Filed under CTO's Blog, Digital Evidence by Todd Glassey on August 27, 2010 at 11:19 am
no comments
Certichron SecureNTP OpenAPI project is launched
We have been sitting on this since RSA2010 where it became obvious based on the evolution and acceptance of cloud computing models that a new reference time practice was needed. One which used a less network-centric but still controlled and authenticated time-transfer process. To meet this need we decided that the best solution was to enable the Applications themselves to call a time-service provider as a runtime request and that for most operating environments this just replaces the gettime(); service with a variant which actually calls the NTP reference device for that security/evidence generation model.
And so to make this idea a valuable resource we present the OpenAPI for NTP Services. The requirements of the API are to provide Secure SNTP style services using both IPC and Berkeley socket based communication models for distributing time with the associated proofing practices to force the creation of those necessary records to fully document time-control on the entire chain-of-custody for any digital object. The intent is to create a more application-infrastructure based time-evidence model for reducing risk and providing better assurance in the records created therein and in doing so to localize the time service request and response to the application and not just reading it from an unprovable register in the HOST OS.
Application level NTP Client — for Applications not the OS!
The OpenAPI is then an integrated OS Time Of Day (TOD) service replacement which in a localized cloud environment allows the HOST or other specified reference device to supply time services to the virtualized platform at the application layer itself. This resource creates an NTP time-evidence service set which is called at the application level to provide all NTP time setting and remote time-content stamping facilities provided in the NTP service only to applications rather than the applications themselves relying on the HOST OS.
- This new facility provides an unprecedented level of security and integrity in application level time stamping services rather than relying on the HOST OS, and thus associating trusted time-transfer processes (setting, calibration, equalization and attestation) directly with the relying-party application.
- This unique new model allows the introduction of modular and secure sources of time complete with their necessary evidence models as resources in the production of transparent business systems.
Secure Time is generally the Source of all Provable Evidence in Computers!
Our reasoning is that since networking especially in tightly coupled clusters and Cloud Systems models is today accomplished through very high-speed channels and many of them through shared memory and semaphores as well as Secure IPC tools, the issues of Network Latency are not such an issue and the forefront of the time control practice is to build reliable proof models which are light-weight yet strong enough to prove themselves accurate in the most stringent applications and use models.
For more information on how you can participate in OpenAPI or how your products can use the OpenAPI to bring secure time into them directly, please contact us at <font color=”#0000ff” face=“Times New Roman” size=“3”>OpenAPI@Certichron.COM</font> or call your Certichron Sales person at 800−511−2301.
Filed under CTO's Blog, Digital Evidence by Todd Glassey on August 19, 2010 at 11:31 am
no comments
What you don’t know about Digital Evidence can kill your business.
You never thought about it before but how you prove what you said you did on the computer systems you accomplish your businesses work on is key to how much it costs to operate your business. Information Risk and Business Process Control are becoming key factors in managing any and all risks in operating an entity.
The world of an implied knowledge of information security requirements
In today’s world where personal information is protected by law and process control integrity is mandated by legislative regulation, the processes through which the entity creates enduring proof of its proper operations are key to making informed business-centric decisions at all levels.
This was nowhere more driven home than in California State’s Khaled ruling that Red Light Camera systems in place at the time of the ruling were hear-say evidence generators meaning their very design was flawed. What they would need are processes which provide the missing pieces of existing evidence models which implies that most if not all of the systems in place were not designed to comply with or operate under today’s evidence requirements
Adding a new Evidence Competence Step to Audit and Design Processes
To meet this new need, that means the addition of an Evidence Strength and Facilitation Metric to all processes. That’s really just fancy talk for a process that evaluates the mathematical strength of the computer’s security and information integrity controls to create a simple Process Risk Coefficient, what we refer to as the PRC in the risk domain.
Computed ContinualCompliance
For those looking for a solution for this Certichron meets this need through its proprietary and patent applied for ContinualCompliance practice.
