Updated: 11/24/2005; 11:35:58 PM.

General networking
Data network connectivity developments, networking business news, and related computing items.


daily link  Saturday, March 05, 2005


Fingerprinting PCs wherever they connect to the Net: ". A doctoral student at the University of California has conclusively fingerprinted computer hardware remotely, allowing it to be tracked wherever it is on the Internet.  In a paper on his research, primary author and Ph.D. student Tadayoshi Kohno said: "There are now a number of powerful techniques for remote operating system fingerprinting, that is, remotely determining the operating systems of devices on the Internet. We push this idea further and introduce the notion of remote physical device fingerprinting ... without the fingerprinted device's known cooperation."

The potential applications for Kohno's technique are impressive. For example, "tracking, with some probability, a physical device as it connects to the Internet from different access points, counting the number of devices behind a NAT even when the devices use constant or random IP identifications, remotely probing a block of addresses to determine if the addresses correspond to virtual hosts (for example, as part of a virtual honeynet), and unanonymising anonymised network traces. .. One could also use our techniques to help track laptops as they move, perhaps as part of a Carnivore-like project [or to] obtain information about whether two devices on the Internet, possibly shifted in time or IP addresses, are actually the same physical device."

The technique works by "exploiting small, microscopic deviations in device hardware: clock skews." In practice, Kohno's paper says, his techniques "exploit the fact that most modern TCP stacks implement the TCP timestamps option from RFC 1323 whereby, for performance purposes, each party in a TCP flow includes information about its perception of time in each outgoing packet. A fingerprinter can use the information contained within the TCP headers to estimate a device's clock skew and thereby fingerprint a physical device. .. Our techniques report consistent measurements when the measurer is thousands of miles, multiple hops, and tens of milliseconds away from the fingerprinted device, and when the fingerprinted device is connected to the Internet from different locations and via different access technologies. Further, one can apply our passive and semi-passive techniques when the fingerprinted device is behind a NAT or firewall. .. For all our methods, we stress that the fingerprinter does not require any modification to or cooperation from the fingerprintee." Kohno and his team tested their techniques on many operating systems, including Windows XP and 2000, Mac OS X Panther, Red Hat and Debian Linux, FreeBSD, OpenBSD and even Windows for Pocket PCs 2002. ..

Although the paper says that "It has long been known that seemingly identical computers can have disparate clock skews," it goes on to conclude that "the main advantage of our techniques ... is that our technique can be mountable by adversaries thousands of miles and multiple hops away." " [via Mitch Kapor]

  11:30:33 AM  permalink  

 
March 2005
Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    
Feb   Apr
-
Subscribe to "General networking" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog.
Click here to visit the Radio UserLand website.

jenett.radio.simplicity.1.3R


Copyright 2005 © Ken Novak.
Last update: 11/24/2005; 11:35:58 PM.