rounding_classes,
kml,
grid)
def _update_attacker(self):
"""Get a new attacker from the available users
"""
if len(self.attackers) == 0:
raise SystemExit("Run out of attackers")
vb.vb_print(self.verbose, " *** updating attacker ***", None, True)
self.attacker = self.attackers.pop()
# sleep for some period
sleep(10)
def _query_rate_limit_update(self, rate_limit_only=False, rate=2):
"""Check limits on update location queries
"""
vb.vb_print(self.verbose, "Examining limits on update queries")
# Pass the arguments for update location:
# attacker, distance to move, angle, test_id, ERROR_VALUE for function
args = (self.attacker, 0.001, randint(0, 360), self.test_id, False)
return self.__limit_check(self.auditor_handled_place_at_dist,
rate_limit_only,
rate,
*args)
def _query_rate_limit_request(self, rate_limit_only=False, rate=2):
"""Check query limit when we get distance of a user
"""
vb.vb_print(self.verbose, "Examining limits on update queries")
# Pass the arguments for update location:
# attacker, victim, test_id, ERROR_VALUE of function
args = (self.attacker, self.victim, self.test_id, None)
return self.__limit_check(self.auditor_handled_distance,
rate_limit_only,
rate,
*args)
def in_proximity(self, auditor_user_a, auditor_user_b, test_id):
"""auditor_user_a examines if auditor_user_b is in proximity radius
(in km) using a disk proximity oracle
Args:
auditor_user_a: auditor user instance for attacker
auditor_user_b: auditor user instance for target
radius: radius of disk in km
Returns:
(answer, queries) where @answer is True if user_b is in proximity
to user_a with respect to the oracle else False.
"""
vb.vb_print(self.verbose, "Examining oracle:", "DUDP", True)
query_id = int(time())
(dist, q) = self.auditor.auditor_handled_distance(
auditor_user_a, auditor_user_b, test_id, auditor_user_a.loc,
query_id)
if dist is None:
vb.vb_print(self.verbose, " |-- None", "DUDP", True)
return (None, 1)
if dist < self.radius:
vb.vb_print(self.verbose, " |-- True", "DUDP", True)
return (True, q)
else:
vb.vb_print(self.verbose, " |-- False", "DUDP", True)
return (False, q)
def in_proximity(self, auditor_user_a, auditor_user_b, test_id):
"""auditor_user_a gets the distance from auditor_user_b
using the disk proximity oracle
Args:
auditor_user_a: auditor user instance for attacker
auditor_user_b: auditor user instance for target
"""
vb.vb_print(self.verbose, "Examining oracle:", "RUDP", True)
query_id = int(time())
return self.auditor.auditor_handled_distance(auditor_user_a,
auditor_user_b, test_id,
auditor_user_a.loc,
query_id)
def _update_attacker(self):
"""Get a new attacker from the available users
"""
if len(self.attackers) == 0:
vb.vb_print(self.verbose,
" *** RUN OUT OF ATTACKERS - RESTARTING ***",
"UDP",
True)
self.attackers = self.attackers_backup
self.restart_times += 1
vb.vb_print(self.verbose, " *** updating attacker ***", "UDP", True)
self.attacker = self.attackers.pop()
# sleep for some period
sleep(10)
def _place_at_coords(self, attacker, lat, lon, test_id):
"""Attempt to update attacker location until we succeed
"""
while True:
vb.vb_print(self.verbose,
"Placing user at " + str(lat) + ", " + str(lon),
"UDP",
True)
query_id = int(time())
res = self.auditor.auditor_handled_place_at_coords(attacker,
lat,
lon,
test_id,
query_id)
# sleep until location is updated
sleep(2)
# add queries regardless of whether we failed
self.attack_queries += res[1]
if res[0] is False:
# if for any reason update failed, change attacker
self._update_attacker()
else:
return res
def __limit_check(self, function, rate_limit_only=False, rate=2, *args):
"""Check query limit when we update the location of the user
Initially we check
Args:
function: function to be checked against query limiting
rate_limit_only: Only perform rate limiting check
rate: starting rate of queries per second
args: the argumetns of the function with the error value being
the last argument
"""