ContinualCompliance is a unique approach to data proofing and its adoption by an entity creates a process where a reliable set of Forensic Telemetry ™ is installed so that the business practices being monitored provably use the source of time for this timestamp service model that is used to control this process.
How this magic works is that every process a computer performs is digital in nature so the idea that a security model can actually be created which is computed based on content and certified processes is a no-brainer. Its just never been done because of the size of the evidence created for each event case. But with today’s storage systems being what they are this is no longer a hurdle. By creating a set of uniform timestamps which tag and prove content at stages the correctness of any event thread can be “solved for completeness and correct summing”.
How do I use this?
Certichron’s ContinualCompliance practice process provides a set of tools to insure key control events are timestamped through a part of the same evidence control practice the entity uses to set their time-of-day clocks and generate their third-party evidence of proper tracking of the time-of-day in their key systems. The SecureNTP DES service from Certichron is used in addition to the SecureNTP server calibration and infrastructure control service to provably document an entities proper synchronization, end to end.
From a financial or evidence standpoint ContinualCompliance creates a computational model for representing any form of content-event supporting any and all mime types. What this means is that virtually any type of service process can be instrumented to provide proper and end-to-end forensic services with the addition of the Certichron DES and SecureNTP DES service partnership.
Contact us!
For more information on how to implement you own digital-evidence centric practice contact sales@certichron.com or call us at 800−511−2301.
Filed under CTO's Blog, Certichron by Todd Glassey on August 5, 2010 at 1:00 pm
no comments
In direct opposition to the DoD Ban on unencryupted GPS for any official purpose becasue of its spoofability and lack of security, the Massachusetts State Supreme Judicial Court ruled that GPS data from a 2004 case is reliable evidence for prosecution.
The Court’s response was: “Our preeminent concern with respect to the evidence presented and considered at revocation proceedings is its reliability,” Justice Robert Cordy wrote in the decision. “If the evidence is admissible under standard evidentiary rules, it is presumptively reliable. If it is not admissible under such rules, a judge must independently evaluate its reliability.” That makes sense since the data was captured in 2004 but later in this response will will point out that the DoD banned the use of L1 GPS in 1998, so even in 2004 it was known how insecure GPS data reports were. There is also another issue this ruling creates and that is the Couurt’s setting precedents which pertain to technology which is now no longer secure. In 2010 (today) this ruling pertains to an event which happened in 2004, and since then the technological basis of GPS security models has changed, it is no longer as secure as it was in 2004. The problem we are concerned with is then that this 2010 ruling paves the way for more parties to sidestep technology changes and readily available information in the hacker and general access communities. As such the ruling is dangerous in my opinion, and as to why read on…
Joint Chiefs of Staff ban GPS L1 use in 1998
With the verification of the GPS data admissibility, what the court didn’t review was that the official Federal Policy from the DoD on the use of L1 GPS or that of the DoE. In fact the DoD banned the use of the un-encrypted GPS services in 1998 and that was never factored into the Court’s decision. The 1998 order of the Joint Chiefs forces all Military users of GPS to switch to the SAASM encrypted service or L2 GPS which has its own security. It was delayed to October 1st 2006 as to its effective date but the DoD policy about standard positioning system use without SAASM was in fact set in 1998 meaning that everyone in the DoD and the real world of the Government itself knows about these liabilities.
The DoE also has specific guidance on the liabilities and has staged actions with the FBI to hijack GPS tracked vehicles to document the security liabilities of GPS Data. That the Court refused to review this violated the Sua Sponte responsibility the Court has to determine fact and in this ruling is effectively rewriting Physics Texts to sidestep the fact that whether they rename RED as BLUE, it still will be RED.
Searches — do the diligence
Try this GOOGLE Search and notice everyone talking about the SAASM Mandate from the Joint Chiefs (JCoS), this is the most heavily guarded ‘secret’ from the public and it is the GPS Industry which will loose billions of dollars of profit if the truth about the GPS systems liabilities for trust-transfer are reviewed with regard to its inability to create reliable evidence is found out… don’t believe me — do the searches here.
