Remote physical device fingerprinting

Remote Physical Device Fingerprinting

Introduction

Fingerprinting of devices derives its name from the technique of fingerprinting of human beings to determine their identity . Just as every human being has a unique set of fingerprints , which are used to identify him or her correctly , electronic devices such as computers also have unique digital fingerprints , which can be used to identify them correctly . Fingerprinting of devices can be defined as a process by which a device or software that is being run on a device can be identified using characteristics that are observable

externally . In this essay , I will discuss a presented in the IEEE Symposium on Security and Privacy in 2005 on remote physical device fingerprinting

Currently , several effective techniques exist for identifying a computer connected to the Internet by fingerprinting its operating system . However , in this the authors have presented a new technique for fingerprinting a physical device or a class of devices remotely by using its clock skews . This technique to fingerprint physical devices remotely is based on utilizing minute microscopic deviations that exist in every device 's system or virtual clock , which are known as clock skews . This technique does not require any modifications in the fingerprinted device to be made or from any help by the fingerprintee . Through this technique , a fingerprinter , also known as adversary , can measure clock skews in a device when it is thousands of miles , several hops , and many milliseconds away from the person and also when the device is connected to the Internet from different locations and using different technologies . A remote device can be fingerprinted even when it is behind a firewall or Network Address Translation (NAT (p . 1

Remote physical device fingerprinting technique can be of three types - active , passive , or semi-passive . For active fingerprinting , a fingerprinter must be able to communicate with the fingerprintee , for passive technique the fingerprinter must only be able to observe the fingerprintee , and in the semi-passive technique , a fingerprinter is able to communicate with the fingerprintee after the fingerprintee initiates communication at first (p . 1

In the past , many researchers have worked on reducing or eliminating clock skews in devices . But , the experiment described in this utilizes the clock skews present in a device to determine its identity Previous techniques used to fingerprint devices include a network card 's Media Access Control (MAC ) address or cookies . However , the advantage of the technique presented in this is that it can fingerprint devices thousands of miles away . Cookie data has the drawback that it is not easily available to the fingerprinter (p . 3

For remote fingerprinting , two types of clocks can be used - the system clock and the clock in the device Transmission Control Protocol (TCP network stack , which is called TSopt clock in this experiment Fingerprinters can determine system clock skews if they know the clock times at different points of time . To measure system clock skews , the Internet Control Message Protocol (ICMP ) Timestamp Request technique is used . The fingerprinter could...