limit = None
if not rate_limit_only:
vb.vb_print(self.verbose,
"Testing if there is a global limit on query number",
"query-limit",
True)
# Query once per second: our attacks require around
# 100 queries so lets do 1000 queries for the worst case
sleep_time = 1
total_queries = 1000
# place the user 2 meters away
for i in range(total_queries):
# perform micro-adjustments in location so as to
# not trigger any speed constraints
success, queries = function(*args[:-1])
if success is args[-1]:
limit = i
break
sleep(sleep_time)
# if we did not have a limit return None
if limit is None:
vb.vb_print(self.verbose, " |--> False", "query-limit", True)
return None
vb.vb_print(self.verbose,
" |--> True: stopped at " + str(limit),
"query-limit",
True)
# update absolute limits depending on the functions
if function == self.auditor_handled_distance:
self.absq_u_limit = limit
else:
self.absq_r_limit = limit
vb.vb_print(self.verbose,
"Testing if there is rate limiting on queries",
"query-limit",
True)
# If we were blocked check rate limiting
# Currently rate limiting is eq. to @limit queries / sec
# Initialize minimum and maximum queries / sec
if limit is not None:
[min_rate, max_rate] = [0, limit]
else:
[min_rate, max_rate] = [0, rate]
while min_rate < max_rate:
cur_rate = float(min_rate + max_rate) / 2
vb.vb_print(self.verbose,
" |--current rate: " + str(cur_rate),
"query-limit",
True)
# we apply each rate per second thus
total_queries = cur_rate * 60
# calculate sleep time per queries approximately
sleep_time = float(1 / cur_rate)
counter = 0
while counter < total_queries:
successful = function(*args[:-1])
if successful is args[-1]:
# if we are blocked change attacker
self._update_attacker()
max_rate = cur_rate
else:
# if we succeeded increase min_rate to cur_rate
min_rate = cur_rate
# sleep till the next query
sleep(sleep_time)
counter += 1
return cur_rate
def __init__(self, auditor, attackers, attacker, victim, proj, oracle,
test_id, service, test_name, verbose, kml=None, query_lim=None,
speed_limit=None):
"""Initializes a Discovery attack
Args:
users: the users in our user pool
proj : the projection used
oracle: an instance of the ProximityOracle class, either DUDP
RUDP or a custom oracle defined by the inherited service
kml: a path of a kml file with the search area for the victim
"""
# FIXME add sleep times depending on query rate
self.kmlparser = KMLParser(proj)
# pass Auditor class
self.auditor = auditor
self.attackers_backup = list(attackers)
self.attackers = attackers
self.restart_times = 0
self.attacker = attacker
self.victim = victim
self.proj = proj
self.oracle = oracle
self.verbose = verbose
self.test_id = test_id
# if limit is None set it to infinity
self.query_limit = query_lim if query_lim is not None else float('inf')
#
# Attack parameters
#
# grid size for calculations: can be modified by user in xxx_attack call
self.grid_size = 20
# query no in the current attack
self.attack_queries = 0
self.test_name = test_name
self.service_name = service
#
# Create directories for attack
#
self.kml_dir = ''.join(os.getcwd() + "/" + self.KML_DIR)
if not os.path.exists(self.kml_dir):
os.makedirs(self.kml_dir)
self.json_dir = ''.join(os.getcwd() + "/" + self.JSON_DIR)
if not os.path.exists(self.json_dir):
os.makedirs(self.json_dir)
#
# Set up victim and seaerth area
#
if kml is None:
self.kml = ''.join(os.getcwd() + "/" + self.NY_METROPOLITAN)
self.search_area = self.kmlparser.poly_from_kml(self.kml)
else:
if os.path.isfile(kml):
self.kml = kml
self.search_area = self.kmlparser.poly_from_kml(kml)
else:
raise SystemExit("No such kml file")
# get random victim location in projected coordinates
(vict_x, vict_y) = self.kmlparser.random_from_polygon(self.search_area,
1)[0]
(vict_lon, vict_lat) = proj(vict_x, vict_y, inverse=True)
vb.vb_print(self.verbose,
"Placing victim at " + str([vict_lat, vict_lon]))
# place victim
(success, queries) = auditor.auditor_handled_place_at_coords(victim,
