While GPS spoofing is technically possible, all the extant spoofing only tampers with the ephemeris (satellite position) data, not the timing stream. That's because hackers have been aiming at navigation, and may not have expressed interest in GPS tampering when NTP tampering is so easy 🙂
To spoof GPS clocks, a hacker has to know where the antennas are, and get above them in order to inject a signal with the right directionality. Commercial GPS clock vendors have implemented various anti-spoofing measures that, for example, only accept signals from a certain cone of visibility, which faces up. They have other measures too, some of which exploit geographic diversity, so if you can have two or more GPS clocks in different hub sites, the clocks will reject spoofing signals. This seems like a much easier defense than deploying secure NTP (NTS), which adds a huge amount of complexity. At least one researcher has shown that poluting the existing public NTP pool with enough bogus servers to seriously impact network time is trivial (I cited their paper in an earlier post on this thread). A well funded state actor could be laying the framework for such an attack as we speak, lying in wait until an opportunity to disrupt Internet NTP globally. -mel ________________________________ From: NANOG <nanog-bounces+mel=beckman....@nanog.org> on behalf of Jay Hennigan <j...@west.net> Sent: Wednesday, August 9, 2023 10:58 AM To: nanog@nanog.org <nanog@nanog.org> Subject: Re: NTP Sync Issue Across Tata (Europe) On 8/9/23 09:29, Seth Mattinen via NANOG wrote: > I liked having a WWVB receiver in my mix, but all the hardware > appliances (at least those offering OCXO or Rubidium oscillator options) > seem to have rejected it in favor of GPS only. I can only conclude that > either vendors think options like WWVB are a dead end or there's no > demand for GPS alternatives. Both GPS and WWVB are over-the-air. There has been concern expressed of a bad actor spoofing or jamming GPS. Comparatively speaking, jamming or spoofing WWVB is a trivial joke. -- Jay Hennigan - j...@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV
