Tracking Internet Computers
Jim Kuzdrall
gnhlug at intrel.com
Fri Mar 4 13:07:00 EST 2005
Greetings,
An article today on CNET says "A doctoral student at the University
of California has conclusively fingerprinted computer hardware
remotely, allowing it to be tracked wherever it is on the Internet."
http://www.zdnet.com.au/news/security/0,2000061744,39183346,00.htm
The explanation is:
'The technique works by "exploiting small, microscopic deviations in
device hardware: clock skews." In practice, Kohno's paper says, his
techniques "exploit the fact that most modern TCP stacks implement the
TCP timestamps option from RFC 1323 whereby, for performance purposes,
each party in a TCP flow includes information about its perception of
time in each outgoing packet. A fingerprinter can use the information
contained within the TCP headers to estimate a device's clock skew and
thereby fingerprint a physical device."'
Of course, I don't mind the FBI or DOD tracking my computer's
Internet presence to keep the US safe and to remind me if I
inadvertently do something "Un-American". But there are evil people
out there who might wish to steal from me, force me to comply with
their wishes against my will, or interfere with my ability to
communicate with others.
Could one add a random, zero averaged offset to the computer clock
using hwclock? The offset might be changed every hour, perhaps. Would
that alter the skew derived from the TCP stack?
Jim Kuzdrall
More information about the gnhlug-discuss
mailing list