At several points over the last 20 years, I’ve thought that Time as Service (TaaS) was a no brainer. But they’re still not widely available and widely adopted. I’ve also thought that the people won’t necessarily use it if they need to pay – unless, of course, they have a legal requirement to do so.
TaaS Has a Fine History
The story of the Belleville family taking time from the Royal Greenwich Observatory every day and distributing it to clock shops throughout London is a fascinating one. A service that even survived competition from the telegraph that continued right up to the 1930s.
BT’s TIM Speaking Clock began in London in 1936, went nationwide in 1942 and still operates today. TIM derived its time from the Rugby Time Signal, again from the Royal Greenwich Observatory, which is now managed by the National Physical Laboratory (NPL). Its forte was to deliver time and frequency to ‘off air’ laboratory setups for calibration that required traceability to national standards.
Internet Time and NTP
David L Mills from the University of Delaware led the development of the Network Time Protocol (NTP) in the mid 1980s, meaning NTP is one of the oldest Internet protocols still in use today.
NTP is ubiquitous in networks but has not really been used for a Cloud-based Time as a Service for two main reasons:
Security
NTP uses UDP on Port 123. This port has been used many times over the years as an attack vector for networks. These attacks are not aimed at your time service but aim to take control of your network. Corporate firewalls tend to block Port 123!
GPS and GNSS
The ability to resolve position and time from the ‘Coarse Acquisition’ signal of the military GPS system led to the development of commercial NTP time servers deriving their time from GPS. This allowed NTP to synchronise computers across your network without NTP packets from the Internet.
Traceable Time Requirements
The development of traceable computer time is a reaction to various financial and corporate scandals.
Around the turn of the century there were few strict time requirements in trading. In the US, there was a system that stamped paper trading tickets with time derived from a dial-up system provided by NIST. The system delivered time guaranteed to within five seconds.
I worked with a London trader back in 2000 that traded in Tokyo, where the time requirements for trading were to within 30 seconds, effectively meaning it was easy to sell stocks before you bought them!
High Frequency Trading drove the EU’s MiFID II, including traceable time stamping requirements. In the UK, NPL has a limited but successful traceable time service available in just a few locations. However, the EU currently considers a satellite system that contributes to UTC to be traceable for the purposes of MiFID II.
Wider Security Concerns
GNSS derived time does address the UDP Port 123 security issue, but GNSS has its own security issues. Not so much to your wider network but to the time and position of your equipment.
GNSS signals are very low power and all in the same frequency range making them vulnerable to jamming. A well-designed time system should be able to ‘holdover’ time during such an incident. This may not be an intentional attack but perhaps someone using a company vehicle that doesn’t want their employers to know where they are.
Increasing time requirements in Critical National Infrastructure (CNI), such as the Electricity Grid, does make the effort of long-term jamming or spoofing (sending false signals to change to time and or omission of a device) more attractive for large criminal or national actors.
Summary: Are We There Yet?
The security concerns around CNI are finally driving us to the TaaS model, although this may not be a cloud-based system as many would believe. Although driven by CNI concerns, these systems will hope for wider adoption.
There are UK projects working towards distribution of traceable time through fibre, low frequency radio (eLORAN) and Low Earth Orbit (LEO) Satellite systems.
These systems have momentum but will need worldwide adoption to succeed – a multinational bank will want the same service in Singapore, New York and Frankfurt. Will one or more of them get over the line?
Please visit the Chronos Times area of our website to read the latest Insights and Bitesize articles, learn about our attendance at recent Events and much more.