SAASM Mandate
The JCoS order that “no unencrypted GPS L1 Systems will be purchased because of their lack of security and spoofability/jamming ease” can be seen all over the GPS world:
- http://www.google.com/search?hl=en&rls=com.microsoft%3Aen-us%3AIE-SearchBox&q=joint+chiefs+SAASM+mandate&aq=f&aqi=&aql=&oq=&gs_rfai=
- US DoE official GPS Vulnerability Assessment Team at LANL: http://www.né.anl.gov/capabilities/vat/spoof.html
- Financial aspects of GPS reliance: http://philosecurity.org/2008/09/11/gps-and-wall-street
- Article on Jon Warner’s GPS tracked “Gasoline Truck Hijacking” which is specific to this case and the use of GPS in any vehicle tracking requirement: http://philosecurity.org/2008/09/07/gps-spoofing
.
GPS and Cellular Jammers
Based on the tons of well known data, the Supreme Judicial Court in its GPS ruling failed to take actual real evidence into account and documented its failing as an objective forum. The physics of the issue are well known and very well documented. The L1 GPS system can be shutdown from a ground-station perspective with about $20 in parts. Additionally today there are commercial jammers available as off the shelf devices from multiple vendors
US Coast Guard warning about Tandy/Radio Shack and other TV Amplifiers in response to a GPS outage for all of Moss Landing (a Monterey California suburb) for 37 calendar days. The amplifier is $20… the area blacked out by this device was about a kilometer and a half wide circle meaning any GPS device staying into that area would be dead while it was inside that area http://www.uscg.mil/hq/cg3/cg3pcx/publications/alcoast/alcoast-298–03.asp
Spoofing L1 GPS Systems such that any records are creatable as needed costs only marginally more.
As a demonstration of how bad GPS is as a source of Court Admissible evidence we took a standard offender tracking bracelet and showed how with simple equipment available through a Google Search, that bracelet could be jammed. The Judge we actually performed this for stood there as the blood drained from his face as he realized that the evidence model they present is useless. We took it a step farther and then showed him what could be done with a GPS Test/Simulator Apparatus like a LABSAT (http://labsat.co.uk/) system from Race Logic. What came to this Jurist was that evidence could be fabricated through the use of GPS L1 systems and that they were unacceptable for use in any key critical applications such as the tracking of certain high-risk parties.
In closing: What to do about the situation
The reality is that anyone with a LABSAT and six of those $20 amplifiers can make a L1 GPS system say anything they want it to… making it an unacceptable source of evidence for courts. From our perspective it is not too late for the Court to review the actual evidence about the physics of GPS and the evidence GPS based appliance systems create, and if so warranted to reverse itself based on its finally reviewing the tons of evidence out there. We feel the data clearly proves that the GPS L1 System is now neither reliable (from a “Evidence Sense”) or trust-able without other oversight controlling that trust. In closing if GPS is used for human oversight based navigation applications, it is wonderful but because of how easily the data model is manipulated this is not a source of information which could be court admissible without secondary confirming information.
Filed under CTO's Blog, Certichron by Todd Glassey on August 5, 2010 at 11:34 am
no comments
Rogue Radio Shack $20 TV Amplifier takes Moss Landing GPS Services out for 37 days.
In early 2001 a rogue TV Amplifier on a sailboat in the Moss landing harbor was left turned on and because of a problem with the antenna lead became a source of GPS interference in Moss Landing California. The outage was so dramatic it caused the US Coast Guard to issue specific guidance on the use of the low-cost “powered TV amplifiers” since they can become radiators of broad-spectrum interference which takes GPS down hard.. This GPS Service outage also caused several research vessel’s IT teams to snap into action, but the bad news is that with all that brain-power it still took a month to solve meaning that “GPS Outages are complex to analyze and very easy to cause”. The evidence specific implications of this are self-evident.
