hacking security forum

[Full-Disclosure] Re: Fwd: Re: FullDisclosure: Security aspects of time synchronization infrastructure

From: Robert Brown <eli@typhoon.xnet.com>
Date: Sun Aug 22 2004 - 13:33:50 EDT

gadgeteer@elegantinnovations.org writes:
> On Fri, Aug 20, 2004 at 10:26:08AM +0400, 3APA3A (3APA3A@SECURITY.NNOV.RU) wrote:
> [...]
> > you state:
> >
> > If there is a host with reliable time on the network (that is host
> > synchronized with some hardware source, like radio clocks, cesium
> > clocks, GPS clocks, etc) - whole network will be finally, after some
> > time, synchronized with this host.
> >
> > Depending upon the criticality of the time sensitive applications on
> > the network, you might want to reconsider the use of "radio clocks"
> > and especially "GPS clocks". These time sources are also subject to
> > attacks. Any free air broadcast is subject to jamming. This is
> > essentially a DoS. Spoofing to provide incorrect time signal is also
> > possible with free air broadcast, but less easy to do.
> [...]
>
> For a fixed installation detecting if someone is dinking the gps signal
> is trivial. The unit starts thinking it is not in Kansas anymore.
> --
> Chief Gadgeteer
> Elegant Innovations
>

That's fine as long as your time receiver actually interprets
locations also. I have seen GPS time signal receivers that only
extract the time, not the locaation. These receivers do not know or
care where they are; they just want to know what time it is.

Also, what about a GPS time receiver on a moving vehicle, such as a
ship at sea? They would not necessarily know that the location
information was wrong, unles they also had other means of determining
location. Besides, it might only be *SLIGHTLY* wrong, but wrong
enough to cause the time signal to be off enough to cause the
application to produce erroneous results. It all depends on the
application. 

-- 
--------  "And there came a writing to him from Elijah"  [2Ch 21:12]  --------
R. J. Brown III  rj@elilabs.com http://www.elilabs.com/~rj  voice 859 567-7311
Elijah Laboratories Inc.    P. O. Box 166, Warsaw KY 41095    fax 859 567-7311
-----  M o d e l i n g   t h e   M e t h o d s   o f   t h e   M i n d  ------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Sun Aug 22 14:36:25 2004

This archive was generated by hypermail 2.1.8 : Sun Aug 22 2004 - 15:05:14 EDT

Custom Search