|COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring.|
Hot or Not: Fingerprinting hosts through clock skew
If you have a question about this talk, please contact Andrew Lewis.
Every computer has a unique clock skew, even ones of the same model, so this acts as a fingerprint. Even if that computer moves location and changes ISP it can be later identified through this phenomenon.
By collecting TCP timestamps or sequence numbers, clock skew can be accurately remotely measured. In addition to varying between computers, clock skew also changes depending on temperature. Thus a remote attacker, monitoring timestamps, can make an estimate of a computer’s environment, which has wide-scale implications on security and privacy. Through measuring day length and time-zone, the location of a computer could be estimated, which is a particular concern with anonymity networks and VPNs. Local temperature changes caused by air-conditioning or movements of people can identify whether two machines are in the same location, or even are virtual machines on one server. The temperature of a computer can also be influenced by CPU load, so opening up a low-bandwidth covert channel. This could be used by processes which are prohibited from communicating for confidentiality reasons and because this is a physical covert channel, it can even cross “air-gap” security boundaries.
The talk will demonstrate how to use this channel to attack the hidden service feature offered by the Tor anonymity system. Here, an attacker can repeatedly access a hidden service, increasing CPU load and inducing a temperature change. This will affect clock skew, which the attacker can monitor on all candidate Tor servers. When there is a match between the load pattern and the clock skew, the attacker has linked the real IP address of a hidden server to its pseudonym, violating the anonymity properties Tor is designed to provide.
The talk will also present a separate illustration of the temperature covert channel technique, such as investigating a suspected attack on the Tor network in August 2006, by a well equipped adversary.
This talk is part of the Computer Laboratory Security Seminar series.
This talk is included in these lists:
Note that ex-directory lists are not shown.
Other listsStatistics of Prof Philip Dawid EPRG Energy and Environment Seminar Series Easter 2009 Is Water H20?
Other talksOptimal crossover designs with interactions between treatments and experimental units Hack the Lab Rich Component Analysis Transport Scotland Completing the Cent Cols Challenge (for the third time) Cambridge in the Fifties and Sixties: an extended conversation