GPS as a source of trustable time for SmartGrid or RedLightr Camera Operations?
Think what an outage of this type would do to a GPS based smartgrid or redlight camera based application. In fact for that matter think of that since GPS is unprovable as a legally provable source of evidence of anything. Whether it works correctly most of the time is not the issue, the issue is whether for the purposes of a law enforcement practrice or legal matter whether something with known liabilities and easily disrupted services provides a reliable enough solution for trust processes as an “Anchor for treating portable trust” services.
A local copy of the USCG Notice page can be seen at:
Filed under CTO's Blog, Hotel Surveillance by Todd Glassey on July 16, 2010 at 5:23 pm
no comments
California’s Orange County sets formal standard for court admissibility of digital surveillance data.
The term Trustworthy was used in numerous barbs in the ruling with establishes a legal-compliance hurdle for any commercial entities doing business in the Orange County area including as it happens, any and all control processes in the used in administering since “surveillance data” is in fact just the output of a set of processes which are accorded specific status in the real world.
So what does this mean with systems or entities delivering electronic services of any type to Orange County Entities? Since they are required to produce evidence models compliant to levels which meet the Khaled standard any services which they purchase, use, resell, or produce in Orange County must meet those.
This then means any and all Energy, Water or other utilities or for that matter any operating data which produces reports on what other systems or controls including surveillance data (digital video) and integrated electronic surveillance (systems which watch other systems or process flows) are controlled by Khaled.
For the rest of the State of California, it means Khaled is now the interoperability goal for other counties. The ruling is also driving other States to turn off their Red-Light Camera systems (15 of them to date) so it is an important one.
Our analysis
Certichron believes that control and certified surveillance systems which add the legally defined minimums must be available everywhere. To enable this successful deployment on secure time as a trust-anchor of regulatory mandated evidence trustworthiness Certichron’s regional service centers provides access to the NIST time sources as the evidence-source for all forensic controls contemplated for in-place operations.
Adding secure time-stamping to existing processes provides all the required evidence-readiness and Certichron’s vision is a unified evidence model everywhere, one which allows mechanical review of its integrity and events.
Stay tuned for more information on Khaled and its applicability in the use most of SoCalEdison’s area of the County of Orange.
Filed under CTO's Blog, Certichron by Todd Glassey on June 21, 2010 at 8:28 am
no comments
For those of you not aware — there was a very important ruling out of the Orange County Appellate called California v Khaled which set new evidence standards for “Unattended evidence collection devices and systems” in use as to what is admissible before California Courts.
While the core focus on this would be speed-trap type cameras this also clearly applies to “any and all devices which would collect evidence which would be used in a criminal or civil prosecution” which means SmartGrid too… yeah that’s right, since a power meter is used to produce evidence before the Public Utilities Commission or the California Court’s it means the SmartGrid and in particular the meters are themselves covered as Evidence Collection Devices too.
Certichron serves CPUC notice of Khaled Ruling
To help support the immediate adoption of this same ruling in California Utility Law, Certichron served the California PUC formal (electronic) notice that this precedent pertains to “any and all systems used in energy or utility operation, delivery of service, or through which a service controlled under the PUC’s charters, were directly controlled under this same precedent because they produce content-records which are used in reconcilliation of financial matters which are formally regulated at the State and Federal level, and for which that content would come to be admitted as evidence formally before a Arbitration, Mediation in civil matters, or Court proceeding in both civil and criminal matters pertaining to the operations of those publicly regulated services”
The effect of this filing
What this posting to the CPUC does today is supports a formal motion to the Administrative Law Judges of the California PUC that any and all SmartGrid operations must meet minimum Digital Evidence standards for their operation and have public structure/architecture models per sections 10.3 and 10.4 of the PUC service code.
This formal motion was filed last Wednesday and the posting this AM served as a supporting brief and Memorandum of Points and Authorities filing as a supplement to the original motion and also noticed that one of the core technologies being used to create this evidence today, that being the unauthenticated L1 GPS service is easily spoofed and jammed, and that as such it fails the evidentiary tests now mandated by Khaled.
