What Time Is It? How Manipulating “Now” Can Crash Our World
•
0 likes•42 views
Timing and synchronization technologies are an important component of next generation infrastructure such as 5G and connected vehicle deployments. Stricter sync requirements put these technologies at risk of becoming dependent on GPS for their timing. This talk will explore how protection and integrity of synchronization mechanisms will become a cost of doing business across any connected industry. Learning Objectives: 1: Understand the difference between naive GPS spoofing and advanced, targeted, spoofing. 2: Learn about the real threats of GPS spoofing across industries. 3: Understand the need to secure time and synchronization technologies.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to What Time Is It? How Manipulating “Now” Can Crash Our World
Similar to What Time Is It? How Manipulating “Now” Can Crash Our World (20)
More from Priyanka Aash
More from Priyanka Aash (20)
Recently uploaded
Recently uploaded (20)
What Time Is It? How Manipulating “Now” Can Crash Our World
- 1. SESSION ID: #RSAC Michael Calabro WHAT TIME IS IT? HOW MANIPULATING "NOW" CAN CRASH OUR WORLD HTA-W12 Senior Lead Engineer Booz Allen Hamilton Calabro_Michael@bah.com
- 2. #RSAC Why do we need SynchronizaHon? 2 Event ordering Fairness in Race CondiHons Security Event Forensics
- 3. #RSAC Time is Made Up 3 Physicists noted that some materials generate very stable reference signals at predictable periods (cesium, rubidium) If you count these periods … The SI definiHon of a second is the Hme that elapses during 9,192,631,770 cycles of the radiaHon produced by the transiHon between two levels of the cesium 133 atom.
- 4. #RSAC Time Scales are Agreed Upon and “Local” 4 UTC (USNO) UTC (NIST) Mike Time
- 5. #RSAC Time Accuracy and Precision are DisHnct 5 Precise, Not Accurate Precise & Accurate Accurate, Not Precise
- 6. #RSAC The Path of Time Transfer 6 Master Clock 00:00:00.000??? 00:00:00.000000 +/- X +/- Y +/- Z Delays are known or bounded Time stamps are transferred from that source to end applicaHons Time is measured at a source
- 7. #RSAC Time Transfer and Time Sources are Different 7 GPS NTP PTP ApplicaHon LTE UTC(USNO) U.S. Air Force PTRC GPS Rx GPS Rx GPS Rx GPS Rx GPS Rx
- 8. #RSAC Financial Business Clock Time Sources 8 MulMple Technologies, 40% NTP, 27% GPS, 6% PTP, 6% CDMA, 2% Other Technologies, 3% Did Not Know , 16% (FROM 2017 SEC CLOCK SURVEY)
- 9. #RSAC How Time is Transferred via GPS 9 Precise code phase alignment can give < 10 nanoseconds of precision Distance (m) / Speed of Light (m/s) = Delay (Rule of Thumb: 1 e / ns) 0100110110101011010101110101Path Delay RX 0100110110101011010101110101 SV Transmits known PN Sequence GPS receiver generates local copy and aligns it to transmi`ed sequence Precision of alignment determines precision of Mme delay calculaMon
- 10. #RSAC GPS is Vulnerable to ManipulaHon 10 Data A`acks Repeaters or Unsynchronized Spoofers Code Phase Synchronous Spoofers Receivers and their applicaHons do math based on broadcast parameters. Divide by zeros? Overflows? Time might go backwards. Time will jump around. Time may advance more or less quickly … but at a high level, may appear accurate. Broadcast by GPS Algorithms from GPS SPS SpecificaMon GPS Rx locks on to dominate signal GPS Rx locks on to dominate signal and that signal is very close to the real signal
- 11. #RSAC How GPS Time can be Subtly Spoofed 11 0100110110101011010101110101Path Delay RX 0100110110101011010101110101 SV Transmits PN Sequence Rx Generates local copy and aligns it to transmi`ed sequence Precision of alignment determines precision of Mme delay calculaMon Spoofer Near Matched Delay 0100110110101011010101110101
- 12. #RSAC Review So Far 12 Time is “made up” Time is Measured directly or Transferred GPS is a common source of Hme across all applicaHons Timing and SynchronizaHon requirements exist at a variety of levels across applicaHons So… What happens when Synch breaks down?
