[time-nuts] Time security musing - attacking the clock itself

Jim Lux jimlux at earthlink.net
Mon Dec 3 23:45:24 UTC 2012


On 12/3/12 9:32 AM, dlewis6767 wrote:
> I agree, Bob.
>
> Like the billboard on the side of the highway says: - Does Advertising
> Work? JUST DID -
>
> The bad guys can read this list same as the good guys.
>
>

Security through obscurity never works in the long run.  Much better to 
discuss vulnerabilities in the open, and discuss countermeasures that 
are robust.


Clock synchronization is of great interest in a variety of crypto 
systems where keys are changed on a predetermined schedule (the RSA two 
factor authentication key fob is an interesting instance).

It's even trickier when you have to distribute "time" in a secure way 
(in the sense that not only is the "at the tone, the time is" message is 
reliable, but also that the timing of the "tone" is reliable).

The various redundancy and reasonableness checks (e.g. for GPS) are in 
this area as well.

The question is: "Can I distribute timing information through a network 
reliably"





More information about the Time-nuts_lists.febo.com mailing list