Speaker: Blazej Boczula Language: English This presentation is not about computer hacking, penetration testing or live demonstration of security flaws. It’s not even technical in strict sense and due to the large span of discussed topics hard to estimate the worth, merit or value of it. I sn’t this just a waste of time? M aybe. But to answer this question shouldn’t we first stop and recall: What actually is ‘time’? The main purpose of my talk is to identify problems and pose some questions about time observed from Security perspective with particular reference to CyberSecurity. Let’s imagine that we have all the time in the world to hear about concepts and ideas of Mills, Essen, Lamport, Anderson, Einstein, Ajdukiewicz, Dali, Eddington, Augustynek, Whitrow, Wells, Luhmann to mention only a few. Kill some time puzzling about t ime zones, time protocols, time correlation, time perception, time measurement, uptime, timing attacks, realtime, total exhaust time,time stamps, epoch time, expiration time, time series, time travel, time loop, boot time, time paradox, polynomial time, exponential time, timelapse cryptography, working time, time off, physical time, timesharing, time limit, time bomb, time control, time standard, time signal, lamport time, time interval, system time, time complexity, time forwarding and storage bugs, time to live, time machine, time code ambiguity, time capsule, time function, time dilation, time expressions, time book, timesheet, timekeeper, time management, time warping, time servers, units of time, time periods, bullet time, proper time, fixed time, overtime, lifetime and more. ALLERGY ADVICE: T his presentation may contain philosophy, art, humanities and science, which are used during the manufacturing process. CONFidence: http://confidence.org.pl/pl/

1. or unclear digressions about past present and future of Time & Security
Błażej Boczula
DEFENSIVE TIME-OUT
Source: http://forums.nba-live.com/dl_mod/thumbs/2379_se7sixtallclear.gif

2. Defenders are loosing?
„Groundhogs Day” | time loop
security
“I started mine security career as an IDS analyst and
it was a horrible life you know they have to look at
packet captures all damn day nothing, maybe other
than marriage, will make you want to put a bullet in
your head more”. Joe McCray
https://www.youtube.com/watch?feature=player_detailpage&v=qBVThFwdYTc#t=1294Cliff Stoll
Tsutomu Shimomura
DEFENSE
game time
timing
all time
Kevin Mitnick
Marcus Hess
ATTACK
Vidocq?
Abagnale?
do time?

3. Source: http://cdn.thewire.com/img/upload/2013/03/04/nkkjudr.gif
Source: http://gifrific.com/wp-
content/uploads/2013/04/Dennis-Rodman-Karl-Malone-
Fight-1998-NBA-Finals.gif
http://www.garuyo.com/web/media/images/images/interviewgif
s4.gif
metaphores | facts & fictions |
timeline
https://www.youtube.com/watch?
feature=player_detailpage&v=BlBT0Yv83DA#t=1265

4. timespan
time bomb
time zone
full time job
“Stuxnet, for example, probably had a
short shelf life, Axelrod says, because
it relied on four different computer
vulnerabilities in the nuclear
enrichment plant remaining open at
the same time, so it was likely
deployed as soon as possible”.
http://www.nature.com/news/the-best-time-to-wage-cyberwar-1.14502
x
“APT30 POSSIBLY WORKING ON SHIFTS In our analysis of the
BACKSPACE controller, we identified a dialog box in the portable
executable (PE) resource section. The dialog box included a login
prompt with the text 请 输 入 您 的 值 班 员 代 号 , which translates to
“Please enter your attendant code”(...)tool may have been designed
to track work shifts amongst multiple operators(...)”
https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf
Source:
https://www.learner.org/jnorth/images/graphics/mclass/jr/Da

5. „For some must watch while some must sleep
so runs the world away” Hamlet,
Shakespeare
time management, working time,
productivity time, meatime,
overtime, time book, timesheet,
time-tracking software, part-
time, free time, time off, do time
Source: http://qph.is.quoracdn.net/main-qimg-
17e71c157715ffa101f1fc9c8b99a5ac?
convert_to_webp=true
Source:https://podio.com/site/creative-routines
Source:
https://www.learner.org/jnorth/images/graphics/mclass/jr/Da
time perception

6. Where is code?
Where are PCAPs?
Where are momory
dumps?
Source: http://stream1.gifsoup.com/view7/3986291/superman-turns-back-time-o.gif
time
travel

