Order Now
Menu
  Back to all posts Science and Technology Essays

Remote Physical Device Fingerprinting

by Expert Prof. Scotiah | 03 Mar 2017

Introduction

Fingerprinting of devices derives its name from the technique of fingerprinting of human beings to determine their identity. Just as every human being has a unique set of fingerprints, which are used to identify him or her correctly, electronic devices such as computers also have unique digital fingerprints, which can be used to identify them correctly. Fingerprinting of devices can be defined as a process by which a device or software that is being run on a device can be identified using characteristics that are observable externally. In this essay, I will discuss a paper presented in the IEEE Symposium on Security and Privacy in 2005 on remote physical device fingerprinting.

Need essay sample on

"Remote Physical Device Fingerprinting" topic?

We will write a custom essay sample specifically for you

Proceed

University Students Frequently Tell Us:
How much do I have to pay someone to write my paper online?
Professional writers advise: Help With Essay Writing. Here Is Your Life Vest!
Essay Writer Service Affordable Papers Review Written Essays For Sale Legitimate Essay Writing Services

Currently, several effective techniques exist for identifying a computer connected to the Internet by fingerprinting its operating system. However, in this paper the authors have presented a new technique for fingerprinting a physical device or a class of devices remotely by using its clock skews. This technique to fingerprint physical devices remotely is based on utilizing minute microscopic deviations that exist in every device’s system or virtual clock, which are known as clock skews. This technique does not require any modifications in the fingerprinted device to be made or from any help by the fingerprintee. Through this technique, a fingerprinter, also known as adversary, can measure clock skews in a device when it is thousands of miles, several hops, and many milliseconds away from the person and also when the device is connected to the Internet from different locations and using different technologies. A remote device can be fingerprinted even when it is behind a firewall or Network Address Translation (NAT) (p. 1).

Remote physical device fingerprinting technique can be of three types " active, passive, or semi-passive. For active fingerprinting, a fingerprinter must be able to communicate with the fingerprintee, for passive technique the fingerprinter must only be able to observe the fingerprintee, and in the semi-passive technique, a fingerprinter is able to communicate with the fingerprintee after the fingerprintee initiates communication at first (p. 1).

In the past, many researchers have worked on reducing or eliminating clock skews in devices. But, the experiment described in this paper utilizes the clock skews present in a device to determine its identity. Previous techniques used to fingerprint devices include a network card’s Media Access Control (MAC) address or cookies. However, the advantage of the technique presented in this paper is that it can fingerprint devices thousands of miles away. Cookie data has the drawback that it is not easily available to the fingerprinter (p. 3).

For remote fingerprinting, two types of clocks can be used " the system clock and the clock in the device Transmission Control Protocol (TCP) network stack, which is called TSopt clock in this experiment. Fingerprinters can determine system clock skews if they know the clock times at different points of time. To measure system clock skews, the Internet Control Message Protocol (ICMP) Timestamp Request technique is used. The fingerprinter could be any website, which the fingerprintee surfs or any device on the Internet, which can issue ICMP Timestamp Requests to the fingerprintee. The fingerprinter must also be able to record the ICMP Timestamp Reply messages, which are then used to determine clock skews of the device (p. 6)

Using the TSopt clock, the clock skews are determined in the following way. A TCP flow uses the TCP timestamps option. This option is used in almost all modern operating systems. The header of each TCP packet in a TCP flow contains a 32-bit timestamp. These timestamps are taken from a virtual clock, which is independent of the system clock. If the fingerprinters are able to learn the values of the TSopt clock of a device at various points of time, then they will be able to determine the device’s TSopt clock skew. However, the TCP timestamp based fingerprinting option is used in most of the experiments mentioned in the paper (p. 4).

The paper also describes how a fingerprinter may obtain the values of the TSopt clock at different points of time and how this information can be used to fingerprint a device. The fingerprinter can be any person who is able to observe the TCP packets from the fingerprintee. It could be the Internet Service Provider of the fingerprintee, or any person who is able to tap the network over which the packets from the device travel, or any website which the fingerprintee accesses, such as Google or a news website (p. 5).

