Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Graphics Cards: the Future of Online Authentication?

Soulskill posted about 2 years ago | from the i-am-who-my-pc-says-i-am dept.

Security 178

Gunkerty Jeb writes "Researchers working on the 'physically unclonable functions found in standard PC components (PUFFIN) project' announced last week that widely used graphics processors could be the next step in online authentication. The project seeks to find uniquely identifiable characteristics of hardware in common computers, mobile devices, laptops and consumer electronics. The researchers realized that apparently identical graphics processors are actually different in subtle, unforgeable ways. A piece of software developed by the researchers is capable of discerning these fine differences. The order of magnitude of these differences is so minute, in fact, that manufacturing equipment is incapable of manipulating or replicating them. Thus, the fine-grained manufacturing differences can act as a sort of a key to reliably distinguish each of the processors from one another. The implication of this discovery is that such differences can be used as physically unclonable features to securely link the graphics cards, and by extension, the computers in which they reside and the persons using them, to specific online accounts."

cancel ×

178 comments

Sorry! There are no comments related to the filter you selected.

steal my pc to become me? I don't think so. (3, Insightful)

Anonymous Coward | about 2 years ago | (#41530831)

see subject.

Re:steal my pc to become me? I don't think so. (4, Informative)

NevarMore (248971) | about 2 years ago | (#41531089)

Not entirely true. Good security is based on 3 things:
  - something only you have (your graphics card, a physical key)
  - something only you know (a password)
  - something only you are (biometrics, typing patterns)

As it stands today you usually have one of those things, the password. Adding in something difficult to spoof as the summary suggests is an improvement. So now you have to have a password and a graphics card with certain flaws.

I agree with your sentiments though. This is an interesting idea but seems awkward to implement.

Re:steal my pc to become me? I don't think so. (0)

Anonymous Coward | about 2 years ago | (#41531257)

This is just an extension of the CPU-ID and mega-cookie to track your device thru the web. That is good enough for it to be very useful. Yes, in some cases multiple people share a device, but that percentage is low enough it won't matter.

Let me guess: you live alone. (3, Informative)

tepples (727027) | about 2 years ago | (#41531383)

Anonymous Coward wrote:

Yes, in some cases multiple people share a device, but that percentage is low enough it won't matter.

Let me guess: you live alone. In a lot of households, especially with two parents and one or more children, everybody who lives there has a user account on one PC.

Re:steal my pc to become me? I don't think so. (0)

Anonymous Coward | about 2 years ago | (#41532051)

Try again. Are they going to ID you through the firewall? Not everyone has their own machine, and if a burglar takes your PC... consider yourself pwnd.

Revocability of biometric identifiers (1)

tepples (727027) | about 2 years ago | (#41531367)

I thought best practice was not to rely so much on "something only you are". A lot of biometric identifiers, such as fingerprints, have been replicated, and such identifiers that have been compromised can't be revoked and reissued so easily.

Re:Revocability of biometric identifiers (3, Insightful)

Altrag (195300) | about 2 years ago | (#41531609)

That's why you have multiple methods:

- Something you have can be stolen.
- Something you know can be coerced from you, retrieved via social engineering (ie: knowing your mother's maiden name or whatever), or whatever else.
- Something you are can be duplicated by replicating you (or at least, the portion of you that the scanner cares about.)

Its still not perfect -- its entirely possible that somebody will just kidnap you while you've got your physical token on you -- that covers two of the three. And unless you're extremely stubborn and motivated, it probably wouldn't be hard to coerce most people's passwords either.

The easiest from a computer perspective is the password -- that's why its the most common/used.

Security tokens are rapidly becoming available for many systems (especially with the advent of cell phone authenticators since everybody already has a cell phone -- you don't need to purchase/obtain and carry around however many additional trinkets.)

Biometrics is harder. First of all, biometrics itself isn't extremely accurate. Its good enough to limit possibilities but for really secure applications, you still want a person to go in and confirm (or pick from a list, as in a police database search) to ensure that you've got a match. Not that people aren't fallible as well, but at least there's someone to blame.

Secondly, biometric scanners aren't all that common yet. If touch screens become high enough density then perhaps they could be used for fingerprint ID. Cameras are likely already good enough to be used for retinal scans, but it would require the user to position the camera at the correct angle and whatnot which is pretty implausible if they're just loosely holding it in front of them (that's why real retinal scanners, including your optometrist's tools, have headrests -- they keep your eyes in relatively the correct position while its scanning.)

So we've got one.. we're moving towards two.. I think three-tier authentication is a while away yet though.

Iris scan (1)

tepples (727027) | about 2 years ago | (#41531771)

everybody already has a cell phone

Not strictly everybody. In my aunt's family of five, only three have cell phones. The other two rely on the house's POTS phone. And even then, not all cell phones can run "apps". Good luck getting an authenticator application to run on a prepaid flip phone without costing money for a sent text message and received text message.

Cameras are likely already good enough to be used for retinal scans, but it would require the user to position the camera at the correct angle and whatnot which is pretty implausible

I've read good things about iris scans. On a device with a front-facing camera, having the user stare at four randomly positioned icons in the correct order would help get the eyes to the right angle and distinguish a live iris from a printout.

Re:steal my pc to become me? I don't think so. (3, Interesting)

sexconker (1179573) | about 2 years ago | (#41531389)

Not entirely true. Good security is based on 3 things:

  - something only you have (your graphics card, a physical key)

  - something only you know (a password)

  - something only you are (biometrics, typing patterns)

As it stands today you usually have one of those things, the password. Adding in something difficult to spoof as the summary suggests is an improvement. So now you have to have a password and a graphics card with certain flaws.

