© 2018 Microsemi, a wholly owned subsidiary of Microchip Technology Inc. 1

Synchronizing and Securing the Enterprise Network with New Timing Technologies

Barry DroppingSenior Director of Product Management

2© 2018 Microsemi

Time Enables ALL Infrastructures

Data Centers Power Grid Communications

Wireline Communications Secure Communications

Cellular Communications

Enterprise Communications

Seismic Exploration

Financial Exchanges

3© 2018 Microsemi

Use of GPS Timing in Critical Infrastructure / Key Resource Sectors in U.S.

Chemical

Commercial Facilities

Communications

Critical Manufacturing

Dams

Defense Industrial Base

Emergency Services

Energy

Financial Services

Food and Agriculture

Government Facilities

Healthcare

Information Technology

Nuclear Systems

Transportation Systems

Water Systems

Of the 16 Critical Infrastructure / Key

Resource sectors in the U.S., 15 use GPS for

timing.

GPS timing is deemed essential for 13 of the

sectors.

[Source: U.S. DHS]

4© 2018 Microsemi

European MiFID II Legislation• New time stamping requirements in financial transactions

• Requires a system of traceability to UTC.

• Systems must be very time accurate and precise

• Needed to accurately audit all trading activity

Reference time may be UTC disseminated by a satellite system

Timing Requirement• 100 Microseconds to UTC on all trading machines

Banks and trading venues around the world are following this new standard

European MiFID II driving Worldwide Timing TrendUTC Traceability Required in Stock Trading

5© 2018 Microsemi

Generalized MiFID II RequirementsTiming Master, Slave and Monitoring is needed

Timing Master

Timing Slaves

<100 Microseconds

Trading System

Time Monitor/Auditing

Satellite based UTC timing reference

Atomic clock based backup

oscillator

Software/hardware to keep time accurate at the timestamping clients/slaves

Monitoring/Auditing means to monitor

time accuracy and demonstrate compliance

6© 2018 Microsemi

Data Security Standard 3.2 (April 2016)

“When clocks are not properly synchronized it can be difficult, if not impossible, to compare log files from different systems and establish an exact sequence of events (crucial for forensic analysis in the event of a breach).

“For post incident forensics teams, the accuracy and consistency of time across all systems and the time of each activity is critical in determining how the systems were compromised.”

Payment Card Industry Applies to organizations that process Visa, MasterCard, etc. payments

• Section 10.4 Using time synchronization technology, synchronize all critical system clocks and times and ensure that the following is implemented for acquiring, distributing, and storing time.

– 10.4.1 Critical systems have the correct and consistent time.

– 10.4.2 Time data is protected.

– 10.4.3 Time settings are received from industry accepted time sources.

7© 2018 Microsemi

Enterprise Time of Day Landscape

Accurate/Secure/Reliable ToD for servers/routers/applications for improved network operations and business operations

Log file time stamps•Improve log integrity •Improved SIEM/NMS reporting •Speed fault diagnosis

Log file time stamps•Improve log integrity •Improved SIEM/NMS reporting •Speed fault diagnosis

Log file time stamps•Improve log integrity •Improved SIEM/NMS reporting •Speed fault diagnosis

Network Security•Access rights•Non-repudiation•Kerberos•Firewall workaround

Network Operations•Backup/archival/ retrieval•Windows Directory Services•Memcache timestamping•Distributed database alignment•Routers (Stratum 2 down)•Legal/regulatory requirements

Network Operations•Backup/archival/ retrieval•Windows Directory Services•Memcache timestamping•Distributed database alignment•Routers (Stratum 2 down)•Legal/regulatory requirements

“Real World” time values•Email servers•Phone systems•Workstation clocks•Software makefile operations•Business transaction time stamps

8© 2018 Microsemi

Essential Elements of Network Time Synchronization

Accuracy

Security

Reliability

9© 2018 Microsemi

The New SyncServer S600

SyncServer S600

Accuracy Security Reliability

10© 2018 Microsemi

Hardware Clock (1PPS)• <15 nanoseconds RMS to UTC(USNO) while tracking GPS

24 Hour Holdover Accuracy (if GPS signal is disconnected)• Standard: 400 microseconds

• OCXO: 25 microseconds

• Rubidium: <1 microsecond, <3 us at 3 days

Hardware based NTP and PTP timestamps • Improves time accuracy at the NTP/PTP client

• Patented Microsemi NTP packet timestamping algorithm continuously monitors and compensates for all internal delays in real time.

