clock around the clock
play

Clock Around the Clock Time-Based Device Fingerprinting Iskander - PowerPoint PPT Presentation

Oct 23, 2022 •1.71k likes •2.42k views

Clock Around the Clock Time-Based Device Fingerprinting Iskander Sanchez-Rola, Igor Santos, Davide Balzarotti Device Fingerprinting Exploits different features to uniquely identify a machine. The entity interested in computing the fingerprint is

  1. Clock Around the Clock Time-Based Device Fingerprinting Iskander Sanchez-Rola, Igor Santos, Davide Balzarotti

  2. Device Fingerprinting Exploits different features to uniquely identify a machine. The entity interested in computing the fingerprint is able to run arbitrary code with user privileges in the machine.

  3. Device Fingerprinting Exploits different features to uniquely identify a machine. The entity interested in computing the fingerprint is able to run arbitrary code with user privileges in the machine. (i) malicious applications that want this information to perform selective attacks against certain victims.

  4. Device Fingerprinting Exploits different features to uniquely identify a machine. The entity interested in computing the fingerprint is able to run arbitrary code with user privileges in the machine. (i) malicious applications that want this information to perform selective attacks against certain victims (ii) proprietary applications that want to bind a license to a single machine.

  5. Web Device Fingerprinting A website computes a unique identifier for each visitor’s machine, without storing any information on the client side. The entity interested in computing the fingerprint is able to run arbitrary code with user privileges in the browser.

  6. Web Device Fingerprinting A website computes a unique identifier for each visitor’s machine, without storing any information on the client side. The entity interested in computing the fingerprint is able to run arbitrary code with user privileges in the browser. (i) advertisers or tracking companies can use it to obtain the browsing history of users.

  7. Web Device Fingerprinting A website computes a unique identifier for each visitor’s machine, without storing any information on the client side. The entity interested in computing the fingerprint is able to run arbitrary code with user privileges in the browser. (i) advertisers or tracking companies can use it to obtain the browsing history of users. (ii) websites that require strong authentication (e.g., banking and shopping) can use this technique to include an additional verification to their process.

  8. Web Device Fingerprinting Attribute-based Uses several browser attributes (e.g., installed fonts/plugins, or UserAgent). Unfortunately, these attributes change rapidly, rendering the fingerprint obsolete. Hardware-based Uses browser implementations of different APIs to compute the differences between devices that are based in hardware features (e.g., HTML5 Canvas or WebGL).

  9. Hardware-based Identification We notice that the execution time of certain functions was uniquely correlated to the machine where it was running, and could be used to differentiate even among identical devices.

  10. Hardware-based Identification We notice that the execution time of certain functions was uniquely correlated to the machine where it was running, and could be used to differentiate even among identical devices What is the reason behind this?

  11. Clock Imperfections I Computers can be fingerprinted by comparing different clocks . Salo proposed to compare the CPU clock cycles of ticks in the clock with the cycles needed for the digitalization of an analog signal using a sound card . Afterwards, the author computed different statistical tests to distinguish among different machines. Timothy J Salo. 2007. Multi-Factor Fingerprints for Personal Computer Hardware. In Proceedings of the Military Communications Conference (MILCOM). IEEE.

  12. Clock Imperfections II Several factors play a crucial role for this technique to work:

  13. Clock Imperfections II Several factors play a crucial role for this technique to work: (1) The program needs to have access to the CPU clock cycles , which is not a common option in high-level languages.

  14. Clock Imperfections II Several factors play a crucial role for this technique to work: (1) The program needs to have access to the CPU clock cycles , which is not a common option in high-level languages. (2) The sound card used must not rely on the CPU clock and should use an independent crystal -controlled oscillator.

  15. Clock Imperfections II Several factors play a crucial role for this technique to work: (1) The program needs to have access to the CPU clock cycles , which is not a common option in high-level languages. (2) The sound card used must not rely on the CPU clock and should use an independent crystal -controlled oscillator. (3) The experiment needed to run for approximately one hour .

  16. Our Observation When a small function is repeated a sufficient number of times, it can be used to amplify the small differences between the CPU and the timer clocks. By measuring the execution time by using the datetime API, we can use this information to remotely fingerprint a machine. Our algorithm is divided into two different phases : the generation of the fingerprint, and the comparison phase.

