TELECOM Digest OnLine - Sorted: Remote Physical Device Fingerprinting

Remote Physical Device Fingerprinting

Monty Solomon (
Fri, 11 Mar 2005 20:00:59 -0500

Remote physical device fingerprinting

To be presented at the IEEE Symposium on Security and Privacy, May
8-11, 2005

Tadayoshi Kohno
Department of Computer Science and Engineering
University of California, San Diego

Andre Broido and kc claffy
Cooperative Association for Internet Data Analysis - CAIDA
San Diego Supercomputer Center,
University of California, San Diego

We introduce the area of remote physical device fingerprinting, or
fingerprinting a physical device, as opposed to an operating system or
class of devices, remotely, and without the fingerprinted device's
known cooperation. We accomplish this goal by exploiting small,
microscopic deviations in device hardware: clock skews. Our techniques
do not require any modification to the fingerprinted devices. Our
techniques report consistent measurements when the measurer is
thousands of miles, multiple hops, and tens of milliseconds away from
the fingerprinted device, and when the fingerprinted device is
connected to the Internet from different locations and via different
access technologies.

Further, one can apply our passive and semi-passive techniques when
the fingerprinted device is behind a NAT or firewall, and also when
the device's system time is maintained via NTP or SNTP. One can use
our techniques to obtain information about whether two devices on the
Internet, possibly shifted in time or IP addresses, are actually the
same physical device. Example applications include: computer
forensics; tracking, with some probability, a physical device as it
connects to the Internet from different public access points; counting
the number of devices behind a NAT even when the devices use constant
or random IP IDs; remotely probing a block of addresses to determine
if the addresses correspond to virtual hosts, e.g., as part of a
virtual honeynet; and unanonymizing anonymized network traces.

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: Telecom dailyLead from USTA: "FCC Approves National Standard for Cell Phone Bills"
Go to Previous message: Monty Solomon: "Michael Powell on Charlie Rose Tonight 3/11/05"
TELECOM Digest: Home Page