I agree with your sentiments though. This is an interesting idea but seems awkward to implement.

From the perspective of the one doing the verification, that's something you know, something you know, and something you know.
Nobody comes out and physically inspects your graphics card or looks at your thumb print or asks you to present a key fob.
They all ask for the numbers programs of devices output. Keyfobs generate a specific code at a given time. Biometric scanners generate a hash given a specific input or any similar input. This GPU scanning program will do the same. These things are hard for an attacker to know, but they're not much better than a password. Someone can know your GPU fingerprint, your retina scan, or your keyfob's info in the verifier's database in much the same way they can know your password. Your shit gets hacked, the verifier's shit gets hacked, someone attacks you locally, someone is MITMing your ass, etc.

Good security is based on 1 thing: A human physically inspecting another human for each and every access request.

We don't have good security policies on the internet. We have very good security policies wherever rich and powerful people give a shit - bank vaults, nuclear missile silos, celebrity weddings. Good security is not possible on the internet because people refuse to pay or wait.
For most users, it goes like this (most important to least important): Cost, convenience, ability to spy on the ex or that bitch whore Tammy, peace of mind, weather bug and desktop buddies, security.

Re:steal my pc to become me? I don't think so. (1)

Zamphatta (1760346) | about 2 years ago | (#41531605)

Sounds to me like it causes a bigger problem than it would solve. The problem with using a built-in graphics card, is that all your online accounts would suddenly be tied to the ONE device with that graphics card. You wouldn't be able to login from any other device, and that includes any new devices you buy to replace old ones. I hope I'm misunderstanding something 'cause that sounds like a useless technique in a networked world.

Re:steal my pc to become me? I don't think so. (1)

Kjella (173770) | about 2 years ago | (#41532085)

Not entirely true. Good security is based on 3 things:
    - something only you have (your graphics card, a physical key)
    - something only you know (a password)
    - something only you are (biometrics, typing patterns)

Good authentication is based on 3 things. Good security depends on a lot more, like not getting hacked so they can go crazy with your credentials. My online bank uses two-factor authentication for each unknown/big transfer so the integrity of my bank account is pretty good, but pretty much all confidentiality is out the window if they can piggyback on your connection and if the security is only at the gate then the rest too. I'm not concerned about my authentication tokens, they're fairly safe. It's the devices I input them to that worry me.

Re:steal my pc to become me? I don't think so. (1)

juliohm (665784) | about 2 years ago | (#41531425)

This wouldn't be your ONLY source of authentication. But it could certainly be used as multifactor authentication (much like Google Authenticator is used today).

Re:steal my pc to become me? I don't think so. (1)

DragonTHC (208439) | about 2 years ago | (#41532235)

But this wouldn't work for me. My evga graphics card is FTW flawless!

Steal my debit card to become me? (1)

pclminion (145572) | about 2 years ago | (#41532303)

I don't think so. That's why I don't carry a debit card. Oh wait. What I'm saying doesn't actually make sense, because the card is only one factor of a two-factor authentication scheme. Silly me.

Linking ID to Hardware (0)

Anonymous Coward | about 2 years ago | (#41530839)

Doesn't it seem like a bad idea to have your ID linked to hardware? Wouldn't that mean you could not share a computer without sharing your identity?

Re:Linking ID to Hardware (2)

sumdumass (711423) | about 2 years ago | (#41530899)

Replacing a computer would be problematic too.

Re:Linking ID to Hardware (1)

whysanity (231556) | about 2 years ago | (#41531041)

Not necessarily. Think about the implication of the hardware acting as a "something you have" token in two-factor authentication. Today, a common implementation is to prompt for additional information or receive an email/text to confirm identity before setting a cookie to allow the particular device to be recognized.

Doing the same with a unique profile of the hardware would allow that device to permanently exist as one part of two-factor authentication, with a password being the other piece. This would--by far--be the most common use case. A friend borrowing your computer? They could log into their account with a simple email/text verification (a la Facebook) and their standard credentials. But since you've already tied that hardware to your account, you get to skip that step.

It needn't be all doom & gloom. There are practical applications.

Re:Linking ID to Hardware (1)

tepples (727027) | about 2 years ago | (#41531419)

Today, a common implementation is to prompt for additional information or receive an email/text to confirm identity before setting a cookie to allow the particular device to be recognized.

One troubling development lately is that e-mail is becoming not good enough as a "something you know". Some companies demand that each user has his own subscription to mobile phone service. People who use only a land line, for example, can't verify a Facebook account anymore because verifying a Facebook account requires sending and receiving a text message.

Re:Linking ID to Hardware (0)

Anonymous Coward | about 2 years ago | (#41531613)

-Shrug- Fuck 'em then. They can't HAVE my mobile number.

Re:Linking ID to Hardware (3)

hobarrera (2008506) | about 2 years ago | (#41531917)

It only involves receiving a SMS, and landlines in plenty of places can do this.

This could go either way (3, Interesting)

SGDarkKnight (253157) | about 2 years ago | (#41530843)

I could see this being a good thing, and a bad thing. If online accounts are using hardware to determine the user account, whats to stop someone from just "borrowing" your hardware and connecting to your account? Sure, they could still have user names passwords and such as backup, but then what would be the point of doing the hardware authenication? Plus how much of a pain in the ass would it be to upgrade your computer and notify the online account to expect changes in your hardware for the next time you login?

