Centauri – a new way to obtain a unique equipment imprint using rough electrical impact

Scientists at the University of California, Davis developed a new way to identify devices using the already known technique of abusing RAM.

Rowhammer is a way to cause errors in modern DRAM chips by electrically affecting certain memory cells, capable of “flipping bits”.

Researchers have found a way to use Rowhammer to create unique and unchanging device fingerprints, even when devices come from the same manufacturer with exactly the same hardware and software configurations. The scientists named their method “Centauri”.

Device identification typically involves cataloging the software and hardware characteristics of a device. Each of these characteristics (e.g. screen resolution, memory size, manufacturer) represents one bit of entropy. With enough bits of entropy, it is possible to obtain a value that is highly likely to be unique among a certain set, and thus can be used as a unique identifier.

When identifying a device with Rowhammer, the electrical response of the RAM and the distribution of flipped bits is unique to each memory module, and this can be used both to identify the module itself and to identify the entire machine.

The researchers claim to have tested Centauri on 98 DIMMs from two different manufacturers, and their method can achieve 99.91% accuracy, although the process itself takes about three minutes. Accelerated identification is possible with little loss of accuracy and takes up to ten seconds.

The scientists’ approach is potentially useful for fraud detection. However, they themselves admit that the system has some drawbacks. For example, it can disable identified devices, affecting the correct start of the operating system. Or simply wear out the memory modules if you use this identification method regularly.

These are all very serious shortcomings, so to avoid this, the researchers suggest that operating system manufacturers ensure that the memory allocated to the operating system is not physically adjacent to that which is reserved for other applications.

Experimenting with fewer bit-flips has also shown good results in mitigating the problems described above, again at the expense of precision. However, no one forbids using other hardware identification techniques and using Centauri only to handle rare and special cases.