vict_lat,
vict_lon,
test_id)
self.attack_queries += queries
if not success:
raise SystemExit("Could not place victim")
def _run_binary(self, inter, radius, grid_size=20):
"""Runs binary on area
Args:
@inter: the projected polygon in which we are running
the binary attack algorithm
@radius: the radius of the disk to perform the cuts
"""
vb.vb_print(self.verbose, "Running Binary", "UDP", True)
last_inter_area = float('inf')
while (inter.area > self.BINARY_STOP_AREA and
self.attack_queries < self.query_limit):
vb.vb_print(self.verbose, "Estimating cut", "UDP", True)
# find projected coordinates that cut inter in half
proj_coords = cells.cut(inter, self.proj, radius, grid_size)
circle = Point(proj_coords[0], proj_coords[1]).buffer(radius * 1000)
self.json_out["DUDP"].append({"query": self.attack_queries,
"disk": self._log_kml("disk",
circle),
"active_area": self._log_kml("inter",
inter),
})
# calculate the coordinates for the new cut query
(query_lon, query_lat) = self.proj(proj_coords[0],
proj_coords[1],
inverse=True)
self._place_at_coords(self.attacker,
query_lat,
query_lon,
self.test_id)
if self.oracle is None:
raise SystemExit("oracle should not be None after coverage")
oracle_rspn = [None, None]
attempts = 0
while oracle_rspn[0] is None:
# ask the oracle if the victim is in proximity
oracle_rspn = self.oracle.in_proximity(self.attacker,
self.victim,
self.test_id)
# increase queries
self.attack_queries += oracle_rspn[1]
if oracle_rspn[0] is None and attempts > 5:
self._update_attacker()
attempts += 1
if oracle_rspn[0] is True:
# if in proximity take the intersection
inter_new = inter.intersection(circle)
else:
# else take the difference
inter_new = inter.difference(circle)
if inter_new.is_empty:
print "\n\n\t ***WARNING!! EMPTY INTERSECTION***\n\n"
inter = circle
else:
inter = inter_new
# log kml
self._log_kml("inter", inter)
# if area is not reduced after intersection
# break to avoid an infinite loop.
area = inter.area
if math.fabs(last_inter_area - area) < self.MIN_REDUCTION * area:
vb.vb_print(self.verbose,
"Area not significantly reduced ..stopping",
"UDP",
True)
break
else:
last_inter_area = inter.area
est_location = cells.poly_centroid(inter, self.proj)
vb.vb_print(self.verbose,
"Estimated Location: " + str(est_location),
"UDP",
True)
real_est_distance = earth.distance_on_unit_sphere(self.victim.loc[0],
self.victim.loc[1],
est_location[0],
est_location[1])
# convert to m
real_est_distance *= 1000
vb.vb_print(self.verbose,
"Distance from real loc: " + str(real_est_distance) + "m",
"UDP",
True)
self.json_out["est_location"].append({"query": self.attack_queries,
"area" : inter.area,
"coords": [est_location[0],
est_location[1]]})
self.json_out["real_location"].append({"query": -1,
"coords": [self.victim.loc[0],
self.victim.loc[1]]})
output_json = ''.join(os.getcwd() + "/" + self.JSON_DIR)
output_json += self.service_name + "_UDP_"
with open(output_json + str(self.test_id) + ".json", "w") as outfile:
json.dump(self.json_out, outfile)
return real_est_distance
def _run_coverage(self, disk_radii):
"""Runs coverage algorithm on search_area
disk_radii contains the list of available radii by the service
This routine attempts to cover the search_area with as few disks
as possible for the given set of disk_radii and then queries the
proximity oracle for each of the disks until that returns true.
Once the proximity oracle is true (the target is found in the disk)
the routine returns the respective disk
Args:
disk_radii: the list of available radii for the disks used
by the service in km
Returns:
A polygon in projected coordinates with the disk containing
the target.
"""
vb.vb_print(self.verbose, "Running Coverage", "UDP", True)
grid = cells.Cells(self.proj)
# get largest radius and try to create a grid
# with hexagons defined by r.
sorted_radii = sorted(disk_radii, reverse=True)
disk_radius = sorted_radii[0]
