Device Fingerprints Good IT Security Strategy?

We’re all familiar with the concept of people being fingerprinted to verify identities. But now Uniloc USA, an Irvine, California company has developed Physical Device Recognition (PDR) technology that creates a unique fingerprint for networked devices. The implementation of their NetAnchor server software, security appliance and management software creates a trusted-device network in which only authenticated devices are allowed to communicate.

Authorized client machines are identified using Uniloc’s PDR technology to generate a device fingerprint based on the unique and inherent characteristics of each device. The device characteristics are based both on naturally occurring manufacturing imperfections as well as intentional configuration differences. This fingerprint becomes an authentication credential that is locked to that device.

One of Uniloc’s target markets for this technology are industrial control systems in industries designated as critical infrastructure; including water, power, oil and gas, chemicals and transportation. The idea is to leverage a unique device fingerprint in trusted communications between SCADA (Supervisory Control and Data Acquisition) master stations and RTUs (Remote Terminal Units) and PLCs (Programmable Logic Controller).

Most recently the company has been focusing on network security professionals with the pitch of adding another authentication credential (device fingerprint) to network edge devices. Their story goes like this:

“While there is a trend towards moving technology into the cloud, properly validating the identity of a user, or user authentication, must continue to occur on the connected device. Today’s passwords are not reliable enough for advanced cloud concepts like billable edges but many authentication technologies like smart cards are too expensive and inconvenient. Uniloc’s Edge ID identifies the device itself for an affordable, enhanced user authentication without any user hassle.”

Will this technology fly in the long run?  Or will it be just another great idea that ends up in the “that’s interesting” bin of technology landfills. We’ll just have to see.