On January 26, 2016, time went wrong. As the Space Command division for the the US Air Force began to decommission SVN 23, a satellite in the GPS constellation, things went awry – by a whole 13 microseconds.
Fifteen GPS satellites broadcast the wrong time, immediately causing issues on the Earth below. In a post-mortem, time-monitoring company Chronos detailed numerous anonymous telecoms customers who suffered 12 hours of system errors, while BBC Radio also experienced disruptions.
Time bandits
As those affected by the error can attest, accurate timekeeping has become increasingly important to computer networks. Distributed systems need to be synchronized, and some require traceable and accurate timestamps for everything from financial transactions, to alarm events, to the time and duration of phone calls.
Network Time Protocol (NTP) servers do some of the work, but mission-critical or large-scale applications often run their own network time servers for increased security and redundancy. For more accurate time synchronization, Precision Time Protocol (PTP) is used (see boxout below for more).
With new regulations around the corner, understanding how to keep time, and how to prepare for when clocks go bad, is becoming crucial for an increasing number of businesses.
For example, the financial sector will be subject to the EU’s Markets in Financial Instruments Directive II (MiFID II) from January 2018, in which subsection RTS 25 requires timestamping to be 1,000 times more accurate than is required by current legislation.
MiFID II “has been put forward in a very, very robust way,” the National Physical Laboratory’s strategic business development manager Dr Leon Lobo told DCD. “They’ve specified the traceability requirements, and the figures that they’ve put forward necessitate infrastructural upgrades. IT systems need to be upgraded.”
NPL acts as the UK’s National Measurement Institute, looking after Coordinated Universal Time (UTC), the world’s primary clock standard.
Another regulation to watch out for is the Payment Card Industry Data Security Standard. Jeremy Onyan, director of time sensitive networks at precision time and frequency instruments manufacturer Spectracom, said: “There’s a section there, 10.4, that’s all about accurate and traceable time. Traceable is the key word because if you’re using time off the Internet, it may seem sufficient for your application, but it’s in no way traceable.
“If there is ever an event, especially in a distributed system, and you wanted to correlate how hackers got in and what they did, it’s almost impossible to do because the disparity in the timestamps if you’re using Internet-based time is so big that it’s not even usable in a lot of cases.”
Most organizations trying to track time turn to satellite receivers, but are then reliant on the satellites being accurate – predominantly via GPS, but also via other Global Navigation Satellite System (GNSS) networks such as GLONASS, Galileo and Beidou.
A lot of the receivers used for this task “are repurposed navigational receivers, that are dumb or naive – they’re just taking the time from the satellite stream, and they’re not qualifying or error checking it,” Ron Holm, sales and marketing manager of time and frequency company EndRun, said.
“In the case of the January 2016 error, a smart receiver would have looked at that, done some integrity checks, not only on that part of the GPS data, but on other aspects of the GPS data, to reject that input.”
Even with a smart receiver, however, the GPS signal itself can be susceptible to jamming or spoofing.
We’re jammin’
“Jamming is becoming more prevalent particularly because the devices are very cheap to buy and the jamming is often inadvertent,” Dr Lobo said. “It’s a van driver taking out the tracker in his vehicle to prevent his boss knowing where he is. So he inadvertently is taking out the city block – that sort of an event is occurring on a regular basis.”
Onyan concurred: ”Look at most data centers, where are they typically located? They’re in warehousing districts or manufacturing districts, places where they’ve got lots of big buildings, and you’ve got trucks driving by all the time. All it takes is somebody driving by with a jammer.”
Much of the conversation around GPS jamming is anecdotal, with Equinix’s LD4 data center in Slough being one of the few to publicly discuss GPS interference. In that case, the issue was with a 20 year old ‘rogue GPS antenna’ that was reflecting a powerful GPS signal and accidentally jamming those around it.
Outside of data centers, one example frequently cited is that of Newark Airport, which in 2009 opened a new GNSS-based landing approach system. “For two years they were struggling to get it to work – sometimes it’d work great, sometimes it wouldn’t, and they just couldn’t figure it out,” Onyan said.
“So they called in the FCC who came in with some special equipment and discovered that there was a red Ford pickup truck that one of the contractors working the site was using which had one of these jammers installed. Every time he was on site, he was taking down their landing approaches without meaning to.”
