At 3:37 PM -0500 8/4/06, Richard Lynch wrote:
> http://www.caida.org/publications/papers/2005/fingerprinting/
Just to be pedantic...
It's using the clock skew of the user's computer, and I don't think
that has anything to do with PC-NIC-CABLE-FIREWALL combination
communication.
Rather, it is the error margin of the internal clock chip within the
device, as I understand it...
Or not, as I don't claim to understand that article 100%...
Richard:
As I read it, and I don't claim to understand the article 100%
either, it's more than the margin of error of the internal clock, but
rather how the user's computer responds do to the skew -- the timing
in sending packets of information to a server.
The fingerprint is not instant, but derived from the performance of
the computer over time. The more information gathered, the more
unique the fingerprint becomes. A sort of stacking (sum) of the
events to increase the fold (confidence) and as a result, computer
respond times fall into different identifiable groups.
Any temporal series of data can be thought of as a waveform that can
be analyzed via a FFT, as they mention in their article and add that
the FFT may not be a solution. However, they fail to acknowledge that
a time series can be analyzed via many different techniques other
than FFT.
However, barring that, they have posed an interesting idea (but not
proved) that every computer currently made can be identified by the
way it responds -- each computer is unique.
Their sample size was relatively small, several hundred computers,
and the time to distinguish individual computers took several hours.
If their technique was applied to net, I would think it would take a
great deal of time (perhaps prohibitively so) to gather enough data
to clearly distinguish and identify individual computers visiting a
server. On the other hand, a set visiting a specific server would be
much smaller than the entire net-set.
In any event, the confidence level for identifying each computer
would depend upon how many times the user's computer visited the site
in question, which in the real world would lead to a vast range of
confidence levels.
IF their claim is true and IF they could cut the analysis time
required, then the ramifications of the technique could be
significant in terms of Internet security, spam, law enforcement,
software registrations, and so on.
The article presents a possible answer for those wanting to uniquely
identify computers -- kind of an unintended built-in V chip for
computers.
Interesting research.
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
