Clock-Skew-Based Computer Identification: Traps and Pitfalls
Libor Polčák (Brno University of Technology, Czech Republic)
Barbora Franková (Brno University of Technology, Czech Republic)
Abstract: Each clock has built-in deficiencies since the manufacturing process is not precise on atomic level. These inaccuracies cause each clock to drift in a unique way. Clock skew has been already studied and used to identify computers. Based on the previous research in clock-skew-based identification, this paper provides a summary of use cases and methods for clock-skew-based identification. Nevertheless, the main contribution of the paper is following: (1) A formal evaluation of the requirements for precise clock skew estimations. The formal approach is accompanied with an empirical study of 24,071 clock skew measurements. (2) A method that links IPv4 and IPv6 addresses of a single computer. (3) A scenario, during which a malicious attacker mimics clock skew of another computer and consequently, for example, penetrates through authentication mechanisms considered during previous research. (4) Even though the real network observations expose that current precision in clock skew estimation is not sufficient to uniquely identify devices in moderately-sized network, some IPv4 and IPv6 addresses can be linked based on unique clock skew shifts of a computer, for example caused by a running NTP daemon.
Keywords: IPv6, clock skew, counter-measures, device fingerprinting, security