[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Time codes for PCs (fromn German Banking)
-----BEGIN PGP SIGNED MESSAGE-----
At 11:11 PM 1/24/96 -0500, Dave Emery wrote:
>>
>> Was the person in the basement eavesdroping or actuall performing a
>> man-in-the-middle attack?
>>
> Very much the easiest way of doing this is a classic man in the
>middle attack with two vanilla off the shelf modems and a vanilla off
>the shelf central office simulator. The modems would be tied more or
>less back to back through two serial ports and software on a laptop in
>the basement, one modem connected to the actual phone line to the central
>office and the other connected to the local wires to the targets home
>through the central office simulator. This way all traffic in both
>directions would go through the modems and software on the laptop
>allowing the connection to be taken over cleanly between packets, and
>packets to be injected and deleted as needed. I beleive that it would
>not be hard to make such a MITM decode the DTMF dialing from the target
>and dial the same number on its outgoing modem thus enabling the
>MITM to passively relay modem calls it wasn't interested in spoofing.
>And incoming modem calls could be similarly handled.
A peripheral I've long wanted to see, commonly available: ACCURATE time,
broadcast to the millisecond/microsecond/nanosecond, available from sources
as varied as TV VIR's, FM subcarriers, and other sources, available as an
easy input (via a peripheral card) to a computer.
I have a 12-year-old Heathkit "Most Accurate Clock" that I assembled myself,
and had the foresight to install it with its computer interface option.
(receives 5, 10, or 15 MHz signals broadcast from Boulder, Colorado,
containing "exact" time.)
While I've never taken the time to connect it to my PC, it provides
(through an RS232 jack) correct time with a rated accuracy of about 5
milliseconds, as I vaguely recall. (Even has a dipswitch setup on the bottom
to tell it how many 500 mile increments you are away from WWVB... corrects
for delay to a first order of magnitude.)
(BTW, if anybody knows how to easily connect it to the pc, or has the
appropriate software, please tell me The task isn't difficult from a
hardware standpoint; it's just RS-232 serial ASCII timecode at about 9600
bps which
either continuously retransmits or on request. The problem is the software:
How, exactly, do I INTERFACE such a serial input to the existing computer/RTC
combination? (Don't tell me to plug it into an unused serial jack! I'm not
stupid. I'm not a programmer, and I don't play one on TV! (I know
gates, flops, op amps, A/D, D/A, microprocessor hardware design, even some
Z-80 assy language, RF, and I've programmed in Fortran, Basic, APL, Algol,
PL/1, Pascal, LISP, but not recently and I don't enjoy it!)
(Then again, there are those "Receptor" watches which have (at least) similar
accuracy, which as I understand it work on FM subcarrier principles.)
Technology has now supplanted this old monstrosity: Even with CHEAP GPS
receivers, they put out time which is rated in accuracy to well better than
1 microsecond, and probably better than 200 nanoseconds even with S/A turned
on, and probably 100 nanoseconds with S/A off. Once GPS receivers contain
equally cheap DGPS receivers, they'll be able to tell you your location to
about 1 meter and corresponding time accuracy, about 3 nanoseconds.
I'm not particularly familiar with TV VIR signals, but I'd imagine they are
timecoded, or at least they COULD be without a lot of effort. Resolution
would be FAR better than 1 microsecond, and accuracy would be primarily
limited by knowledge of your location compared to the xmitter.
MITM attacks would be far more difficult if both ends of the data
conversation agreed on the "exact" time, and could detect transmission
delays and CHANGES in transmission delays. While it would be possible to
locally spoof the accurate timecode, a cheap version of a "disciplined
oscillator" (which any GPS receiver is going to have, anyway) would detect
such short-term spoofing trivially.
Occasionally, I've speculated on whether it might be useful to be able to
synchronize (or, at least, KNOW) to the PHASE of the 60 Hz power grid.
True, I know that the HV grid is 3-phase and most people won't know which
phase they're on anyway, but that wouldn't change (at least not frequently!)
, and I would imagine that
it might be useful. You wouldn't necessarily know which CYCLE you're on,
either, but again that might be compensated for somehow. If your computer
were talking, locally, to another computer at 4100 baud (? whatever) (7 bits
per symbol(?); equals 28.8kbps) you could "easily" agree on a particular cycle
relationship, which is going to be essentially constant over a distance of a
few tens or even hundreds of miles.
What I DON'T know (and some HV transmission engineer will probably be able
to tell me, hint hint!) is how STABLE this phase is across the entire
country? I realize that this will probably depend on who'se shipping excess
power to whom at the moment, But I'd imagine the variability will be
distinctly limited.
The biggest attraction of such a system is that the interface would probably
be trivial: Getting it from the P/S is out because they didn't anticipate
such a thing. The easiest interface might be an AC wall xformer with a
rectifying limiter and slicer (Okay, maybe just a resistor and a diode,
possibly with the addition of a comparator for precision), driving a
readable pin on an otherwise-unused RS-232 interface. (Possibly
installed similar to a dongle.) Appropriate software (yucch!) would read
the square waves, and record the phase at any one time. Such information
could be used to verify the relative synchronization between two different
computers, although it would be necessary to identify particular phases, as
I mentioned before.
BTW, if you're read this far, I think it would be appropriate to introduce
myself, despite the fact that I've already been posting to this area for a
few weeks. I'm James Dalton Bell (yes, THOSE Daltons!) and I'm in
Vancouver, Washington, USA. I may talk like a EE, but am not; I have formal
and/or informal backgrounds in Chemistry (BS Chemistry MIT 1980),
electronics (analog and digital and RF (N7IJS) and uP), physics, and keep an
eye on numerous other technical fields.
Politically, I'm 120/120 on the Nolan chart (there's some questions they
left out (that's a joke)) which means I'm a "extremist libertarian." I'm
also rather newly anarchistic, and (with all due modesty) rather inventive.
Current employment? None. Well, nothing to speak of. But you'll be hearing
more about me.
Jim Bell
Klaatu Burada Nikto Remember this. It'll become important, soon.
"Something is going to happen. Something....wonderful!"
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMQlyv/qHVDBboB2dAQHZvQP+IKeO508C7ZTA22DSELjvpWTYa0iGtTcX
U486t+8P0iC9qxq346wzxm9USae4d8NOM9wBKrio095hrKnzAZQE1BETUKCx3BJv
bywqin7Qjb87j6OECJ6S/eAh5t6LXMnDepGdUr7rw+gBxsNg7kzz10/TGh4pXKNu
D5PuGPnTY34=
=r4JO
-----END PGP SIGNATURE-----