  17. Fingerprint Generation function(50m) function(75m) function(100m)

  18. Fingerprint Generation function(75m) function(100m)

  19. Fingerprint Generation 0.6s function(75m) function(100m)

  20. Fingerprint Generation 0.6s function(100m)

  21. Fingerprint Generation 0.6s function(100m)

  22. Fingerprint Generation 0.6s 0.94s function(100m)

  23. Fingerprint Generation 0.6s 0.94s

  24. Fingerprint Generation 0.6s 0.94s

  25. Fingerprint Generation 0.6s 0.94s

  26. Fingerprint Generation 0.6s 0.94s 1.3s

  27. Fingerprint Generation 0.6s 0.94s 1.3s

  28. Fingerprint Generation 0.6s 0.94s 1.3s 0.6s 0.94s 1.4s

  29. Fingerprint Generation 0.6s 0.94s 1.3s 0.6s 0.94s 1.4s 0.6s 0.94s 1.4s

  30. Fingerprint Comparison fp1=[{0.6,0.94,1.3},{0.6,0.94,1.4},{0.6,0.94,1.4}] fp2=[{0.6,0.94,1.4},{0.7,0.94,1.3},{0.6,0.94,1.3}]

  31. Fingerprint Comparison fp1=[{0.6,0.94,1.3},{0.6,0.94,1.4},{0.6,0.94,1.4}] fp2=[{0.6,0.94,1.4},{0.7,0.94,1.3},{0.6,0.94,1.3}] mode_fp1={}

  32. Fingerprint Comparison fp1=[{ 0.6 ,0.94,1.3},{ 0.6 ,0.94,1.4},{ 0.6 ,0.94,1.4}] fp2=[{0.6,0.94,1.4},{0.7,0.94,1.3},{0.6,0.94,1.3}] mode_fp1={}

  33. Fingerprint Comparison fp1=[{ 0.6 ,0.94,1.3},{ 0.6 ,0.94,1.4},{ 0.6 ,0.94,1.4}] fp2=[{0.6,0.94,1.4},{0.7,0.94,1.3},{0.6,0.94,1.3}] mode_fp1={0.6}

  34. Fingerprint Comparison fp1=[{0.6, 0.94 ,1.3},{0.6, 0.94 ,1.4},{0.6, 0.94 ,1.4}] fp2=[{0.6,0.94,1.4},{0.7,0.94,1.3},{0.6,0.94,1.3}] mode_fp1={0.6}

  35. Fingerprint Comparison fp1=[{0.6, 0.94 ,1.3},{0.6, 0.94 ,1.4},{0.6, 0.94 ,1.4}] fp2=[{0.6,0.94,1.4},{0.7,0.94,1.3},{0.6,0.94,1.3}] mode_fp1={0.6,0.94}

  36. Fingerprint Comparison fp1=[{0.6,0.94,1.3},{0.6,0.94, 1.4 },{0.6,0.94, 1.4 }] fp2=[{0.6,0.94,1.4},{0.7,0.94,1.3},{0.6,0.94,1.3}] mode_fp1={0.6,0.94}

  37. Fingerprint Comparison fp1=[{0.6,0.94,1.3},{0.6,0.94, 1.4 },{0.6,0.94, 1.4 }] fp2=[{0.6,0.94,1.4},{0.7,0.94,1.3},{0.6,0.94,1.3}] mode_fp1={0.6,0.94,1.4}

  38. Fingerprint Comparison fp1=[{0.6,0.94,1.3},{0.6,0.94,1.4},{0.6,0.94,1.4}] fp2=[{0.6,0.94,1.4},{0.7,0.94,1.3},{0.6,0.94,1.3}] mode_fp1={0.6,0.94,1.4}

  39. Fingerprint Comparison fp1=[{0.6,0.94,1.3},{0.6,0.94,1.4},{0.6,0.94,1.4}] fp2=[{ 0.6 ,0.94,1.4},{0.7,0.94,1.3},{ 0.6 ,0.94,1.3}] mode_fp1={0.6,0.94,1.4}

  40. Fingerprint Comparison fp1=[{0.6,0.94,1.3},{0.6,0.94,1.4},{0.6,0.94,1.4}] fp2=[{0.6, 0.94 ,1.4},{0.7, 0.94 ,1.3},{0.6, 0.94 ,1.3}] mode_fp1={0.6,0.94,1.4}

