[ntp:questions] Re: Fingerprinting hosts by clock skew
Brad Knowles
brad at stop.mail-abuse.org
Wed Mar 9 18:31:55 UTC 2005
At 6:26 PM +0100 2005-03-09, Mxsmanic wrote:
> Why not just build hardware RTCs that allow for extremely fine
> adjustments via software? NTP could calculate the correct adjustment,
> then program the RTC hardware directly, ultimately producing an
> extraordinarily accurate hardware clock. A clock synchronized in this
> way would also eliminate fingerprinting by clock skew, since the skew
> would soon fall to zero.
It's not necessary. Running NTP with current hardware is enough
to eliminate the ability to apply active attacks using the mechanisms
shown. The problem is that passive and semi-active attacks are still
possible, because the clock skew corrections applied to the system
clock are not also applied to the TCP/IP clock, and you can still
measure and fingerprint the TCP clock skew.
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the questions
mailing list