anonymizing your hacktop
play

Anonymizing your hacktop A brief tour of unique identifiers - PowerPoint PPT Presentation

Jan 24, 2024 •160 likes •358 views

Anonymizing your hacktop A brief tour of unique identifiers accessible by software @ Unique Identifiers Who cares? What are we talking about? Where are they? Laptops & Desktops Peripherals Smartphones Why

  1. Anonymizing your hacktop A brief tour of unique identifiers accessible by software @

  2. Unique Identifiers ● Who cares? ● What are we talking about? ● Where are they? ○ Laptops & Desktops ○ Peripherals ○ Smartphones ● Why change? ● How do we read/change them?

  3. Who cares? ● Privacy advocates ● Anti-theft engineers ● Datacenter managers ● Equipment RMA departments ● Copy protection engineers ● European Parliament ● Even some end users

  4. I'tell outside

  5. What are we talking about? Unique identifiers in this presentation are: ● Small (~32 bytes or less) ● Not digests or fingerprints ● Persistent ● Defined by manufacturer

  6. Where are they? (Laptops/Desktops) ● Motherboard Serial ● PCIe Device Serial Number ● DIMM SPD serial number ● Hard Disk Drive serial ● Network hardware addresses

  7. Motherboard Serial ● Rarely unique on consumer products ● Defined in System Management BIOS spec ● Frequently stored on SPI flash

  8. PCIe Device Serial Number ● Optional Enhanced Capability Header ● Not implemented in many PCIe devices ● 64-bit extended unique identifier ○ 24-bit company id assigned by IEEE ○ 40-bit extension identifier assigned by manufacturer ● Storage is implementation specific ○ Likely found on I²C/SPI EEPROM

  9. Memory module serial number DDR3 DIMM SPD: ● 16-bit manufacturer ID ● 8-bit manufacture location ● 16-bit year/week of manufacture ● 32-bit serial number ● I²C* EEPROM *SMBus

  10. Hard Disk Drive serial number ATA/ATAPI: ● 20 ASCII characters serial number ● 40 character model number SCSI: ● 8-byte Drive Serial Number ● 16-byte Product Identification

  11. Network hardware addresses MAC-48 / EUI-48 48-bit address: ● Ethernet - 802.3* ● WiFi - 802.11* ● WiMax - 802.16* ● most IEEE 802 networks EUI-64 64-bit address: ● FireWire ● IPv6 ● ZigBee

  12. Where are they? (Peripherals) ● Display EDID ● Software protection dongles ● RFID

  13. Display EDID Extended Display Identification Data v1.3: ● 16-bit manufacturer ID ● 16-bit product ID ● 16-bit year/week of manufacture ● 32-bit serial number

  14. Software protection dongles ● Tough to change, by design ● Easy to read

  15. Where are they? (Smartphones) ● International Mobile Subscriber Identity ○ Country Code, Carrier Code, Subscriber Number ● GSM (T-Mobile, AT&T) ○ International Mobile Equipment Identity (handset) ○ Integrated Circuit Card IDentifier (SIM) ● CDMA (Sprint, Verizon, Cricket) ○ Mobile Equipment IDentifier ● Apple ○ Unique Device IDentifier

  16. Why change? ● Well, you probably shouldn't ● Popular belief says you can't ● It will probably break stuff anyway ● What good will it do you?

  17. How do we read them? Linux: Windows: ● lshw ● Device Manager ● dmidecode ● EVEREST ● hwinfo ● AIDA64 ● lspci -v ● lsusb -v

  18. How do we change them? ● Software ● BusPirate ● GoodFET ● Arduino ● Just about any devkit

  19. Questions? I would love to hear about your success stories ...or failures. kenny@romhat.net Who wants to have a workshop? Thanks!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

De-Anonymizing Live CDs through Physical Memory Analysis

De-Anonymizing Live CDs through Physical Memory Analysis

De-Anonymizing Live CDs through Physical Memory Analysis Andrew Case Senior Security Analyst Speaker Background Computer Science degree from the University

644 views • 61 slides
De-anonymizing Data CompSci 590.03 Instructor: Ashwin

De-anonymizing Data CompSci 590.03 Instructor: Ashwin

Source (h?p://xkcd.org/834/) De-anonymizing Data CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 2 : 590.03 Fall 13 1 Outline Recap

1.15k views • 83 slides
De-anonymizing Data CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 2 : 590.03 Fall 12

De-anonymizing Data CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 2 : 590.03 Fall 12

Source (http://xkcd.org/834/) De-anonymizing Data CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 2 : 590.03 Fall 12 1 Announcements Project ideas will be posted on the site by Friday. You are welcome to send me (or talk to

763 views • 65 slides
Tor: An Anonymizing Overlay Network for TCP Roger Dingledine The Free Haven Project

Tor: An Anonymizing Overlay Network for TCP Roger Dingledine The Free Haven Project

Tor: An Anonymizing Overlay Network for TCP Roger Dingledine The Free Haven Project http://tor.freehaven.net/ http://tor.eff.org/ December 28, 21C3 2004 Talk Outline Motivation: Why anonymous communication? Personal privacy

