logo
allArticlesConferencesPresentations

Clocking On

Conference:  BlackHat USA 2021

2021-11-11

Summary

The fragility of time synchronization and the need for alternative solutions to secure time
  • The current time is measured by Atomic Clocks accurate to within 1 second every 100 million years
  • The internet is moving to secure how the consensus of the current time is distributed
  • The ecosystem of time synchronization is fragile and vulnerable to attacks
  • GPS as a single source of failure is a serious problem
  • Government and industry are creating a secondary resilient platform to provide land-based secure time
  • Attackers and their tools are becoming increasingly sophisticated
  • People need to think about alternative solutions and not leave it to governments and organizations
  • Time is essential for cryptography and digital certification
  • There may be a lot of attacks sliding under the radar that people aren't aware of
The speaker became interested in clocks and horology during lockdown and discovered the fragility of the ecosystem of time synchronization. He found it surprising that the technology has been relied on for decades, yet only recently have people started to think about alternatives to GPS as a single source of failure. The speaker emphasized the need for people to think about alternative solutions and not leave it to governments and organizations. He also highlighted the importance of time for cryptography and digital certification and the potential for attacks to slide under the radar if people aren't focusing on time as an attack vector.

Abstract

A nerd's eye view of time and timekeeping...Moves are finally afoot to secure time! Well, to secure what we consider to be the current time. Or, to be more specific, to secure how we distribute what we consider to be the consensus of what is the "current" time. And by "we" I mean The Internet. And by "current time" I mean time measured by Atomic Clocks, accurate to within 1 second every 100 million years. Or thereabouts.So that's nice...But what does that actually mean?Why do I care?Is it enough?Is an 0-day that skews time still an 0-day or does it disappear up its own paradox?Only time will tell...
Materials:
Tags:

Post a comment

Related work

Five philosophies to building better application logs

Conference:  OWASP 20th Anniversary Event
Authors: Veronica Schmitt
2021-09-24

🦝 Welcome to the Security Village

Conference:  KubeCon + CloudNativeCon Europe 2023
Authors: Marina Moore
2023-04-19

Nuthin But A G Thang: Evolution of Cellular Networks

Conference:  Defcon 31
Authors: Tracy Mosley Trenchant
2023-08-01

Everything has Changed in iOS 14, but Jailbreak is Eternal

Conference:  BlackHat USA 2021
Authors:
2021-08-05

Reverse Engineering the Tesla Battery Management System for Moar Powerrr!

Conference:  Defcon 28
Authors:
2020-08-01

Playback: A TLS 1.3 Story

Conference:  BlackHat USA 2018
Authors:
2018-08-09