Bah, i think i'm rambling now... need coffee... or beer... beer sounds better

Re:This could go either way (5, Insightful)

0racle (667029) | about 2 years ago | (#41530953)

I often buy my video cards second hand off ebay. I wonder who's accounts I'd be able to get into one day doing that.

Engineering tolerances? (2)

rHBa (976986) | about 2 years ago | (#41532191)

TFA doesn't mention how they calculate these metrics but (maybe naively) I assume it's deduced by measuring differences in performance for a given task?

This begs the question: what happens if the performance of your graphics card changes, say for example your GPU overheats or the fan gets clogged up with dust, surely that will change the results of the 'authentication' process?

Re:This could go either way (4, Interesting)

sumdumass (711423) | about 2 years ago | (#41530955)

Or how much of a pain would it be for me to clone your hardware uniqueness and impose it into a virtual machine with software representing hardware?

Now instead of tricking you into installing malware, I just need to convince you to create an account.

Re:This could go either way (1)

Anonymous Coward | about 2 years ago | (#41531409)

Of course, there is authenticating with sites I use... but what about sites I do NOT want to know it is me, like the hundreds of persistant tracking, ad-slinging, behavioral monitoring domains?

I have enough trouble with browser fingerprints due to the random order of font lists. I really don't need another thing to allow parties that have zero business in my Web browsing to know exactly who I am and what computer I use.

Re:This could go either way (4, Insightful)

mangobrain (877223) | about 2 years ago | (#41530981)

I was thinking the exact same things. Identifying the hardware is fundamentally different from identifying the person currently using it, and being able to state unequivocally that they are authorising whatever action is taking place. Plus, as you said, hardware gets upgraded. Even worse, though, is that hardware also fails; particularly high-end GPUs nearing the end of a life spent being slightly too hot. Unexpected hardware failure could leave users with no overlap in the usable life of old & new components, meaning they cannot log in to existing accounts in order to register the fingerprint of the new hardware. Also, unless there's a hidden cache of documents I'm missing somewhere, I can't find any details of what these "unclonable functions" actually are, just that they exist. Are they robust against simple replay attacks?

This all smells like a bad idea to me; something cooked up by a bunch of theorists with very little grounding in practicality. Not sure what part of this could be a "good thing", to be honest.

Re:This could go either way (1)

robot256 (1635039) | about 2 years ago | (#41531337)

It's a cheap way to do two-factor authentication. You need your password, and you also need your graphics card. If either of them is lost or changes, then you have a much more difficult reidentification process. This system has the same vulnerabilities that any two-factor authentication scheme has, but less than many deployed systems. Many banks already use cookies or something to "register" your computer, and ask you extra questions when you logon from a different machine or clear the cookies. Some send you a text message on your phone as a form of two-factor identification, but that's kinda dumb because phones are easily lost or hacked, and available on the person you just tortured to get his password, so now you have everything.

Doesn't matter if something gets in the middle (2)

sethstorm (512897) | about 2 years ago | (#41530845)

While the card's "identity" may be different, it doesn't matter if something can stand in for the hardware and provide a false ID.

Re:Doesn't matter if something gets in the middle (1)

Anonymous Coward | about 2 years ago | (#41530913)

Exactly what I was thinking. "Produced randomly as part of the manuf. process" is not the same as "unable to be impersonated".

Re:Doesn't matter if something gets in the middle (3, Insightful)

viperidaenz (2515578) | about 2 years ago | (#41530959)

... which is something explicitly mentioned in TFA.

The more difficult question to answer at this point, she said, is whether someone could use software to emulate the differences in behavior between graphical processing units. Lange said the key is finding a way to guarantee, in an authentication process, that the party attempting to authenticate a user is communicating with an actual GPU and not software attempting to replicate its behavior and uniqueness

The man doesn't even have to be in the middle (1)

tlambert (566799) | about 2 years ago | (#41531037)

It can be a man-on-the-side attack, too.

The attacker just needs to have something running on your machine that they can use from their machine to provide the answers to your bank.

This is not technically an interposition attack, it's a referral attack, similar to the captcha breaking systems which proxy a captcha to a human wanting to look at porn, the human solves the captcha, gets the porn, and is happy, while the system proxying the captcha has used the solution to attack an unrelated system normally requiring detecting an actual human to avoid attack.

Re:The man doesn't even have to be in the middle (1)

Lehk228 (705449) | about 2 years ago | (#41531427)

not so much a mitm but a remote zombie, just use a remote control to cause victim's PC's to do the dirty work on themselves, bonus points it is much harder for the victim to claim fraud since IP logs and hardware fingerprinting show it was done from their PC, for even nastier crimeware, have it wait until certain activities are detected such as facebook posting or email reading so the user was provably at their computer at the time of the transaction. further extended have the malware delivered through remote exploit but never touch the hard drive, only act when it can do so from memory so it leaves no trace

Re:Doesn't matter if something gets in the middle (0)

Anonymous Coward | about 2 years ago | (#41531121)

Exactly. Similar to the reason why fingerprint readers aren't a good idea, either... the fingerprint can be faked.

Flawed (0)

Anonymous Coward | about 2 years ago | (#41530851)

What if I change hardware? There would have to be some insecure system to re-tie my account which defeats the entire project.