1.03k views • 55 slides
De-anonymizing D4D Datasets Kumar Sharad 1 George Danezis 2 1 University of Cambridge 2 Microsoft

De-anonymizing D4D Datasets Kumar Sharad 1 George Danezis 2 1 University of Cambridge 2 Microsoft

De-anonymizing D4D Datasets Kumar Sharad 1 George Danezis 2 1 University of Cambridge 2 Microsoft Research July 12, 2013 6th Workshop on Hot Topics in Privacy Enhancing Technologies 2013, Bloomington, Indiana, USA Can Personally Identifiable

668 views • 18 slides
De-Anonymizing Live CDs through Physical Memory Analysis Andrew Case Senior Security Analyst

De-Anonymizing Live CDs through Physical Memory Analysis Andrew Case Senior Security Analyst

De-Anonymizing Live CDs through Physical Memory Analysis Andrew Case Senior Security Analyst Speaker Background Computer Science degree from the University of New Orleans Former Security Consultant for Neohapsis Worked for Digital

911 views • 61 slides
A Practical Congestion Attack on Tor Using Long Paths Towards De-anonymizing Tor Nathan S. Evans

A Practical Congestion Attack on Tor Using Long Paths Towards De-anonymizing Tor Nathan S. Evans

A Practical Congestion Attack on Tor Using Long Paths Towards De-anonymizing Tor Nathan S. Evans 1 Christian Grothoff 1 Roger Dingledine 2 1 University of Denver, Denver CO 2 The Tor Project August, 12 2009 A Practical Congestion Attack on Tor

2.41k views • 56 slides
De#anonymizing,Social,Networks, and,Inferring,Private,Attributes, Using,Knowledge,Graphs,

De#anonymizing,Social,Networks, and,Inferring,Private,Attributes, Using,Knowledge,Graphs,

De#anonymizing,Social,Networks, and,Inferring,Private,Attributes, Using,Knowledge,Graphs, Jianwei Qian Xiang#Yang Li Illinois Tech USTC,/Illinois Tech Chunhong Zhang Linlin Chen BUPT Illinois Tech Outline Background Prior Work Our Work

350 views • 34 slides
VEA: Validating, Evolving & Anonymizing Data in Real Time Albert Franzi Cros, Data Engineer |

VEA: Validating, Evolving & Anonymizing Data in Real Time Albert Franzi Cros, Data Engineer |

VEA: Validating, Evolving & Anonymizing Data in Real Time Albert Franzi Cros, Data Engineer | Alpha Health Slides available in: bit.ly/afranzi-vea About me 2019 2020 2013 2014 2015 2017 2018 VEA: Validating, Evolving &

679 views • 39 slides
Tarzan: A Peer-to-Peer Anonymizing Network Layer Michael J. Freedman, NYU Robert Morris, MIT

Tarzan: A Peer-to-Peer Anonymizing Network Layer Michael J. Freedman, NYU Robert Morris, MIT

Tarzan: A Peer-to-Peer Anonymizing Network Layer Michael J. Freedman, NYU Robert Morris, MIT ACM CCS 2002 http://pdos.lcs.mit.edu/tarzan/ The Grail of Anonymization Participant can communicate anonymously with non-participant User ? ?

976 views • 42 slides
De-anonymizing D4D Datasets Kumar Sharad 1 and George Danezis 2 1 University of Cambridge Computer

De-anonymizing D4D Datasets Kumar Sharad 1 and George Danezis 2 1 University of Cambridge Computer

De-anonymizing D4D Datasets Kumar Sharad 1 and George Danezis 2 1 University of Cambridge Computer Laboratory, 15 JJ Thomson Avenue, Cambridge CB3 0FD, UK Kumar.Sharad@cl.cam.ac.uk 2 Microsoft Research 21 Station Road, Cambridge CB1 2FB, UK

217 views • 17 slides
Rumor Riding: Anonymizing Unstructured Peer-to-Peer Systems Narrated by Christo Wilson Table of

Rumor Riding: Anonymizing Unstructured Peer-to-Peer Systems Narrated by Christo Wilson Table of

Rumor Riding: Anonymizing Unstructured Peer-to-Peer Systems Narrated by Christo Wilson Table of Contents Table of Contents Problem Scenario Existing Anonymity Schemes Existing Anonymity Schemes T or Crowds Rumor Riding

239 views • 19 slides
Outline Anonymous communications techniques CSci 5271 Announcements intermission Introduction

Outline Anonymous communications techniques CSci 5271 Announcements intermission Introduction

Outline Anonymous communications techniques CSci 5271 Announcements intermission Introduction to Computer Security Day 24: Anonymizing the network Tor basics Stephen McCamant University of Minnesota, Computer Science & Engineering Tor

391 views • 5 slides
Outline Anonymous communications techniques CSci 5271 Announcements intermission Introduction

Outline Anonymous communications techniques CSci 5271 Announcements intermission Introduction

Outline Anonymous communications techniques CSci 5271 Announcements intermission Introduction to Computer Security Day 23: Anonymizing the network Tor basics Stephen McCamant University of Minnesota, Computer Science & Engineering Tor

