By Annalee NewitzPosted 12.28.2006 at 1:15 pm 2 Comments
This morning at the Chaos Communication Congress, Cambridge Ph.D. student Steven Murdoch (pictured at left) knocked everybody's socks off with a presentation about how people can unmask an anonymous online publisher by remotely monitoring his computer's temperature. It sounds about as tin foil hat as you can get, but the trick is real. Every computer's clock is run via quartz crystals, but those crystals change their speeds as the computer heats up. Therefore a computer's clock runs nanoseconds faster or slower depending on the overall temperature of the unit. This process is called clock skew, and it creates a uniquely off-kilter time "fingerprint" for every computer.
Researchers in the field have pointed out that asking a computer what time it is over and over for an extended period allows you to chart its time skew as it heats up and cools
off over a day's use. (See the chart at right for an example of a computer's unique time skew profile.) Murdoch talked about how time skew tracking could also be used to locate computers hidden via an anonymous network-within-a-network called Tor. Dissidents, whistleblowers, and other people who wish to remain anonymous can publish information on the Internet using Tor's "hidden services" mode. But a computer offering these hidden services can't hide its heat and resulting clock skew.
Somebody who wants to nab dissidents can send lots of data to the computer running hidden services, heat it up, take a measurement, and then compare those measurements to other computers in the Tor network. Once she has a match, that person will know the IP address of the computer hosting the formerly-anonymous publisher. She can now track the computer down and destroy it. Murdoch speculated that time skew might also reveal the whereabouts of a computer because one could figure out what time of day air conditioning got turned on and off, or when sun was heating up the room where the computer is located. One could also figure out, based on the heat signature, whether a computer was stored in a rack or under somebody's desk.
There are no good ways to defend against time skew monitoring. Fans and temperature regulators don't correct for the tiny changes in temperature required to produce skew. So even if you're hiding using advanced tech like Tor, your heat can give you away. Read Murdoch's paper on the topic here. -- Annalee Newitz