# pdict is a dictionary with all the grid points.
# If no keys are found the radius r is too big to
# create a grid in the search area FIXME should we go for
# binary directly the moment we have one succesful query?
while len(grid.pdict.keys()) == 0:
vb.vb_print(self.verbose,
"Attempting to create grid with R=" + str(disk_radius),
"UDP",
True)
# Attempt to construct grid with this radius
grid.construct_grid_in_polygon(self.search_area, disk_radius * 1000)
try:
# get the next smaller radius in case this
disk_radius = sorted_radii[next(x[0] for x in
enumerate(sorted_radii) if x[1] < disk_radius)]
except StopIteration:
# Normally this should never trigger with the default kml
raise SystemExit("Can't create grid with the available radii")
vb.vb_print(self.verbose, "|--> Success!", "UDP", True)
idx = sorted_radii.index(disk_radius)
# Take previous r which is what the grid was made with
# since we have already decreased this once
disk_radius = sorted_radii[idx - 1]
if self.oracle is None:
self.oracle = apo.DiskProximityOracle(self.auditor,
disk_radius,
self.verbose)
else:
# set this radius in the oracle
self.oracle.set_radius(disk_radius)
# create the oracle
grid_points = grid.pdict.keys()
# FIXME we should update points based on the speed limits
# currently let it randomly selects points.
#
# As a proper solution we should traverse the squares in a
# consistent manner (like following a path zig-zag from left
# to right then up then left etc). The problem is that if the
# current location of the attacker is in the middle we would
# have to do like a spiral which complicates stuff. So perhaps,
# |
# v
# Replace the for loop with a while loop and after every iteration,
# re-sort the remaining circles based on the distance from the
# current point. Ugly but works and hopefully we won't have many circles
random.shuffle(grid_points)
for point in grid_points:
# FIXME update depending on query limiting rates
(lon, lat) = self.proj(float(point[0]),
float(point[1]),
inverse=True)
# Place the user there respecting any speed constraints
# Since the points are ordered based on the distance from
# the current location, this is the closest point
self._place_at_coords(self.attacker,
lat,
lon,
self.test_id)
# ask oracle until we get a response
oracle_rspn = [None, None]
attempts = 0
while oracle_rspn[0] is None:
# ask the oracle if the victim is in proximity
oracle_rspn = self.oracle.in_proximity(self.attacker,
self.victim,
self.test_id)
# increase total queries of the attack
self.attack_queries += oracle_rspn[1]
if oracle_rspn[0] is None and attempts > 5:
self._update_attacker()
attempts +=1
circle = cells.circle(lat, lon, disk_radius * 1000, self.proj)
self._log_kml("coverage", circle)
self.json_out["coverage"].append({"query": self.attack_queries,
"disk": [lat,
lon,
disk_radius * 1000]})
if oracle_rspn[0] is not None:
if oracle_rspn[0] is True:
vb.vb_print(self.verbose,
"Found at " + vector.to_str([lat, lon]) + " !",
"DUDP",
True)
return (circle, disk_radius)
# if not found return None
return None, None
def _run_trilateration(self, rounding_classes):
"""Runs a variance of the trilateration attack on the search_area
Args:
rouding_classes: a list of intervals with the radiuses
Returns:
A polygon in projected coordinates containing the target
"""
vb.vb_print(self.verbose,
"Running trilateration",
"UDP",
True)
# get minimum radius in the rounding classes
MIN_R = sorted([cl[0] for cl in rounding_classes])[0][0]
#initially the intersection is the whole area
inter = self.search_area
# place the attacker in the center
if self.attacker.loc is None or self.attacker.loc[0] is None:
starting_loc = cells.poly_centroid(inter, self.proj)
self._place_at_coords(self.attacker,
starting_loc[0],
starting_loc[1],
self.test_id)
if self.oracle is None:
self.oracle = apo.RoundingProximityOracle(self.auditor,
rounding_classes,
self.verbose)
