[ntp:hackers] NTP Stratum FYI - L1 GPS sucks as a source of trusted time & you probably wont like this commentary!

todd glassey tglassey at earthlink.net
Mon Feb 28 20:50:20 UTC 2011


> There is a good writeup of the Moss Landing event in GPS World:
>    The Hunt for RFI
>    Unjamming a Coast Harbor
>    Jan 2003
>    http://www.gpsworld.com/gnss-system/signal-processing/the-hunt-rfi-776
yea as I said - its funny all of the other links to papers and postings 
on it were splashed and removed...
>> If the question you are asking is "If a S1 Server Loses its RefClock can  I
>> reposition it as a S2", the answer is sure, but NTP.CONF would likely  have
>> to be changed and the Daemon restarted to properly reset the  service.
>> Remember this is POLICY and not TECHNOLOGY per se...
> If the GPS clock stops generating valid timestamps when it stops getting sensible GPS signals, the reference ntpd will stop using it and automatically switch over to using other configured servers.
Right but this assumes that the local policy doesn't care what stratum 
the relying party machine is. We will touch on this later in my retort 
too - remember this is about proving what time it was somewhere after 
the fact and not in the instance of that time-data's arrival per se.
> There is no need to change ntp.conf or for manual intervention.

 From a policy standpoint there critically is - the issue is whether the 
operations policy allows the RP (Relying Party) to step to a S-2 server 
because of the chain-of-custody issue with the data.  The other issue 
with GPS is that the GPS system was not designed as a source of evidence 
- in a military activity if the weapon works properly then there is 
external evidence, same is true for a malfunction.

For commercial navigation the same is true - there is human oversight. 
So where does that oversight go in a GPS based time service model? The 
answer is it never existed... so how would you prove any of this from a 
forensic standpoint Hal??? - it simply cannot be done.


Don't get me wrong its not that I am saying that GPS is bad - I am not 
saying that at all. In fact for my JPO friends let me say that GPS ROCKS 
for any number of applications and I think it is fantastic for them. But 
when "Trust which has to extend beyond the use-instance is predicated on 
GPS" it breaks. So the issue is for us how the envelope of trust 
(remember that phrase friends) is created and proven. Especially from a 
forensic context.  In time managament in systems where log aggregation 
is happening as well this is critical and there could be legal 
implications for failing to properly manage this IMHO.

Todd


More information about the hackers mailing list