Presentation is loading. Please wait.

Presentation is loading. Please wait.

Remote Hardware Fingerprinting: A Statistical Approach R. Fink ~ May, 2006.

Published byHortense Lang Modified over 8 years ago

Similar presentations

Presentation on theme: "Remote Hardware Fingerprinting: A Statistical Approach R. Fink ~ May, 2006."— Presentation transcript:

1 Remote Hardware Fingerprinting: A Statistical Approach R. Fink ~ May, 2006

2 Problem  Identify Specific Machines via Remote Network Fingerprinting Passive Networked Physical properties of the machine  Use to: Identify endpoints in a communication Show that an endpoint participated in a transaction Show that an endpoint did not participate in a transaction  Challenges: What properties? Similar machines? Network delay factors?

3  TCP Timestamp Option 32-bit TS Value indicates clock tick, bound to oscillator circuit, crystal Present in most TCP packets by default (all of Linux, Windows can be tricked) Best part: independent of network time server corrections! Timestamps Flags Reser ved Off set Source PortDestination Port Sequence Number Acknowledgement Number Checksum Window Size Urgent Pointer Options + Padding TCPTCP Kind=8Len=10TS Reply (32) TS Value (32)

4 Approach  Passively collect TS values from observed machine, t o IP address identifies machine during collection phase  Record t o along with measurer system time, t m  Scatter-plot t o versus t m  Fit a regression line to the slope Slope is the clock skew of the observed machine: that is, the amount of drift relative to the measurer per unit time  Group similar drifts to sort out individual machines tmtm toto Clock skew Clock skew B Clock skew C

5 Previous Research  Kohno, Claffy, Broido 63 Campus Machines 38 days of data (12 hour spans)  Convex Hull Method of Fit  Posed, but did not address: Required sample size Effect of differing topology  Ignored Statistical Techniques ~ Using a convex hull technique, instead of a linear regression technique, throws out the whole body of error analysis theory!

6 Current Work  Recreated Experiment 4 identical Dell GX-150 machines, one observer Collected initial data on fast switch  Extended the Research Skew via linear regression algorithm Error analysis theory to estimate required number of samples Simulated WAN delay (via Linux Netfilter hacking) in progress Measured PCI bus with frequency counter to verify the physical link to clock skew

7 Results 1.PCI bus clock speed is directly related to clock skew 2.Linear regression (in LAN case) uniquely identifies machines to within a couple parts per million (ppm) 3.Number of samples required is directly proportional to observed timestamp error and confidence interval, inversely proportional to collection interval and allowed ppm tolerance Validated on repeated population subsets 4.Showed clock skew varies with machine temperature 5.In progress – experiments on WAN data

8 Summary  Highlights Clock skew is a repeatable way to fingerprint a specific machine Linear regression, a simple machine learning concept, is readily applied Statistical error analysis tells us how much to collect  Lowlights TCP timestamp options are, well, OPTIONAL ~ can just turn them off  Future Research Wireless mobile devices: effect of battery, topology, mobility, clock stepping Other protocol properties, not just timestamps

Download ppt "Remote Hardware Fingerprinting: A Statistical Approach R. Fink ~ May, 2006."

Similar presentations

Remote Physical Device Fingerprinting Authors Tadayoshi Kohno, Andre Broido, KC Claffy Appears in IEEE Symposium on Security and Privacy, 2005 Presented.

Remote Physical Device Fingerprinting Authors Tadayoshi Kohno, Andre Broido, KC Claffy Appears in IEEE Symposium on Security and Privacy, 2005 Presented.
Tadayoshi Kohno: CSE Department, UC San Diego Andre Broido: CAIDA, UC San Diego kc claffy: CAIDA, UC San Diego 2005 IEEE Symposium on Security and Privacy.

Tadayoshi Kohno: CSE Department, UC San Diego Andre Broido: CAIDA, UC San Diego kc claffy: CAIDA, UC San Diego 2005 IEEE Symposium on Security and Privacy.
1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.

1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.
 WAN uses Serial ports  Ethernet Ports:  Straight through  Cross over.

