Re: unique hardware identification

At about the time of 12/19/2006 7:19 AM, Devon H. O'Dell stated the
following:
2006/12/19, Koen Martens <fbsd@xxxxxxxx>:
Hi All,

I was wondering, if something like a unique hardware identification
would be possible on FreeBSD.

I'd like a machine to authenticate to a server, for which it will
need a unique identification. Problem is, it should be generated
automatically and not easy to fake / detect without already having
root access to the box.

I'm thinking of something like combining serial numbers from
CPU/disks for example, but there does not seem to be a clear way to
obtain these (not all cpu's even have a serial number in there).

I am just inquiring if someone on this list has an idea that might
help with this problem.

Gr,

Koen

Hey Koen,

I know a lot of people / companies use the MAC address of a given
interface for this purpose, but it's not generally very useful since
most interfaces will allow you to set your own MAC address.

Something you could use instead is a one-wire device, attached to the
motherboard (if it has a header for it). If the motherboard does not,
you can get LCDs from e.g. CrystalFontz that provide an interface to
such devices. The Dallas one-wire thermometers have a unique 64-bit
identifier on them, however this is only really useful if you have the
ability to control the hardware platform.

If you are attempting to identify a specific hardware platform (e.g. a
standard set of motherboards and devices), you can enumerate devices
and device IDs on the PCI bus, creating some sort of hash of those.

In the end, with the client controlling the hardware, client-side
security and validation is rather difficult. Even hacking the kernel
to only run signed binaries is going to be difficult to keep secure,
even keeping the key in some hardware secured storage, shipping the
system without a debugger or symbols, and controlling the hardware.

Thank you, media, for blowing the Pentium III CPUID feature up into
something horrible. Uniquely identifiable hardware is very useful when
licensing :\.

Regarding your questions, the serial number of the hard drive is
usually not too difficult to figure out. Take a look at atacontrol(8),
for instance:

dho# atacontrol cap ad4

Protocol Serial ATA II
device model WDC WD1600JS-75NCB2
serial number WD-WCANM3753524

The serial number should be unique. camcontrol(8) can probably give
you similar information for SCSI disks.

Hope this is of some use. I'd be interested in seeing what others are doing.

Kind regards,

Devon H. O'Dell
_______________________________________________
freebsd-hackers@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@xxxxxxxxxxx"



I've had this very question myself. Here's what I've done:

1) Use a USB Flash Drive as a hardware dongle. These devices have a
vendor id, product id, and a serial number that is garunteed to be unique.

2) Get the Link Layer Address off all the network interfaces in the system.

3) Get the model, serial, and firmware revision off the first harddrive
in the system.

4) Using the sysctl(3) interface, I found some undocumented stuff that
let's you enumerate the pnp devices in the system. Well, the kernel
tells you what they are.


--
Daniel Rudy
_______________________________________________
freebsd-hackers@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@xxxxxxxxxxx"

Relevant Pages