In a 2014 report on such GNSS interference and jamming, Chronos looked at how widespread the issue was at the time.
“Jamming is getting worse,” the paper by Professor Charles Curry said. “Some probes are now detecting five to ten events per day; over 50 websites are actively selling jammers; and the devices being seized by law enforcement agencies are now more powerful and so have considerably greater jamming ranges.
“Whereas in 2008 GPS was the only satellite [Positioning, Navigation & Timing] system under threat, and jamming targeted its L1 frequency alone, now all frequencies of all GNSS are under attack.”
When a signal is jammed, or otherwise interrupted, time servers have a backup ready to take over. They go into ‘holdover’ and turn to what are essentially uninterruptible power supplies for time: crystal oscillators. These electronic circuits use the mechanical resonance of a vibrating crystal of piezoelectric material to create an electrical signal with a precise frequency.
Holm explained: “The base level oscillator is typically a TCXO, a temperature compensated crystal oscillator, and that’ll provide acceptable performance for 24 hours. The next step up is an ovenized oscillator, that will provide acceptable time for approximately 30 days. An atomic oscillator provides time for several months.”
Depending on how much one spends, these oscillators are meant to keep time while the jamming, or more likely broken cable or roof antenna, are mitigated or fixed. That still leaves spoofing, which is “particularly difficult to detect,” Dr Lobo said, “because it’s about somebody drifting the time rather than it being an out and out denial of service.
“The worry is that spoofing devices are becoming easier to own and to manage. They are becoming software-defined radios, as opposed to very expensive hardware solutions.”
Spoof news
The University of Texas at Austin’s Todd Humphreys looked into the possibility of spoofing data centers in the financial sector. In a research paper, he noted that “traders could use GPS spoofing as a weapon against each other. A trader could manipulate, via GPS spoofing, the timing of a competitor’s trading engines, driving the competitor out of the marketplace during a crucial trading interval.
“After the attack, the rogue trader covers his tracks by bringing his competitor’s timing back into proper alignment with true time.”
The solution proposed by Spectracom is to turn to a different satellite system. Instead of, or in addition to, a GNSS signal from a satellite system 16-21,000 km (10-13,000 miles) above Earth, the company offers access to the Iridium constellation launched by Motorola in the ’90s, in low earth orbit – at 800 km (500 miles).
“This is encrypted,” Onyan said. Which makes it harder to spoof “because you need to know both the encryption key, which is RSA-level encryption, and you also need to know the serial number of the specific receiver in question.”
The other advantage is that the signal is roughly a thousand times stronger, “which means it can work indoors in most environments.”
Dr Lobo has another idea: to do away with satellites as the primary timekeeping method altogether. NPL has started to offer a precise time service, NPLTime, over fiber in the UK, with plans to expand access to Europe and beyond.
“We are delivering over fiber infrastructure in a completely managed way, so we are monitoring the latency to every endpoint on the network and effectively offsetting the time at those endpoints, as a result what’s coming out of those end points is exactly the same as what’s going in,” Lobo said.
“We see it as the replacement where GPS could form a second priority input as a backup system, but the primary traceability requirement for MiFID II is easily satisfied by this managed service that we are providing, where we provide certification of the accuracy at that point of ingress in a customer’s infrastructure.”
The time measurement is provided directly by NPL’s cesium fountain clock, NPL CsF2.
In it, a gas of cesium atoms is introduced into the clock’s vacuum chamber. Six opposing infrared laser beams then “cool the atoms down to near absolute zero temperatures and stop them vibrating.”
The two vertical lasers gently toss the ball upward, before letting it fall back down in a round trip time of about one second.
“Effectively if it was considered to be a clock, it would lose or gain a second over 158 million years,” Lobo said.
But NPL is not content to stay at that level of accuracy – it is currently working on a clock where “you’re looking at losing or gaining a second over the lifetime of the universe – 13.8 billion years. So there’s some pretty significant capabilities there.”
Questions remain over whether data centers will need that level of temporal accuracy, but one day we will find out – after all, it’s just a matter of time.
This article appeared in the August/September issue of DCD Magazine. Subscribe to the digital and paper editions here.