  41. Fingerprint Comparison fp1=[{0.6,0.94,1.3},{0.6,0.94,1.4},{0.6,0.94,1.4}] fp2=[{0.6,0.94, 1.4 },{0.7,0.94,1.3},{0.6,0.94,1.3}] mode_fp1={0.6,0.94,1.4}

  42. Fingerprint Comparison This process is then repeated, inverting the order and checking the most common values in the second one ( fp2 ) with all the values from the first one ( fp1 ). In this case, the percentage of similarity would have been 100%, which is a perfect match . Our method would have determined that both fingerprints belonged to the same computer.

  43. Function Selection We decided to perform a preliminary set of tests to assess the different candidate functions, such as string::compare or crypt. According to our results, different candidates provided good results, but one important point is that our method needs to use a function not often interrupted by the scheduler because, otherwise, the timing values would obviously be polluted.

  44. Stability Tests CPU Temperature We stressed the CPU for 20 minutes at 100% load, successfully doubling the internal temperature. While the increase in temperature can impacts clock-based measurements, we did not observe any variations or errors in our fingerprint identification. A possible explanation is that as the two clock are physically located in the same machine, temperature would affect similarly both of them.

  45. CryptoFP Since this clock-based fingerprinting method works with virtually any simple function, we selected one based on its general availability and on the possibility to generalize our results and compare our native and web-based approaches. We decided to implement our prototype by timing the execution of the pseudo-random generator , as it is available also in JavaScript, called by a wrapper in this scripting language.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

UMBC A B M A L T F O U M B C I M Y O R T 1 (5/1/07) I E S R C E O V U

UMBC A B M A L T F O U M B C I M Y O R T 1 (5/1/07) I E S R C E O V U

Digital Systems Clock Distribution I CMPE 650 Clock Characteristics Clock signals must toggle twice (full cycle) for each single transition for data. Clock wires also tend to be very heavily loaded nets because they typically fan-out to every

490 views • 19 slides
Goals The Clock introduce clock signal. logical level clock fall clock rise Chapter 11:

Goals The Clock introduce clock signal. logical level clock fall clock rise Chapter 11:

Goals The Clock introduce clock signal. logical level clock fall clock rise Chapter 11: Flip-Flops define edge-triggered flip-flops. clock period discuss parameters of flip-flops: setup time, hold time, 1 Computer Structure pulse width

408 views • 8 slides
Clock IC Product Update Clock IC Product Update Clock Distribution and Clock Generation Solutions

Clock IC Product Update Clock IC Product Update Clock Distribution and Clock Generation Solutions

The World Leader in High-Performance Signal Processing Solutions Clock IC Product Update Clock IC Product Update Clock Distribution and Clock Generation Solutions Clock Distribution and Clock Generation Solutions September 2005 September 2005

575 views • 29 slides
Discuss what you know about time. True or False: Learning about time is not important. 1 maths

Discuss what you know about time. True or False: Learning about time is not important. 1 maths

maths time.notebook April 30, 2020 LO: To identify the time on Steps To Success: I can distinguish between the minute hand and the hour hand on an analogue clock an analogue clock I can tell the time on an analogue clock using o'clock and

1.27k views • 64 slides
The clock, not the steam-engine, is the key-machine of the modern industrial age. --Lewis

The clock, not the steam-engine, is the key-machine of the modern industrial age. --Lewis

The clock, not the steam-engine, is the key-machine of the modern industrial age. --Lewis Mumford Perpignan, 1356 Su Sung's Water Clock, 1094 Mechanical Clock: a definition Verge with Pendulum Regulator (Huygens, 1658) So who

265 views • 22 slides
High-level State Machines & RTL Design Prof. Usagi Recap: Clock signal 0ns 10ns 20ns

High-level State Machines & RTL Design Prof. Usagi Recap: Clock signal 0ns 10ns 20ns

High-level State Machines & RTL Design Prof. Usagi Recap: Clock signal 0ns 10ns 20ns 30ns 40ns 50ns 60ns 70ns 80ns 90ns Clock -- Pulsing signal for enabling latches; ticks like a clock The clock's period must be longer than

