Transcript Power Matters. TM

Power Matters.TM
GPS & Cybersecurity
Paul Skoog
Sr. Product Manager
© 2016 Microsemi Corporation. COMPANY PROPRIETARY
1
About Microsemi Corporation (Nasdaq: MSCC)
 Global provider of
 Leading supplier of
synchronization and
semiconductor solutions
– Focused on applications for
delivering accuracy, reliability,
security and performance
timing infrastructure
• 93% of UTC world time
“contributions”*
• 60%+ worldwide market
share in synchronization for
commercial communications
• Tens of thousands of NTP
Network Time Servers sold
Corporate headquarters in Aliso Viejo, CA
*Weighted contributions at BIPM:
Microsemi Cesiums 87%, MASERs 6%
© 2016 Microsemi Corporation.
Power Matters.TM
2
The Three GPS Segments
•
•
Ground
Antennas
Monitor Stations
Master Control
Station
•
•
•
•
•
•
Positioning
Navigation
Timing
Communications
Energy
Mapping & Surveying
© 2016 Microsemi Corporation.
•
Critical Infrastructure
Control Segment
•
User Segment
Space Segment
Vital to Multiple Types of User Segment Infrastructures
•
•
•
•
•
Computer Network
Operations
Financial Systems
Radar Systems
Telecom Systems
SatCom Systems
And more…
Power Matters.TM
3
The Role of Timing in Cybersecurity
Accurate & Reliable UTC Time Stamps Are Essential!
 Log File Time Stamp Accuracy
• Security information and event management (SIEM)
– Centralized storage/interpretation of logs for near realtime analysis enabling quick defensive actions
• Event monitoring systems
– Dependent on log file time stamps being correct and
consistent; UTC is underlying time scale
– Clock skew between computers causes log file
correlation issues
 Client/Server Time
Payment Card Industry
Data Security Standard
Synchronization
• Kerberos Client/Server
Authentication
– Precise clock alignment allows
for limited authentication ticket validity
– Protects against replay attacks
Requires… “Time synchronization
technology…to compare log files from
different systems [to] establish an exact
sequence of event (crucial for forensic
analysis in the event of a breach)”
PCI-DSS Version 3.2 April 2016
© 2016 Microsemi Corporation.
Power Matters.TM
4
GPS – Networking Connection
An Accurate & Reliable Worldwide Source of UTC Time
GPS
• Provides
accurate/reliable
time
• Relatively
ubiquitous source
of UTC
• Subject to jamming
and spoofing*
Network
Infrastructure
GPS
Referenced
NTP Network
Time Servers
*GPS jamming (intentional
and unintentional) is one of
the top three “issues”
concerning GPS in 2016.
– GPS World, September 2016
• Requires
accurate/reliable time
• Uses UTC
• Uses a common
protocol, NTP, to
synchronize to UTC
• Subject to cyber
attacks**
**NTP is considered one of the
most vulnerable network services
and has one of the fastest growth
trends as a DDoS target.
- Akamai Technologies, June 2016
© 2016 Microsemi Corporation.
Power Matters.TM
5
New Protection Technologies Available
Meeting Accuracy, Reliability & Security Imperatives
Microsemi SyncServer S600
Microsemi SyncServer S650
© 2016 Microsemi Corporation.
Power Matters.TM
6
GPS Jamming Effect On Time Servers
Analogous to Unplugging the GPS Antenna
Without GPS this is a fly
wheeling/free running
oscillator, aka “clock”
Time Server
GPS Jammer
Phase Comparator
GPS Receiver
1PPS
Time of Day
+
1PPS
Difference
Timing
Processor
Frequency
Adjustment
UTC
Time-of-Day
to network
infrastructure
Oscillator
 GPS jamming unlocks internal GPS signal/satellite tracking
(just like an antenna disconnect)
 If GPS is unlocked, timing system does not use the GPS timing signals
 Timing subsystem goes into “holdover” or “fly wheeling” on the installed oscillator
 Network administrator notified via SNMP trap
© 2016 Microsemi Corporation.
Power Matters.TM
7
S600/650 Clock Technology
Extremely High Accuracy, Holdover Are Crucial
 Hardware clock accuracy
• <15 nanoseconds RMS to UTC(USNO)
while tracking GPS
...........
Precise &
Accurate
 24 hour holdover accuracy
Standard
400 microseconds
OCXO
25 microseconds (16x better than
standard)
Rubidium
<1 microsecond (<3 us at 3 days)
© 2016 Microsemi Corporation.
Power Matters.TM
8
Network Attacks on NTP Time Servers
Synchronizing to “Free Time” Is a Risky Practice
 Typical Types of Attacks
• Distributed Denial of Service (DDoS)
• NTP Amplification using Spoofed Addresses
 Security
• Publically accessible NTP Servers are popular
DDoS targets (1)
CAUTION
Use “Free” Internet
Time Servers at your
own risk
– “No. 1 attack method launched against cyber researchers and corporate infrastructure was network
time protocol (NTP)”(1)
• Subject to MITM attacks
• Used for NTP amplification attacks
• Port 123 must be open in firewall
 Reliability – access to the time
• Pool.ntp.org “is being used by millions or tens of millions of systems around the world.” (2)
• “Because of the large number of users [they] are in need of more servers.” (2)
• No monitoring/alerting of the public time server system health
 Accuracy
• Documented cases of the wrong time deliberately being served
1. https://defensesystems.com/articles/2016/05/06/cyber-researchers-become-hacker-target.aspx May 6, 2016
2. pool.ntp.org
© 2016 Microsemi Corporation.
Power Matters.TM
9
NTP Time Server Security Precautions
Tighten Standard Precautions with the NTP ReflectorTM
 Access Control Lists
 NTP Client/Server Authentication
• MD5, Autokey
 Management Security & Authentication


