[ntp:hackers] NTP Stratum FYI - L1 GPS sucks as a source of trusted time & you probably wont like this commentary!

todd glassey tglassey at earthlink.net
Mon Feb 28 20:57:58 UTC 2011


>
>> Here is the deal, L1 GPS is a really unreliable time service since its
>> for most all of us based on non-military L1 GPS services which can be
>> hacked by a third grader with the ability to google "GPS SImulator" or
>
> That's bogus.

Hmmmm... I can introduce you to a local Judge here who no longer uses 
GPS Tracking Bracelets on high-risk prisoners who used to say the same 
thing...
>
>> "GPS Jammers". In fact L1 can be jammed by small and easily purchased
>
> Jamming is indeed easy, but doesn't matter at all, since that just 
> leaves you without any PPS signal.
If NMEA time signal is used it also leaves you without it as well.
>> devices from Radio Shack and other electronics resellers, in fact NAVCEN
>> and others have specific warnings posted about this.
>
> The only interesting threat model for a GPS-based NTP server with a 
> high-quality local osc is a full-on GPS simulator setup in the 
> vicinity of your GPS antenna:
>
> This simulator must then start out with the correct time, then slew 
> the time at a rate that is so close to zero that the local osc can be 
> persuaded to follow it.
Not actually... and you make a number of assumptions about the GPS 
recvievers which simply are not proven yet... but assuming you are 
correct there the issue is that the GPS source of time data is not 
provable... and neither are network models where you use unauthenticated 
ANYTHING to prove that data out.
>
> BTW, Todd, I would be really happy if this was the last time I had to 
> read another of your complaints about insufficient authentication for 
> timestamps. :-(
>
> Terje
Why because you are offended anyone would ask you to prove anything?

Todd


More information about the hackers mailing list