Secure Time-Stamps are a crucial element of Digital Signature for Non-Repudiation and Long-Term Archival
- Accurate and credible time proof; when exactly did it happen
- Concurrency control ordering; what happened first, what followed
- Security/forensics; following the trail, seeing the big picture, correlation of events
Time and Date appear in many places of information system landscape:
- As meta-data in database record, transaction logs, sessions and certificates validity
- Required for synchronization of clocks on network infrastructure devices (routers, switches...)
- Required for synchronization of clocks on Servers, Desktop Computers and various Client Devices
Whilst Coordinated Universal Time (UTC) is freely available across the Internet it is not secure (as it is external to your firewall) and accuracy might be questionable.
Global Navigation Satellite System (GNSS) such as Global Positioning System (GPS) bears all of the characteristics of a reliable Authoritative Time Source and its signal as it is broadcasted from space crafts in Earth’s orbit is available for anyone on the ground with the proper equipment to pick it up and use it.
A Network Time Server is a device that uses radio frequency signals such as GPS to calculate the correct time.
NTP operates in a way that is basically different from that of most other timing protocols. NTP does not synchronize all connected clocks; instead it forms a hierarchy of timeservers and clients. Each level in this hierarchy is called a stratum, and Stratum 1 is the highest level. Timeservers at this level synchronize themselves by means of a reference time source such as a radio controlled clock, satellite receiver or modem time distribution. Stratum 1 Servers distribute their time to several clients in the network which are called Stratum 2.
NTP: Network Time Protocol
- Currently in Version 4; RFC5909 (2010), in development from 1985
- Inexpensive; suitable for everyday use, where accuracy of 100 ms to UTC is good enough (transaction systems w/ human interaction)
PTP: Precision Time Protocol (IEEE 1588)
- Currently in Version 2; Created in Oct/2007, Revised in Apr/2013
- Suitable for uses where high precision is required i.e. requires hardware with support for PTP higher than "NTP precision"
- For mission-critical highly automated low-latency systems
RECRO Time-Stamping solution
- Based on RFC 3161 Time-Stamp Protocol; used by all digital signatures standards
- Uses hardware based on Time Stamping Authority (TSA) signing keys which are stored in tamper resistant Hardware Security Module (HSM)
- Offers standard-based non-repudiation Advanced Electronic Signatures (CAdES-T, XAdES-T, PAdES-LTV) with added Time-Stamp to protect against repudiation and are easy to Integrate with Digital Signature solution