Unspoofable Device Identity Using Flash Memory

wiredmikey writes with a story from Security Week that describes a security silver lining to the inevitable errors that arise in NAND flash chips. By seeking out (or intentionally causing) defects in a given part of the chip, a unique profile can be created for any device using NAND flash which the author says may be obscured, but not reproduced: "[W]e recognize devices (or rather: their flash memory) by their defects. Very much like humans recognize faces: by their defects (or deviations from the 'norm') a bigger nose, a bit too bushy eyebrows, bigger cheeks. The nice twist is that if an attacker manages to read your device identity, he cannot inscribe it into his own device. Yes, he can create errors — like we did. But he cannot control where in the block they occur as this relies solely on microscopic manufacturing defects in the silicon."

Famous last words?

[migla]

"I'm unspoofable! Not even Zeus himself could spoof me!"

Re:Argument from ignorance

The paternity test and court-ordered child support, however, is compelling evidence.

Re:What if one more bit goes bad during normal usa

[jojoba_oil]

What if one more bit goes bad during normal usage..Identity is gone. Any thing tied to it will stop working.."Very much like humans recognize faces: by their defects"..if your son had plastic surgery without your knowledge..you will fail to recognize him?

Especially if that plastic surgery was done unintentionally just by looking at him one time too many.

Seems like..

[airfoobar]

Microsoft's Windows activation thing could become even more annoying in the future.

lol

[Charliemopps]

Unspoofable? Buahahahaha!

Re:Defeated by Trusted Computing

[Mitchell314]

Yes it can.

input "Is this VM running slow? (y/n) ", runningSlow$

Re:Unspoofable?

[Nadaka]

They have been doing that on the PS3 for years.