spock presentation

April 15, 2023 (c) 1999 CertifiedTime.com all rights reserved

1

Certified Time Data Services…setting a stake for absolute credibility in

time data propagationTodd S. Glassey, CTO

CertifiedTime.com

S.P.O.C.K, The NSA’s Security Proof-Of-Concept Keystone

April 15, 2023 (c) 1999 CertifiedTime.com all rights reserved 2

CertifiedTime, Inc

CertifiedTime is a Trusted Timing Authority. CertifiedTime is a .COM Company

providing Secured and Audited access to Standard’s-certified Time Data for anyone needing an arm’s length from the source of the time data they use in their Digital transaction or event process.


CertifiedTime

At CertifiedTime, we sell access to secured NIST or other NTA Certified Time Data over private networking service models; andProvide our commercial customers with a

comprehensive event audit to support their operational Audit and Transaction Logging Requirements.


The Digital RevolutionThe Promise and the threat

The digital revolution brings a new level of capability to transaction processing. Bigger, faster, better, less overhead, no human involvement!To the bigger picture what this really means is

means both more risks and better proofing/audit models to address those

risks.


The Digital RevolutionThe Promise and the threat

To the bigger picture what this really means is means both More risks, so that means that we need

better proofing/audit models to address those risks.

A much less expensive, per-event processing model; and the ability to manage larger amounts of data in the transaction infrastructure.


Why a new source of time?

Why is a new source of “certifiable time data” necessary today? Initially you could blame it on Digital Telephony.30 years ago, most all DP operations got

timing data from their Telephone Carrier,


Why a new source of time?

The Telco’s needed the timing data there and the Time Data was accurate because the Telco’s used it to synch-up between inter-exchange and distance switching.

But from a security analysis standpoint, even this time data would have been unacceptable by the emerging audit standards of the 21st century.


As it turns out…

One of the things we want to get across to this group is that creating and deploying time data securely over a network is based on a number of factors.

These factors leverage and compliment each other to create a stronger and reliable whole.


NIST has tried to address this on the

Internet…By deploying a number of time servers wherever they

could find housing for them. This put the time servers in laboratories and other unsecured

environments as a local resource for the operators.It also made the Servers high-traffic parts of people’s

networks so they gave the servers what-ever public connectivity they had left over.

To be really effective the servers need to be within several hops of the end users.

Not budgeted for these efforts.


USNO also addresses this with its public access time servers

But the demand is growing astronomically and like NIST they do not have the budget to operates these indefinitely.. Their public timeservers also have the same access

and loading problems that the NIST Machines do.And like the NIST Servers, to be really effective the

servers need to be within several hops of the end users


To answer this need, …we decided we had to

create a systemA system that could securely deliver

time to Host OS platforms through existing channels. To do this we had to not only understand the

problems and the physics of delivering time –reliably, but also with something never before needed, a clear level of provability, which meant an integrated audit and proofing model.


The bad news first…So we looked at NTP today and the Time

Servers deployed around the Internet, and the bad news is… that because of how NTP currently operates, in a

UDP based impulse mode; and with its vulnerabilities; and how the time servers were deployed over the

unauthenticated Internet networking model… that there is a problem.

NTP events are unanchored. That is unprovable.


The bad news first…What this means to Customers relying on

NTP as their time data protocol, that currently there are really no reliable or

provable mechanisms over the Open Internet to deliver commercially reliable time data to a computer.

They just don’t exist.


The bad news first…

Hold on – it gets worse.the really bad news is that even

“Keyed” GPS is no better for creating a trust-anchor for commercial digital transaction processing.


For the DOD, what does this mean for SIPRnet…

Our feeling is also that SIPRnet users will suffer the same problems that Internet Users do only potentially worseThe network may be secured but what about the

time servers and internal threat vectors themselves?


For the DOD, what does this mean for SIPRnet…

Also SIPRnet users may also be adversely affected because the Encryption Overhead in the SIPRnet routerswill potentially adversely affect the proofing of the

Time transfer audit model. The expected amounts of SIPRnet traffic wont

make this any easier either, such that it will be important to have another secured time-services network to plumb critical clients with.


But take heart, there is an answer!

For trust-sensitive commercial clients, the good news is that there is a solution… its their own private point-to-point, single-

hop connection to a Federally-Certified NIST or USNO Time Server.


But take heart, there is an answer!

This provides connections are plumbed across a closed and private network, securely; 1 terminus per router port;

compartmentalization is enforced in the routers

Comes with a commercial grade audit model attached to boot.


Why NIST Traceability

NIST has put together a consortium of time bases unifying North America on a single time base, theirs.

NIST, being a Non-Military Standards Laboratory is trusted by nations the world over. While its not usually an issue, the USNO is a part of the NRL and the DoD and so for some other Countries this caused them to shy away from the time base services.


Why NIST Traceability

NIST and the USNO will likely join forces at some point to produce UTC-USA in a weighted access model similar to what CertifiedTime is putting together.

So NIST Traceability and USNO will potentially be synonymous as UTC-USA and ultimately as UTC-Earth or UTC-Sol.


Certified Timing Center NIST-Traceability

“Traceability” is provided by an unbroken chain between the NIST Time and Frequency Laboratories and the Certified Timing Centers


A Network of Regional Certified Timing Centers

Certified Timing Centers provide NIST-Traceable Timing Services for computer synchronization throughout North America


Initial Certified Timing Centers

Washington (VA #1)

nist1.dc.certifiedtime.com Online

NIST Timeserver, 10Mb/S terminus

New York City(Manhattan #1)

nist1.nyc.certifiedtime.com Online


San Jose, California

nist1.sjc.certifiedtime.com (online)

NIST/USNO Timeserver, 10Mb/S terminus,

Atlanta, Georgia nist1.atl.certifiedtime.com 1Q2000



Additional Certified Timing Centers

Chicagonist1.chi.certifiedtime.com 1Q2000


Seattlenist1.sea.certifiedtime.com 1Q2000


Dallasnist1.dal.certifiedtime.com 1Q2000

NIST/USNO Timeserver, 10Mb/S terminus,

Los Angeles nist1.la.certifiedtime.com 1Q2000



Timing Center Topology

Ringing North America with UTC Traceable Stratum-1 Time ServersHigh

Bandwidth

AccessSecured

Operations


Timing Center Protocols

Internet based Stratum-1 service to clientsNetwork Time Protocol (NTP)Simple NTP (SNTP)Secured NTP (When available) Time Protocol

Regional ACTS Dial-in (With Circuit Auditing)


Driving Standards to build ‘Market Acceptance’

CertifiedTime.com is actively working with standards groups to ‘build-in’ for acceptance of certifiable time in all types in EC Transaction and Enhanced Audit Models


Contacting usTodd Glassey, Chief Technical Officer

(831) 438-7811

[email protected]

CertifiedTime, IncSuite 2702007 Hamilton AveSan Jose, Ca., 95125(408) 371-5300

mailto:[email protected]

spock presentation

Documents