Slashdot Mirror

← Back to Stories (view on slashdot.org)

Graphics Cards: the Future of Online Authentication?

Posted by Soulskill on from the i-am-who-my-pc-says-i-am dept.

Gunkerty Jeb writes "Researchers working on the 'physically unclonable functions found in standard PC components (PUFFIN) project' announced last week that widely used graphics processors could be the next step in online authentication. The project seeks to find uniquely identifiable characteristics of hardware in common computers, mobile devices, laptops and consumer electronics. The researchers realized that apparently identical graphics processors are actually different in subtle, unforgeable ways. A piece of software developed by the researchers is capable of discerning these fine differences. The order of magnitude of these differences is so minute, in fact, that manufacturing equipment is incapable of manipulating or replicating them. Thus, the fine-grained manufacturing differences can act as a sort of a key to reliably distinguish each of the processors from one another. The implication of this discovery is that such differences can be used as physically unclonable features to securely link the graphics cards, and by extension, the computers in which they reside and the persons using them, to specific online accounts."

13 of 178 comments (clear)

  1. What about people with a multiple machines ? by SirGeek · · Score: 4, Insightful

    I have a home Linux machine, my wife's machine, my laptop and my work machine.

    How can I share my authentication amongst them ?

    --
    UPS Sucks
  2. Nice way to sugarcoat it by Hentes · · Score: 5, Insightful

    Why not just admit that they've found the unbreakable DRM? Online authentication is a solved problem.

  3. Why not use MAC address? by aaaaaaargh! · · Score: 5, Insightful

    You can feed false information to the software that reads the characteristics of a graphics card just as you can fake an MAC address. I fail to see a substantial difference.

  4. And does this fingerprint persist over time? by Anonymous Coward · · Score: 5, Interesting

    If this fingerprint is orders of magnitude beneath manufacturing controls, are the researchers sure that it persists over long time frames?

    Will that graphics card have the same fingerprint the first day it is purchased as it does 2 years later after putting in hundreds of hours at high temperatures playing accelerated games?

  5. Re:This could go either way by 0racle · · Score: 5, Insightful

    I often buy my video cards second hand off ebay. I wonder who's accounts I'd be able to get into one day doing that.

    --
    "I use a Mac because I'm just better than you are."
  6. Re:This could go either way by sumdumass · · Score: 4, Interesting

    Or how much of a pain would it be for me to clone your hardware uniqueness and impose it into a virtual machine with software representing hardware?

    Now instead of tricking you into installing malware, I just need to convince you to create an account.

  7. Re:This could go either way by mangobrain · · Score: 4, Insightful

    I was thinking the exact same things. Identifying the hardware is fundamentally different from identifying the person currently using it, and being able to state unequivocally that they are authorising whatever action is taking place. Plus, as you said, hardware gets upgraded. Even worse, though, is that hardware also fails; particularly high-end GPUs nearing the end of a life spent being slightly too hot. Unexpected hardware failure could leave users with no overlap in the usable life of old & new components, meaning they cannot log in to existing accounts in order to register the fingerprint of the new hardware. Also, unless there's a hidden cache of documents I'm missing somewhere, I can't find any details of what these "unclonable functions" actually are, just that they exist. Are they robust against simple replay attacks?

    This all smells like a bad idea to me; something cooked up by a bunch of theorists with very little grounding in practicality. Not sure what part of this could be a "good thing", to be honest.

  8. Re:Why not RTFA? by Anonymous Coward · · Score: 4, Informative

    You can feed false information to the software that reads the characteristics of a graphics card just as you can fake an MAC address. I fail to see a substantial difference.

    "The more difficult question to answer at this point, she said, is whether someone could use software to emulate the differences in behavior between graphical processing units. Lange said the key is finding a way to guarantee, in an authentication process, that the party attempting to authenticate a user is communicating with an actual GPU and not software attempting to replicate its behavior and uniqueness. Lange went on to admit they aren’t quite there yet, which is why the product is not finished."

  9. Re:steal my pc to become me? I don't think so. by NevarMore · · Score: 4, Informative

    Not entirely true. Good security is based on 3 things:
      - something only you have (your graphics card, a physical key)
      - something only you know (a password)
      - something only you are (biometrics, typing patterns)

    As it stands today you usually have one of those things, the password. Adding in something difficult to spoof as the summary suggests is an improvement. So now you have to have a password and a graphics card with certain flaws.

    I agree with your sentiments though. This is an interesting idea but seems awkward to implement.

  10. That makes sense. by overshoot · · Score: 4, Insightful

    Every time I upgrade my graphics card, all of my games stop working.

    I'm sure that there's something wrong with this, but I can't put my finger on it.

