Re: NTp config - for the databases :}

[John Painter <tjp () conflux net>]

This spoofing problem is easily dealt with. use a 12 channel GPS with the
receiving antenna significantly protected from physical attack. Since the
GPS receiver calculates the time of arrival of a sats signal vs the time of
arrival of the other sats signal and uses the incoming signals to determine
longitude and latitude (and elevation), the spoofer must transmit multiple
correct sat signals with appropriate delays to spoof a different time and
correctly place your location (within 300 or so meters and 600 or so
elevation) so a sanity check of the long/lat/el would not show you being
spoofed. Some three letter acronyms may be able to pull it off, but few
others. If you were sufficently paranoid, a multiple antenna array of az/el
controllable antennas would let you point directional antennas at each
viewable sat. in the sky and you could sanity check across each sat.

For the WWV spoofer, just use a set of directional antenna arrays spaced
far enough apart that a low power transmitter would show up as being in the
wrong direction to at least one of the receivers. You could also use a
transmitter signature analyzer to make sure you were listening to the one
and only WWV 5MHz, CHU, WWVH-5Mhz, etc... Since radios made on the same
assembly line show up with different transmitter signatures it would be
easy to tell. Amatuer radio repeater operators use transmitter signatures
to secure access to control functions on some repeaters, to identify
malicious users, etc.

I also log changes to our system clocks by NTP just in case ...

At 8:01 AM -0800 3/13/98, Joseph S. D. Yao wrote:
> > Add a couple of radio receivers to the lot (radio-to-ntp boxes are available
> > for reasonable prices) which gives you in-house stratum-1 servers to
> > complement the internet servers.
>
> Reminds me of [don't laugh] a Superman television show episode, where
> Supes got the National Atomic Clock folks to speed up their radio
> signal to get the crook to emerge before the statute of limitations ran
> out.  [There were other indications in that episode, looking back as an
> older self, that they were stretching for plot ideas by then.]
>
> You don't have to be Superman.  Just put a transmitter antenna close to
> the receiving antenna, and make the transmitter just powerful enough to
> override and spoof the real time signal.
>
> As long as we're being careful about looking for the perfect time
> source ...
>
> --
> Joe Yao                                jsdy () cospo osis gov - Joseph S. D. Yao
> COSPO Computer Support                                         EMT-A/B
> -----------------------------------------------------------------------
>       PLEASE ... send or Cc: all "COSPO Computer Support" mail to
>                       sys-adm () cospo osis gov
> -----------------------------------------------------------------------
> This message is not an official statement of COSPO policies.


--
John Painter, Principal Consulting Engineer,
Grand Designs, Ltd., ConfluX.net Internet Buisness Unit
<http://www.gdltd.com/>, <http://www.conflux.net/>