New Research Deals Internet Anonymity a Big Hit
CALIFORNIA – A University of California doctoral student claimed that he has found a method for identifying remote computers on the internet. According to a research paper authored by Tadayoshi Kohno, methods exist for sidestepping some common security practices and possibly revealing the identity of anonymous internet users.”There are now a number of powerful techniques for remote operating system fingerprinting, that is, remotely determining the operating systems of devices on the Internet. We push this idea further and introduce the notion of remote physical device fingerprinting…without the fingerprinted device’s known cooperation,” wrote Kohno.
Possible uses for this technology, according to Kohno’s paper, include the ability to follow a specific computer’s activities even if it moves from one internet access point to another, to measure how many actual machines are connected behind a network address translation (NAT) protocol, and to probe a block of IP addresses to check whether they correspond to a virtual host.
Despite these latest threats to privacy, Kohno’s paper doesn’t spell the end of the anonymity business. Instead, makers of anonymity tools will be challenged to adapt their products to address these new privacy concerns.
According to Kohno, the techniques he outlines in his paper could be used by the surveillance industry to keep tabs on specific machines such as laptop computers that might move from one internet connection point to the next.
“One could also use our techniques to help track laptops as they move, perhaps as part of a Carnivore-like project,” wrote Kohno.
Carnivore was an internet surveillance system that was launched by the FBI and widely criticized by privacy advocates. The FBI announced recently that the program had been terminated, but it is unknown whether a new program took its place.
Kohno also boasted that his hardware identity techniques have proven to work over a wide range of conditions: “Our techniques report consistent measurements when the measurer is thousands of miles, multiple hops, and tens of milliseconds away from the fingerprinted device, and when the fingerprinted device is connected to the Internet from different locations and via different access technologies. Further, one can apply our passive and semi-passive techniques when the fingerprinted device is behind a NAT or firewall.”
Information about Kohno’s discoveries became available when a principal investigator for the Cooperative Association for Internet Data Analysis provided details about the project to a mailing list. In the email she requested, “Please don’t forward to any bad guys.”
Kohno will likely present his findings to the Institute of Electrical and Electronics Engineers Symposium on Security and Privacy, which takes place this May in California.