[ntp:questions] Re: Fingerprinting hosts by clock skew

Brad Knowles brad at stop.mail-abuse.org
Wed Mar 9 18:31:55 UTC 2005


At 6:26 PM +0100 2005-03-09, Mxsmanic wrote:

>  Why not just build hardware RTCs that allow for extremely fine
>  adjustments via software?  NTP could calculate the correct adjustment,
>  then program the RTC hardware directly, ultimately producing an
>  extraordinarily accurate hardware clock.  A clock synchronized in this
>  way would also eliminate fingerprinting by clock skew, since the skew
>  would soon fall to zero.

	It's not necessary.  Running NTP with current hardware is enough 
to eliminate the ability to apply active attacks using the mechanisms 
shown.  The problem is that passive and semi-active attacks are still 
possible, because the clock skew corrections applied to the system 
clock are not also applied to the TCP/IP clock, and you can still 
measure and fingerprint the TCP clock skew.

-- 
Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.



More information about the questions mailing list