658 views • 40 slides
lecture 22 often is asynchronous (e.g. USB - universal serial bus ) = clock based (system bus

lecture 22 often is asynchronous (e.g. USB - universal serial bus ) = clock based (system bus

"synchronous" bus Communication between device controllers and devices lecture 22 often is asynchronous (e.g. USB - universal serial bus ) = clock based (system bus clock is slower than CPU clock) Input / Output (I/O) 4 -

206 views • 4 slides
The strong, silent type Alarm clock | Introduction That wakes you up in a different way

The strong, silent type Alarm clock | Introduction That wakes you up in a different way

Alarm clock | Introduction The strong, silent type Alarm clock | Introduction That wakes you up in a different way Alarm clock | Features Wake up to flashing lights High intensity LED flash Same type as a modern camera or a cell

337 views • 30 slides
Clock Enable Timing Closure Methodology Harish Dangat Samsung Semiconductor (company logo if

Clock Enable Timing Closure Methodology Harish Dangat Samsung Semiconductor (company logo if

Clock Enable Timing Closure Methodology Harish Dangat Samsung Semiconductor (company logo if desired) Agenda Basics of Clock Gating Fixing Clock Enable Timing in RTL-2-GDSII Flow Results Conclusion Harish Dangat 2 Clock

1.17k views • 41 slides
DESIGN AND TUNING OF A TREE-MESH CLOCK DISTRIBUTION Nikhil Jayakumar, Dave Murata, Valery Kugel

DESIGN AND TUNING OF A TREE-MESH CLOCK DISTRIBUTION Nikhil Jayakumar, Dave Murata, Valery Kugel

DESIGN AND TUNING OF A TREE-MESH CLOCK DISTRIBUTION Nikhil Jayakumar, Dave Murata, Valery Kugel { nikhilj, dmurata , valery } @juniper.net Juniper Networks OVERVIEW Comparison of Clock trees vs Clock Grids/Mesh Junipers Clock

340 views • 13 slides
Benjamin Banneker and his clock By,Skye Thomas Benjamin Banneker and his clock By, Skye T.

Benjamin Banneker and his clock By,Skye Thomas Benjamin Banneker and his clock By, Skye T.

Benjamin Banneker and his clock By,Skye Thomas Benjamin Banneker and his clock By, Skye T. About Benjamin Banneker Benjamin Banneker was born on November 9, 1731 He lived in Baltimore country, province of Maryland, British America Benjamin

250 views • 8 slides
1 What an odd little circuit Bistable latches o Memories Q Q o New memories S R Q Q

1 What an odd little circuit Bistable latches o Memories Q Q o New memories S R Q Q

Clocks Latches and Flip-flops o A clock is a free-running signal with a fixed cycle time. Fundamental elements of memory o Clock frequency is the inverse of its cycle time. Falling edge Rising edge CS240 Computer Organization Clock period

229 views • 6 slides
Half Past Times Aim I can use a clock to tell the time to half past the hour. Success

Half Past Times Aim I can use a clock to tell the time to half past the hour. Success

Half Past Times Aim I can use a clock to tell the time to half past the hour. Success Criteria I can describe the parts of a clock face. I can read a clock showing half past times. Clocks Time is measured in years, months, weeks,

262 views • 25 slides
Clock Synchronization Synchronization Clock Henrik Lnn Electronics & Software Volvo

Clock Synchronization Synchronization Clock Henrik Lnn Electronics & Software Volvo

Parallel and Distributed Systems: Clock Synchronization Clock Synchronization Synchronization Clock Henrik Lnn Electronics & Software Volvo Technological Development VTD Electronics and Software Parallel and Distributed Systems: Clock

345 views • 17 slides
lecture 22 Input / Output (I/O) 4 - asynchronous bus, handshaking - serial bus Mon.

lecture 22 Input / Output (I/O) 4 - asynchronous bus, handshaking - serial bus Mon.

lecture 22 Input / Output (I/O) 4 - asynchronous bus, handshaking - serial bus Mon. April 4, 2016 "synchronous" bus = clock based (system bus clock is slower than CPU clock) "asynchronous" bus = not clock

546 views • 32 slides
CENG 4480 Lecture 10: Clock Bei Yu Reference : Chapter 11 Clock Distribution High speed

CENG 4480 Lecture 10: Clock Bei Yu Reference : Chapter 11 Clock Distribution High speed

CENG 4480 Lecture 10: Clock Bei Yu Reference : Chapter 11 Clock Distribution High speed digital design by Johnson and Graham 1 A 2-bit ring counter example 2-bit ring counter Initially A = B = 0; A = 0011001100 What is B?