- 13. #RSAC TelecommunicaHons Networks Have the Strictest Commercial Timing Requirements 13 ApplicaMon/ Technology Accuracy SpecificaMon WCDMA MBSFN 12.8 µs [b-3GPP TS 25.346] secHons 7.1A and 7.1B.2.1 LTE-TDD (wide-area) 10 µs [b-3GPP TS 36.133]) secHon 7.4.2 LTE-TDD to CDMA 10 µs [b-TS 3GPP TS 36.133] secHon 7.5.2.1 CDMA2000 3 µs [b-3GPP2 C.S0002] secHon 1.3; [b-3GPP2 C.S0010] secHon 4.2.1.1 WCDMA-TDD 2.5 µs [b-3GPP TS 25.402] secHons 6.1.2 and 6.1.2.1 WiMAX (downlink) 1.428 µs [b-IEEE 802.16] table 6-160, secHon 8.4.13.4 WiMAX (base staHon) 1 µs [b-WMF T23-001], secHon 4.2.2 Primary Reference Time Clock 100 ns [ITU-T G.8272] (Primary Reference Time Clock) Enhanced PRTC 30 ns [ITU-T G.8272.1] (Enhanced Primary Reference Time Clock)
- 14. #RSAC Power Grid Uses of Time 14 From NASPI-2017-TR-001
- 15. #RSAC EU Finance Requirements in Effect Jan. 2018 15 From COMMISSION DELEGATED REGULATION (EU) 2017/574
- 16. #RSAC Some Scenarios – Financial Front Running 16 T = 0.000 T = 0.001 Buyer buys 1000000 shares of ABC Seller sells 100000 shares of ABC T = 0.002 T = 0.00000 T = 0.00010 Seller sells 100000 shares of ABC T = 0.00035 Buyer buys 1000000 shares of ABC T = 0.00200 Which ordering of events would you prefer? What if you could change your Hme stamp?
- 17. #RSAC January 25th, 2016 – The Worldwide “Spoof”
- 18. #RSAC A Unique Set of Error CondiHons 18 On January 25th, 2016, during the reHrement of the last IIA satellite, an error occurring in the GPS system causing many receivers that used the UTC correcHon broadcast by the satellites to be ~13.7 microseconds deviant from truth Global effect Not all satellites broadcast erroneous data Affected receivers needed to obtain their UTC offset from a bad satellite – i.e. not all receivers with a common skyview would have been affected
- 19. #RSAC Suspect a GPS Problem? Call the Coast Guard 19
- 20. #RSAC Effects (caused by an ~12 hour event) 20 Of ~80 NIST clocks monitoring event, only 11% were unaffected Some high performance precision Hming receivers took 1+ day to resynchronize to their previous levels of stability Many precision Hming receivers entered into holdover (starHng a count down hours to out-of-spec performance) At least one telecommunicaHons backhaul provider reported that it was necessary to manually reset affected precision Hming receivers Some clocks located in telecom systems started to free run with no atomic discipline or back up Many organizaHons that should have been affected did not report any impact (did they even know how close they came to major issues?)
- 21. #RSAC It is Really Hard to Get Away from GPS… 21 Timing Source GPS Dependent Scale Availability Comments GNSS Yes < 100 ns Global Not appropriate for all environments; may be denied GSM NTIZ Yes ~1s Regional CDMA2000 Sync Yes 1 ms Regional LTE R11+ SIB 16 Yes 10 ms Not widely deployed. 10 ms may not be sufficiently precise. Iridium Time (Satelles) Yes < 500 ns Global Paid Service; May have higher availability than GNSS eLoran Yes < 100 ns Europe, Asia, Middle East Not available in the US
- 22. #RSAC Upcoming 5G and IoT Sync Requirements 22 Edge of network sync in in TDD LTE is ~ 1 microsecond; 5G proposes to aggressively push this down – thereby increasing dependency on synch SynchronizaHon requirements between cloud processes and events will become stricter IoT will need ways to synch local devices
- 23. #RSAC OrganizaHons that are working on this 23 ATIS SynchronizaHon Commi{ee Resilient NavigaHon & Timing FoundaHon Network Time FoundaHon North American Synchrophasor IniHaHve (NASPI) NaHonal Space-Based PNT Advisory Board and PNT ExecuHve Commi{ee
- 24. #RSAC Conclusions 24 GPS remains the most convenient source of Hme transfer and is the only technology capable of meeHng upcoming synchronizaHon requirements efficiently 2017 and 2018 are seeing many new synchronizaHon applicaHons being deployed across telecom, finance, transportaHon, and Sync needs to be done securely and deliberately Secure SynchronizaHons SoluHons exist today; advocacy is needed at a naHonal level for an alternaHve system to GPS
- 25. #RSAC Selected References 25 NIST Report on January 2016 Outage h{ps://}.nist.gov/general/pdf/2886.pdf SEC Clock Survey h{ps://www.sec.gov/divisions/marketreg/consolidated-audit-trail-clock-synchronizaHon-assessment-051517.pdf NASPI h{ps://www.naspi.org/sites/default/files/reference_documents/ts}_electric_power_system_report_pnnl_26331_march_2017_0.pdf
- 26. #RSAC Apply What You Have Learned Today 26 Next week you should: IdenHfy synchronizaHon dependent applicaHons within your organizaHon In the first three months following this presentaHon you should: Understand where these sync-dependent applicaHons get their Hme from and their corresponding tolerances for failure Within six months you should: Understand how to a{ribute system failures to synchronizaHon outages “Protect, Toughen, and Augment” your Timing Sources and Sync Methods Michael Calabro Calabro_Michael@bah.com