    --
    Lacking <sarcasm> tags, /. substitutes moderation as "Troll."
  11. Actually I think it's SRAM... by slew · · Score: 5, Informative

    FWIW: If you read WP2 & WP3, I think they are just attempting to read some of the SRAM from inside the GPU for a source of what they call a "PUF" (physically uncloneable function). They hope to sprinkle some error-correction code and some magic crypto dust the uninitialized SRAM pattern to create a number that will be useable for attestation (basically to assure that it is the machine that you think it is).

    This idea isn't new. A quick google search shows papers about using SRAMs as both PUFs and Random numbers going back in 2007 (they called them FERNs) http://people.cs.umass.edu/~kevinfu/papers/holcomb-FERNS-RFIDSec07.pdf

    The major problems with this stuff is that...

    Once you power up your system, something is gonna want to use that SRAM (GPU vendors aren't in the business of leaving big chunks of SRAM that they don't use for researchers to discover and use), so you have to take a snapshot after powerup, but before someone wants to use the GPU. This makes many avenues of attack available (e.g., you have to put that fingerprint somewhere, because the GPUs will shortly trounce all over it).

    Secondly is the stability issue. Although some parts of the uninitialized SRAM is going to be statistically stable (power-up to 1 or 0 pretty reliably), some others are going to be pretty random (in fact other researchers are looking for highly unstable bits in SRAM powerup to be able to extract a random number for a nonce). Across temperature, and over time as the parts age, these bits will change (some stable ones will become random and some random ones may exhibit a strong bias one way or another). Without extensive characterization over age and temperature, this would be pretty unstable to use as a definitive ID.

    Third, when GPU vendors notice that people are accessing SRAM before initalization, they will start wiping the memory on boot. This is to prevent this third-party ID usage model (because nobody wants to repeat the intel CPUID fiasco) and because now that GPUs are being used for general-purpose computing, any type of SRAM retention issues across power-up is a security risk. On a related note, there are in fact there are other researchers attempting to use SRAM retention to create a reasonably secure clock (google TARDIS: Time and Remanence Decay in SRAM).

    If I had to speculate, about the only reasonable model for this (assuming the GPU vendors don't co-opt it or shut them out) is to create some sort of "ticket" system. Distill a timestamp and a challenge value with the PUF (and maybe even the "random" part of the SRAM for salt) down to a ticket using some cryptomagic. That ticket would be valid for a while, and you'd have to create a new ticket before it expired. Over a short enough time and temperature regime, a security system might be convinced that this temporary ticket is an acceptable substitute credential, but it would not really replace an actual authentication technique.

    This stuff has also been researched extensively for 5 years or so. I don't know what these folks are really bringing to the table (other than they are looking at GPUs for big blocks of SRAM). Why be so secret? Maybe it's because they want to keep that funding coming. A quick google showed someone in 2009 even wrote an undergrad paper on the subject of SRAM/PUFs... http://www.wpi.edu/Pubs/E-project/Available/E-project-031709-141338/unrestricted/mqp_sram.pdf

    1. Re:Actually I think it's SRAM... by kent.dickey · · Score: 5, Interesting

      The WPI report confirms what most everyone suspects: Reading from an uninitialized SRAM returns mostly noise, about 50/50 (but not exactly) 1's and 0's, and highly dependent on temperature. I think what they're saying is something like "Look at uninitialized memory, whose values are apparently random 1's and 0's, and somehow compute a unique fingerprint that is stable for this device, but different from all other devices". I'm not sure that's actually possible. I can't think of anything on chips that would produce "random"-looking data and which wasn't highly temperature dependent.

      Even if a clever algorithm could "fingerprint" an SRAM device, others have already pointed out all the ways to break this. It's simply a slightly more complex MAC address, and will likely be easy to effectively clone. It's like printing a password on paper in special red ink that only you have, and then saying no one can log in to your system (by typing the password) since they can't replicate that red ink. Umm, the special red ink is a red herring. All you need is the password.

      I don't think there's really anything here. There's no details at the PUFFIN site.

  12. BS: No details? They are trolling /. for ideas by Sebastopol · · Score: 4, Informative

    The actual website indicates it hasn't even been done yet, and is lighter on details than white bread.

    It is complete BS, the website has no details and tons of press releases. Here is how much work they have done so far, about a dozen lines of text:

    http://puffin.eu.org/WP1.html
    http://puffin.eu.org/WP2.html
    http://puffin.eu.org/WP3.html

    I think they posted the release in hopes of letting the online community discuss ideas, and will then harvest those.

    Lame.

    --
    https://www.accountkiller.com/removal-requested