Inception’s Timely Reminder of Cyber Resilience

Over a decade after its release, Christopher Nolan’s Inception continues to captivate audiences with its intricate plot and thought-provoking themes. Each viewing offers new insights and interpretations, leaving viewers in a state of awe and contemplation. The movie delves into the manipulation and distortion of time, space, and dimension, blurring the boundaries between reality and perception. It presents a world where dreams can be shared, explored, and manipulated, challenging our understanding of the physical and mental realms where professional “extractors” exploit dreams to steal ideas from, or plant them into their targets subconscious thoughts.

A digital Inception vulnerability

The themes within Inception can be related to the world of cyber resilience and the growing number of organised and intelligent threat actors that aim to use a cyber kill chain approach against their targets. Last year, researchers at ETH Zurich, under the leadership of Professor Kaveh Razavi, unveiled a ground-breaking cybersecurity vulnerability, just like the methods from Inception. This vulnerability enabled attackers to implant malicious ideas into a computer’s central processing unit (CPU), potentially compromising the integrity and security of the entire system.

The ETH research revealed that certain CPUs could be manipulated to execute specific commands, bypassing security measures and accessing sensitive information. This novel approach, aptly named the “Inception” attack, exploits the CPU’s inherent need to make educated guesses during program execution. The attack poses a concerning threat, especially in the realm of cloud computing, where multiple customers often co-locate on the same hardware infrastructure, there is potential to compromise data integrity across various virtual environments.

Current time synchronisation methods

The ETH findings highlight an important and often overlooked need, as toyed with by Nolan – the protection of time. In computing, network time synchronisation is the process of aligning the clocks of multiple devices or systems connected over a network. It ensures that all devices within the network display the same time, which is crucial for various operations, such as data transfer, event logging, and coordination of activities. Synchronisation protocols include Network Time Protocol (NTP), Precision Time Protocol (PTP) and the Global Positioning System (GPS), are all used to achieve this alignment. However, NTP dates to 1985, PTP was published in 2002 and GPS was launched in 1978, which highlight a potential need for upgrade to ensure resilience.

Notably, NTP is core part of computing synchronisation and is one of the commonly used protocols but contains several security concerns including the lack authentication mechanisms. This leaves it susceptible to spoofing and manipulation, as what transpires throughout Nolan’s Inception.

Time-related cyber attacks examples

Over the past decade there have been a number of cyber attacks using time manipulation as an exploitable factor. One example was the bitcoin exchange Mt Gox which was attacked resulting in $450 million worth of bitcoins being stolen. The attackers used a range of including NTP hijacking to gain control of NTP servers to send malicious time information allowing them to manipulate the trading system.

Another example was of the Ukrainian Power Grid where attackers gained control over Ukrainian NTP servers to send malicious time information to the country’s power grid. This caused the power grid to malfunction, resulting in widespread power outages.

Innovations in time resilience

As artificial intelligence, quantum computing, IoT, and other technologies continue to advance, so do timekeeping requirements. Today’s society relies upon time synchronisation for many critical services which must be processed in microseconds and nanoseconds. New technology services and capabilities must provide trust, security, and resilience of computing time. To address this challenge precise time synchronisation with verifiable timestamping can help.

Traceable Time as a Service (TTaaS) has emerged as a new approach to time synchronisation that is accurate to microseconds, with fully traceable timing records and automated monitoring and maintenance. Additionally, a recent journal demonstrated Cosmic Time Synchronisation (CTS) for wireless and secure dissemination of time. The claims are that accurate time dissemination (the metrological traceability to UTC), low cost, and secure design can be provided. However, this is still in early trials but offers some hope in the ability to improve the accuracy of timing across a range of sectors and use cases.

Standards to protect time

Alongside the advanced technologies such as TTaaS and CTS there are several foundational areas organisations should consider when protecting their time and adhering to regulatory requirements i.e. (MIFID II). There are standards and advice from a range of bodies such as the IEEE SA and the Internet Engineering Task Force that should be considered, including:

1) Enabling authentication: Time servers and clients should authenticate using symmetric keys or public key cryptography.

2) Applying integrity protection: Network time packets should be protected using message authentication codes to ensure that they have not been tampered with.

3) Deploying encryption: Network packets should be encrypted to protect contents from eavesdropping.

4) Managing keys: Deploying a key management framework for securely generating, distributing, and storing cryptographic keys.

5) Protecting from Denial of Service: Implementing mechanisms to protect against DDoS and DoS attacks by rate limiting and blacklisting.

6) Monitoring logs: Time servers should be monitored for suspicious activity, such as unauthorised access attempts or changes to configuration files.

Taking time to be resilient

Inception provides organisations with an implicit warning; they need to pay close attention to the clocks they are responsible for and invest into time synchronisation to keep their timing resilient. This can play a crucial role in cyber incident identification, response, and recovery processes that protect systems and keep data safe from potential threats and vulnerabilities.

Arrange a Conversation 


Article by channel:

Read more articles tagged: