Saturday, March 05, 2005

It's 10:00 O'Clock. Do You Know Where Your Computer Is?

No more anonymous Internet surfing. A doctoral student at the University of California has come up with a method of fingerprinting computer hardware remotely, without the device's cooperation. The paper's author, Tadayoshi Kohno explains that the technique works by exploiting small deviations in the computer's hardware clock. In practice,the techniques "exploit the fact that most modern TCP stacks implement the TCP timestamps option ... whereby, for performance purposes, each party in a TCP flow includes information about its perception of time in each outgoing packet." The deviation in the timestamps is used to identify specific machines. Is the next step in the anonymity arms race a clock randomizer function?

0 Comments:

Post a Comment

<< Home