# initially get a rough estimate with 3 queries from
# three locations at a distance of 120 degrees.
# Initiate intersection rings
rings = []
for i in range(3):
# get a ring and check if we are switching to binary
ring_response = self.__get_ring(MIN_R)
if ring_response is None:
raise SystemExit("victim not found")
else:
distance_range, ring = ring_response
self._log_kml("ring", ring)
rings.append(ring)
#XXX no need to check for multipolygon in case of DUDP
# as we are working inside a polygonal area
inter_new = None
if inter.geom_type == "MultiPolygon":
for p in inter:
cut_inter = p.intersection(ring)
if inter_new is None:
inter_new = cut_inter
else:
inter_new = inter_new.union(cut_inter)
else:
inter_new = inter.intersection(ring)
# update the intersection
inter = ring if inter_new.is_empty else inter_new
# log kml files
self.json_out["RUDP"].append({"query": self.attack_queries,
"ring": self._log_kml("ring", ring),
"active_area": self._log_kml("inter",
inter),
})
# update attacker location
dist = float(distance_range[0] + distance_range[1]) / 2
# calculate new location for the next query
new_loc = earth.point_on_earth(self.attacker.loc[0],
self.attacker.loc[1],
dist,
i * 120)
self._place_at_coords(self.attacker,
new_loc[0],
new_loc[1],
self.test_id)
# switch to binary
return inter
def __get_ring(self, minR):
"""Asks the proximity oracle and creates a ring respectively
If we are in the base rounding class, we switch to binary
"""
# we expect to get an answer from the oracle
# loop if there is an error and change attacker
dist = None
attempts = 0
while dist is None:
# get distance and queries from the oracle
(dist, queries) = self.oracle.in_proximity(self.attacker,
self.victim,
self.test_id)
sleep(2)
# increase total queries
self.attack_queries += queries
# increase queries
if dist is None and attempts > 5:
self._update_attacker()
attempts += 1
# at this poing we god a distance from the proximity oracle
# see in which rounding class this oracle belongs to
for round_class in sorted([cl[0] for cl in self.oracle.round_cl]):
# get the ranges for which this rounding class is active
# e.x. from 100 to 200m --> [0.1, 0.2]
[small_radius, big_radius] = round_class
if dist >= small_radius and dist <= big_radius:
vb.vb_print(self.verbose,
"Distance returned: " + str(dist),
"UDP",
True)
for cl in self.oracle.round_cl:
if cl[0] == round_class:
# see what the real distance might be (in km)
real_dist = self.__get_candidate_dist(dist, cl)
break
if real_dist is None:
return None
vb.vb_print(self.verbose,
"Candidate distances: " + str(real_dist),
"UDP",
True)
attacker_location = self.attacker.loc
# if we got a rounding class create a ring else return None
# round_class should have the proper value from the last iteration
# in the for loop. FIXME messy
ring = cells.ring(attacker_location[0],
attacker_location[1],
float(real_dist[0]) * 1000,
float(real_dist[1]) * 1000,
self.proj)
# return minimum distance and ring
return real_dist, ring
def test_speed_limit(self, users=None):
"""Run a speed limit test binary searching for the max allowed speed
"""
vb.vb_print(self.verbose, "Initiating speed limit test")
if users is None:
users = self._db.get_ordered_users()
self.attackers = [AuditorUser(self.service_id, u) for u in users]
self.attacker = self.attackers.pop()
self._db.insert_test("speed_limit")
self.test_id = self._db.get_test_id("speed_limit")
# set a sleep time between queries
sleep_time = 5
# First we test teleportation: No speed constraints.
# We set the user in New York and subsequently in San Fransisco
# Hardcode coordinates for first check
(ny_lat, ny_lon) = (40.708306, -74.008839)
(sf_lat, sf_lon) = (37.761398, -122.415413)
vb.vb_print(self.verbose, "testing teleportation", "speed-limit", True)
# place user in New York
(success, queries) = self.auditor_handled_place_at_coords(self.attacker,
ny_lat,
ny_lon,
self.test_id)
if not success:
raise SystemExit("Could not place user at New York")
# Wait some time for the query to be processed.
sleep(sleep_time)
# Teleport!
(success, queries) = self.auditor_handled_place_at_coords(self.attacker,
sf_lat,
sf_lon,
self.test_id)
# Wait some time for the query to be processed.
sleep(sleep_time)
if success:
# back in New York!
(success, q_n) = self.auditor_handled_place_at_coords(self.attacker,
ny_lat,
ny_lon,
self.test_id)