213 views • 20 slides
Need for Classification Classification required To isolate traffic of interest

Need for Classification Classification required To isolate traffic of interest

Need for Classification Classification required To isolate traffic of interest Classification of Internet Traffic To treat special types of traffic in a different manner Some types of classification already seen in Alok

371 views • 9 slides
Fingerprinting the datacenter: automated classification of performance crises Peter Bodk 1,3 ,

Fingerprinting the datacenter: automated classification of performance crises Peter Bodk 1,3 ,

Fingerprinting the datacenter: automated classification of performance crises Peter Bodk 1,3 , Moises Goldszmidt 3 , Armando Fox 1 , Dawn Woodard 4 , Hans Andersen 2 1 RAD Lab, UC Berkeley 2 Microsoft 3 Research 4 Cornell University Crisis

664 views • 19 slides
BIAS BIAS Biometric Identity Assurance Services 6 March 2009 Catherine Tilton W3C Workshop on

BIAS BIAS Biometric Identity Assurance Services 6 March 2009 Catherine Tilton W3C Workshop on

BIAS BIAS Biometric Identity Assurance Services 6 March 2009 Catherine Tilton W3C Workshop on SIV Biometric services Whats missing? Biometric Applications Biometric Resources ? ANSI/NIST-ITL 1-2000/6 ? BioAPI/BIP ? Other ?

257 views • 13 slides
Picasso: Light-weight device class fingerprinting for web clients Elie Bursztein , Artem Malyshev,

Picasso: Light-weight device class fingerprinting for web clients Elie Bursztein , Artem Malyshev,

Picasso: Light-weight device class fingerprinting for web clients Elie Bursztein , Artem Malyshev, Tadek Pietraszek, Kurt Thomas Title Interesting story here Subpoint g.co/research/protect Keeping online interactions meaningful

641 views • 32 slides
with GPU in Hybrid Storage Systems Prince Hamandawana, Awais Khan, Changgyu Lee , Sungyong Park,

with GPU in Hybrid Storage Systems Prince Hamandawana, Awais Khan, Changgyu Lee , Sungyong Park,

Accelerating the Data Deduplication Performance with GPU in Hybrid Storage Systems Prince Hamandawana, Awais Khan, Changgyu Lee , Sungyong Park, Youngjae Kim Department of Computer Science and Engineering Sogang University, Seoul, Republic of

441 views • 15 slides
Online Trust and Digital Certificates: Tech Tutorial Edward W. Felten Professor of Computer

Online Trust and Digital Certificates: Tech Tutorial Edward W. Felten Professor of Computer

Online Trust and Digital Certificates: Tech Tutorial Edward W. Felten Professor of Computer Science and Public Affairs Princeton University Secure connection means: 1.Protected channel to some server 2. Authentication of the servers

461 views • 27 slides
RDKit (cheminformatics) Neo4j Integration Mentors: Christian Pilger (BASF) Presenter - Evgeny

RDKit (cheminformatics) Neo4j Integration Mentors: Christian Pilger (BASF) Presenter - Evgeny

RDKit (cheminformatics) Neo4j Integration Mentors: Christian Pilger (BASF) Presenter - Evgeny Sorokin Greg Landrum (RDKit) Stefan Armbruster (Neo4j) Motivation Neo4j = useful tool to map knowledge Chemical/pharmaceutical R&D:

726 views • 14 slides
Beauty and the Beast: Diverting modern web browsers to build unique browser fingerprints Pierre

Beauty and the Beast: Diverting modern web browsers to build unique browser fingerprints Pierre

Beauty and the Beast: Diverting modern web browsers to build unique browser fingerprints Pierre Laperdrix, Walter Rudametkin, Benoit Baudry 2/19 Example of a fingerprint Attribute Value User agent Mozilla/5.0 (X11; Linux i686; rv:25.0)

215 views • 19 slides

More recommend