7. or who will hack Lenovo ThinkPad X220 Tablet (2 copies), Intel® Core™ i7-
2620M CPU @ 2.7GHz Intel® 150Gb Solid-State Drive 520 Series
Windows 7 Speech Synthesizers (3 copies): Manufacturer - Speech Plus
(Incorporated 1988, Mountain View, CA) Model - CallText 5010 to hear
about Time & Security from ingenious Stephen Hawking author of
A Brief History of Time?
DEFENSIVE TIME-OUT
http://www.audioeditions.c
om/audio-book-
images/l/A-Brief-History-
of-Time-292189.jpg

8. ‘Conceptually information security is an incorrect,
incomplete, inconsistent folk art like witchcraft and
alchemy in the Dark Ages’ Don B. Parker
https://www.youtube.com/watch?feature=player_detailpage&v=RW9hOBCSy0g#t=186

9. “It’s named mitigating side
channels on the web but please
bear with me there will be
attacks in there, Right? Ok? Just
so that you don’t leave the room
because it’s BORING, because
it’s just mitigation no this is not
the case we do attacks.”
Sebastian Shinzel
Attacker
Defender
timing attacks | time series | statistics
Source: https://www.youtube.com/watch?
feature=player_detailpage&v=V3fzl4NbnF0#t=1128

10. „The boundaries of my language demarcate the
boundaries of my world” Wittgensein
time in language | language in
security
Source: Wolfgang Klein, Time in Language

11. “time” is a term used in “at least four meanings”:
1) “moment”, “exact date”, time point; moment is attribute of some point event eg.
bullet hitting the target; moment can be defined (by abstraction) based on simultaneity term
as common attribute of every and only those events, which are simultaneous;
2) “time period”, “time segment”, time interval - dense and continuous set of
moments placed between two different moments; certain time period can be indicated by
specification of delimiting moments (eg. period between 12:00PM and 13:00PM today in
Warsaw), or by specifying process filling this this period (eg. during the reign of Kazimierz
Wielki in Poland);
3) “duration”, the length of time period (eg. half-life period of radium) - in contrast
to this exact time period; two different time periods can have the same duration, similar to two
line segments can have the same length (eg. period between 12:00 PM and 01:00 PM today
is different that between 01:00 PM and 02:00 PM, although both have the same duration);
duration of some time period can be defined (by abstraction), using term of relation of equal
duration as common attribute for every and only of those time periods, which lasts for the
same amount as given period;
4) ‘all-embracing time period’, unlimited timeline - set of all moments, in other
words - time period for which every time interval is part of it.”
Kazimierz Ajdukiewicz
timestamp, uptime, boot time, expiration time, time-sharing/cloud, lamport
time, time function, time to live, system time, time forwarding and storage
bugs, time code ambiguity, uptime, downtime, real-time, boot time, epoch
time, time (logic) bomb, timing attacks, total exhaust time, time-sharing,
time servers, CPU time,
process time, jiffy? Ross Anderson, Security Eng. II

12. “The relations: earlier that W’ and the simultaneity R’ can be defined on
the set S/R. They are defined respectively by means of the relations: W
and R from the set S. The relation W’ in S/R is already connected and the
relation R’ is in this set an identity relation. Because the relation W’ is in
the set an ordering relation, then the definition of time has here the form:
C <S/R, W’>≝ *.
Therefore, time is set S/R of abstraction classes of the relation R in S
ordered by the relation W’. It is a definition of time by abstraction.”
* C - time
S - set of all physical events
R - relation of absolute simultaneousness (quasi-simultaneousness)
W’ - relation before
“It is assumed in this considerations that time and its properties exist objectively;
the same is valid for such objects as moments and intervals and also time relations. It is assumed
too, that properties of time and of the above mentioned objects and relations are established on
the basis of experience. Both materialistic assumptions are involved implicite it the basis of every
physical theory and explicite in the scientific philosophy of time. Discussion presented here in
regard to the position that the question of time’s definition is a pseudo-problem because its
solution contain always a logical circle. It is proved here hame is defined only by timet even then,
when time is defined only by time’s notions - what is the ground of discussed point of view - it
is possible to avoid such a circle.”
Stefan Augustynek, The Nature of Time

