[time-nuts] Time security musing - attacking the clock itself

gary lists at lazygranch.com
Tue Dec 4 05:59:26 UTC 2012

I was a bit concerned about clicking the fob for no good reason. I 
assume each click is a different number. I only use it for ebay and 
paypal. [Incidentally, they jacked the price from $5 to $30.]

Now a phone has accurate network time, so they could get really tricky 
with the time as part of the code.

I was meditating a bit on the power grid synchronization. If all the 
sites but one are in sync, then the generator whose sync is being hacked 
will have a hard time trying to feed the grid while being out of phase. 
This should be detectable electronically in the generator interface. If 
the timing is moved slowly, the the "conflict" would build slowly as well.

In the dark ages, I TAs an electronics class set up for non electrical 
engineers. I considered it kind of brutal since they tried to cover just 
about everything in one class. Well it included what we used to call 
"motors and rotors". [I suspect this isn't even taught anymore.] One of 
the lab experiments was to sync a generator to the mains. Now the 
generator was driven by a motor from the mains, so this wasn't 
particularly difficult. You would put a meter between your generator and 
the mains and drag on the shaft a bit until the phase error was zero, 
then turn the switch to connect them.

Things were going OK but then I heard a nasty sound and the lights 
flickered a bit. It turns out some curious students wanted to see what 
happened if the generator and mains were out of phase. Well, the mains wins.

It is apparently hard to move the grid.

On 12/3/2012 8:12 PM, Jim Lux wrote:
> On 12/3/12 6:34 PM, Hal Murray wrote:
>> lists at lazygranch.com said:
>>> I have one of those key fobs. Does the code somehow inform the power
>>> the be
>>> about the drift in the built in clock? Or is the time element of the
>>> code so
>>> sloppy that the drift is acceptable?
>> The magic number changes every second or so.
> Every 30 seconds or every minute.. I've seen both.  My fob is once a
> minute, the iPhone "soft fob" is 30 seconds.
>   You only have to scan a few
>> seconds either side of the correct time to find a valid match.  Every
>> time
>> the server gets a match it can update its memory of the fob time to
>> reduce
>> its searching in the future.
> Exactly, the maximum time difference is a settable parameter.
>> You could measure/compute the drift too.  I don't know if that's worth
>> the
>> effort.  It would probably change with temperature so seasonal or
>> lifestyle
>> changes could throw the prediction way off.
> I don't think they do that.. I think it's a "reset when validated"...
>> [I have no inside knowledge.  I could be totally wrong, but that seems
>> reasonable to me.  They may have a better approach.]
> It's all described on the RSA website..
> Hmm..  I suspect I could time my fob once a day, and see how many
> seconds a day it drifts.. without a timed camera it would be hard to get
> tighter than 1 second resolution..
> the iPhone one almost certainly uses the internal clock in the phone.
> _______________________________________________
> time-nuts mailing list -- time-nuts at febo.com
> To unsubscribe, go to
> https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
> and follow the instructions there.

More information about the time-nuts mailing list