See this related post for more information.
Why?
The intent is to set a stake in the ground for the basic level of competence that any evidence should meet to be considered ‘provable’ and for admissibility to State and Federal Courts. The Federal Courts have rulings like Lorraine v Markel to support real world controls under the Federal Rules of Evidence but after the fiasco of the oversight in the San Francisco DA’s Forensic Laboratory, any device producing testimony which is used to prosecute anything, whether civil or criminal must meet a minimum standard of competence or be relegated as hear-say and inadmissible.
The implications have broad reaching impact on all regulated communications, utilities, and media-delivery rules as well so it will be interesting to see how the court’s react to these mandates and motions to create responsible evidence rules.
Filed under CTO's Blog, Certichron by Todd Glassey on June 19, 2010 at 11:23 am
no comments
Certichron has filed a formal motion to the California Public Utilities Commission to ‘formally take notice that any and all systems which it authorizes the use of must meet both California and Federal Evidence Standards in addition to all the other issues pertaining to privacy and control of access to information.
The intent is to bring a clear focus to the SmartGrid industry that any and all solutions fielded by it must meet “these simple precedent supported legal information integrity and control requirements”.
We will keep you informed through posts here as to the status of the Motion and the actions of the CPUC in supporting existing State and Federal Regulatory requirements for information already in place in their SmartGrid systems authorizations.
Filed under CTO's Blog, GPS by Todd Glassey on June 12, 2010 at 12:03 pm
no comments
Regulation means planning for a strong evidence model
The L1 GPS evidence model is from a strength standpoint pretty poor, which is not to say the NavStar program is not an incredible boon to the Nation and the world as a whole. As a human-managed passive navigation beacon GPS is a godsend.
The navigation beacons from the GPS System allows for any number of key processes with proper oversight to be implemented which before it would take a larger staff to implement and the associated costs or just were impossible… so GPS is a fantastic tool for any number of uses but as a trusted source of time for TOU billing the GPS system fails miserably, and the worst part is pretty much everyone in the GPS world knows this about L1 GPS systems already.
L1 GPS is an unprovable evidence source for time data for computers
What L1 GPS is not, is a good source of forensic evidence and the reasons are simple. By design, the entire GPS system is a “passive” beacon of which there are three services, L1, L2 and L5 (L1 for the public, L1 encrypted and L2 for Military and the new L5 for Air Navigation).
And for L1, because of the unsecured public transmission models there is no way to tell after the fact to determine when or in what order the messages were actually received or more importantly when in real-time (that being the real time here on Earth) that those messages were received.
By the very design of the GPS, you would never ask the system for time, you listen to it proclaiming the time in its messages. It is some device (the receiver) which re-packages that for consumption by other devices which is what is the issue here.
The flip side of that same coin is also a hurdle to get over and that is that GPS L1 services are known to be easily spoofed and replayed. Here for instance is a link to an incident which happened in Moss Landing California which took the GPS service for about 1 nautical mile down with the epicenter of that being the Moss Landing Harbor.
GPS dead in Moss landing for 37 days
The problem was it took 37 (thirty seven) days to find the source and fix it so the GPS service was out for a full month. Additionally GPS services are taken off line periodically by the Air Force as part of the maintenance of the system. Energy and Water providers who use GPS for their TOU local clock sources must take into account that their system is neither provable nor reliable such that there must be some form of fail-over to the entire time-service infrastructure to be safe to deploy in a SmartGrid operation.