Re:Flawed (1)

whysanity (231556) | about 2 years ago | (#41530947)

Why must the system that ties accounts to hardware be inherently insecure? Pessimism, perhaps?

Broken Accounts? (0)

Anonymous Coward | about 2 years ago | (#41530863)

So, if an online service does implement this, would upgrading my graphics card break my account?

What about people with a multiple machines ? (4, Insightful)

SirGeek (120712) | about 2 years ago | (#41530865)

I have a home Linux machine, my wife's machine, my laptop and my work machine.

How can I share my authentication amongst them ?

Re:What about people with a multiple machines ? (1)

Anonymous Coward | about 2 years ago | (#41530983)

More troublesome is what happens when your card dies or you brick it or something?

Re:What about people with a multiple machines ? (0)

Anonymous Coward | about 2 years ago | (#41531977)

At the end of the day you can only identify the machine, not the user. Also (haven't RTFA) do the results differ if the GFX hardware wares in/out?

Re:What about people with a multiple machines ? (1)

juliohm (665784) | about 2 years ago | (#41531465)

I would imagine this to work more like a physical version of the Google Authenticator (http://code.google.com/p/google-authenticator/). It won't replace your password, but it adds a tremendous ammount of security, since you can enable online services to be accessed by YOU alone using ONLY authorized machines.

Re:What about people with a multiple machines ? (0)

Anonymous Coward | about 2 years ago | (#41531963)

Assuming that nobody else ever uses your machine...

That ain't gonna work well (0)

Anonymous Coward | about 2 years ago | (#41530877)

That's good and all, but the obvious flaw in this plan is that the average gamer's least permanent piece of hardware is a graphics card.

Re:That ain't gonna work well (1)

tepples (727027) | about 2 years ago | (#41531449)

I thought the average gamer used a major game console, a mobile phone, or a tablet computer running a mobile phone operating system, instead of a PC.

Nice way to sugarcoat it (5, Insightful)

Hentes (2461350) | about 2 years ago | (#41530911)

Why not just admit that they've found the unbreakable DRM? Online authentication is a solved problem.

Re:Nice way to sugarcoat it (2, Insightful)

Anonymous Coward | about 2 years ago | (#41531229)

The order of magnitude of these differences is so minute, in fact, that manufacturing equipment is incapable of manipulating or replicating them.

Don't worry; if it's well-defined enough for software to use, it's well-defined enough to emulate.

There is no unbreakable DRM.

Emulation has a substantial time overhead (1)

tepples (727027) | about 2 years ago | (#41531467)

if it's well-defined enough for software to use, it's well-defined enough to emulate.

Unless current computers aren't fast enough to emulate it in the time that the party on the other end of the network connection demands. Try running PBKDF2 in hardware vs. in software.

Re:Emulation has a substantial time overhead (1)

Anonymous Coward | about 2 years ago | (#41531793)

Maybe not emulation, but what about spoofing or mimicry? If the software detects it, all you have to do is fake what it sees as detection.

Re:Emulation has a substantial time overhead (0)

Anonymous Coward | about 2 years ago | (#41531895)

if it's well-defined enough for software to use, it's well-defined enough to emulate.

Unless current computers aren't fast enough to emulate it in the time that the party on the other end of the network connection demands. Try running PBKDF2 in hardware vs. in software.

Great! All the benefits of "always connected" DRM, now with additional maximum network latency limits!

Where do I sign up? I'm so happy I am a paying customer instead of a filthy pirate who doesn't have to deal with this in their cracked copy of the software... getting kicked because my ISP decided to shape my traffic is half the fun.

Re:Nice way to sugarcoat it (0)

Anonymous Coward | about 2 years ago | (#41531287)

Most certainly not unbreakable, but the graphics card sure is. How many have stopped working before or shortly after warranty? I wouldn't want to purchase software that would stop working just because the graphics card broke, or changed it for a new one.

Re:Nice way to sugarcoat it (1)

korgitser (1809018) | about 2 years ago | (#41531619)

Drm, yes, there is no other use case for this. But unbreakable, no more than every drm ever - reliant on the 'chain of trust' consisting of hardware, rootkitted operating systems, apps and the vendor, at every step distrusting the user. I wonder how far will this get this time.

Why not use MAC address? (5, Insightful)

aaaaaaargh! (1150173) | about 2 years ago | (#41530929)

You can feed false information to the software that reads the characteristics of a graphics card just as you can fake an MAC address. I fail to see a substantial difference.

Re:Why not RTFA? (4, Informative)

Anonymous Coward | about 2 years ago | (#41531049)

You can feed false information to the software that reads the characteristics of a graphics card just as you can fake an MAC address. I fail to see a substantial difference.

"The more difficult question to answer at this point, she said, is whether someone could use software to emulate the differences in behavior between graphical processing units. Lange said the key is finding a way to guarantee, in an authentication process, that the party attempting to authenticate a user is communicating with an actual GPU and not software attempting to replicate its behavior and uniqueness. Lange went on to admit they aren’t quite there yet, which is why the product is not finished."

Re:Why not RTFA? (1)

Anonymous Coward | about 2 years ago | (#41531923)

the key is finding a way to guarantee, in an authentication process, that the party attempting to authenticate a user is communicating with an actual GPU and not software attempting to replicate its behavior

That's no small detail there. That's absolutely everything. That's the content industry's version of proving that P = NP: if they can do this, then all of their most insurmountable problems instantly become solvable. For example, they can finally achieve an unbreakable DRM scheme.

