A Cambridge University researcher Steven J Murdoch has a devised a novel attack on online anonymity systems in which he literally takes a computer’s temperature over the internet.
The attack uses a phenomenon called “clock skew” the tendency for the precise clocks in modern computers to drift off of the correct time at slightly different rates, which can be affected by heat.
“When a crystal is manufactured, it has a clock skew, and it’s different for each crystal (throughout its) lifetime,” he explains while discussing his work at the Chaos Communications Congress on Thursday.
Last year UCLA Ph.D. student Tadayoshi Kohno showed that clock skew can be used to identify computers on the internet, by charting the timestamps in a machine’s traffic. But the skew is a fairly weak identifier, providing at best 64 unique fingerprints. A network of a thousand computers would have 16 with an identical clock skew.
The research spawned a variety of theories on how clock skew could be used to attack anonymity online : from detecting daytime hours at a server located in an unknown country, to counting the number of hosts behind a NAT firewall. Murdoch was the first to make an attack work.
His victim is the Onion Router Network (TOR). Tor encrypts a user’s traffic, and bounces it through multiple servers, so the final destination doesn’t know where it came from.
Murdoch set up a Tor network at Cambridge to test his technique, which works like this: If an attacker wants to learn the IP address of a hidden server on the Tor network, he’ll suddenly request something difficult or intensive from that server. The added load will cause it to warm up.
Because temperature affects how fast most electronics operate, warming up the machine causes microscopic changes in clock skew over time. Now the attacker queries computers on the public internet that he suspects of being the Tor server, looking for the shift in skew over the course of hours.
When he finds a computer that has guilty change in its timestamps, he has a match.
“It’s actually quite hard to defend against,” says Murdoch. “(You can) lock the timestamp, but even without explicate timestamps, it’s conceivable.”
That doesn’t mean it’s time to give up on online anonymity: Murdoch points out that other attacks on Tor are currently easier and quicker.
Ironically it might be the most extremely hardened computers that would be most vulnerable to this style of attack. Murdoch theorizes that military computers with precise time reporting should be easier than more casual networks like Tor, in the long run.