[time-nuts] Time security musing - attacking the clock itself

Hal Murray hmurray at megapathdsl.net
Tue Dec 4 04:22:42 UTC 2012

jimlux at earthlink.net said:
> The question is: "Can I distribute timing information through a network
> reliably"

I think so.  The better question is how accurately?

Assume client and server share a secret key and the server is trustworthy.  
Assume the protocol allows the client to put a magic number (nonce) in the 

All the bad-guy can do is delay and/or replay packets.  Everything else gets 
rejected by the crypto layer.

It's easy for the client to discard duplicate answers.  That leaves us with just the problem of processing delayed packets.

The client can measure the round-trip-time.  That translates into how-accurate.

If the bad-guy delays client-to-server packets (requests), the time will be off in one direction.  If the bad-guy delays server-client packets (responses), the clock will be off in the other direction.

These are my opinions.  I hate spam.

More information about the time-nuts mailing list