Sunday, March 06, 2005

Remote physical device fingerprinting

Tadayoshi Kohno (aka Yoshi Kohno) , a graduate student at UCSD, has written a paper that describes how one can identify computers remotely.
We introduce the area of remote physical device fingerprinting, or fingerprinting a physical device, as opposed to an operating system or class of devices, remotely, and without the fingerprinted device's known cooperation. We accomplish this goal by exploiting small, microscopic deviations in device hardware: clock skews.
The idea is that when computers communicate over the net, they tag packets with a time retrieved from their internal clocks. Since each computer has a unique internal time (when considered at very high resolution) one can identify a computer (or at least distinguish between two computers) by comparing tagged times.

Mitch Kapor, on whose blog I found this link, seems worried about this. But I would think it would be easy to defeat simply by having one's computer reset it's clock periodically from a remote time server.

2 comments:

Anonymous said...

I came across your blog while searching on genetic programming. I thought your comment on resetting clocks to defeat the fingerprinting scheme based on clock skews was interesting. Unless of course someone comes up with a clock skew distinguishing technique for that minute period of time when the systems time hasnt been reset by a remote time server. I still think the best way to identify a system for security purposes is to hack the system because as long as the system belongs to a user they can do what they want with it, and like you rightly said also reset system times from remote time servers or not !.

Really liked the quotes on your webpage too.

Anonymous said...

I was just browsing through the internet looking for some information and came across your blog. I am impressed by the information that you have on this blog. It shows how well you understand this subject. Bookmarked this page, will come back for more. remote device management