# History Written by Marc Liberatore on 22 October 2015. The **Timing Attack** section was written by Swagatika Prusty and lightly edited by Marc. # Overview This file describes code and data: sha1sum filename 61870492aea62363b5d41ffc7cb1e4081c26f794 oneswarm-timing-attack-simulation.tar.gz e658ecc6fb0deb3d2c0c3eed9ee0eb7695fe843e oneswarm-timing-attack-code.tar.gz e765a2139da2581a411e6d0a9aae3049d8eafc01 oneswarm-timing-attack-trace.csv.bz2 as referenced in the following paper: @article{Bissias:2015, Author = { George Bissias and Brian Neil Levine and Marc Liberatore and Swagatika Prusty}, Journal = {IEEE Transactions on Dependable and Secure Computing}, Title = {{Forensic Identification of Anonymous Sources in OneSwarm}}, Year = {2015}} If you use these data, programs, or scripts in your own published research, please refer to them by citing the above paper. # Attack Simulation `oneswarm-timing-attack-simulation.tar.gz` contains the simulation and analysis code to reproduce Figure 6 in the paper. Use the Java code in `src/` to generate a `results.tsv` file; the code in `oneswarm/Sim.java` is well-documented and contains the `main` method. Then, use the R script `hyper.R` to generate the graph. You will need to edit some path-specific commands (`setcwd`s and the like) and may need to install some publicly-available R libraries to execute this script. # Timing Attack ## Building The patch files in `oneswarm-timing-attack-code.tar.gz` are against OneSwarm v0.7.1. Apply them, and place `RTT.java` in the correct location in the build tree (`src/edu/washington/cs/oneswarm/f2f/network/`). (Note that `PlotDataGenerator.java` is used in analyzing the attack output, not in executing the attack itself, as described below.) Build the modified OneSwarm on the measurement machine, and build an unmodified OneSwarm on a second machine. `ant` should work. Execute OneSwarm using `ant run` to make sure it works. ## Running the Experiments ### Aim In this experiment, our goal is to discover peers that are likely to be the sources of a particular file that we'll call "foo". To find these remote sources, we'll first calibrate our experiment against another file named "bar". We'll place "bar" on a second computer running OneSwarm on our local network. ### Requirements Set up two computers on the same network, each running OneSwarm. The first runs the patched version of OneSwarm described above, and the other runs the standard installation with default settings. Redirect standard output to a file using, for example, `ant run > AllOutput.txt`. ### Initialization Make the second computer the untrusted friend of the first installation. In settings make sure you enable LAN discovery of friends. Share a file "bar" on the second computer. The name can be anything that is unique on the entire OneSwarm network. On the first computer, block all other OneSwarm friends. ### Experimental procedure #### Step 1 Conduct a series of trials where each trial uses a unique serial number and is performed as follows. Append a unique number to the end of each trial's query to allow us to process the results. For example, for the fifth trial, the process is: - Send query for `#####-5`. (Literally, use the pound/hash/octothorpe symbol.) - Send query for a file that you know the known computer on LAN is sharing. - Send query for `#####-5`. Above, the queries for `#####` are used to determine the network roundtrip time from the first computer to the second computer. #### Step 2 Now, delete "bar" from the second computer. Here, one can conduct a smaller number of trials since many more results will come back for each query. Continue the sequence of unique numbers. Here, we'll start with 201. - Send query for `#####-201`. - Send any common keyword query such as "avi", "mp3", "pdf", "beatles", "big bang theory", etc. - Send query for `#####-201`. Again, the queries for "#####" are used to determine the network roundtrip time from the first computer to the second computer. #### Step 3 Next, shut down the second computer, and conduct a final trial as follows: Let the serial number be, say. 221: - Send query for `#####-221`. - Send query for `foo`. - Send query for `#####-221`. ### Processing the results From the output, we now produce a graphable CSV. #### Step 1 Let us say that you have the output of the experiment that we described previously in a file called `AllOutput.txt`. You may now derive two more files from this as follows: `cat AllOutput.txt | grep -i RTTLog > NetworkRTTInfo.csv` `cat AllOutput.txt | grep -i DELAYLog > TotalDelayInfo.csv` #### Step 2 Now, run the provided Java code (`PlotDataGenerator.java`) to generate data files for plotting as follows: ``` javac PlotDataGenerator.java java PlotDataGenerator 200 220 > oneswarm-timing-attack-trace.csv ``` Ensure that this Java file is in the same location as the csv files. Also, edit lines 33 and 79 to replace the existing file paths with the file paths on your machine. (Note that 200 and 220 are serial number bounds for the example experiment described above corresponding to Experiment procedure Steps 1 and 2 respectively. Use the numbers you chose.)