 WAN uses Serial ports  Ethernet Ports:  Straight through  Cross over.
High Speed Total Order for SAN infrastructure Tal Anker, Danny Dolev, Gregory Greenman, Ilya Shnaiderman School of Engineering and Computer Science The.

High Speed Total Order for SAN infrastructure Tal Anker, Danny Dolev, Gregory Greenman, Ilya Shnaiderman School of Engineering and Computer Science The.
Ver 1,12/09/2012Kode :CIJ 340,Jaringan Komputer Lanjut FASILKOM Routing Protocols and Concepts – Chapter 2 Static Routing CCNA.

Ver 1,12/09/2012Kode :CIJ 340,Jaringan Komputer Lanjut FASILKOM Routing Protocols and Concepts – Chapter 2 Static Routing CCNA.
UDP & TCP Where would we be without them!. UDP User Datagram Protocol.

UDP & TCP Where would we be without them!. UDP User Datagram Protocol.
1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 5 End-to-End Protocols Copyright © 2010, Elsevier Inc. All rights.

1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 5 End-to-End Protocols Copyright © 2010, Elsevier Inc. All rights.
CS3505 The Internet and Info Hiway transport layer protocols : TCP/UDP.

CS3505 The Internet and Info Hiway transport layer protocols : TCP/UDP.
BZUPAGES.COM 1 User Datagram Protocol - UDP RFC 768, Protocol 17 Provides unreliable, connectionless on top of IP Minimal overhead, high performance –No.

BZUPAGES.COM 1 User Datagram Protocol - UDP RFC 768, Protocol 17 Provides unreliable, connectionless on top of IP Minimal overhead, high performance –No.
Chapter 7 – Transport Layer Protocols

Chapter 7 – Transport Layer Protocols
Internetworking Different networks –Different bit rates –Frame lengths –Protocols.

Internetworking Different networks –Different bit rates –Frame lengths –Protocols.
1 University of Freiburg Computer Networks and Telematics Prof. Christian Schindelhauer Wireless Sensor Networks 15th Lecture 13.12.2006 Christian Schindelhauer.

1 University of Freiburg Computer Networks and Telematics Prof. Christian Schindelhauer Wireless Sensor Networks 15th Lecture Christian Schindelhauer.
Source Port # (16)Destination Port # (16) Sequence Number (32 bits) Acknowledgement Number (32 bits) Hdr Len (4) Flags (6)Window Size (16) Options (if.

Source Port # (16)Destination Port # (16) Sequence Number (32 bits) Acknowledgement Number (32 bits) Hdr Len (4) Flags (6)Window Size (16) Options (if.
Service Providers & Data Link & Physical layers Week 4 Lecture 1.

Service Providers & Data Link & Physical layers Week 4 Lecture 1.
TCP. Learning objectives Reliable Transport in TCP TCP flow and Congestion Control.

TCP. Learning objectives Reliable Transport in TCP TCP flow and Congestion Control.
Internet Technologies Networking / Internet Protocols (TCP/IP) Server/Client Software Communication via Ports Web Page Technology Recipe of Web Page Development.

Internet Technologies Networking / Internet Protocols (TCP/IP) Server/Client Software Communication via Ports Web Page Technology Recipe of Web Page Development.
Hardware & Software Needed For LAN and WAN

Hardware & Software Needed For LAN and WAN
1 25\10\2010 Unit-V Connecting LANs Unit – 5 Connecting DevicesConnecting Devices Backbone NetworksBackbone Networks Virtual LANsVirtual LANs.

1 25\10\2010 Unit-V Connecting LANs Unit – 5 Connecting DevicesConnecting Devices Backbone NetworksBackbone Networks Virtual LANsVirtual LANs.
Bandwidth Estimation: Metrics Mesurement Techniques and Tools By Ravi Prasad, Constantinos Dovrolis, Margaret Murray and Kc Claffy IEEE Network, Nov/Dec.

Bandwidth Estimation: Metrics Mesurement Techniques and Tools By Ravi Prasad, Constantinos Dovrolis, Margaret Murray and Kc Claffy IEEE Network, Nov/Dec.

Similar presentations

Ads by Google