BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Talks.cam//talks.cam.ac.uk//
X-WR-CALNAME:Talks.cam
BEGIN:VEVENT
SUMMARY:Hot or Not: Fingerprinting hosts through clock skew - Steven J. Mu
 rdoch (Computer Laboratory\, University of Cambridge)
DTSTART:20080212T161500Z
DTEND:20080212T171500Z
UID:TALK10606@talks.cam.ac.uk
CONTACT:Andrew Lewis
DESCRIPTION:Every computer has a unique clock skew\, even ones of the same
  model\, so this acts as a fingerprint. Even if that computer moves locati
 on and changes ISP it can be later identified through this phenomenon.\n\n
 By collecting TCP timestamps or sequence numbers\, clock skew can be accur
 ately remotely measured. In addition to varying between computers\, clock 
 skew also changes depending on temperature. Thus a remote attacker\, monit
 oring timestamps\, can make an estimate of a computer's environment\, whic
 h has wide-scale implications on security and privacy.\nThrough measuring 
 day length and time-zone\, the location of a computer could be estimated\,
  which is a particular concern with anonymity networks and VPNs. Local tem
 perature changes caused by air-conditioning or movements of people can ide
 ntify whether two machines are in the same location\, or even are virtual 
 machines on one server.\nThe temperature of a computer can also be influen
 ced by CPU load\, so opening up a low-bandwidth covert channel. This could
  be used by processes which are prohibited from communicating for confiden
 tiality reasons and because this is a physical covert channel\, it can eve
 n cross "air-gap" security boundaries.\n\nThe talk will demonstrate how to
  use this channel to attack the hidden service feature offered by the Tor 
 anonymity system.\nHere\, an attacker can repeatedly access a hidden servi
 ce\, increasing CPU load and inducing a temperature change. This will affe
 ct clock skew\, which the attacker can monitor on all candidate Tor server
 s. When there is a match between the load pattern and the clock skew\, the
  attacker has linked the real IP address of a hidden server to its pseudon
 ym\, violating the anonymity properties Tor is designed to provide.\n\nThe
  talk will also present a separate illustration of the temperature covert 
 channel technique\, such as investigating a suspected attack on the Tor ne
 twork in August 2006\, by a well equipped adversary.\n
LOCATION:Lecture Theatre 2\, Computer Laboratory\, William Gates Building
END:VEVENT
END:VCALENDAR