Ben Laurie blathering

Turning the Heat Up on Anonymity

My friend Steven Murdoch has a habit of finding ways to make Tor spill the beans about what’s going on. This is good, of course, because it shows how amazingly hard it is to really get anonymity.

His latest effort is stroke of genius. In short, he notices that the speed of a PC’s clock varies depending on the temperature, but for a given temperature is very stable indeed. If you’re cunning, you can detect remotely when the clock ticks and thus deduce the clock skew. What does this have to do with Tor? Well, Tor has this feature called a hidden service, which allows you to run a server anonymised by Tor. So, suppose I’m the bad guy, I suspect you are running some hidden service and I want to confirm this suspicion, how do I do it?

What I do is access the hidden service. A lot. This makes the CPU get hot, which changes the hidden server’s clock skew. While I’m doing that, I determine the clock skew of your server. Then I leave the service alone, and check skew again. I do this is some detectable pattern. If your server’s clock skew matches the pattern I’m using, then I’ve got you. As with a lot of the Cambridge Security Group‘s research, this makes me go “wow!”.

Steven blogs about this here.


  1. Yeah, I saw their paper. neat.

    Maybe you should reset your clock every couple of seconds against a well known (external) source, though you are still going to run fast between resets.

    Comment by Steve Loughran — 5 Sep 2006 @ 12:52

  2. Surely this could easily be counteracted by the application of a pack of frozen peas onto the processor/chipset when the temperature goes beyond a certain limit… should be possible with lego mindstorms?

    Ben, mathematically, would random cooling be enough to evade detection?

    Comment by Steve Lord — 9 Sep 2006 @ 1:58

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress