Search

US-12625515-B2 - Clock leader monitoring for time-synchronized networks

US12625515B2US 12625515 B2US12625515 B2US 12625515B2US-12625515-B2

Abstract

Various systems and methods for evaluating time synchronization values provided from a clock leader are discussed. An example method performed by a clock follower device includes: obtaining a timestamp from a time synchronization protocol that provides synchronized time values from a clock leader; determining, based on the timestamp, a measured time drift value that represents a time drift of a hardware clock, with the time drift observed relative to the clock leader; determining an estimated time drift value that models a time drift of the hardware clock, modeled from one or more environmental conditions experienced by the hardware clock; comparing the measured time drift value with the estimated time drift value; and adjusting a clock of the device based on the timestamp, in response to validating that the measured time drift value is within a statistically expected range corresponding to the estimated time drift value.

Inventors

  • VUK LESI
  • Shabbir Ahmed
  • Christopher Gutierrez
  • Marcio Rogerio Juliato
  • Manoj R. Sastry

Assignees

  • INTEL CORPORATION

Dates

Publication Date
20260512
Application Date
20231228

Claims (18)

  1. 1 . A device, comprising: clock circuitry to operate a hardware clock; and clock synchronization circuitry configured to: obtain a timestamp from a time synchronization protocol, the time synchronization protocol to provide synchronized time values in a network from a clock leader; determine, based on the timestamp, a measured time drift value that represents a time drift of the hardware clock relative to the clock leader; determine an estimated time drift value that models a time drift of the hardware clock, the estimated time drift value modeled from one or more environmental conditions of the clock circuitry; compare the measured time drift value with the estimated time drift value; perform a clock adjustment based on the timestamp, in response to validating that the measured time drift value is within a statistically expected range corresponding to the estimated time drift value; identify an integrity condition with the clock leader, in response to determining that the measured time drift value is outside the statistically expected range corresponding to the estimated time drift value; and select another clock leader based on the integrity condition with the clock leader.
  2. 2 . The device of claim 1 , wherein the estimated time drift value is produced from a model, and wherein the model is identified based on physical measurements corresponding to the one or more environmental conditions.
  3. 3 . The device of claim 2 , wherein the clock circuitry includes an oscillator, and wherein the physical measurements of the oscillator used to operate the hardware clock correspond to one or more of: temperature, vibration, humidity, or pressure.
  4. 4 . The device of claim 2 , wherein the model is a physics-based model that includes a combined linear and non-linear identification of estimated values from the physical measurements.
  5. 5 . The device of claim 4 , wherein the physics-based model produces an estimated measurement of a clock drift in nanoseconds per synchronization cycle based on the physical measurements, and wherein the measured time drift value is determined based on a measurement of a clock drift in nanoseconds per synchronization cycle, the synchronization cycle performed with the device using the time synchronization protocol.
  6. 6 . The device of claim 1 , wherein to perform the clock adjustment includes to change a virtual clock referencing the hardware clock.
  7. 7 . The device of claim 1 , wherein to perform the clock adjustment includes to change a time value maintained by the hardware clock.
  8. 8 . The device of claim 7 , wherein: during a first clock update cycle of the time synchronization protocol, the time value maintained by the hardware clock is changed based on the time synchronization protocol; and during a second clock update cycle of the time synchronization protocol, a drift observation from the time synchronization protocol is captured, and the time drift of the hardware clock is measured relative to the clock leader.
  9. 9 . The device of claim 1 , wherein the time synchronization protocol is defined according to a Precision Time Protocol (PTP) standard, and wherein the hardware clock is a PTP hardware clock (PHC).
  10. 10 . The device of claim 1 , wherein the device is a network interface controller of a computing system, and wherein the clock adjustment is used to control the hardware clock or another clock maintained by the computing system.
  11. 11 . At least one non-transitory device-readable medium capable of storing instructions, wherein the instructions when executed by clock synchronization circuitry of a device, cause the clock synchronization circuitry to: receive a timestamp from a time synchronization protocol, the time synchronization protocol to provide synchronized time values in a network from a clock leader; determine, based on the timestamp, a measured time drift value that represents a time drift of a hardware clock of the device, the time drift observed relative to the clock leader; determine an estimated time drift value that models a time drift of the hardware clock, the estimated time drift value modeled from one or more environmental conditions experienced by the hardware clock; compare the measured time drift value with the estimated time drift value; perform a clock adjustment based on the timestamp, in response to validating that the measured time drift value is within a statistically expected range corresponding to the estimated time drift value; identify an integrity condition with the clock leader, in response to determining that the measured time drift value is outside the statistically expected range corresponding to the estimated time drift value; and select another clock leader based on the integrity condition with the clock leader.
  12. 12 . The at least one non-transitory device-readable medium of claim 11 , wherein the estimated time drift value is produced from a model, and wherein the model is identified based on physical measurements corresponding to the one or more environmental conditions.
  13. 13 . The at least one non-transitory device-readable medium of claim 12 , wherein the physical measurements used to operate the hardware clock correspond to one or more of: temperature, vibration, humidity, or pressure.
  14. 14 . The at least one non-transitory device-readable medium of claim 12 , wherein the model is a physics-based model that includes a combined linear and non-linear identification of estimated values from the physical measurements.
  15. 15 . The at least one non-transitory device-readable medium of claim 14 , wherein the physics-based model produces an estimated measurement of a clock drift in nanoseconds per synchronization cycle based on the physical measurements, and wherein the measured time drift value is determined based on a measurement of a clock drift in nanoseconds per synchronization cycle, the synchronization cycle performed with the device using the time synchronization protocol.
  16. 16 . The at least one non-transitory device-readable medium of claim 11 , wherein to perform the clock adjustment includes to change a virtual clock referencing the hardware clock.
  17. 17 . The at least one non-transitory device-readable medium of claim 11 , wherein to perform the clock adjustment includes to change a time value maintained by the hardware clock, and wherein: during a first clock update cycle of the time synchronization protocol, the time value maintained by the hardware clock is changed based on the time synchronization protocol; and during a second clock update cycle of the time synchronization protocol, a drift observation from the time synchronization protocol is captured, and the time drift of the hardware clock is measured relative to the clock leader.
  18. 18 . The at least one non-transitory device-readable medium of claim 11 , wherein the time synchronization protocol is defined according to a Precision Time Protocol (PTP) standard, and wherein the hardware clock is a PTP hardware clock (PHC).

Description

BACKGROUND Time synchronization in networks involves mechanisms and standards that distribute time values and frequencies over networks. Time synchronization is used to assist computing operations so that time-sensitive tasks can be coordinated and performed correctly. Such operations may be hosted in a variety of settings such as industrial controls, telecommunications (including 5G and 6G/next-generation networking), and data center operations (including but not limited to distributed database implementations, metaverse operations, virtualization, etc.). The tools that are relied on to achieve the necessary time performance, synchronization, and bounded latency communication for networked systems are often referred to as time-sensitive networking (TSN). In TSN implementations, clock followers (e.g., devices that use a time value, also known as a “peripheral”) rely on clock leaders (e.g., devices that periodically, e.g., every synchronization cycle, provide a time value) to be legitimate time sources. In some settings, clock leaders are also referred to as a “master” clock. A malicious clock leader can annul any and all security measures used in the time synchronized fabric or used on the clock followers, in a wide variety of scenarios such as GPS sensing, software/hardware operations, etc. Some network intrusion detection systems include functionality to detect network-based man-in-the-middle attacks when invalid time packets are introduced into a network. However, these intrusion detection systems may not be able to detect all types of malicious data if the malicious data appears to be generated from a legitimate source. As a result, clock followers may not be able to detect malicious clock leaders that falsely sign origin timestamp packets and tamper with the expected clock frequency of clock followers. BRIEF DESCRIPTION OF THE DRAWINGS In the drawings, which are not necessarily drawn to scale, like numerals may describe similar components in different views. Like numerals having different letter suffixes may represent different instances of similar components. Some embodiments are illustrated by way of example, and not limitation, in the figures of the accompanying drawings in which: FIG. 1 illustrates an example arrangement of a time-synchronized network, according to an example. FIG. 2 illustrates a scenario for virtual clock tracking and time drift analysis, according to an example. FIGS. 3A and 3B illustrate scenarios for hardware clock tracking and time drift analysis, according to an example. FIGS. 4A and 4B illustrate respective graphs of data measurements and analysis in connection with an origin time attack, according to an example. FIG. 5 illustrates a data flow in an environmental condition time drift model, according to an example. FIG. 6 illustrates additional data flows and processing operations used with an environmental condition time drift model, according to an example. FIG. 7 illustrates a flowchart of a method for clock synchronization, according to an example. FIG. 8 illustrates an example configuration of an apparatus or system using the time synchronization and time drift detection techniques, according to an example. FIG. 9 is a block diagram illustrating an example machine upon which any one or more of the techniques (e.g., methodologies) discussed herein may perform, according to an example. DETAILED DESCRIPTION In the following description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of some example embodiments. It will be evident, however, to one skilled in the art that the present disclosure may be practiced without these specific details. The following disclosure relates to improvements in security and functionality in time synchronization and implementation of time-sensitive applications among computing devices. Among other benefits, the following techniques can be used to identify an origin time attack from a compromised or fraudulent clock leader and to enact an appropriate response at the clock follower. Even if a time synchronization message from the clock leader is untampered, this does not guarantee that the clock leader itself is providing valid time values. Thus, the following techniques address an assumption that all clock sources in time-synchronized networks can be trusted. The lack of current approaches to identify a fraudulent clock source can cause a computing device to follow a malicious clock leader or perform a holdover to a malicious clock leader at runtime. In an example, a data processing model is used at a clock follower to evaluate the validity of time synchronization changes provided by a clock leader. This data processing model enables a clock follower to diagnose the clock leader for potential tampering-without disruption to a normal time synchronization process at the clock follower. An example data processing model implements a mathematical model that evaluates data from one o