Ultimately, the authentication data will always have to flow through software, which is endlessly malleable. Their only hope of success is on platforms with a fully locked-down boot loader. If you can control what the computer boots, then you will be able to circumvent this authentication.

Re:Why not RTFA? (1)

hobarrera (2008506) | about 2 years ago | (#41531955)

I don't see then "being there" anytime soon either. Any hardware can be emulated, it's just a matter of how much resources the crackers can put into it - it doesn't have to be a basement geek, it could very much be china/NSA/KGB/wharever.

Re:Why not RTFA? (0)

Anonymous Coward | about 2 years ago | (#41532275)

I don't see then "being there" anytime soon either. Any hardware can be emulated, it's just a matter of how much resources the crackers can put into it - it doesn't have to be a basement geek, it could very much be china/NSA/KGB/wharever.

You don't even need "crackers" - just get a virtual machine and turn on GPU emulation.

Re:Why not RTFA? (1)

Coffeesloth (669850) | about 2 years ago | (#41532361)

Thanks for pulling in the additional information. I do find the comment "The order of magnitude of these differences is so minute, in fact, that manufacturing equipment is incapable of manipulating or replicating them." to be very hard to believe. If they can detect it then the manufacturing process can detect it too.

Re:Why not use MAC address? (0)

Anonymous Coward | about 2 years ago | (#41531085)

The way it works is the program runs on your GPU, and computes some unknown (to you) function based on inputs provided by the authenticator. If it produces the right outputs, the program must have been run on the right CPU, and you're authenticated.

dom

Re:Why not use MAC address? (1)

Ungrounded Lightning (62228) | about 2 years ago | (#41531309)

The way it works is the program runs on your GPU, and computes some unknown (to you) function based on inputs provided by the authenticator. If it produces the right outputs, the program must have been run on the right CPU, and you're authenticated.

And different instances of the digital device give different answers? That's exactly the thing that digital circuitry is supposed to avoid. If you can do it the GPU design is faulty. They're depending not only on it being faulty but being faulty in a way that doesn't make it unusaleable.

Re:Why not use MAC address? (0)

Lehk228 (705449) | about 2 years ago | (#41531447)

it sounds like they are using some function^H^H^H^H^H^H^H^Hcommand which can be nondeterministic but it is likely also something that is not a part of the DX/OGL spec and so future revisions might just return null

GPUs made with redundant cores (1)

tepples (727027) | about 2 years ago | (#41531481)

They're depending not only on it being faulty but being faulty in a way that doesn't make it unusaleable.

GPUs commonly have non-working cores disabled to increase yield. Perhaps they're looking for minute differences in the time that a computation takes based on which cores were chosen to be disabled at the factory.

Re:GPUs made with redundant cores (1)

TFAFalcon (1839122) | about 2 years ago | (#41532423)

But how can you remotely check those times? The differences between cards are probably minute, so you have to find a way to measure them, while having nothing but a general PC to do it with AND on top of that the PC can lie to you.

Re:Why not use MAC address? (0)

Anonymous Coward | about 2 years ago | (#41531493)

Is it an Intel Pentium processor?

Re:Why not use MAC address? (2)

TFAFalcon (1839122) | about 2 years ago | (#41532181)

But the 'unknown' function has to be sent to the GPU. So the person trying to impersonate can just read it from the data send to him, then impersonate the GPU. And the number of functions that can be used will have to be limited - since the 'correct' results will have to be kept in a database somewhere. So the hacker just has to have access to the original computer at one time, run all of the possible functions on it and store the results.

Yeah, that's a terrible idea. (0)

Anonymous Coward | about 2 years ago | (#41530941)

securely link the graphics cards, and by extension, the computers in which they reside and the persons using them, to specific online accounts.

Especially so for apple computers, which seem to be rebought as often as new pants.

And does this fingerprint persist over time? (5, Interesting)

Anonymous Coward | about 2 years ago | (#41530949)

If this fingerprint is orders of magnitude beneath manufacturing controls, are the researchers sure that it persists over long time frames?

Will that graphics card have the same fingerprint the first day it is purchased as it does 2 years later after putting in hundreds of hours at high temperatures playing accelerated games?

Re:And does this fingerprint persist over time? (0)

Anonymous Coward | about 2 years ago | (#41531295)

This was my initial thought as well.

They're spending HOW MUCH on this terrible idea? (0)

Anonymous Coward | about 2 years ago | (#41530967)

Stunning that nobody noticed the real problem with this: if you get a new video card, either your identity changes (silly) or you've got to somehow tell the universe that your identity is now associated with a new signature (socially engineerable). So you get the worst of both worlds: ID that's still easy for criminals to hijack, but hard to avoid if you're concerned about privacy...

Cool, but already outdated (0)

Anonymous Coward | about 2 years ago | (#41530975)

That's cool, nifty in a geeky sort of way. This quote makes it about fifteen years outdated, though:

"securely link the graphics cards, and by extension, the computers in which they reside and the persons using them, to specific online accounts."

One person !=one device! Commodity software like Strongbox already ties one human to one online account, without needing to install special software on the client end. Sites like Girls Gone Wild have tens of thousands of attempted account spoofs daily and their security prevents that by looking at how the person uses their mouse, among other things, and without locking each user to only one device.

ram refresh? two factor? (1)

vlm (69642) | about 2 years ago | (#41531001)

From:

http://puffin.eu.org/WP1.html [eu.org]

the best I can figure is they're doing something like shutting off memory refresh and seeing what the cells look like. That's the most best source of random mfgr "stuff" I can think of.