Accuracy AdvantagesHardware Time Stamping for Better Overall Performance

..... .......

Precise & Accurate

Rubidium Atomic clock for best possible holdover accuracy

Accuracy Security Reliability

Rubidium atomic clocks maintain accurate time allowing IT team to fix GPS cable or antenna problems (i.e. lightning strike, etc.)

Rubidium atomic clocks maintain accurate time allowing IT team to fix GPS cable or antenna problems (i.e. lightning strike, etc.)

11© 2018 Microsemi

NEW SyncServer NTP ReflectorTM TechnologyUltra Accurate, Line Speed NTP Operations With Security-Hardening

Accuracy Security Reliability

Hardware

NTP ReflectorTM & Packet Limiters

CPU

Inbound NTP Packets

Time-Stamped NTP Packets

• Security Hardened NTP Operations

• Extremely accurate and ultra high capacity NTP timestamping

Non-NTP Traffic

NETWORK

• Protects CPU from DoS attacks

• All packets to CPU are bandwidth limited with user notification of network packet load changes

S600 NTP Reflector Advantages

Dropped

12© 2018 Microsemi

S600 NTP Operational EffectivenessNTP Clock Accuracy Virtually Immune to NTP Packet Load

NTP Operations S600 Standard NTPd S600 NTP Reflector

Time Accuracy 5 microseconds to UTC, 15 us 1Load Independent

~0.015 microseconds RMS to UTCLoad Independent

Server Capacity 10,000 NTP requests/second 360,000 NTP requests/second

Accuracy Security Reliability

S600 S600

13© 2018 Microsemi

Simultaneous PTP GrandmasterMulti-Port/Profile flexibility

Multicast Profiles• Default Profile Multicast Master

• Enterprise/Hybrid Profile Master

• 1PPS rate: 360,000 slaves

• 128PPS rate: >2,800 slaves

Telecom 2008 Profile• Up to 800 slaves at 128 PPS

PTP Grandmaster Operations Versatile PTP Grandmaster well Suited for Enterprise Operations now and in the Future

Advantages Nanosecond caliber time stamps

Extremely high capacity

Required for financial trading firms• MiFID II 100 microsecond to UTC

Compliance

Accuracy Security Reliability

14© 2018 Microsemi

4 Independent LAN ports• Management relegated to only LAN1

CPU Protection against DoS attacks

NTP Reflector

3rd Party X.509 Certificates

TACACS+, RADIUS, LDAP

SSL/HTTPS Only (no HTTP)

Separate Access Control Lists per port

NTP MD5 Authentication

NTP Autokey (Server & Client)

Service termination capability

Security AdvantagesSecurity-hardening for timing and management is essential

Accuracy Security Reliability

15© 2018 Microsemi

Timing• Standard NTP capacity 10,000 NTP requests per second

• Upgraded capacity 360,000 NTP requests per second

• OCXO & Rubidium Upgrades

• NTPd for time crosschecking

• GPS, GLONASS and/or BeiDou Constellations

Design• Active Thermal Compensation Technology

• Upgraded components to support a wide -20C to 65C temperature specification (non-rubidium product)

• Dual-corded power supply option (with load-leveling/monitoring)

• Vibration tested per MIL-STD-810G; Altitude tested 13,000 ft. (3900 m)

• Earthquake/Seismic tested to ETSI ETS 300 019 2-3/ NEBS GR-63 CORE 4.4

Reliability AdvantagesTiming Reliability is as Important as Design Reliability

MIL-STD

810G

Accuracy Security Reliability

16© 2018 Microsemi

PTP Input OptionBack-up to GPS –or– Tunnel accurate time over network into GPS-denied locations

Input treated like GPS/GNSS

Can be prioritized as an input

Telecom 2008 Unicast Profile

Up to 128 packets per second

Includes Automatic Asymmetry Compensation• If GNSS is available the PTP Input is automatically

characterized and calibrated.

