Time codes for PCs (fromn German Banking)

jim bell jimbell at pacifier.com
Fri Jan 26 17:54:19 PST 1996


-----BEGIN PGP SIGNED MESSAGE-----

At 11:11 PM 1/24/96 -0500, Dave Emery wrote:
>> 
>> Was the person in the basement eavesdroping or actuall performing a
>> man-in-the-middle attack?
>> 
>	Very much the easiest way of doing this is a classic man in the
>middle attack with two vanilla off the shelf modems and a vanilla off
>the shelf central office simulator.  The modems would be  tied more or
>less back to back through two serial ports and software on a laptop in
>the basement, one modem connected to the actual phone line to the central
>office and the other connected to the local wires to the targets home
>through the central office simulator.  This way all traffic in both
>directions would go through the modems and software on the laptop
>allowing the connection to be taken over cleanly between packets, and
>packets to be injected and deleted as needed.  I beleive that it would
>not be hard to make such a MITM decode the DTMF dialing from the target 
>and dial the same number on its outgoing modem thus enabling the
>MITM to passively relay modem calls it wasn't interested in spoofing.
>And incoming modem calls could be similarly handled.

A peripheral I've long wanted to see, commonly available:  ACCURATE  time, 
broadcast to the millisecond/microsecond/nanosecond, available from sources 
as varied as TV VIR's, FM subcarriers, and other sources, available as an 
easy input (via a peripheral card) to a computer.

I have a 12-year-old Heathkit "Most Accurate Clock" that I assembled myself, 
and had the foresight to install it with its computer  interface option. 
(receives 5, 10, or 15 MHz signals broadcast from Boulder, Colorado, 
containing "exact" time.) 

While I've never taken the time to connect it to my PC, it provides 
(through an RS232 jack) correct time with a rated accuracy of about 5 
milliseconds, as I vaguely recall. (Even has a dipswitch setup on the bottom 
to tell it how many 500 mile increments you are away from WWVB... corrects 
for delay to a first order of magnitude.)

(BTW, if anybody knows how to easily connect it to the pc, or has the 
appropriate software, please tell me  The task isn't difficult from a 
hardware standpoint; it's just RS-232 serial ASCII timecode at about 9600
bps which 
either continuously retransmits or on request.  The problem is the software: 
 How, exactly, do I INTERFACE such a serial input to the existing computer/RTC 
combination? (Don't tell me to plug it into an unused serial jack!  I'm not 
stupid. I'm not a  programmer, and I don't play one on TV! (I know 
gates, flops, op amps, A/D, D/A, microprocessor hardware design, even some 
Z-80 assy language, RF,  and I've programmed in Fortran, Basic, APL, Algol, 
PL/1, Pascal, LISP, but not recently and I don't enjoy it!)


(Then again, there are those "Receptor" watches which have (at least) similar 
accuracy, which as I understand it work on FM subcarrier principles.)


Technology has now supplanted this old monstrosity:  Even with CHEAP GPS 
receivers, they put out time which is rated in accuracy to well better than 
1 microsecond, and probably better than 200 nanoseconds even with S/A turned 
on, and probably 100 nanoseconds with S/A off.  Once GPS receivers contain 
equally cheap DGPS receivers, they'll be able to tell you your location to 
about 1 meter and corresponding time accuracy, about 3 nanoseconds.

I'm not particularly familiar with TV VIR signals, but I'd imagine they are 
timecoded, or at least they COULD be without a lot of effort.  Resolution 
would be FAR better than 1 microsecond, and accuracy would be primarily 
limited by knowledge of your location compared to the xmitter.

MITM attacks would be far more difficult if both ends of the data 
conversation agreed on the "exact" time, and could detect transmission 
delays and CHANGES in transmission delays.  While it would be possible to 
locally spoof the accurate timecode, a cheap version of a "disciplined 
oscillator" (which any GPS receiver is going to have, anyway) would detect 
such short-term spoofing trivially.

Occasionally, I've speculated on whether it might be useful to be able to 
synchronize (or, at least, KNOW) to the PHASE of the 60 Hz power grid.  
True, I know that the HV grid is 3-phase and most people won't know which 
phase they're on anyway, but that wouldn't change (at least not frequently!) 
, and I would imagine that 
it might be  useful.  You wouldn't necessarily know which CYCLE you're on, 
either, but again that might be compensated for somehow.  If  your computer 
were talking, locally, to another computer at 4100 baud (? whatever) (7 bits 
per symbol(?); equals 28.8kbps) you could "easily" agree on a particular cycle 
relationship, which is going to be essentially constant over a distance of a 
few tens or even hundreds of miles.

What I DON'T know (and some HV transmission engineer will probably be able 
to tell me, hint hint!) is how STABLE this phase is across the entire 
country?  I realize that this will probably depend on who'se shipping excess 
 power to whom at the moment, But I'd imagine the variability will be 
distinctly limited.

The biggest attraction of such a system is that the interface would probably 
be trivial:  Getting it from the P/S is out because they didn't anticipate 
such a thing.  The easiest interface might be an AC wall xformer with a 
rectifying limiter and slicer  (Okay, maybe just a resistor and a diode, 
possibly with the addition of a comparator for precision), driving a 
readable pin on an otherwise-unused RS-232 interface.  (Possibly 
installed similar to a dongle.)  Appropriate software (yucch!) would read 
the square waves, and record the phase at any one time.  Such information 
could be used to verify the relative synchronization between two different 
computers, although it would be necessary to identify particular phases, as 
I mentioned before.


BTW, if you're read this far, I think it would be appropriate to introduce 
myself, despite the fact that I've already been posting to this area for a 
few weeks.  I'm James Dalton Bell (yes, THOSE Daltons!) and I'm in 
Vancouver, Washington, USA.  I may talk like a EE, but am not; I have formal 
and/or informal backgrounds in Chemistry (BS Chemistry MIT 1980), 
electronics (analog and digital and RF (N7IJS) and uP), physics, and keep an 
eye on numerous other technical fields.

Politically, I'm 120/120 on the Nolan chart (there's some questions they 
left out (that's a joke)) which means I'm a "extremist libertarian."  I'm 
also rather newly anarchistic, and (with all due modesty) rather inventive.  

Current employment?  None. Well, nothing to speak of.  But you'll be hearing 
more about me.

Jim Bell

Klaatu Burada Nikto   Remember this.  It'll become important, soon.

"Something is going to happen.  Something....wonderful!"






 

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQlyv/qHVDBboB2dAQHZvQP+IKeO508C7ZTA22DSELjvpWTYa0iGtTcX
U486t+8P0iC9qxq346wzxm9USae4d8NOM9wBKrio095hrKnzAZQE1BETUKCx3BJv
bywqin7Qjb87j6OECJ6S/eAh5t6LXMnDepGdUr7rw+gBxsNg7kzz10/TGh4pXKNu
D5PuGPnTY34=
=r4JO
-----END PGP SIGNATURE-----







More information about the cypherpunks-legacy mailing list