Other than that, I'm mystified how they're doing it. There just shouldn't be that much mfgr variation.

It could be that there's only a couple bits of randomness (like they're reading out the model number and calling it good). The fact they aren't advertising the details implies the details are less than impressive. For example this ancient box has a Radeon HD 4350, so my "real" /. UID is not VLM, its RadeonHD4350-VLM. Unimpressed... so far.

My guess is the idea is to use the device characteristics as a REALLY crude second factor for authentication. So if I log in on my phone, or any of the other dozens of machines I have access to, it'll pester me for my pet dogs mother's maiden name, the city name where I got my first pedicure, the month of the year that I was divorced in, the usual BS authentication questions that anyone with access to facebook can crack in a few minutes.

Re:ram refresh? two factor? (0)

Anonymous Coward | about 2 years ago | (#41531279)

More details
http://www.eetimes.com/electronics-news/4397404/Gamers--phone-users-promised--intrinsic--security

Actually I think it's SRAM... (5, Informative)

slew (2918) | about 2 years ago | (#41531817)

FWIW: If you read WP2 & WP3, I think they are just attempting to read some of the SRAM from inside the GPU for a source of what they call a "PUF" (physically uncloneable function). They hope to sprinkle some error-correction code and some magic crypto dust the uninitialized SRAM pattern to create a number that will be useable for attestation (basically to assure that it is the machine that you think it is).

This idea isn't new. A quick google search shows papers about using SRAMs as both PUFs and Random numbers going back in 2007 (they called them FERNs) http://people.cs.umass.edu/~kevinfu/papers/holcomb-FERNS-RFIDSec07.pdf [umass.edu]

The major problems with this stuff is that...

Once you power up your system, something is gonna want to use that SRAM (GPU vendors aren't in the business of leaving big chunks of SRAM that they don't use for researchers to discover and use), so you have to take a snapshot after powerup, but before someone wants to use the GPU. This makes many avenues of attack available (e.g., you have to put that fingerprint somewhere, because the GPUs will shortly trounce all over it).

Secondly is the stability issue. Although some parts of the uninitialized SRAM is going to be statistically stable (power-up to 1 or 0 pretty reliably), some others are going to be pretty random (in fact other researchers are looking for highly unstable bits in SRAM powerup to be able to extract a random number for a nonce). Across temperature, and over time as the parts age, these bits will change (some stable ones will become random and some random ones may exhibit a strong bias one way or another). Without extensive characterization over age and temperature, this would be pretty unstable to use as a definitive ID.

Third, when GPU vendors notice that people are accessing SRAM before initalization, they will start wiping the memory on boot. This is to prevent this third-party ID usage model (because nobody wants to repeat the intel CPUID fiasco) and because now that GPUs are being used for general-purpose computing, any type of SRAM retention issues across power-up is a security risk. On a related note, there are in fact there are other researchers attempting to use SRAM retention to create a reasonably secure clock (google TARDIS: Time and Remanence Decay in SRAM).

If I had to speculate, about the only reasonable model for this (assuming the GPU vendors don't co-opt it or shut them out) is to create some sort of "ticket" system. Distill a timestamp and a challenge value with the PUF (and maybe even the "random" part of the SRAM for salt) down to a ticket using some cryptomagic. That ticket would be valid for a while, and you'd have to create a new ticket before it expired. Over a short enough time and temperature regime, a security system might be convinced that this temporary ticket is an acceptable substitute credential, but it would not really replace an actual authentication technique.

This stuff has also been researched extensively for 5 years or so. I don't know what these folks are really bringing to the table (other than they are looking at GPUs for big blocks of SRAM). Why be so secret? Maybe it's because they want to keep that funding coming. A quick google showed someone in 2009 even wrote an undergrad paper on the subject of SRAM/PUFs... http://www.wpi.edu/Pubs/E-project/Available/E-project-031709-141338/unrestricted/mqp_sram.pdf [wpi.edu]

Re:Actually I think it's SRAM... (5, Interesting)

kent.dickey (685796) | about 2 years ago | (#41532095)

The WPI report confirms what most everyone suspects: Reading from an uninitialized SRAM returns mostly noise, about 50/50 (but not exactly) 1's and 0's, and highly dependent on temperature. I think what they're saying is something like "Look at uninitialized memory, whose values are apparently random 1's and 0's, and somehow compute a unique fingerprint that is stable for this device, but different from all other devices". I'm not sure that's actually possible. I can't think of anything on chips that would produce "random"-looking data and which wasn't highly temperature dependent.

Even if a clever algorithm could "fingerprint" an SRAM device, others have already pointed out all the ways to break this. It's simply a slightly more complex MAC address, and will likely be easy to effectively clone. It's like printing a password on paper in special red ink that only you have, and then saying no one can log in to your system (by typing the password) since they can't replicate that red ink. Umm, the special red ink is a red herring. All you need is the password.

I don't think there's really anything here. There's no details at the PUFFIN site.

Defective by design (2)

mugurel (1424497) | about 2 years ago | (#41531005)

It's not a good idea to use the particularities of a hardware production process as the theoretical basis for authentication.

