How does time distribution work?
Global Navigation Satellite Systems
Global Navigation Satellite Systems (GNSS) have been around since the 1970s and include a service familiar to most of us: the Global Positioning System (GPS). GNSS refers to a constellation of satellites with atomic clocks sending time and location data via radio signals to receivers on earth. This allows for good geographic coverage but comes with downsides that include: signal interference, outdated equipment and vulnerability to attack using signal jamming and spoofing.
In recent years, GNSS has become increasingly vulnerable. It has become much easier and cheaper to jam or spoof the radio signal GNSS uses to transmit time and location data. The technology is now widely available that enables malicious actors to prevent GNSS data from getting through (jamming) or to trick a GNSS receiver into accepting fake data (spoofing). With individuals able to jam or spoof these signals, there is an increasing concern of the damage that could be caused by state-sponsored actors.
Malicious attacks are not the only issue here. In recent years rollover problems, outdated equipment and loss of signal all contributed to widely reported outages such as the incident that occured in 2016 when a decommissioned satellite made the entire GPS network stray 13 microseconds from UTC and caused disruption to BBC services for several days. In 2020, the British government stated that a “large-scale GPS failure” would cost the UK “ £1 billion a day”.
Time over wired networks
But GNSS is not the only way to receive time. Networks also get time from services that use atomic clocks on earth and transmit time over wired networks. This avoids issues such as signal interference, jamming and spoofing that affects radio-based GNSS services.
When it comes to receiving time over wired networks, the options include free to use NTP/NTS services or a commercial time-as-a-service using PTP.
Network Time Protocol (NTP)
This is the most common way to receive time and has the advantage of being free, easy to set up and available over the public Internet. However, NTP services typically use connections meant for other data traffic. As these connections are not optimised for highly accurate time, there can be latency and asymmetry issues.
NTP uses a stratum model with the hierarchy based on how close a time server is to the reference clock. It is easy to take time from NTP servers with approximately 3,000 publicly available NTP servers on the Internet today. You can find a good overview of what to consider when selecting and connecting to NTP servers in this NTP best practice guide. Netnod provides a free NTP service available to anyone.
However, you should consider that NTP is an old protocol dating back to 1985. It has a number of security issues which make it vulnerable to attacks such as: packet manipulation, replay attack, amplification attack and spoofing. These security issues have been addressed by the recent Network Time Security standard.
Network Time Security (NTS)
NTS is a standard approved in 2020 that provides a much more secure version of NTP. It is free to use but is currently only available from a limited number of time services (one of which is the time service provided by Netnod.) You can find information on how to connect to an NTS service here.
NTS solves an intricate problem: how to introduce encryption into the time distribution system so as to allow time packets to be authenticated without increasing latency and affecting the accuracy of the time received. NTS does this by keeping the encryption process separate from the low latency time synchronisation. To find out more about how this works, you can read the white paper here. If you are interested in how this was implemented at a hardware level (and the benefits for even more accurate and secure time services), you can read this explanation or watch a recent presentation here.
One issue with NTP/NTS services is that they cannot guarantee high accuracy. These services, provided for free and on a best-effort basis, are usually delivered over connections meant for other data traffic. Such connections are prone to routing asymmetry and unpredictable latency which can cause timing errors unacceptable for mission-critical services that require the highest level of accuracy.
Time-as-a-Service
Networks requiring the highest level of accuracy usually choose a commercial time-as-a-service solution. For networks in Sweden and Denmark, Netnod’s time services can deliver ultra-precise time with an SLA that guarantees accuracy and reliability. The most accurate, secure and reliable time services use Precision Time Protocol (PTP). With time traceable to UTC at the level of nanoseconds (billionths of a second), PTP is far more accurate than NTP especially when delivered over a dedicated fibre. PTP avoids the security, stability and logistical problems of GNSS services and the unpredictable latency and asymmetry issues of NTP.
You can read more about Netnod’s PTP service here.
Top time tips
Setting up services to provide, calibrate, monitor and deliver accurate and secure time is extremely challenging. You have to deal with network delays and errors, routing asymmetries, the risk of malicious attacks (such as GNSS jamming/spoofing or attacks on NTP), and failover from different time sources. When you are looking at where you get your time, you should ensure you have a trusted provider with a high-level of expertise.
If you are operating a network, you should be able to answer the following questions:
- Where do you get your time?
- How accurate and secure is this time source?
- What can you compare it with to ensure accuracy?
- What happens to your network/business if this time source fails?
- What redundancy do you have in place if your time source fails or is otherwise compromised?