Assignment 5: Anonymity

eSoc 488: Information Privacy with Applications Due: 13 November 2018

Total Homework/Assignment Points: 100

1 Simple auditing

 

Even simple investigation of web tra c can be used to learn potentially-sensitive information.  Here we  set    up a web server, and observe what information is visible to a few di erent perspectives.  For  this section,   write your answers on their own line in a le called `auditing’ (no extension needed). Your mitmproxy dumps (described below) should be called `dump_1′ and `dump_2.’

1. (10)Set up a simple web server using the following steps:
   • Setup a virtual private server (VPS) running Debian on Digitalocean.1
   • Disable password authentication, and use an SSH key to access the server with a new account (notroot).
   • On your VPS, install ufw, and use it to ensure that your server drops all tra c that is not an  SSH session from your current IP address, or a web request from 127.0.0.1 on port
   • Install apache2. Edit the le /var/www/html/index.html to contain exactly the string `DOWN WITHCYBERCRUD’.
   • Addthe IP address of your server to `auditing’.
2. (5) Look at yourlogs
   • Use tail to view the access logs on your server as they are changing (you need a  ag for tail).  Visit your site. Answer the following in the le for thissection:
     1. Whatinformation is visible about you?
     2. Howcould this be used to learn more?

3. (5) Use mitmproxy to record a ow for a site you’re visiting (i.e., lter for just the tra c for the site itself, not third parties). Save the dump as `dump_1.’  Now do the same for a third party advertiser  oranalytics company on a  Create a text dump of the third party ow as well, and save it as

`dump_2.’ Now search the text for something you nd interesting, and record it in `auditing.’

 

 

• Tor2

You will submit these les for this section: your tor con guration le, `tor_getinfo.py,’ and `geo.’

1 Or a similar service. These instructions don’t assume anything about the VPS provider other than that it allows you to run a Linux instance.

2 Thanks to Maximilian Golla at RUB for sharing the questions in sections 3.2 and 3.3 below, which I have modi ed for our

purposes.

 

2.1 Onion Proxy

 

In this exercise we learn to interact with the onion proxy (OP) running on your client, and get information  from it.

1. (10)Open the control port of the Tor daemon using the Tor con guration 3    Then, write a python script  called  ‘tor_getinfo.py’  that  uses  Stem  to  get  information  about  your  Tor  connections.4      You must include detailed comments in this script explaining what each signi cant part is doing.

List the nodes used, with the IP-address and the ngerprint for each open Tor connection. Use the GeoIP Database5   to  nd the locations of your Tor nodes.  Record this in the `geo’  le, comma separated, with one line per node.

 

2.2 Specifying parts of the circuit

 

Tor allows to de ne the entry and exit nodes by modifying the con g le torrc. It is your task to use the following entry and exit nodes, which are identi ed by  ngerprints.6

Guard nodes:

• D529E870E7CCFCDA2CFEE9D317A8DC6E85497FDA
• C38286764201C7F0CDCC928ED59F2180F067C49D

Exit nodes:

• E4D1F25DFBE484208866BA4A1A958B73127CB0AD
• E6FAC9A7F33EE66F03C55C119770B2D45D3C576B

Answer the following questions in a le called `tor_node_selection.’

1. (10) List the nodes used, with the IP-address and the ngerprint for each open Tor connection anduse the GeoIP Database7   to  nd the location of your no
2. (5) How does a strict selection of the Tor exit and entry nodes in uence the anonymity of the connec- tion?
3. (5)Is it possible to exclude nodes? When should this be done?

 

 

2.3 Tor Bridges

 

Bridges are Tor relays that are not listed in the main Tor directory. Since there is no complete public list of them, even if your ISP (Internet Service Provider) is ltering connections to all the known Tor relays, they probably would not be able to block all the bridges. If you suspect your access to the Tor network is being blocked, you may want to use the bridge feature of Tor. It is your task to establish a connection to the Tor network via a bridge.8

3 The documentation can be found at https://www.torproject.org/docs/tor-manual.html.en.(10) Get a bridge that you can use to connect to the Tor network and give its IP,  port and  ngerprint.  How did you get these pieces of information? What are other methods to get a bridge (be sure to list themall)?

4 Stem documentation is at https://stem.torproject.org/.

5 Found at https://www.maxmind.com/en/geoip-demo

6 See footnote 3 above for the documentation.

7 See the link in footnote 5.

8 See https://www.torproject.org/docs/bridges.html.en

 

2. (5) In which situations is the application of bridges useful? Does the method to get a bridge that you chose before work in suchsituations?

 

 

2.4 Set up a Tor hidden service

 

Your next task is to set up a hidden service on the Tor network.

1. (20) Using  your  VPS,  install  tor,  and  set  up  a  hidden  service  using  the  tor  documen9        On your local computer, use the tor browser to visit your site (the address is found in $HOME/hid- den_service/hostname). This site will need to remain available until you have received a grade for this assignment (not more than one week from the submission deadline). Turn in the onion address for your working hidden service in a le called ‘hidden_service_address’.

Please answer the following questions about hidden services:

1. (5)How is the service hidden, e., why can users not reveal the location of the service (in the network) and still use it?
2. (5) Is there a way to still reveal information about the operators or the location of a hidden service? Monitorthe connections to your hidden service (e.g., by watching the access log le).
3. (5) Can you distinguish between di erent users? Would this be di erent if your service was not a hidden service (and still accessed viaTor)?

9 See https://www.torproject.org/docs/tor-hidden-service.html.en

最先出自天才代写 python代写   it代写

合作：幽灵代写