Issue fixed IP addresses (1)

gr8_phk (621180) | about 2 years ago | (#41531029)

If you have ISPs give everyone a fixed IP address, you get ID down to the house level. Have cell phones use fixed IP addresses too. That gets most of the world IDed fairly well and it doesn't require a fancy new API to allow a web site to pull some hardware ID from your computer - it's the same as the address they're sending data to.

Re:Issue fixed IP addresses (2, Funny)

Anonymous Coward | about 2 years ago | (#41531151)

Im registering 192.168.1.1 as myself.. Please dont anyone use it..

Re:Issue fixed IP addresses (0)

Anonymous Coward | about 2 years ago | (#41531703)

I'm reserving all of the 192.168.10.x range. That should cover me for a while.

Re:Issue fixed IP addresses (1)

Anonymous Coward | about 2 years ago | (#41531163)

And hey, they can replace the SSN while they're at it. An IP for everyone at birth.

Bunch of sick fucks around here.

Re:Issue fixed IP addresses (1)

hobarrera (2008506) | about 2 years ago | (#41531969)

So, that means I can only use a single device?
I can't share any computers either?

Do Not Track? (1)

Internal Modem (1281796) | about 2 years ago | (#41531119)

How long before we have to worry about our graphics cards leaking personally identifiable information?

Re:Do Not Track? (0)

Anonymous Coward | about 2 years ago | (#41532125)

I can see it now, the big name AV companies are going to produce anonymizing graphics security software to scramble your "ID". That way they can charge you to scramble it, and whoever wants the "ID" to descramble it. Everyone wins... except you.

No, no, no (0)

Anonymous Coward | about 2 years ago | (#41531167)

Produced randomly also means they can't be sure that no two are produced identical. Are manufacturers going to track the random flaw in each chip to be sure there are no duplicates?

uncloneable (1)

Tom (822) | about 2 years ago | (#41531189)

I'm interested, but sceptical.

I don't need to clone the hardware, if it is just the source of some data. I can simply replay your data on my machine, no matter what the hardware is. You can't prevent that - if you could prevent software manipulation, you could skip the whole hardware step and embed your key in the software.

Hardware as authentication only works if actual calculations are done on the hardware (Smartcards, SecureID, etc.) or you are able to interface with the hardware (RFID chips, keycards, etc.) directly.

You could use the uncloneable hardware data as a secret key, but then I can get at your key the same way I could if you stored it in a file - hacking your machine. I just need to look in a different place.

But for a low-security fingerprint, it's too much hassle - you could just use the serial number, network card MAC address, etc.

So even though this is quite an interesting approach, I don't quite see a practical application.

heres the thing (1)

Osgeld (1900440) | about 2 years ago | (#41531195)

I have upgraded my video card twice this year alone, do you seriously expect me to jump though hoops of bullshit just to get my software running again? I own more than one game, and one song... douches

That makes sense. (4, Insightful)

overshoot (39700) | about 2 years ago | (#41531223)

Every time I upgrade my graphics card, all of my games stop working.

I'm sure that there's something wrong with this, but I can't put my finger on it.

Cool, but 10 years out of date. (2)

raymorris (2726007) | about 2 years ago | (#41531247)

That's cool in a nerdy sort of way. Ten years out of date, tough. I guess they didn't look at what's already available, what used to be available and is no longer used, and why. This sentence puts ten years out of date: "link the graphics cards, and by extension, the computers in which they reside and the persons using them, to specific online accounts" 1 person 1 account! Commodity software that's been widely available for many years already ties one account to on human user, across multiple devices, and without requiring special software on the client end. Consider the sites that get attacked, all day long, every day. Sites like Girls Gone Wild have tens of thousands of spoof attempts everyday. Sites like that have had an effective defense for many years. GGW, for example, uses the readily available Strongbox package which tracks the way the user users their mouse, among other things, to confirm that the user (human) really is who they say they are. Ten to fifteen years ago modern systems like Strongbox displaced earlier systems which assumed that 1 user = 1 device. These researchers are reinventing the steam engine.

Face palm (0)

Anonymous Coward | about 2 years ago | (#41531281)

Uh, yeah. Because I always access my online stuff from the same exact computer, sitting in the same exact place. This is a great authentication scheme... in 1995.

Ageing cards change parameters. (1)

pentalive (449155) | about 2 years ago | (#41531347)

I wonder if the specific parameters used to identify a card (note not a user or a machine...) can change as the card ages, as it wears. Heat/Cold cycles, failing bits in memory, changes / updates in drives, malware infecting drivers or firmware... (that last would be -real- fun... suddenly you are not you.)

Computer equivalent of biometrics (1)

OzPeter (195038) | about 2 years ago | (#41531361)

This the computer equivalent of biometrics and has all of the same security issues as biometrics for people.
 
Sure the graphics card can't be cloned just like you can't clone a finger or retinal print. However if the authenticating system is compromised then it becomes really really hard to establish your credentials again - although replacing a graphics card is easier than replacing a finger or eyeball.
 
See The issues with biometric systems [biometricnewsportal.com] (the first thing that popped up on google for me)

How can this work? (0)

Anonymous Coward | about 2 years ago | (#41531473)

Putting aside the fact that this probably isn't something we want, it's hard to see how it would work.

Presumably, the side doing the verification requires some model of the flaws present in the users graphics card. The card is interrogated in some way, and the verifier checks the results from the card against it's model.

Do they have some trick by which, the model used to perform the verification is of no use to an attacker attempting to fool the verification? ie, they can store data that allows them to check you have the graphics card, but not emulate the flaws of the card? That would certainly be neat. It's hard to see what that trick would be - but I can't quite convince myself that it's impossible.

