[time-nuts] Time security musing - attacking the clock itself

Russell Rezaian r.rezaian at earthlink.net
Tue Dec 4 16:50:46 UTC 2012


CDMA requires accurate time information in the air interface as part of 
the low level protocol.

 From the standards documents I have read, and the BTS devices I 
personally have had exposure to, this always comes from GPS.

The air interface for CDMA also includes a local time offset that is 
used along with the time signal to drive time of day for most feature 
phones.  Smart phones can ignore all of this.  And the local time offset 
can be wrong and the phone will still work, so even phones that display 
the CDMA time may be off by hours if the LTO is wrong.

 From a security standpoint CDMA can provide an extra data point to 
check a local GPS receiver, but it's not really any better than if you 
just had a few extra GPS receivers.  And given that CDMA is a fairly 
short range radio signal, those extra CDMA provided GPS receivers are 
all still fairly close to each other physically (normally within a few 
miles at most).

So using CDMA as a backup time source might be useful, but still leaves 
you vulnerable to any wide area disruption to GPS.
--
Russell



More information about the time-nuts mailing list