[time-nuts] Time security musing - attacking the clock itself
Hal Murray
hmurray at megapathdsl.net
Tue Dec 4 04:22:42 UTC 2012
jimlux at earthlink.net said:
> The question is: "Can I distribute timing information through a network
> reliably"
I think so. The better question is how accurately?
Assume client and server share a secret key and the server is trustworthy.
Assume the protocol allows the client to put a magic number (nonce) in the
packet.
All the bad-guy can do is delay and/or replay packets. Everything else gets
rejected by the crypto layer.
It's easy for the client to discard duplicate answers. That leaves us with just the problem of processing delayed packets.
The client can measure the round-trip-time. That translates into how-accurate.
If the bad-guy delays client-to-server packets (requests), the time will be off in one direction. If the bad-guy delays server-client packets (responses), the clock will be off in the other direction.
--
These are my opinions. I hate spam.
More information about the time-nuts
mailing list