• Characterizes up to 32 different paths

PTPINPUT

Accuracy Security Reliability

17© 2018 Microsemi

Tunnel time via PTP into remote location where GNSS antenna is not practical, or PTP is a backup to GNSS

PTP Output/Input Application Example

WAN/LAN

Telecom Profile Master Telecom Profile Slave

Accuracy Security Reliability

18© 2018 Microsemi

Synchronize 100,000’s of NTP clients• High availability NTP/PTP service operations

Security choices: • Solid range of security hardening features

as standard

• Security-Hardened NTP operations

Reliable source of time• High accuracy, high capacity time stamps, oscillator upgrades

• Very reliable design features: Wide temp. range, shock & vibration, dual power supplies, etc.

Best in class Network Time Server!

The Microsemi SyncServer S600Industry Leading Security, Accuracy, Reliability and Flexibility

Accuracy Security Reliability

19© 2018 Microsemi

Secure Firewall Overlay

Identifies spoofing and jamming and protects GPS systems

Integrates seamlessly between existing GPS antenna and GPS system

Optional external 1PPS and 10 MHz timing reference inputs for extended holdover and enhanced detection capabilities

Local and remote CLI in addition to secure and easy-to-use web interface

Seamless integration with TimePictra provides end-to-end management

20© 2018 Microsemi

System designers can no longer treat GPS as a “trusted” source of time

• GPS signal-in-space threats are not just a theoretical possibility –they have been realized

• Measures must be taken to ensure your system is not vulnerable to signal-in-space attacks

Securing GPS-based systems from signal-in-space attacks requires a layered approach to system design

• Detection: Rapidly identify local GPS anomalies such as spoofing or jamming

• Resiliency: Design systems that can continue their operations during periods of GPS outages

• Visibility: Provide situational awareness of the GPS environment

Last but not least: The sky is not falling

• Practical things can be done today to harden your system against signal-in-space threats

Key Points

Design Approach for Securing Systems Against GPS Signal-in-Space Threats

VISIBILITY

DETECTION

RESILIENCY

21© 2018 Microsemi

Microsemi, a wholly owned subsidiary of Microchip Technology Inc. (Nasdaq: MCHP), offers a comprehensive portfolio of semiconductor and systemsolutions for aerospace & defense, communications, data center and industrial markets. Products include high-performance and radiation-hardenedanalog mixed-signal integrated circuits, FPGAs, SoCs and ASICs; power management products; timing and synchronization devices and precise timesolutions, setting the world's standard for time; voice processing devices; RF solutions; discrete components; enterprise storage and communicationsolutions, security technologies and scalable anti-tamper products; Ethernet solutions; Power-over-Ethernet ICs and midspans; as well as custom designcapabilities and services. Learn more at www.microsemi.com.

Microsemi makes no warranty, representation, or guarantee regarding the information contained herein or the suitability of its products and services for any particular purpose, nor does Microsemiassume any liability whatsoever arising out of the application or use of any product or circuit. The products sold hereunder and any other products sold by Microsemi have been subject to limitedtesting and should not be used in conjunction with mission-critical equipment or applications. Any performance specifications are believed to be reliable but are not verified, and Buyer must conductand complete all performance and other testing of the products, alone and together with, or installed in, any end-products. Buyer shall not rely on any data and performance specifications orparameters provided by Microsemi. It is the Buyer’s responsibility to independently determine suitability of any products and to test and verify the same. The information provided by Microsemihereunder is provided “as is, where is” and with all faults, and the entire risk associated with such information is entirely with the Buyer. Microsemi does not grant, explicitly or implicitly, to any partyany patent rights, licenses, or any other IP rights, whether with regard to such information itself or anything described by such information. Information provided in this document is proprietary toMicrosemi, and Microsemi reserves the right to make any changes to the information in this document or to any products and services at any time without notice.

©2018 Microsemi, a wholly owned subsidiary of Microchip Technology Inc. All rights reserved. Microsemi and the Microsemi logo are registered trademarks of Microsemi Corporation. All othertrademarks and service marks are the property of their respective owners.

Microsemi HeadquartersOne Enterprise, Aliso Viejo, CA 92656 USAWithin the USA: +1 (800) 713-4113Outside the USA: +1 (949) 380-6100Sales: +1 (949) 380-6136Fax: +1 (949) 215-4996email: sales.support@microsemi.comwww.microsemi.com

Thank You