The Invisible Pirate - Tracking PCs

by Joe Blow   

This edition covers two methods that Big Brother may soon be able to use to track any computer. The good news is that geospatial addressing is still on the drawing board and won't become a reality for most users for years. The bad news is that remote physical device fingerprinting may enable the feds to track your computer anywhere, no matter how or where you connect to the web, even if you use a high anonymous proxy server or an anonymizer system like JAP or Tor. Not happy about that? Wait, it gets worse. IPv6's geospatial addressing will incorporate an injected GPS signal to pinpoint a user's location. While this feature is intended for military use, it remains to be seen whether or not it will be used in the civilian sector. Any bets what Big Brother's vote will be?

Tracking PCs Anywhere on the Net

Renai LeMay writes on CNET News.com: "A University of California researcher says he has found a way to identify computer hardware remotely, a technique that could potentially unmask anonymous Web surfers by bypassing some common security techniques.

"Tadayoshi Kohno, a doctoral student, wrote in a paper on his research: 'There are now a number of powerful techniques for remote operating system fingerprinting, that is, remotely determining the operating systems of devices on the Internet. We push this idea further and introduce the notion of remote physical device fingerprinting . . . without the fingerprinted device's known cooperation.'

"The potential applications for Kohno's technique are far-reaching. For example, it could be possible to track 'a physical device as it connects to the Internet from different access points, counting the number of devices behind a NAT even when the devices use constant or random IP identifications, remotely probing a block of addresses to determine if the addresses correspond to virtual hosts.'

"Kohno's research is likely not the last word in Net anonymity, but simply the latest escalation in the arms race between snoopware and anonymity developers. Possible countermeasures include masking time skews with better random number generation techniques, for example.

"Kohno appears to be aware of the interest from surveillance groups that his techniques could generate, saying in his paper: 'One could also use our techniques to help track laptops as they move, perhaps as part of a Carnivore-like project.' Carnivore was Internet surveillance software built by the Federal Bureau of Investigation. Earlier in the paper Kohno mentioned possible forensics applications, saying that investigators could use his techniques 'to argue whether a given laptop was connected to the Internet from a given access location.'

"Another application for Kohno's technique could be to 'obtain information about whether two devices on the Internet, possibly shifted in time or IP addresses, are actually the same physical device.'

"The technique works by 'exploiting small, microscopic deviations in device hardware: clock skews.' In practice, Kohno's paper says, his techniques 'exploit the fact that most modern TCP stacks implement the TCP timestamps option from RFC 1323 whereby, for performance purposes, each party in a TCP flow includes information about its perception of time in each outgoing packet. A fingerprinter can use the information contained within the TCP headers to estimate a device's clock skew and thereby fingerprint a physical device.'

"Kohno goes on to say: 'Our techniques report consistent measurements when the measurer is thousands of miles, multiple hops, and tens of milliseconds away from the fingerprinted device, and when the fingerprinted device is connected to the Internet from different locations and via different access technologies. Further, one can apply our passive and semi-passive techniques when the fingerprinted device is behind a NAT or firewall'

"And the paper stresses that 'the fingerprinter does not require any modification to or cooperation from the fingerprintee.' Kohno and his team tested their techniques on many operating systems, including Windows XP and 2000, Mac OS X Panther, Red Hat and Debian Linux, FreeBSD, OpenBSD and even Windows for Pocket PCs 2002.

"The paper concludes that 'the main advantage of our techniques . . . is that our technique can be mountable by adversaries thousands of miles and multiple hops away.'"

Get the picture? Big Brother will remotely and covertly track a specific computer's fingerprint. The easiest way to defeat this method is to never use the same computer twice. Organized crime will have no problem defeating this tracking method. Rocky and his brother Guido will simply divert a shipment of laptops, use each of them once, and sell them all at a nice profit. Even if the feds continue to track every one of those diverted laptops, they will now be in use by students, pizza delivery men, teachers, and nurses; by everyone but Rocky and Guido. When the mob needs more laptops, they will know where to get them. Shipments are insured and you will pay for it in higher prices.

The mafia hires hackers to run their computer systems for them. They aren't stupid. My guess is that the only people who will be concerned about this tracking method are those who can't afford to buy (or divert) a new computer every week.

IPv6 Geospatial Addressing

William Jackson writes on GCN.com: "DOD is working to create a network-centric infrastructure that will enable information sharing between and among U.S. military units and allies to give real time situational awareness on the front lines.

"'We don’t have a common air, sea and surface view,' said Lt. Gen. Robert Wagner, deputy commander of the U.S. Joint Forces Command. 'We don’t have the system to do that. We’re trying to fix that.'

"That is the operational requirement underlying DOD’s mandate to move to IPv6 beginning in 2008. The speed of the transition will depend on budgets, political commitment and difficulties encountered in the course of the transition, speakers at the summit said.

"But the process will require at least a decade. 'It will probably take until 2010 to 2015 for IPv6 to become the dominant protocol,' Lynch said.

"The new IPv6-enabled network will require new architectures for routing and security to accommodate the level of communication it is intended to support, Lynch said. 'It is the end-to-end model we have to consider.'

"But current planning primarily duplicates the existing IPv4 structure, with its limited address space and lack of authentication and security.

"'This is becoming evident in the last two or three years in the way people are acquiring address space,' Lynch said.

"New applications and functionality will require use of the expanded address space of IPv6. One example is geospatial addressing. The first 64 bits of the 128-bit address space available in IPv6 are used to identify the device or user. The last 64 bits can be used to define where the user is.

"DOD is contemplating a grid system that would let it pinpoint the location of devices in three dimensions. A Global Positioning System signal would be injected into devices to specify the location-dependent portion of the address. Such a scheme requires advance planning for address needs, Lynch said."

Soon, almost everything you own may include a GPS , including your computer, whether you like it or not. I expect that the FCC will attempt to shove this new GPS "requirement" down the throat of manufacturers, just like it tried to do for the infamous TV V-chip, but it is the military that is pushing for IPv6 adoption, not the government. The U.S. itself is lagging far behind the rest of the world in adopting IPv6, especially China and India .

All of "The Invisible Pirate" articles are available here.