The Federal Communications Commission identified the following models of antennas as having potential problems during investigations of GPS interference:
- TDP (Tandy Distribution Products) Electronics – MINI STATE Electronic Amplified UHF/VHF TV Antenna – Models 5MS740, 5MS750, 5MS921
- Radio Shack Corporation – Long Range Amplified Omni Directional TV Antenna – Model 15–1624
- Shakespeare Corporation – SeaWatch – Models 2040 (Code date 02A00), 2050 (Code date 03A00)
What this means that since L1 GPS messages are easily spoofed, captured and replayed or just plain jammed through silly and inexpensive devices available everywhere today they need something more to make them credible sources of time in SmartGrid and other applications, something like Certichron’s SecureNTP as an evidentiary trust anchor.
In SmartGrid world what this would have meant is that the PG&E Moss Landing Power Plant would have been offline from the GPS service for the full period (all 37 days) as would most all of the surrounding city of Moss Landing and parts of Marina as well meaning the local Automated Substation systems would also most likely be ‘out’.
It is because of these liabilities that utilities deploying GPS need to properly balance their use of GPS with an authenticated time-service to provide the missing anchor and to address times when GPS is unavailable or turns out to be wrong. The reason for this is that provable time-management takes a trusted third party who operates some reliable evidence grade time service to reference against. Without that reference the evidence is all pretty much hear-say because the parties who are making those assertions probably have no idea how time in their meter was managed.
GPS is a key piece of the Critical Infrastructure
America’s CI is stronger because of GPS but when GPS is deployed in inappropriate and at-risk regulated entities to provide compliance with things it is not capable of, in those instances a technological solution to put in place the trust aspects not provided by GPS is an appropriate solution.
This is a serious issue for SmartGrid’s and Certichron’s SecureNTP SmartGrid offering meets this by injecting an interactive NIST-calibrated time management partnership into any and all layers of the SmartGrid’s operations from the Meter, Collector or Substation Systems, and finally to the ESP or provider.
Filed under CTO's Blog, GPS by Todd Glassey on June 12, 2010 at 11:36 am
no comments
GPS outage is an alert about U.S. military reliance on devices, expert says
12:00 AM CDT on Wednesday, June 2, 2010
Dan Elliott, The Associated Press
DENVER – A problem that rendered as many as 10,000 U.S. military GPS receivers useless for days is a warning to safeguard a system that enemies would love to disrupt, a defense expert says.
http://www.dallasnews.com/sharedcontent/dws/news/nation/stories/DN-gpsglitch_02nat.ART.State.Edition2.29885d9.html
Filed under CTO's Blog, SmartGrid by Todd Glassey on June 1, 2010 at 6:31 pm
no comments
Time for today’s SmartGrid
Certichron is moving rapidly into mass-trust systems for utilities with time as their control factor. We see time in the power-grid as a strong offering we provide trust through. SmartGrid systems need a trusted third party to insure (and ensure) their transparency to support the new rate schedules being developed to enable operations of the client’s meter as a purchasing and reception agent for a commodity service.
FINRA OATS 7430 Compliance in the Meter!
Certichron’s system delivers a level of evidence which creates a uniformly provable time-service, one which not only gets the Last Mile Operator past the “Because I said so” hurdle but also streamlines dispute resolution and overall regulatory compliance. SecureNTP does all this and more in what it enables in application services in user interfaces and other utility contexts. The system meets FINRA OATS 7430 compliance requirements so it will be able to meet all federal regulations for the puchase of energy commodities on todays markets or throug brokerages.
Why a Trusted Third Party?
As more and more DER and Co-Gen providers hawk their energy proper delivery certification in the form of timestamps will be necessary to fully comply with OATS 7430 and the other relevent standards that will need to be complied with. Since FINRA’s OATS 7430 is the most difficult Certichron’s system properly delivers this level of service so that the Meter type can selectively use time services at the substation, collection radio or actual meter whether RF or DASH7 based. Certichron’s operations bridge timesetting and management in a DNP3 environment as well as those of higher level TCP/IP worlds.
Granted Status
As part of this effort Certichron was formally granted “Status” before the California Public Utilities Commission and will take a leading role in making NIST time the core of US Utility operations over the next decade!
Stay tuned for more on using SecureNTP to insure proper charge-time correlation for TOU based billing systems