13. Julien Barbour The End of Time
Parmenides no change / time
Newton absolute time
Mach relative time v. 1.0
Einstein relative time v. 2.0
+ Minkowski spacetime
Platonia = The Eternal „Washing Band” Universe?
NO TIME = NO PROBLEM !
Source: https://www.youtube.com/watch?feature=player_detailpage&v=WKsNraFxPwk#t=866

14. TIME = CLOCK(S) ?
➔
Which one:
sun; sand; water; fire; mechanical; quarz?
➔
electric oven - PC - https - Kerberos - PKI
➔
NTP David Mills lifetime project
RFC958, NTP ”0”
„Let t1, t2 and t3 represent the contents of the Originate Timestamp, Receive
Timestamp and Transmit Timestamp fields and t4 the local time the NTP message is
received. Then the roundtrip delay d and clock offset c is:
d = (t4 - t1) - (t3 - t2) and c = (t2 - t1 + t3 - t4)/2 .
The implicit assumption in the above is that the one-way delay is statistically half the
roundtrip delay and that the intrinsic drift rates of both the client and server clocks are
small and close to the same value.”
RFC5905, NTP4
“A timescale is a frame of reference where time is expressed as the value of
a monotonically increasing binary counter with an indefinite number of bits.”
David Mills, U. Delaware, J. Martin, Ed., ISC, J. Burbank, W. Kasch, JHU/APL
Source: https://lh3.googleusercontent.com/-
D1LC3KkrcKw/Uvoyy8ndGII/AAAAAAAAI34/Nza2r8_cPGI/w800-h800/arctic%2Bsummer.gif

15. second “the duration of 9192631770 periods of the
radiation corresponding to the transition between the two
hyperfine levels of the ground state of the caesium 133
atom.” 1967 "refers to a caesium atom at rest at a temperature of 0 K."
1997
“National standards agencies in many countries maintain a
network of atomic clocks (...) collectively define a continuous and
stable time scale, International Atomic Time (TAI). For civil time,
another time scale is disseminated,Coordinated Universal Time
(UTC). UTC is derived from TAI, but approximately synchronised,
by using leap seconds, to UT1, which is based on actual
rotations
of the Earth with respect to the solar time.”
TIME = ATOMIC CLOCK
Louis Essen
If you have one clock ... you
are peaceful and have no
worries," says Van Baak,
fingering a length of cable
connecting two of his
machines. "If you have two
clocks ... you start asking,
'What time is it, really?
http://archive.wired.com/science/discoveries/news/2007/12/time_hackers?currentPage=all
http://www.coleparmer.com/assets/techin
fo/images/NIST-F1_178-300.jpg

16. The Open Systems Interconnection (OSI) model [19] creates seven abstraction
layers (..) except for timing. The lowest layer, the physical layer, is required for
timing signals. Timing through a communications network can be no better than
this layer, while the separation of layers worsens timing signals that rely on upper
layers.“
“Thus although waves undeniably travel through waveguides at speeds faster
than light, they produce no detectable result. This, however, is not always
true (...) the very existence of long-range radio communication depends on the fact
that radio waves in the ionized layers of the upper atmosphere have phase
velocities greater than the speed of light. This is what enables them to be reflected
by the ionosphere and to connect transmitters with receivers that are over the
horizon.”
http://www.fis.cinvestav.mx/~lmontano/sciam/ThingsFasterLightSC0760-142.pdf
source:http://tf.nist.gov/general/pdf/836.pdf
https://www.youtube.com/watch?
feature=player_detailpage&v=PxZE15SxwLI#t=533
http://nvlpubs.nist.gov/nistpubs/TechnicalNotes/NIST.TN.1867.pdf

17. “If one customer has a consistent (though
inadvertent) latency edge then it can gain an
unfair advantage over the other customers by
being the system that is on the front edge, or
potentially being the intentional or unintentional
cause of the microburst. The financial exchange
therefore has the task to find an optimally small
latency while minimizing jitter and still providing
fairness under all ranges of network loading.”
“If you are Wall
Street algorytm
and you are five
microseconds
behind you are
looser.” K. Slavin
Time as a Service | realtime | Time Banks

