By Brian Handrigan on Wednesday, 28 November 2018
Category: Time Synchronization

How Resilient PNT is Used in Cybersecurity

Cybersecurity is a hot topic today. Hackers are always looking to undermine our network connections and we are always trying to protect against them. 

I'm no cybersecurity expert, but I am often asked, "Can Resilient PNT be used to improve cybersecurity?"

Resoundingly, "YES" 

Here are a few simple examples: 

1. Passwords - Most secure systems require that passwords be changed periodically, say every 90-180 days. The longer a password or key stays static, the longer a hacker has time to break it. So the more often you change passwords, the more secure you will be. Imagine the increased security if you changed them every day, or even every second. Even if a hacker knew some of the passwords or keys, she/he would have to know when you are changing them and the sequence of use.

So Now, besides having a shared secret between the user and the server, we have added another dimension - that of time. Precise synchronization between the user and server offers the ability to reduce the static time interval for the use of a given key - enhancing security. For automated systems, where a human is not involved, this interval can be reduced to milliseconds.

2. Data Speed - A second example is based on the concept that data can never travel faster the the speed of light.

(This statement may be undone when data communication via quantum entanglement becomes a reality, but until then, this is a practical limitation.)

Imagine that a user logs into a classified server in Virginia remotely, claiming to be on the east coast of the USA. A legitimate user within 1000 km of the server will have a round-trip network delay time that is significantly less than that of a user half-way around the world. It is physically impossible for a distant user to face a short network delay.

Of course, network congestion can increase delays, but nothing can reduce it beyond the physical limit imposed by the speed of light. Therefore, a server that can precisely measure round-trip delay to its users can provide added security.

For secure applications, it's not unreasonable to require a high bandwidth connection, especially for critical systems, which eliminates the ambiguity in response time caused by congestion. Moreover, the variable packet delay possible in any network can be measured and compensated for.

3. Geo-location authentication - Today, we typically have three types of authentication - ways to prove you are who you claim.


Now let's imagine a fourth factor - your location. Suppose you could provide irrefutable evidence that you were in a particular location at a particular time. The new STL signal - Satellite Time and Location - provides just such a service. It transmits an encrypted​ token from low-earth orbiting satellites that can be received only within a focused beam area on earth. Reception of just one packet locates you to with a few 100 km's, but since the satellites are fast moving, successive receptions over a few minutes locate you more accurately, down to within 100 meters.

Reception of these encrypted packets requires a paid subscription to decode, but it ensures they are secure. And this method is not susceptible to a replay attack because the packets are time-stamped to the microsecond level, referenced to universal coordinated time.

Now that we have an irrefutable way to prove location, how could we use it? Consider this example: the only way I could log into a particular server is by being physically on the premises, or within the gates of another secure facility somewhere in the world. Now, STL becomes another very powerful protection measure. It allows you to completely bypass the case where a bad actor can access your server from an unauthenticated location.

 Thank you to John Fisher of Spectracom, an Orolia brand for the article.

Leave Comments