In this post we will look at how network time works today and the technology that keeps it accurate and secure. Most of the digital tools that society relies on–across sectors such as finance, telecommunication, security and energy–only work with precise and reliable time synchronisation. But what goes on behind the scenes here and what happens when things go wrong?
The making of modern time
Until the 1960s, the standard definitions of time were based on the regularity of the earth’s rotation. This gave a fairly stable frequency for calculating various gradations of time and meant that a second could be defined as 1/86,400 of the mean solar day; i.e. one rotation of the earth. But in 1967, a new way of defining a second was agreed upon at the 13th General Conference on Weights and Measures (CGPM). Instead of taking the earth’s rotation as a reference, the CGPM resolved a second should be defined using an extremely stable property of the caesium-133 atom where one of its resonance frequencies is precisely 9,192,631,770 times per second. Atomic clocks were developed that used this property to measure time to an unprecedented level of accuracy [see note below].
By 1972, this led to the introduction of International Atomic Time (TAI). TAI is calculated using the weighted average time of 450 atomic clocks in 80 national laboratories worldwide. TAI is then compared to UT1, a timescale based on the mean solar day, and the two together form the primary standard by which the world regulates clocks and time: Coordinated Universal Time (UTC).
The national laboratories maintain their own local UTC and use a variety of methods for distributing this time nationally. In Sweden, the national time laboratory is run by RISE and the time is distributed by Netnod using a system of autonomous time nodes throughout the country.
Let’s take a look at how time distribution works and the different methods for sending time from an accurate source (such as an atomic clock) to networked devices like your phone or laptop.
Time distribution: from above and below
Today time is distributed to digital networks in two main ways: via GNSS or over a network using fibre, copper or wireless. Both methods have their pros and cons. For any service where time is mission critical, some combination of these methods is advisable.
Global Navigation Satellite Systems
Global Navigation Satellite Systems (GNSS) have been around since the 1970s and include a service familiar to most of us: the Global Positioning System (GPS). GNSS refers to a constellation of satellites with atomic clocks sending time and location data via radio signals to receivers on earth. This allows for good geographic coverage but comes with downsides that include: signal interference, unpredictable latency, outdated equipment and vulnerability to attack using signal jamming and spoofing.
In recent years, GNSS has become increasingly vulnerable. It has become much easier and cheaper to jam or spoof the radio signal GNSS uses to transmit time and location data. The technology is now widely available that enables malicious actors to prevent GNSS data from getting through (jamming) or to trick a GNSS receiver into accepting fake data (spoofing). With individuals able to jam or spoof these signals, there is an increasing concern of the damage that could be caused by state-sponsored actors.
Malicious attacks are not the only issue here. In recent years, rollover problems, outdated equipment, and loss of signal all contributed to widely reported outages such as the incident that occurred in 2016 when a decommissioned satellite made the entire GPS network stray 13 microseconds from UTC and caused disruption to BBC services for several days. In 2020, the British government stated that a “large-scale GPS failure” would cost the UK “ £1 billion a day”.
Time over wired networks
But GNSS is not the only way to receive time. Networks also get time from services that use atomic clocks on earth and transmit time over wired networks. This avoids issues such as signal interference, jamming and spoofing that affects radio-based GNSS services.
When it comes to receiving time over wired networks, the options include free to use NTP/NTS services or a commercial time-as-a-service using PTP.
Network Time Protocol (NTP)
This is the most common way to receive time and has the advantage of being free, easy to set up and available over the public Internet. However, NTP services typically use connections meant for other data traffic. As these connections are not optimised for highly accurate time, there can be latency and asymmetry issues.
NTP uses a stratum model with the hierarchy based on how close a time server is to the reference clock. It is easy to take time from NTP servers with approximately 3,000 publicly available NTP servers on the Internet today. You can find a good overview of what to consider when selecting and connecting to NTP servers in this NTP best practice guide. Netnod provides a free NTP service available to anyone.
However, you should consider that NTP is an old protocol dating back to 1985. It has a number of security issues which make it vulnerable to attacks such as: packet manipulation, replay attack, amplification attack and spoofing. These security issues have been addressed by the recent Network Time Security standard.
Network Time Security (NTS)
NTS is a standard approved in 2020 that provides a much more secure version of NTP. It is free to use but is currently only available from a limited number of time services (one of which is the time service provided by Netnod.) You can find information on how to connect to an NTS service here.
NTS solves an intricate problem: how to introduce encryption into the time distribution system so as to allow time packets to be authenticated without increasing latency and affecting the accuracy of the time received. NTS does this by keeping the encryption process separate from the low latency time synchronisation. To find out more about how this works, you can read the white paper here. If you are interested in how this was implemented at a hardware level (and the benefits for even more accurate and secure time services), you can read this explanation or watch a recent presentation here.
One issue with NTP/NTS services is that they cannot guarantee high accuracy. These services, provided for free and on a best-effort basis, are usually delivered over connections meant for other data traffic. Such connections are prone to routing asymmetry and unpredictable latency which can cause timing errors unacceptable for mission-critical services that require the highest level of accuracy.
Networks requiring the highest level of accuracy usually choose a commercial time-as-a-service solution. For networks in Sweden and Denmark, Netnod’s time services can deliver ultra-precise time with an SLA that guarantees accuracy and reliability. The most accurate, secure and reliable time services use Precision Time Protocol (PTP). With time traceable to UTC at the level of nanoseconds (billionths of a second), PTP is far more accurate than NTP especially when delivered over a dedicated fibre. PTP avoids the security, stability and logistical problems of GNSS services and the unpredictable latency and asymmetry issues of NTP.
You can read more about Netnod’s PTP service here.
Top time tips
Setting up services to provide, calibrate, monitor and deliver accurate and secure time is extremely challenging. You have to deal with network delays and errors, routing asymmetries, the risk of malicious attacks (such as GNSS jamming/spoofing or attacks on NTP), and failover from different time sources. When you are looking at where you get your time, you should ensure you have a trusted provider with a high-level of expertise.
If you are operating a network, you should be able to answer the following questions:
- Where do you get your time?
- How accurate and secure is this time source?
- What can you compare it with to ensure accuracy?
- What happens to your network/business if this time source fails?
- What redundancy do you have in place if your time source fails or is otherwise compromised?
If you want to discuss your network’s needs in more detail, feel free to contact one of Netnod’s time experts here. We always have time!
Note: This is a very simplified explanation. To explain in detail how atomic clocks work would require a separate post. They use the fact that to change the state of electrons around the nucleus of certain atoms, such as the caesium-133 atom, requires a very specific frequency. Atomic clocks take advantage of this consistent property using the specific frequency to effect changes in the orbit of electrons. Atomic clocks today are based on caesium, rubidium, mercury and hydrogen maser. Netnod uses caesium clocks for its time services.
This article was originally published over on the Netnod blog.