Finite State Machine Labs Inc (FSMLabs)
FSMLabs is a US (Austin, Texas) based technology development company focused on clock synchronization. FSMLabs’s “TimeKeeper® ”,software and hardware is employed by 6 of the world’s 10 largest banks, the InterContinental Exchange (owners of the NY Stock Exchange), and some of the most technically advanced electronic trading companies for precise (often within 50 nanoseconds of NIST/UTC) and resilient clock synchronization. Other customers include first responders (for emergency access), MITRE, and Airbus (Singapore Air Force). The company has a number of key patents, including patents on the multi-source fault tolerance and on methods for monitoring the security of GPS and other satellite based (GNSS) clock source.
All FSMLabs technology development takes place in the United States.
FSMLabs has, patented, clock synchronization technology that changed the scope of what clock sync technology can do, and is mature and in production in some of the most important time-critical venues in the world. FSMLabs has advanced R&D to take these products to a higher level and to apply them to other critical sectors.
Clock Synchronization Executive Summary
Clock Synchronization is a keystone technology in telecommunications and financial asset trading and is rapidly emerging as critical in a wide range of applications relating to information technology, data centers, and communications. These applications include radio/TV broadcast, smart automobiles, large scale databases, industrial automation, and software defined radios.
The basic task is deceptively simple: to keep the clocks on multiple computing devices locked on to a common time: often a reference time like the National Institute of Standards and Technology reference clock or UTC.
As some brief examples:
Because of regulatory requirements and fundamental business logic (operational and data integrity), electronic financial asset trading depends on synchronizing clocks, often down to less than 1 microsecond.
Clock synchronization plays a fundamental role in large scale commercial and government distributed systems and has recently been identified as an enabling technology for global databases.
The transition to packet networks in Radio and TV broadcasting and the increase in frame rates requires distributed synchronized clocks.
Clock Synchronization and Security
The Department must be prepared to defend non-DoD-owned Defense Critical Infrastructure (DCI) and Defense Industrial Base (DIB) networks and systems. Our chief goal in maintaining an ability to defend DCI is to ensure the infrastructure’s continued functionality and ability to support DoD objectives in a contested cyber environment. (Department of Defense 2018)
Although clock synchronization is widely used in military applications (including, for example, frequency switching software defined radios and drone navigation), this document will focus primarily on civilian applications which is the current area of expertise for FSMLabs. Interruption or compromise of clock sync could have devasting consequences for US financial markets, industrial systems, and e-commerce (Dropping 2018).
The fragility of legacy clock synchronization systems is the source of vulnerabilities that can be addressed by defense-in-depth (FSMLabs 2019). On the other hand, clock synchronization technologies can also be employed to control certain types of security mechanisms (V. Yodaiken, Systems and methods for detecting a security breach in a computer system 2014).
The vulnerabilities range from tampering with satellite clock source signal (Humphreys 2008) (Dougan 2018) to compromising network security (C. D. Yodaiken 2017). The second type of vulnerability is highlighted by the failure of Eurex in 2013 when a single word memory failure on a single device shut down the entire trading system (Timms 2015). As a software example, the IEEE PTP 1588 “Best Master Clock” algorithm is an easily spoofed mechanism for determining the “best” time source (FSMLabs 2017). FSMLabs multi-source fault-tolerance methods provides resiliency against both inadvertent component or network failures and deliberate compromise (C. D. Yodaiken 2017). Unlike technologies that are hosted within a GPS/GNSS clock, the FSMLabs methods extend down to the consumer of the clock – the application that requires reliable time. Both IEEE 1588 PTP and the older NTP protocols are supported at equivalent sub-microsecond accuracy and security. Proposals for mechanisms that are similar to FSMLabs “source check” have recently been endorsed in the IEEE 1588 PTP revisions nearly a decade after FSMLabs put this complex technology into production and patented it (V. Yodaiken, The Enterprise Profile for PTP 2015).
Figure 1 SkyMap view of GNSS constellations
Financial networks have been the obvious targets, and disrupting clock sync in a first responder system, automated manufacturing, power plants or in data centers, could have more significant effects. For example Google has recently identified clock synchronization methods for operating global databases (James Corbett 2012) and clock sync has been widely employed in data systems for decades (Liskov 1993).
Clock synchronization is a key technology for operation and security of the entire US technology landscape, extending from financial markets through electric power distribution.
There are numerous, identified and not widely appreciated vulnerabilities in legacy clock synchronization technology, many of which are addressed in field tested solutions FSMLabs has deployed.
There are avenues for using clock synchronization to improve the security of sectors that do not normally utilize clock synchronization.
FSMLabs has in production, mature technologies that could be incorporated in a defense in depth protection strategy to address issues noted in the 2018 DOD Cyber Security Strategy.
FSMLabs has R&D projects that could be rapidly incorporated into existing systems.
Department of Defense. 2018. “Cyber Strategy Summary 2018.” Department of Defense. https://media.defense.gov/2018/Sep/18/2002041658/-1/-1/1/CYBER_STRATEGY_SUMMARY_FINAL.PDF.
Dougan, Cort. 2018. Method, system, and computer program product for GNSS receiver signal health and security analysis. USA Patent 10,024,975. July 17.
Dropping, Coggins, Platt. 2018. “Timing Security: Mitigating Threats in a Changing Landscape Webinar.” ATIS. May 22. https://www.atis.org/wp-content/uploads/01_news_events/webinar-pptslides/Timing-Security5222018.pdf.
- www.finra.org. https://www.finra.org/rules-guidance/rulebooks/finra-rules/6820.
—. 2019. “Clock Sync Safety and Security in Depth.” WSTS 2019 Talks. https://wsts.atis.org/wp-content/uploads/sites/9/2019/03/4_06_FSMLabs_Dougan_Security_for_Enterprise_in_Depth.pdf.
—. 2017. “Smart and dumb clients and the “so-called” Best Master Clock Algorithm in PTP IEEE 1588.” medium.com/fsmlabs. April 21. https://medium.com/fsmlabs/smart-and-dumb-clients-and-the-so-called-best-master-clock-algorithm-in-ptp-ieee-1588-6739608d4cff.
Humphreys, Todd E., et al. 2008. “”Assessing the spoofing threat: Development of a portable GPS civilian spoofer.”.” Radionavigation laboratory conference proceedings.
James Corbett, Jeffrey Dean, Michael Epstein, Andrew Fikes, Christopher Frost, J. J. Furman, Sanjay Ghemawat, Andrey Gubarev, Christopher Heiser, Peter Hochschild, Wilson Hsieh, Sebastian Kanthak, Eugene Kogan, Hongyi Li, Alexander Lloyd, Sergey Melnik,. 2012. “Spanner: Google’s globally-distributed database.” Proceedings of the 10th USENIX Conference on Operating Systems Design and Implementation. USENIX.
Liskov, Barbara. 1993. “Practical uses of synchronized clocks in distributed systems.” Distributed Computing 211-219.
Timms, Aaron. 2015. “Y2K.00001: Markets Take a Leap Second Into the Void.” Institutional Investor. June 30. https://www.institutionalinvestor.com/article/b14z9ydlpr8hln/y2k00001-markets-take-a-leap-second-into-the-void.
Yodaiken, Cort Dougan and Victor. 2017. Method, time consumer system, and computer program product for maintaining accurate time on an ideal clock. USA Patent 9,671,761. June 6.
Yodaiken, Victor. 2014. Systems and methods for detecting a security breach in a computer system. USA Patent 8,793,794. July 29.
—. 2015. “The Enterprise Profile for PTP and TimeKeeper.” www.yodaiken.com. October 1.