Computer Fingerprints


So one thing that bothers me when trying to preform analytics or to ensure security is the need for computer fingerprinting.

The idea of fingerprinting is a way to ensure that the computer you are talking to is the one you think it is. Usually this is done by some sort of computed hash of its components, or assigning it some arbitrary number. Something unique to that computer, much the same way real human fingerprints work.

The problem lies in the fact computers are interchangeable. In real life to take your hand off and replace it with another is cumbersome and difficult and leaves traces. This does not reflect in the computer world.

New ram, new CPU, new graphics cards. ext. All of these core parts of a PC are interchangeable. And therefore make it nearly impossible to build a “Fingerprint” of a computer.


So my thought is, Why are we trying to build a unique signature off of some components, when instead we should look at the collection of individual components and describe them as the unique part.

That collection of objects is what makes a computer unique.

So my idea, is that instead of trying to create a fingerprint, we instead create a sort of DNA strand for that device by using the individual components. Then we compare the listing of these parts as “Chromosomes” and assign them a weighted sum.

We can then start assigning groups of semi-unique data to these chromosomes. And by providing a difference equation to this groups, we can compute whether or not that machine is near or close to its anticipated outcome.

Test Case

So lets say for a user, when they first join a community or use some program as a service. We request a “true” DNA strand from that device. We then store this Strand under the account. They then authenticate that this is them. Now every time that user logs in again, we can then send them down a random SALT value as well as a Request for some chromosomes.

They then preform a rehashing of some of there semi-unique data with the salt and pass that back to us. We check this data and as-long as it is within tolerances. We permit this login with no second level authentication.


Some examples of chromosomes could be:

1: Installed programs & Version.
2: Volumes & Serial Numbers
3: Connected Devices
4: Network Interfaces
5: System Specs
6: Operating System Stats
7: CPU Stats
8: Drivers and Versions


So For instance, at first we have them preform a SHA1 Of Chromosome 1

They gather the list:

7-Zip 16.04 (x64)  16.04 
ABBYY FineReader 9.0 Sprint
Acceptor Tools
Acronis True Image 20.0.5554

Then preform a SHA1 Set of that:


They then send us this as a “True” DNA sample. We store this as a reference.

Later when they log in again, we request X% of Chromosome 1 salted with some new salt. This X% uses the salt as the seed value for a RNG and selects X% of the subset.


We get some data back and after some checking we find that its 90% similar to the true sample, we can assume its them. We then store these differences as “Mutations” sepperately from the true DNA strand.

Later, we get another login attempt. We ask again:


This time, however we get a response that is only 60% matching to a true DNA for there account. But if we compare it to its mutations, that number gets increase to about 89%. Still good in our eyes. (This assumes there system has been upgraded)

A few months later we get another login request. But this time after all is said and done, we have only a 10% match. Now we request a Second factor authentication for this login. During this step, we generate a new true DNA strand, and add it to there key ring. (This assumes a new computer)

Later we get another login, it matches DNA1 but we also get a message stating that there account has been Hijacked! We can now review the case, see that there has been a new DNA, a new login ext. This helps build evidence that this HAS been the case. We remove DNA2 from there account, and add it to our blacklisted DNA set. Then force them to change there information and reset there second factor

Now, this has helped the customer, but this has also given us valuable information. We now have a DNA to a different PC. And can search our database to try and find matches. Allowing us to look for and fight attacks.

Now for another use case, lets say we have a new account created, a true sample is taken and a Back-End server finds a 99% match to a blacklisted DNA. We can then flag this account for a case review.

You can see where I’m going with this.

Leave a Reply

Your email address will not be published. Required fields are marked *