Network Deanonymization

The goals of this assignment are to:

1. Learn about network correlation attacks against anonymization networks
2. Deanonymize network streams using active correlation attacks

On netsec.cyberops.institute, you have CLI access to a custom anonymizing proxy for HTTP requests. This proxy implements a fixed two-node circuit, i.e., an entry node and exit node. Clients can request the contents of a URL to be fetched on their behalf by wrapping a message containing a URL in encrypted RELAY messages, similar in principle to how Tor onion routing messages are constructed.

To run the network, run the two nodes in separate as follows (you may need to select your own port numbers):

# Run the exit node on 0.0.0.0:5001
$ /home/anonymizer/anonymizer node -s 0.0.0.0:5001
# Run the entry node on 0.0.0.0:5000
$ /home/anonymizer/anonymizer node -s 0.0.0.0:5000 -n 127.0.0.1:5001

The nodes will bootstrap a circuit and will then be ready to accept client requests. The container also contains a fixed client implementation, which will issue several distinct requests to the anonymization network. The clients can be run as follows:

# Request URLs using the entry node
$ /home/anonymizer/anonymizer client -e 127.0.0.1:5000 -d

Your goal is to link client IDs as presented in the client log messages with domains accessed as part of loading the client’s requested URL. Use an active TCP proxy placed before the entry node and any watermarking strategy (i.e., correlation signal injection technique) of your choice to perform the attack. Note that you will need to point the client at your intercepting proxy rather than the entry node when attacking the network.

Submission Instructions

Submit the source code for your attack and a README. The README should contain instructions for running your attack, a mapping from client IDs to domains, and a short description of how your attack works.