• SSH, HTTPS
• TACACS+, RADIUS, LDAP
 Security-Hardened NTP Reflector
© 2016 Microsemi Corporation.
Power Matters.TM
10
Security-Hardened NTP Reflector Technology
Hardware-Based Ultra Accurate, High Capacity NTP Operations
SyncServer S600/S650
100% hardwarebased NTP
N
e
t
w
o
r
k
Inbound NTP Packets
Time-Stamped NTP Packets
Non-NTP Traffic

CPU
FPGA
NTP Reflector

 Eliminates amplified NTP packet
attacks
 Protects CPU from DoS attacks
 All packets to CPU are bandwidth
limited (user set)
 Notify user of NTP and general
network packet load changes
“Bit Bucket”
© 2016 Microsemi Corporation.
Power Matters.TM
11
Why You Need a Security-Hardened NTP Reflector
Resistant to Nearly All Kinds of Network Attacks
NTP reflector ports are high performance, high accuracy & ultra secure.
Security
Performance
 DDoS NTP attacks cannot bring the
ports or time server down
 Not susceptible to reflection
amplification attacks as only small,
standard NTP packets are served
 Cannot be disrupted by malformed
NTP packets as they will be dropped
 Soft packets passed through are
bandwidth limited and restricted
only to packets necessary to
configure the port on the network
(i.e. ARP, ping, etc.)
 Timestamp accuracy 15 ns RMS to




UTC, load independent
Port by port packet limiting
Denial of service detection and
alarming
Can accommodate >120,000 NTP
requests per second
NTP packet processing load does not
impact other server operations
© 2016 Microsemi Corporation.
Power Matters.TM
12
GPS Timing & Cybersecurity Are Linked
Secure, Reliable Time Is Essential for Cybersecurity
GPS
Cybersecurity
UTC Time Reference
UTC Time Consumer
Microsemi SyncServer S600/S650
GPS-Referenced NTP Time Server
Critical cybersecurity systems rely on log files with precise and accurate
time stamps to operate effectively.
 Microsemi merges the best of timing and networking technology in a
single chassis to meet the needs of cybersecurity systems…
• Extremely accurate with excellent GPS jamming protection using
atomic clocks
• Security-hardened SyncServer S600/S650 NTP reflector protects
against the most prevalent cybersecurity attacks
© 2016 Microsemi Corporation.
Power Matters.TM
13
Questions?
Paul Skoog
[email protected]
Microsemi Corporate Headquarters
One Enterprise, Aliso Viejo, CA 92656 USA
Within the USA: +1 (800) 713-4113
Outside the USA: +1 (949) 380-6100
Sales: +1 (949) 380-6136
Fax: +1 (949) 215-4996
email: [email protected]
www.microsemi.com
©2016 Microsemi Corporation. All rights reserved.
Microsemi and the Microsemi logo are registered
trademarks of Microsemi Corporation. All other
trademarks and service marks are the property of
their respective owners.
Microsemi Corporation (Nasdaq: MSCC) offers a comprehensive portfolio of semiconductor and system solutions for
aerospace & defense, communications, data center and industrial markets. Products include high-performance and
radiation-hardened analog mixed-signal integrated circuits, FPGAs, SoCs and ASICs; power management products;
timing and synchronization devices and precise time solutions, setting the world's standard for time; voice processing
devices; RF solutions; discrete components; enterprise storage and communication solutions, security technologies and
scalable anti-tamper products; Ethernet solutions; Power-over-Ethernet ICs and midspans; as well as custom design
capabilities and services. Microsemi is headquartered in Aliso Viejo, Calif., and has approximately 4,800 employees
globally. Learn more at www.microsemi.com
Microsemi makes no warranty, representation, or guarantee regarding the information contained herein or the suitability of its products and services for
any particular purpose, nor does Microsemi assume any liability whatsoever arising out of the application or use of any product or circuit. The products
sold hereunder and any other products sold by Microsemi have been subject to limited testing and should not be used in conjunction with mission-critical
equipment or applications. Any performance specifications are believed to be reliable but are not verified, and Buyer must conduct and complete all
performance and other testing of the products, alone and together with, or installed in, any end-products. Buyer shall not rely on any data and
performance specifications or parameters provided by Microsemi. It is the Buyer’s responsibility to independently determine suitability of any products and
to test and verify the same. The information provided by Microsemi hereunder is provided “as is, where is” and with all faults, and the entire risk
associated with such information is entirely with the Buyer. Microsemi does not grant, explicitly or implicitly, to any party any patent rights, licenses, or any
other IP rights, whether with regard to such information itself or anything described by such information. Information provided in this document is
proprietary to Microsemi, and Microsemi reserves the right to make any changes to the information in this document or to any products and services at
any time without notice.
© 2016 Microsemi Corporation.
Power Matters.TM
14