Device fingerprinting
I was thinking about this. How good and useful it would be to come up with something like device fingerprints. I am not talking about the IDs that everyone says should be fused into a device. There is a separate movement going on in that direction and also there is something called Electronic Product Code. One of the weak points with a serial number or anything that is externally assigned by a manufacturer to a device would be: the possibility of replication. For e.g. in case of ethernet cards, the manufacturer gives a unique identifier called MAC address to each of the card. But how difficult do you think it is to replicate a MAC address?
The missing link here is this: all the IDs are assigned externally by the manufacturers. And there is no place where the catelogue of "what the device is" and "what the device is assigned" is maintained.
A stronger form of identification would be to identify a device using "what it is" rahter than "what it is assigned."
Let us take an example. Let us say Company DMA manufactures a microprocessor with serial number XYZ. Assume that we have a fingerprinting mechanism in place. The newly manufactured microprocessor is subject to fingerprinting, and a fingerprint is taken and catalogued against XYZ serial number. When there is a dispute tomorrow, or there is a necessity to prove that the processor sold in Chennai with XYZ serial number is not genuine, all that you have to do is to take a fingerprint of the processor from Chennai. Verify this fingerprint against the one in the catelogue. Declare it to be genuine or duplicate.
Difficulty lies here: how will you take the fingerprint of the device in a non-intrusive way. i.e. if you wish to take the fingerprint of the microprocessor, you should remove it from the board. Can you fingerprint it without removing it from board?
Different devices might produce different sized fingerprints. Instead of storing the fingerprints, or comparing against the fingerprints, we can come up with something very similar to message digest.
Can we identify a factor or a composition of factors that would help us in fingerprinting an electronic device? Remember that this factor(s) shouldn't change over a period of time.
The missing link here is this: all the IDs are assigned externally by the manufacturers. And there is no place where the catelogue of "what the device is" and "what the device is assigned" is maintained.
A stronger form of identification would be to identify a device using "what it is" rahter than "what it is assigned."
Let us take an example. Let us say Company DMA manufactures a microprocessor with serial number XYZ. Assume that we have a fingerprinting mechanism in place. The newly manufactured microprocessor is subject to fingerprinting, and a fingerprint is taken and catalogued against XYZ serial number. When there is a dispute tomorrow, or there is a necessity to prove that the processor sold in Chennai with XYZ serial number is not genuine, all that you have to do is to take a fingerprint of the processor from Chennai. Verify this fingerprint against the one in the catelogue. Declare it to be genuine or duplicate.
Difficulty lies here: how will you take the fingerprint of the device in a non-intrusive way. i.e. if you wish to take the fingerprint of the microprocessor, you should remove it from the board. Can you fingerprint it without removing it from board?
Different devices might produce different sized fingerprints. Instead of storing the fingerprints, or comparing against the fingerprints, we can come up with something very similar to message digest.
Can we identify a factor or a composition of factors that would help us in fingerprinting an electronic device? Remember that this factor(s) shouldn't change over a period of time.
posted by Roy at
11:19 PM
0 Comments:
Post a Comment
<< Home