Notes
Slide Show
Outline
1
Time for Security
  • NEISUG Meeting - Microsoft Waltham Office
  • November 21, 2002
2
Definition of Time
  • A second is defined as 9,192,631,770 transitions of a cesium atom measured by a crystal oscillator
  • Time is maintained nationally by National Institute of Standards and Technology (NIST) which functions as the primary US National Metrology Institute (NMI)
  • The Convention of the Metre created The Bureau International des Poids et Mesures (BIPM)
  • The BIPM maintains Coordinated Universal Time (UTC) by comparing input from NMI members around the world
  • NIST is the legal owner of commercial time, not the USNO
3
Why is time important to Security?
  • Audit logging
    • Computer Security Systems are effective when audit logs are accurate to UTC
      • Comparing firewall logs after an DDoS attack on three different sites is difficult if the logs are not synchronized
      • If the administrator can easily change the clock, events can be pasted into the time frame of the violation
  • Expiration of rights / Access control list
    • Access to resources during business hours
      • When John Doe in accounting goes home, he should not have access to payroll information
      • Digital certificate expires and OCSP is out of synch
4
 
5
How do you get the right time?
  • The Network Time Protocol is the easiest method for synchronization
    • Most operating systems natively support NTP v3
      • Windows 2000 requires a couple registry hacks to get W32Time to support a NTP server as the primary reference
      • Linux and Unix have NTP daemons that require some simple conf file changes
    • NTP will calculate network latency from your device to the time reference making it accurate
      • NTP is configured to run at a schedule to meet your requirements
      • NTP is FREE
6
NTP Sources and some problems
  • Sources
    • NIST, US Naval Observatory, and many other sources provide free NTP v3 servers
    • There are many freeware, shareware, and COTS synchronization and scheduling applications that use internal or external NTP servers
  • Issues with NTP
    • NTP v3 lacks high security, NTP v4 is secure but not widely available
    • Internet based NTP servers are susceptible to man in the middle attacks
    • Lack of historic record and auditable proof of time records
      • Four years from now, how will you prove that your current time supplied by NIST has been correct for the past 6 months?
7
Time Stamping – Cryptographic Proof of Time
  • RFC 3161 – Time Stamping Protocol
    • Time stamping is objective third party proof that a datum existed at a point of time
    • Data + Date + Time > Hashed > Digital Signed = Time Stamp
  • Benefits of Time Stamping
    • Uses cryptography to bind data (event logs, email, etc) to the correct date and time
    • Provides proof that an objective party (trusted clock) agreed that the date and time were correct and the data existed


    • For more information see www.ietf.org RFC 3161
8
Addition Questions
  • Email me if you have additional questions regarding
    • PKI, digital signatures, security technology
    • FIPS 140-2 or Common Criteria
    • Time synchronization or time stamping
    • UTC, NMI, atomic clocks, phase shift, and trailing edges

  • Do not email me if it is a chain letter, joke, length related spam, MLM scheme, etcetera


  • Scott Mustard – neisug@mustard.net
9
The vendor plug
  • Symmetricom is a 40 year leader in timing devices
  • NTP v4 SyncServer
    • Linux based NTP v4, v3, v2 server
    • First NTP v4 server
  • Time Stamping – StampServer SA200n
    • Secure Execution Environment (SEE from nCipher) stores application, keys, and the clock
  • FREE NTP SOFTWARE IN BACK for everyone… no popups, ads, spyware, etc


  • For more information visit www.trusted-time.com
  • Or www.symmetricom.com