You are still trusting the user (0)

Anonymous Coward | about 2 years ago | (#41531475)

The problem is not that the user has a physically specific characterstic, the problem is that you have to trust the user that the software is really getting the data from the hardware, and not from a fake driver made to reproduce what is required, or a VM.

Fraud (1)

Anonymous Coward | about 2 years ago | (#41531511)

If you read the site, they're looking at the uninitialized state of memory. Let's say they succeed 100% and find a way to get a specific memory fingerprint from a specific piece of hardware. What's been accomplished? They've found a way to get a password that is (literally) hardcoded.

Is this useful? No. It is just as easy to intercept and steal, harder to move between machines, provides no benefit in DRM schemes (since any software can retrieve this "password"), and adds another point of failure to the security model (you must never sell, discard, or improperly dispose of the memory whose fingerprint is being used).

The only possible use of this I can conceive of is for one time, semi-secure seed generation. Unfortunately, there are already a number of these algorithms based on similar physical principles.

The best case scenario for this research is to provide another alternative to a set of known algorithms with no additional benefits and a number of potential risks. It is a fraud designed to steal grant money.

dumb (1)

Charliemopps (1157495) | about 2 years ago | (#41531663)

...and your 16yr old babysitters boyfriend sits down at your computer while you're out to dinner and your premise for security is out the window. The simple fact of the matter is you can NEVER be sure the person on the other end of a computer connection is who they say they are. Once you assume that, the rest of your security procedures become rather simple.

My bank allows me to move money from one of my accounts to another of my accounts. That's it. The worst that can happen is someone hacks in and moves all my money to savings causing my auto-deposits to bounce. But they have protection against that as well.

If I want the ability to transfer money from my account to someone else account, I can turn that on... but I have to show up in person, at the bank, and sign a notarized release form while 2 bank representatives are present. The release expires after a per-determined amount of time that is as little as 3 days and as large as 1 year.

That's security. Computers are not secure devices, get over it.

One-size solution... (0)

Anonymous Coward | about 2 years ago | (#41531729)

Don't worry. All of my VMs have unique video cards in them.

But yeah, this is an absurdly dumb idea and doesn't solve the problem they assume needs to be fixed.

These people need to stop trying to invade privacy (0)

Anonymous Coward | about 2 years ago | (#41531751)

IF these people or myself want security we will ahve it , if your too stupid to learn about security when using hte internet i thinks we should start wiping our butts with these people on masse...let an ISP each of them have a walled intranet for noobs and leave the rest of us to the real internet....thats the only real solution and then the applites and dummites can exist without fear of any one bothering them largely.

i dont have a grpahics card so i guess i dont exist btw
REAL DUMB ASS MOVE to make the net more about being rich then about safety

Could be great for gaming. (1)

JakeBurn (2731457) | about 2 years ago | (#41531789)

If a dev could use a small section of code to sample several metrics from the card, (or even multiple pieces of hardware), and never let the end user know what data was being used from what was taken it seems like it would be impossible to spoof in order to steal someone's account. As it stands, many people out there will use tricks to hide their IP and use pirated, re-engineered software to get into online games and hack away. They don't care if the serial key or IP they use gets banned as they can just generate or spoof another one. On the one side spoofing the system to think emulated hardware was something other than what's really there might be doable, could you play a modern FPS game using those kinds of emulated techniques? GPU's are single purpose, powerful beasts that I doubt could be fully emulated by a CPU. Considering the amount of threads they could query along with expected speeds, it seems like a good dev could instantly spot an imposter anyway. Add all of that together with an authenticator tied to a cell phone, (if your card died or you needed to just upgrade), and you would have a way to perma-ban most hackers. Generating a new key or IP takes seconds and costs nothing. Having to go out and buy a new video card every time you get caught might actually have a dramatic impact on the quality of online games. Hard to pull off and not really perfect, but dam I would love this if someone got it right.

Intel Processor ID Number (1)

MnemonicMan (2596371) | about 2 years ago | (#41531953)

As covered on Slashdot, waaay back: Intel proposed a unique identifier [slashdot.org] for every processor. However, once the proposal went public then "mark of the beast" and other interests got it canned. This article is simply attempting to replicate, badly, what Intel proposed to do in a clean manner.

What about multple devices? (1)

NinjaTekNeeks (817385) | about 2 years ago | (#41532017)

So it may be fine and dandy that my home PC is ultra secure when logging into my email. What about my phone, tablet, laptop or public computer?

Solution looking for a problem (1)

Sloppy (14984) | about 2 years ago | (#41532025)

So you can distinguish between two supposedly-identical graphics cards. Ok, yeah, I guess that's neat. One hacker test point for you. But you're really reaching for applications of this knowledge, aren't you? Dude, give in: it has no useful applications. That's ok. Be happy about what you did anyway, use it to impress some chick in a bar ("hey baby, did you know I can tell your Radeon from another Radeon?"), and go on to the next project.

"one another" is meaningless (0)

Anonymous Coward | about 2 years ago | (#41532101)

The phrase is "one and other." When you use it wrong you sound like an idiot.

Spoofing (1)

darkfeline (1890882) | about 2 years ago | (#41532343)

So what's stopping someone from spoofing whatever is being checked? There's no way for a remote server to know you actually HAVE the graphics card you say you have. May as well authenticate with mac addresses.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>