The authors of the paper have also conducted experiments in various settings to demonstrate that the clock skews remain stable in different conditions and can be used as a trustworthy tool to fingerprint a device remotely. Their findings demonstrate that the clock skews remains stable whether the access is active, passive, or semi-passive. Some experts might argue that since the experiments were conducted on a large variety of machines that ran on a wide variety of operating systems, the clock skews were obviously different. To disprove this, the authors also conducted experiments on a large variety of apparently homogenous machines, which also demonstrated measurably different clock skews. Experiments also demonstrated that the clock skews were independent of the fingerprintee’s access technology such as wired or wireless residential or commercial cable networks, dialup connections, topology, the machine used by the fingerprinter, and the distance. Clock skews measured by using all these different parameters were within a fraction of a ppm of each other. The clock skews were also independent of Network Time Protocol (NTP) usage (pp. 7, 8, 9, 10, 11).

The remote physical device fingerprinting technique can be used for a variety of purposes. It can be used to count the number of devices behind a NAT. It can also be utilized to remotely probe a block of addresses to determine if the addresses correspond to virtual hosts, such as a virtual honeynet. It is also immensely useful in forensics and criminal investigations. It can also be used to track individual devices. The skew estimates when used in addition to operating system fingerprinting can help in tracking a computer or a device used for criminal purposes, such as sending a threatening email. Using remote fingerprinting technique, anonymized IP addresses can be unanonymized (pp. 12, 13).

The paper also states that future security systems may try to devise means to resist this fingerprinting technique by masking TSopt clock values. It suggests the possibility of other aspects of a device that can be fingerprinted, such as processor speed or memory (p. 14).

The study by the authors also outlines the difficulty in achieving complete data security today since techniques such as these can be used to identify any computer remotely (p. 15).

References

Kohno, Tadayoshi, Broido, Andre, & Claffy, KC. (2005). Remote Physical Device Fingerprinting. IEEE Computer Society. Retrieved June 3, 2008 from http://www.caida.org/publications/papers/2005/fingerprinting/

Learn more:
Key Factors of Program Evaluation Unlimited Access to Computers and Information Parts of the .NET Platform

Do You need a paper on this topic?

Order Your Essay
Writer avatar

Dr. Joshua (PhD)

№16 In global rating

1834

finished papers

1179

customer reviews

95%

success rate

Writer avatar

Gifted Hands

№9 In global rating

180

finished papers

121

customer reviews

99%

success rate

Writer avatar

Prof. Joe

№8 In global rating

183

finished papers

123

customer reviews

100%

success rate

Writer avatar

Prof.Erick

№17 In global rating

413

finished papers

255

customer reviews

96%

success rate

Writer avatar

Clarise

№20 In global rating

413

finished papers

255

customer reviews

99%

success rate

Writer avatar

Meghan

№19 In global rating

165

finished papers

108

customer reviews

98%

success rate

Writer avatar

Intelligent Dr

№18 In global rating

2166

finished papers

1361

customer reviews

95%

success rate

Writer avatar

Prof. Scholar

№4 In global rating

35

finished papers

29

customer reviews

100%

success rate

Writer avatar

Wise Writer

№6 In global rating

241

finished papers

164

customer reviews

95%

success rate

Writer avatar

Samantha 1

№12 In global rating

5801

finished papers

4198

customer reviews

96%

success rate

Order your paper now!

I need
My email
By clicking “Continue”, you agree to our terms of service and privacy policy. We’ll occasionally send you promo and account related emails.

EssayLab Reviews

  • Jason (student)

    I asked Essay Lab to write an essay for me and received paper the next day after I ordered it! Thank you!

  • Kimberly (student)

    Awesome WORK! If I ever need to write my essay – I will use only EssayLab!

  • Matt (student)

    These people are lifesavers! Just ask – “write me an essay” and they will start right away!

Support contacts

[email protected]