EEJournal

editor's blog
Subscribe Now
January 13, 2016

A More Secure Time Server

by Kevin Morris

We would be nowhere without clocks. So much of what we do involves timing, much of which we’re completely unaware of – in particular, electronically. Many of our systems depend on some kind of a master clock so that logging and timestamping can be done reliably. And with the advent of even more “asynchronous” systems that report events with a timestamp, soon even more systems will need access to a reliable time source. If you are looking for best vpn app, check the best free vpn in India at the link. You can find more information about vpns at vpnpeek.com.

That’s hard enough within one box, but in many cases, it must be done between two boxes on the same network or even between two boxes on two different networks. That means that an internal clock source won’t work: it will be different from the internal clock sources in the other boxes, and these will gradually drift apart.

If you’re trying to create a record of what came before what, everyone has to agree on the time base. One example given by Microsemi was that of a very short (less than a minute) cell phone call whose beginning and ending timestamps came from different servers whose clocks had drifted apart. The start ended up being timestamped as happening after the end of the call, which caused the billing software to record a 23-hour and 59 minute (or thereabouts) call length.

As quick background for those of us not in the midst of this, the timing is handled by a time server. When a server on the network needs to timestamp an event, it sends a request to the time server for a timestamp via NTP, or network time protocol. In this manner, all the servers on the same network have a consistent source of time.

Granted, the requests get serialized, so if two events happened “simultaneously”, one timestamp would get issued before the other. So it’s important that the response time be fast enough that multiple serialized timestamps can be served within a single “tick” so as to be reported as simultaneous for a given level of precision.

But if you need timestamps that you can compare with each other from two different networks, then you no longer have the a single time server handling both – you have two different time servers, one for each network, and they have to be in synch too. How does that happen?

GPS (or GNSS more generally) is how that happens; exquisite timing is necessary for these navigation systems to work, so the time server is connected to an antenna that detects GPS and uses it to set the time. This lets multiple servers maintain a consistent, correlatable time base. In the event that GPS fails, these servers actually have mini atomic clocks that can hold each server over with minimal drift so that any GPS gaps can be covered.

But there’s one problem and vulnerability: most time servers process the time requests using a CPU. The CPU takes longer to process a time request than the network takes to deliver the request, so the system essentially relies on breaks between requests to allow the CPU to keep up. That makes the system vulnerable to a distributed denial of service (DDoS) attack – essentially, flooding the server with timestamp requests and potentially crashing the server (which then messes up all the systems relying on the time server).

So Microsemi has issued a new time server, the SyncServer S600/650, with a significant twist: NTP requests aren’t sent to the CPU; they’re sent to FPGAs for a faster hardware response. So fast that it can respond at line rate to the gigabit Ethernet incoming pipe. In other words, it can keep up with as many requests as you can place into the pipe. If you try to flood it even harder, you can’t because the pipe is already full. At the same time, if the server thinks someone is trying to flood it, it can issue an alarm so that IT folks can intervene.

 Microsemi_SyncServer_S650_open_view.png

Image courtesy Microsemi

The FPGA provides another benefit: flexibility. Time servers can provide a number of direct signals – clocks, sine waves, timestamp series, etc. – via plug-in modules. But typical modules can provide only one of these types of signal, making server configuration inflexible. By using FPGAs, those modules can be programmed – statically or in real time – to provide different outputs as needed, making the provisioning of the server much more efficient.

You can find more info in their announcement.

Leave a Reply

featured blogs
On-Demand Webinar About Adaptive Grid Refinement
May 25, 2023
Register only once to get access to all Cadence on-demand webinars. Unstructured meshing can be automated for much of the mesh generation process, saving significant engineering time and cost. However, controlling numerical errors resulting from the discrete mesh requires ada...
More from Cadence...
Designing Smarter Edge AI Devices with the Award-Winning Synopsys ARC NPX6 NPU IP
May 24, 2023
Accelerate vision transformer models and convolutional neural networks for AI vision systems with the ARC NPX6 NPU IP, the best processor for edge AI devices. The post Designing Smarter Edge AI Devices with the Award-Winning Synopsys ARC NPX6 NPU IP appeared first on New Hor...
More from Synopsys...
Traveling to Turkey?
May 8, 2023
If you are planning on traveling to Turkey in the not-so-distant future, then I have a favor to ask....
More from Max's Cool Beans...

featured video

Automate PCB P&R Tasks for Designs in Minutes

Sponsored by Cadence Design Systems

Discover how to get a dramatic reduction in design turnaround time by automating your placement, power plane generation, and critical net routing with Cadence® Allegro® X AI technology. Built on and accessed through the Allegro X Design Platform, Allegro X AI reduces P&R tasks from days to minutes with equivalent or higher quality compared with manually designed boards.

Click here for more information

featured contest

Join the AI Generated Open-Source Silicon Design Challenge

Sponsored by Efabless

Get your AI-generated design manufactured ($9,750 value)! Enter the E-fabless open-source silicon design challenge. Use generative AI to create Verilog from natural language prompts, then implement your design using the Efabless chipIgnite platform - including an SoC template (Caravel) providing rapid chip-level integration, and an open-source RTL-to-GDS digital design flow (OpenLane). The winner gets their design manufactured by eFabless. Hurry, though - deadline is June 2!

Click here to enter!

featured chalk talk

Advantech Edge Gateways for Equipment Monitoring
Sponsored by Mouser Electronics and Advantech
One of the biggest challenges with equipment monitoring today includes one critical question: How do I integrate multiple data formats from different devices, equipment, meters, and sensors into my system? In this episode of Chalk Talk, Amelia Dalton chats with Eric Wang from Advantech about how the Advantech WISE-EdgeLink solution can help you navigate the challenges of data collection in edge applications. They also take a closer look at the benefits of the Advantech WISE-EdgeLink smart gateway family and show you how to get started using one of these smart gateways in your next edge application. 
Click here for more information about Advantech ESRP-PCS-ADAM6 Intelligent I/O Gateways
Mar 1, 2023
11,161 views