18. „Most people would probably say that an event a happened before
an event b if a happened at an earlier time than b. They might
justify this definition in terms of physical theories of time.
However, if a system is to meet a specification correctly, then that
specification must be given in terms of events observable within
the system. If the specification is in terms of physical time, then the
system must contain real clocks. Even if it does contain real clocks,
there is still the problem that such clocks are not perfectly accurate
and do not keep precise physical time. We will therefore define the
"happened before" relation without using physical clocks.”
Leslie Lamport
TIME-SHARING... CLOUD?
http://azure.microsoft.com/blog/2012/03/09/summary-of-windows-azure-service-disruption-on-feb-29th-2012/
http://blog.scalyr.com/2012/03/the-azure-outage-time-is-
a-spof-leap-day-doubly-so/

19. http://cdn.screenrant.com/wp-content/uploads/20000-leagues-under-sea-remake.jpg
„Let's get a SIEM product! How about a SIEM
solution? Wouldn't that be even better? That way we
can correlate all of our useless logs that we don't
look at! That would be awesome!!!” Joe McCray
„Rombertik instead writes a byte of random data to memory 960
Million times. This is designed to consume time (...) Sandboxes may
not be able to immediately determine that the application is
intentionally stalling since it’s not sleeping (...) repetitive writing
would flood application tracing tools. If an analysis tool attempted to
log all of the 960 Million write instructions, the log would grow to
over 100 gigabytes.” http://blogs.cisco.com/security/talos/rombertik
http://www.aerospaceweb.org/question/history/mach/bullet.j
pg

20. http://cdn.screenrant.com/wp-content/uploads/20000-leagues-under-sea-remake.jpg
Source:http://blogs.rockingham.k12.va.us/textbook02/files/2012/05/the_persistence_of_memor
y_1931_salvador_dali.jpg
The Persistence of
Memory, famous
Salvador Dalí’s
picture one of
interpretation was
understanding of the
world introduced by Albert
Einstein's Special
Theory of Relativity.
Asked by Ilya Prigogine
whether this was in fact
the case, Dalí replied that
the soft watches were not
inspired by the theory of
relativity, but by the
surrealist perception of a
Camembert melting
in the sun.
http://www.authenticsociety.com/about/thepersistenceofmemory_dali
Cyber-Security is (choose one):
a) Science of Cyber
b) Art of Hacking
c) Compliance Fiction

21. “technologies (...) conditioned by knowledge and social
efficiency ways to achieve its goals, intended by community, as
well as those which no one predicted on the beginning (...)
splitting of goals, and even replacing intended goals with others,
often unwanted, is typical” Stanisła Lem, Summa Tecnologiae
http://www.cinecenta.c
om/images/movies/59
2/image1.jpg

22. http://www.newscientist.com/article/dn21756-bullet-time-to-stop-cyber-attacks-on-power-
grids.html#.VWH7DZQdRoB
➔
Time paradox
➔
Time travel
➔
Time loop
➔
Bullet time
➔
Fixed time
➔
Time capsule
➔
Time-lapse
cryptography
➔
Infinite Time
Turring Machines
➔
Time complexity
„IN THE MATRIX, the famous "bullet time" effect showed how Keanu Reeves's
character Neo was able to sway out of the path of incoming bullets, as time appeared
to slow. Now the film has inspired engineers to develop a way to cope with cyber
attacks on crucial infrastructure, such as electricity grids, water utilities and banking
networks.The idea, from security engineers at the University of Tulsa in Oklahoma, is
to slow down internet traffic, including malicious data, to give networks time to deal
with attacks. To do this, when a cyber attack has been sensed, an algorithm sends
hyper-speed signals accelerating ahead of the malicious data packets to mobilise
defences.Slowing the malicious traffic by just a few milliseconds will let the hyper-
speed commands activate sophisticated network-defence mechanisms,"

23. ➔
Defense might be cool and it doesn’t have to be „nice”at
the same time
➔
„We need to go deeper” - more concrete about abstract
and more abstract about concrete (“FACKIT”)
➔
Spend some time with time (Y2KX „millenium of
bugs”?)
➔
Fight entropy! Eddington's arrow of time & Security?
➔
Get familiar with boundaries of your ignorance
➔
Ballance “figure out” and “configure out”
Why?
Source: https://31.media.tumblr.com/tumblr_lt7137rXvc1r17215o1_500.gif
INCEPTIO
N attempts?

24. „hack” or „hacker”
hack (v.1)
"to cut roughly, cut with chopping blows,"
hack (n.2)
"person hired to do routine work,"
hack (v.2)
"illegally enter a computer system" by 1984;
source: http://www.etymonline.com/index.php?term=hack
?