301 views • 7 slides
Database Indexes and K-anonymity Tochukwu Iwuchukwu Jeffrey F. Naughton Conclusion There

Database Indexes and K-anonymity Tochukwu Iwuchukwu Jeffrey F. Naughton Conclusion There

Database Indexes and K-anonymity Tochukwu Iwuchukwu Jeffrey F. Naughton Conclusion There are striking similarities between Building a spatial index over a data set, and K-anonymizing a data set. We can exploit these similarities

392 views • 28 slides
10. Knowledge Flow Optimization 9/22/2005 Peter Gloor pgloor@mit.edu Aligning process and

10. Knowledge Flow Optimization 9/22/2005 Peter Gloor pgloor@mit.edu Aligning process and

SwarmCreativity & COINs 10. Knowledge Flow Optimization 9/22/2005 Peter Gloor pgloor@mit.edu Aligning process and organization by knowledge flow Communication flow Business process (Relationships) Org. structure Department Manager +

440 views • 22 slides
CISC 323 (Week 11) Due Date: Thursday, April 7, 2005 (3:00pm) Architectural Styles The

CISC 323 (Week 11) Due Date: Thursday, April 7, 2005 (3:00pm) Architectural Styles The

Assignment #5 CISC 323 (Week 11) Due Date: Thursday, April 7, 2005 (3:00pm) Architectural Styles The only task: Write a complete CD catalog program with editing features, following your design from Assignment 4. You may re-use any

168 views • 6 slides
Learning Regularizers From Data Venkat Chandrasekaran Caltech Joint work with Yong Sheng Soh

Learning Regularizers From Data Venkat Chandrasekaran Caltech Joint work with Yong Sheng Soh

Learning Regularizers From Data Venkat Chandrasekaran Caltech Joint work with Yong Sheng Soh Variational Perspective on Inference o Loss ensures fidelity to observed data o Based on the specific inverse problem one wishes to solve o Regularizer

580 views • 31 slides
The Rigidity of Infinite Frameworks in Euclidean and Polyhedral Normed Spaces Sean Dewar

The Rigidity of Infinite Frameworks in Euclidean and Polyhedral Normed Spaces Sean Dewar

Motivation Preliminaries Rigidity in infinite frameworks Euclidean and polyhedral normed spaces Questions? The Rigidity of Infinite Frameworks in Euclidean and Polyhedral Normed Spaces Sean Dewar Lancaster University, Department of

616 views • 40 slides
iLab 2 Internet Protocol version 6 Stefan Liebald liebald@net.in.tum.de Lehrstuhl fr

iLab 2 Internet Protocol version 6 Stefan Liebald liebald@net.in.tum.de Lehrstuhl fr

iLab 2 Internet Protocol version 6 Stefan Liebald liebald@net.in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen October 18, 2017 Based on slides of Lukas Schwaighofer 1

678 views • 46 slides
802.1 Plenary July 2017 Berlin, Germany Closing Agenda Glenn Parsons IEEE 802.1 WG Chair

802.1 Plenary July 2017 Berlin, Germany Closing Agenda Glenn Parsons IEEE 802.1 WG Chair

802.1 Plenary July 2017 Berlin, Germany Closing Agenda Glenn Parsons IEEE 802.1 WG Chair glenn.parsons@ericsson.com 1 Plenary Agenda Call for Patents Membership Future Meetings 802 reports TG reports Sanity check current

1.35k views • 101 slides
APAN Sensor Network WG APAN Sensor Network WG nd meeting @ Hanoi 2 nd 2 nd nd meeting @ Hanoi

APAN Sensor Network WG APAN Sensor Network WG nd meeting @ Hanoi 2 nd 2 nd nd meeting @ Hanoi

APAN Sensor Network WG APAN Sensor Network WG nd meeting @ Hanoi 2 nd 2 nd nd meeting @ Hanoi i i @ H @ H i i Group Meeting (2010/08/10) (2010/08/10) Chair: Susumu Takeuchi Chair: Susumu Takeuchi (NICT, Japan) Introduction of

867 views • 53 slides
High-order Asymptotic-Preserving schemes for the Boltzmann equation and related problems Lorenzo

High-order Asymptotic-Preserving schemes for the Boltzmann equation and related problems Lorenzo

Introduction IMEX Runge-Kutta Exponential schemes Further developments High-order Asymptotic-Preserving schemes for the Boltzmann equation and related problems Lorenzo Pareschi Department of Mathematics & Computer Science University of

566 views • 41 slides
Ensemble Methods + Recommender Systems Matt Gormley Lecture 21 Nov. 4, 2019 1 Reminders

Ensemble Methods + Recommender Systems Matt Gormley Lecture 21 Nov. 4, 2019 1 Reminders

10-601 Introduction to Machine Learning Machine Learning Department School of Computer Science Carnegie Mellon University Midterm Review + Ensemble Methods + Recommender Systems Matt Gormley Lecture 21 Nov. 4, 2019 1 Reminders

967 views • 79 slides

More recommend