Remotely tracking PCs online
p2pnet.net News:- University of California student Tadayoshi Kohno says he and his colleagues have found a way to remotely fingerprint computers so they can be tracked anywhere online.
Powerful techniques for remote operating system fingerprinting, ie, techniques for remotely determining the operating systems of devices on the Internet, already exist, he, Andre Broido and kc claffy say in Remote physical device fingerprinting, going on:
“We push this idea further and introduce the notion of remote physical device fingerprinting, or remotely fingerprinting a physical device, as opposed to an operating system or class of devices, without the fingerprinted device’s known cooperation.
“We accomplish this goal to varying degrees of precision by exploiting microscopic deviations in device hardware: clock skews.
Entertainment industry movie, music and software cartels already spend millions, if not billions, of dollars on surveillance in their efforts to spy on Net users with the ultimate goal of gaining complete control over who does what online.
“Our techniques do not require any modification to the fingerprinted devices,” says the paper. “Our techniques report consistent measurements when the measurer is thousands of miles, multiple hops, and tens of milliseconds away from the fingerprinted device, and when the fingerprinted device is connected to the Internet from different locations and via different access technologies.
“Further, one can apply our passive and semi-passive techniques when the fingerprinted device is behind a NAT or firewall, and also when the device’s system time is maintained via NTP or SNTP. One can use our techniques to obtain information about whether two devices on the Internet, possibly shifted in time or IP addresses, are actually the same physical device.
“Example applications include: computer forensics; tracking, with some probability, a physical device as it connects to the Internet from different public access points; counting the number of devices behind a NAT even when the devices use constant or random IP IDs; remotely probing a block of addresses to determine if the addresses correspond to virtual hosts, e.g., as part of a virtual honeynet; and unanonymizing anonymized network traces.”
We tried to reach Kohno, a doctoral student, at his lab. But, “It’s Friday and I’m the only one here and I don’t have his cell phone number,” said the student who answered.
In the meanwhile, “Although the techniques we described will likely remain applicable to current generation systems, we suspect that future generation security systems might offer countermeasures to resist some of the fingerprinting techniques that we uncover,” the paper concludes.
“In anticipation of such developments, we discussed possible avenues for physical device fingerprinting when information about a system’s TSopt clock or system clock are not readily available to the adversary. Our results compellingly illustrate a fundamental reason why securing real-world systems is so genuinely difficult: it is possible to extract security-relevant signals from data canonically considered to be noise. This aspect renders perfect security elusive, and even more ominously suggests that there remain fundamental properties of networks that we have yet to integrate into our security models.”
Something you think we should know? tips[at]p2pnet.net
March 4th, 2005 at 9:16 pm
Anyone with half a brain and some technical know how can manipulate or outright change these identifiers…overclocking, swapping out chips, increasing voltage by a small degree through the bios…just another game of cat and mouse
TT
March 4th, 2005 at 10:20 pm
True, but if the mouse does not know the cat is there, it could very well get eaten…
March 5th, 2005 at 5:41 am
This kind of tracking without knollege should not be allowed… and shame on these Japanese guys from coming up with it >_>…
They wont get away with this…
March 5th, 2005 at 11:56 pm
That’s a short sighted view. As upsetting as this is, It’s better these guys found the method and published it than it being discovered in some secret lab and becoming a hidden weapon to be used by unscrupulous parties agains unsuspecting people.
This way there is an opportunity to develop defenses for people’s privacy such as the ones developed against Intel’s CPU tagging.
March 8th, 2005 at 12:38 am
Very interesting on first read ! Please don’t take this the wrong way, but i find it hard to accept as is. Because clock speed and pulse width etc are NOT consistant at ALL and can vary randomly microsecond by microsecond. And usually minute by minute, and most certainly hour by hour !
This is due to a number of factors including, Temperature – Device Precision – Power Supply Flucuations – etc etc. All these and more are ALL non linear and therefore when you multiply All the possible variables together, any skewing is going to off by the same amounts. So as the Total Clock Cycle Effect, TCCE, is a large inconsistant variable i can’t see how it could be pinned down by a Time/Date/Stamp exercise, never mind Precisely, but even Anywhere near close !
Not only that, but the Data Bits that are clocked in our computers and exit into www. land are ALL re-clocked and cleaned up Many times on their journey, and also back again to, and into our computers.
So how Exactly is someone going to inspect a computer and find the Precise same possible effect that may have been made at one moment in time after being subjected to at the Very least ALL the above ?
Definately a nice idea though,
Regards,
Spanner intheWorks – http://www.wilderssecurity.com
March 8th, 2005 at 12:40 am
Very interesting on first read ! Please don’t take this the wrong way, but i find it hard to accept as is. Because clock speed and pulse width etc are NOT consistant at ALL and can vary randomly microsecond by microsecond. And usually minute by minute, and most certainly hour by hour !
This is due to a number of factors including, Temperature – Device Precision – Power Supply Flucuations – etc etc. All these and more are ALL non linear and therefore when you multiply All the possible variables together, any skewing is going to off by the same amounts. So as the Total Clock Cycle Effect, TCCE, is a large inconsistant variable i can’t see how it could be pinned down by a Time/Date/Stamp exercise, never mind Precisely, but even Anywhere near close !
Not only that, but the Data Bits that are clocked in our computers and exit into www. land are ALL re-clocked and cleaned up Many times on their journey, and also back again to, and into our computers.
So how Exactly is someone going to inspect a computer and find the Precise same possible effect that may have been made at one moment in time after being subjected to at the Very least ALL the above ?
Definately a nice idea though,
Regards,
Spanner intheWorks – http://www.wilderssecurity.com
Hardly Anonymous by the way !