The goals of this lab are to:
- Learn about network correlation attacks against anonymization networks
- Deanonymize network streams using passive or active correlation attacks
In this lab, you are given a container with a custom anonymizing proxy for HTTP requests. This proxy implements a fixed two-node circuit, i.e., an entry node and exit node. Clients can request the contents of a URL to be fetched on their behalf by wrapping a message containing a URL in encrypted RELAY messages, similar in principle to how onion routing messages are constructed.
To run the network, download the provided container in Canvas and – in separate terminals – run the two nodes as follows (replace
172.17.0.1 with the IP address of your host on the docker virtual network):
# Run the exit node on 0.0.0.0:5001 $ docker run -it --rm -p 5001:5001/tcp \ netsec-lab-deanonymization node -l 0.0.0.0:5001 # Run the entry node on 0.0.0.0:5000, and use 172.17.0.1:5001 # as the next node $ docker run -it --rm -p 5000:5000/tcp \ netsec-lab-deanonymization node -l 0.0.0.0:5000 -n 172.17.0.1:5001
The nodes will bootstrap a circuit and will then be ready to accept client requests. The container also contains a fixed client implementation, which will issue several distinct requests to the anonymization network. The clients can be run as follows:
# Request URLs using 172.17.0.1:5000 as the entry node $ docker run -it --rm -e RUST_LOG=info \ netsec-lab-deanonymization client -e 172.17.0.1:5000
Using your knowledge of correlation attacks, your goal is to link client IDs as presented in the client log messages with domains accessed as part of loading the client’s requested URL.
- Implement a correlation attack against the anonymization network
- Link clients to URL domains
Submit a text file with your client to domain mapping as well as a paragraph describing how your attack works.