# Wait some time for the query to be processed.
sleep(sleep_time)
if success:
self.speed_limit = None
vb.vb_print(self.verbose, " |->..Success!", "speed-limit", True)
return None
vb.vb_print(self.verbose, " |->..Failed", "speed-limit", True)
# If we could not teleport, binary search in distances
# Hardcode max speed in km/h
[min_speed, max_speed] = [1, 1024]
vb.vb_print(self.verbose, "Searching cut-off", "speed-limit", True)
while min_speed < max_speed:
cur_speed = float(min_speed + max_speed) / 2
dist = float(cur_speed * sleep_time) / 3600
# output speed if verbose
vb.vb_print(self.verbose,
" |--current speed: " + str(cur_speed),
"speed-limit",
True)
# keep a bearing of 70 degrees to make sure we place
# the user over mainland and not at sea
(success, q_no) = self.auditor_handled_place_at_dist(self.attacker,
dist,
70,
self.test_id)
if success:
# if we succeeded increase min to cur_speed
min_speed = cur_speed
else:
# if we are blocked change attacker
self._update_attacker()
max_speed = cur_speed
# sleep till the next query
sleep(sleep_time)
self.speed_limit = cur_speed
return cur_speed
def test_location_verification(self, users=None):
"""Checks whether the service verifies the location
of a user when they perform a query
"""
if users is None:
users = self._db.get_ordered_users(2)
if len(users) < 2:
raise SystemExit("Not enough users! Three users required")
user_list = [AuditorUser(self.service_id, u) for u in users]
vb.vb_print(self.verbose, "Examining if service verifies coordinates")
self._db.insert_test("coordinate_verification")
self.test_id = self._db.get_test_id("coordinate_verification")
# place user1 and user2 at a fixed distance (say 1km)
user_1 = user_list.pop()
user_2 = user_list.pop()
[ny_lat1, ny_lon1] = [40.708306, -74.008839]
[ny_lat2, ny_lon2] = [40.725412, -73.995323]
[ny_lat3, ny_lon3] = [40.753506, -73.988800]
# place user1
(success, queries) = self.auditor_handled_place_at_coords(user_1,
ny_lat1,
ny_lon1,
self.test_id)
if not success:
raise SystemExit("Could not place user 1")
# place user2
(success, queries) = self.auditor_handled_place_at_coords(user_2,
ny_lat2,
ny_lon2,
self.test_id)
if not success:
raise SystemExit("Could not place user 2")
# measure current distance of user1, user2
(distance1, queries) = self.auditor_handled_distance(user_1,
user_2,
self.test_id,
[ny_lat1,
ny_lon1])
(distance2, queries) = self.auditor_handled_distance(user_1,
user_2,
self.test_id,
[ny_lat3,
ny_lon3])
location_verified = (distance1 == distance2 and (distance1 is not None))
self.service_verifies_location = location_verified
vb.vb_print(self.verbose,
" |-->" + str(location_verified),
"verification check",
True)
return location_verified
def test_dudp_attack(self, disk_radii, victim=None, users=None,
kml=None, grid=20):
"""Run the DUDP attack and set the accuracy in the Auditor class
"""
# TODO add documentation & user checking add check for no of users
# but provision for the case where the auditor supplied victim and
# not user!
vb.vb_print(self.verbose, "Testing accuracy of DUDP attack")
if users is None:
users = self._db.get_ordered_users()
if victim is not None:
self.victim = AuditorUser(self.service_id, victim)
# make sure that victim is not in users
#users.remove(victim)
# and create instances of AuditorUser for attackers
self.attackers = [AuditorUser(self.service_id, u) for u in users]
self.attacker = self.attackers.pop()
else:
# and create instances of AuditorUser for attackers
self.attackers = [AuditorUser(self.service_id, u) for u in users]
self.attacker = self.attackers.pop()
# pick the guy with the most queries to be the victim
self.victim = self.attackers.pop(0)
[ny_lat, ny_lon] = [40.753506, -73.988800]
ny_lat += random.uniform(-0.01, 0.01)
ny_lon += random.uniform(-0.01, 0.01)
# place victim
(success, queries) = self.auditor_handled_place_at_coords(self.victim,
ny_lat,
ny_lon,
self.test_id)
if type(disk_radii) != list:
raise TypeError("Expecting a list of radii in km")
if len(disk_radii) == 0:
raise SystemExit("At least one radius in km is required!")
if not success:
raise SystemExit("Could not place user 1")
self._db.insert_test("dudp")
self.test_id = self._db.get_test_id("dudp")
# FIXME check query rate limiting for both dudp and rudp
self.query_limit = self.absq_limit
disc_attack = auditor_discovery_attack.DiscoveryAttack(self,
self.attackers,
self.attacker,
self.victim,
self.proj,
self.oracle,
self.test_id,
self.__serv_name,
"dudp",
self.verbose,
self.query_limit,
self.speed_limit)
self.dudp_accuracy = disc_attack.dudp_attack(disk_radii, kml, grid)
