Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

SoK: State of the time: On Trustworthiness of Digital Clocks

Adeel Nasrullah, Fatima M. Anwar

TL;DR

This paper addresses the vulnerability of critical CPS timing infrastructure by providing the first comprehensive systematization of timing security across hardware, software, and network layers. It introduces a holistic timing framework that reveals previously overlooked attack surfaces, including physical timing components and on-device timekeeping, and analyzes the limitations of current trusted timing architectures. The authors categorize defenses into system-based and theoretical approaches, discuss their respective strengths and gaps, and propose a hardware-software co-design toward a system-wide trusted timing stack centered on a fixed-frequency monotonic counter $\boldsymbol{\mathbf{C}}$ and a dedicated time-sync co-processor. The work offers concrete recommendations for secure time design, emphasizes the need for formal verification in conjunction with system design, and outlines directions for building robust, globally reliable timing infrastructure with practical impact for PKI, smart grids, AVs, and finance.

Abstract

Despite the critical role of timing infrastructure in enabling essential services, from public key infrastructure and smart grids to autonomous navigation and high-frequency trading, modern timing stacks remain highly vulnerable to malicious attacks. These threats emerge due to several reasons, including inadequate security mechanisms, the timing architectures unique vulnerability to delays, and implementation issues. In this paper, we aim to obtain a holistic understanding of the issues that make the timing stacks vulnerable to adversarial manipulations, what the challenges are in securing them, and what solutions can be borrowed from the research community to address them. To this end, we perform a systematic analysis of the security vulnerabilities of the timing stack. In doing so, we discover new attack surfaces, i.e., physical timing components and on-device timekeeping, which are often overlooked by existing research that predominantly studies the security of time synchronization protocols. We also show that the emerging trusted timing architectures are flawed and risk compromising wider system security, and propose an alternative design using hardware-software co-design.

SoK: State of the time: On Trustworthiness of Digital Clocks

TL;DR

This paper addresses the vulnerability of critical CPS timing infrastructure by providing the first comprehensive systematization of timing security across hardware, software, and network layers. It introduces a holistic timing framework that reveals previously overlooked attack surfaces, including physical timing components and on-device timekeeping, and analyzes the limitations of current trusted timing architectures. The authors categorize defenses into system-based and theoretical approaches, discuss their respective strengths and gaps, and propose a hardware-software co-design toward a system-wide trusted timing stack centered on a fixed-frequency monotonic counter and a dedicated time-sync co-processor. The work offers concrete recommendations for secure time design, emphasizes the need for formal verification in conjunction with system design, and outlines directions for building robust, globally reliable timing infrastructure with practical impact for PKI, smart grids, AVs, and finance.

Abstract

Despite the critical role of timing infrastructure in enabling essential services, from public key infrastructure and smart grids to autonomous navigation and high-frequency trading, modern timing stacks remain highly vulnerable to malicious attacks. These threats emerge due to several reasons, including inadequate security mechanisms, the timing architectures unique vulnerability to delays, and implementation issues. In this paper, we aim to obtain a holistic understanding of the issues that make the timing stacks vulnerable to adversarial manipulations, what the challenges are in securing them, and what solutions can be borrowed from the research community to address them. To this end, we perform a systematic analysis of the security vulnerabilities of the timing stack. In doing so, we discover new attack surfaces, i.e., physical timing components and on-device timekeeping, which are often overlooked by existing research that predominantly studies the security of time synchronization protocols. We also show that the emerging trusted timing architectures are flawed and risk compromising wider system security, and propose an alternative design using hardware-software co-design.

Paper Structure

This paper contains 26 sections, 6 figures, 6 tables.

Table of Contents

  1. Introduction
  2. Background
  3. Timing Stack Basics
  4. Temporal Manipulations
  5. Timing Attacks and CPS
  6. Systematization
  7. Hardware Issues
  8. Physical Side Channels
  9. Design Limitations
  10. Software Issues
  11. System Software Bugs
  12. TEE Limitations
  13. Network Issues
  14. Limited Use of Authentication Mechanisms
  15. Availability Issues
  16. ...and 11 more sections

Figures (6)

  • Figure 1: Time stack in a modern CPS
  • Figure 2: (a) Two-way time synchronization. (b) One-way time synchronization.
  • Figure 3: (a) T represents the system time under normal conditions. A1, A2, and A3 illustrate the time under time travel, warping, and uncertainty attacks, respectively. (b) Agent U obtains its time from another agent, T, assuming instantaneous time transfer. After time $t_2$, an attacker takes control of agent $T$ and delays the time transfer by a duration $0 \leq \delta t \leq \infty$.
  • Figure 4: Various components of a typical CPS and their interactions that may be exploited by an adversary to attack its time stack (in red).
  • Figure 5: Attack surfaces: a) general purpose platforms, b) virtualized environments and c) with a unprivileged TEE.
  • ...and 1 more figures