Full Disclosure mailing list archives

Re: Fwd: Re: FullDisclosure: Security aspects of time synchronization infrastructure

From: Robert Brown <eli () typhoon xnet com>
Date: Sun, 22 Aug 2004 12:33:50 -0500 (CDT)

gadgeteer () elegantinnovations org writes:

On Fri, Aug 20, 2004 at 10:26:08AM +0400, 3APA3A (3APA3A () SECURITY NNOV RU) wrote:
[...]

you state:

    If there is a host with reliable time on the network (that is host
    synchronized with some hardware source, like radio clocks, cesium
    clocks, GPS clocks, etc) - whole network will be finally, after some
    time, synchronized with this host.

Depending upon the criticality of the time sensitive applications on
the network, you might want to reconsider the use of "radio clocks"
and especially "GPS clocks".  These time sources are also subject to
attacks.  Any free air broadcast is subject to jamming.  This is
essentially a DoS.  Spoofing to provide incorrect time signal is also
possible with free air broadcast, but less easy to do.

[...]

For a fixed installation detecting if someone is dinking the gps signal
is trivial.  The unit starts thinking it is not in Kansas anymore.
-- 
Chief Gadgeteer
Elegant Innovations


That's fine as long as your time receiver actually interprets
locations also.  I have seen GPS time signal receivers that only
extract the time, not the locaation.  These receivers do not know or
care where they are; they just want to know what time it is.

Also, what about a GPS time receiver on a moving vehicle, such as a
ship at sea?  They would not necessarily know that the location
information was wrong, unles they also had other means of determining
location.  Besides, it might only be *SLIGHTLY* wrong, but wrong
enough to cause the time signal to be off enough to cause the
application to produce erroneous results.  It all depends on the
application. 

-- 
--------  "And there came a writing to him from Elijah"  [2Ch 21:12]  --------
R. J. Brown III  rj () elilabs com http://www.elilabs.com/~rj  voice 859 567-7311
Elijah Laboratories Inc.    P. O. Box 166, Warsaw KY 41095    fax 859 567-7311
-----  M o d e l i n g   t h e   M e t h o d s   o f   t h e   M i n d  ------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Fwd: Re: FullDisclosure: Security aspects of time synchronization infrastructure 3APA3A (Aug 20)
- Re: Fwd: Re: FullDisclosure: Security aspects of time synchronization infrastructure gadgeteer (Aug 22)
  - Re: Fwd: Re: FullDisclosure: Security aspects of time synchronization infrastructure Robert Brown (Aug 22)
    - Re: Re: Fwd: Re: FullDisclosure: Security aspects of time synchronization infrastructure Valdis . Kletnieks (Aug 23)
  - Re: Re: Fwd: Re: FullDisclosure: Security aspects of time synchronization infrastructure stephane nasdrovisky (Aug 23)