On calibrating measurements of packet transit times
SIGMETRICS '98/PERFORMANCE '98 Proceedings of the 1998 ACM SIGMETRICS joint international conference on Measurement and modeling of computer systems
On the design and performance of prefix-preserving IP traffic trace anonymization
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Precision timestamping of network packets
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
PC based precision timing without GPS
SIGMETRICS '02 Proceedings of the 2002 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Using signal processing to analyze wireless data traffic
WiSE '02 Proceedings of the 1st ACM workshop on Wireless security
A technique for counting natted hosts
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
Effects of clock resolution on the scheduling of interactive and soft real-time processes
SIGMETRICS '03 Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Spectroscopy of DNS update traffic
SIGMETRICS '03 Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
A framework for classifying denial of service attacks
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Robust synchronization of software clocks across the internet
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Remote Physical Device Fingerprinting
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
A Mathematical Theory of Communication
A Mathematical Theory of Communication
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Spectroscopy of traceroute delays
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
A privacy-preserving interdomain audit framework
Proceedings of the 5th ACM workshop on Privacy in electronic society
Computer forensics in forensis
ACM SIGOPS Operating Systems Review
Passive classification of wireless NICs during rate switching
EURASIP Journal on Wireless Communications and Networking
On fast and accurate detection of unauthorized wireless access points using clock skews
Proceedings of the 14th ACM international conference on Mobile computing and networking
Wireless device identification with radiometric signatures
Proceedings of the 14th ACM international conference on Mobile computing and networking
Protecting privacy with protocol stack virtualization
Proceedings of the 7th ACM workshop on Privacy in the electronic society
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
A taxonomy and adversarial model for attacks against network log anonymization
Proceedings of the 2009 ACM symposium on Applied Computing
Confidentiality-preserving distributed proofs of conjunctive queries
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Transient-based identification of wireless sensor nodes
IPSN '09 Proceedings of the 2009 International Conference on Information Processing in Sensor Networks
On non-cooperative location privacy: a game-theoretic analysis
Proceedings of the 16th ACM conference on Computer and communications security
Review: Passive internet measurement: Overview and guidelines based on experiences
Computer Communications
On the reliability of wireless fingerprinting using clock skews
Proceedings of the third ACM conference on Wireless network security
Hide-and-Lie: enhancing application-level privacy in opportunistic networks
MobiOpp '10 Proceedings of the Second International Workshop on Mobile Opportunistic Networking
Informant: detecting sybils using incentives
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Physical-layer identification of UHF RFID tags
Proceedings of the sixteenth annual international conference on Mobile computing and networking
How unique is your web browser?
PETS'10 Proceedings of the 10th international conference on Privacy enhancing technologies
Strengthening forensic investigations of child pornography on P2P networks
Proceedings of the 6th International COnference
End-to-end and network-internal measurements of real-time traffic to residential users
MMSys '11 Proceedings of the second annual ACM conference on Multimedia systems
Effective digital forensics research is investigator-centric
HotSec'11 Proceedings of the 6th USENIX conference on Hot topics in security
Application presence fingerprinting for NAT-Aware router
KES'06 Proceedings of the 10th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part II
Forensic investigation of peer-to-peer file sharing networks
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Source attribution for network address translated forensic captures
Digital Investigation: The International Journal of Digital Forensics & Incident Response
False Positives: False positive response
Network Security
Security & SDLC: The 'phasing-in' of security governance in the SDLC
Network Security
Experience with heterogenous clock-skew based device fingerprinting
Proceedings of the 2012 Workshop on Learning from Authoritative Security Experiment Results
On physical-layer identification of wireless devices
ACM Computing Surveys (CSUR)
Computer Networks: The International Journal of Computer and Telecommunications Networking
Estimation of the available bandwidth ratio of a remote link or path segments
Computer Networks: The International Journal of Computer and Telecommunications Networking
Who do you sync you are?: smartphone fingerprinting via application behaviour
Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks
Network fingerprinting: TTL-based router signatures
Proceedings of the 2013 conference on Internet measurement conference
FPDetective: dusting the web for fingerprinters
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
PCTCP: per-circuit TCP-over-IPsec transport for anonymous communication overlay networks
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Passive remote source NAT detection using behavior statistics derived from netflow
AIMS'13 Proceedings of the 7th IFIP WG 6.6 international conference on Autonomous Infrastructure, Management, and Security: emerging management mechanisms for the future internet - Volume 7943
A defense against clock skew replication attacks in wireless sensor networks
Journal of Network and Computer Applications
| Hi-index | 0.00 |
We introduce the area of remote physical device fingerprinting, or fingerprinting a physical device, as opposed to anoperating system or class of devices, remotely, and without the fingerprinted deviceýs known cooperation. We accomplish this goal by exploiting small, microscopic deviations in device hardware: clock skews. Our techniques do not require any modification to the fingerprinted devices. Our techniques report consistent measurements when the measurer is thousands of miles, multiple hops, and tens of milliseconds away from the fingerprinted device and when the fingerprinted device is connected to the Internet from different locations and via different access technologies. Further, one can apply our passive and semipassive techniques when the fingerprinted device is behind a NAT or firewall, and also when the deviceýs system time is maintained via NTP or SNTP. One can use our techniques to obtain information about whether two devices on the Internet, possibly shifted in time or IP addresses, are actually the same physical device. Example applications include: computer forensics; tracking, with some probability, a physical device as it connects to the Internet from different public access points; counting the number of devices behind a NAT even when the devices use constant or random IP IDs; remotely probing a block of addresses to determine if the addresses correspond to virtual hosts, e.g., as part of a virtual honeynet; and unanonymizing anonymized network traces.