Using Computer Clock Skew to Crack Anonymity Networks
At the recent Chaos Communications Congress, Steven J. Murdoch, a researcher in the security group at the University of Cambridge, discussed how clock skew can be used to facilitate a digital attack against anonymity networks. Clock skew, the tendency for a computer’s clock to become less precise when heated, can reduce the efficacy of anonymizers, such as the Electronic Frontier Foundation’s Tor network.
Murdoch explains, “When a crystal is manufactured, it has a clock skew, and it’s different for each crystal (throughout its) lifetime.” Tadayoshi Kohno, now an assistant professor in the Department of Computer Science and Engineering at the University of Washington, has shown that computers on the internet can be identified by their clock skews, by tracking the timestamps of each machine’s transmitted packets. Clock skew, however, yields up to only 64 separate identifiers, making it an incomplete confirmation tool.
Clock skew has long been a concern of engineers of synchronous network, as it causes the clock signal for system components to arrive at different times; however, Murdoch is the first to take advantage of this hardware fallibility. Murdoch attacked The Onion Router, Tor, an anonymizing network that allows unregistered users to access web sites without identifying themselves. Tor network encrypts web traffic, through multiple servers, creating layers of anonymizing packets, none of which may be decrypted by another node on the Tor network.
Murdoch tested his digital attack by setting up a Tor network server and causing the server to warm up by executing intensive processes. The increase in system temperature caused minor changes in clock skew.
Reads: 3314 | Today: 2 | Last: 04.02.2012 - 05:20
