Time Synchronization for Secure Networks Using Fiber
Technical & Application Notes
Government and military networks often utilize the concept of unclassified networks vs classified networks to manage levels of information security. Since a complete “air-gap” around a highly sensitive network is not practical, every data connection is evaluated as a security risk.
When it comes to accurate synchronization traceable to time standards on a classified network, we lose the ability to deploy a GPS receiver due to restrictions on wireless connections. The best choice for a “wired” connection is fiber optics since they do not emit nor receive electromagnetic energy. In its SecureSync synchronization platform, Orolia has deployed fiber optics for the transfer of any digital synchronization signal that can be utilized for synchronization of isolated networks.
A pair of SecureSyncs are deployed on opposites sides of a security boundary. The unit on the unclassified network is deployed with a GPS receiver and transmits highly accurate timing data to the unit on the classified network via IRIG time code. Then this “IRIG slave” operates as the master clock for all time-sensitive devices on the classified network. In this scheme, a single master can serve many isolated networks via multiple IRIG ports.
The IRIG connection is one-way. IRIG time code is not a communication protocol therefore, there are no requests nor hand-shaking. A time and date message is streamed point-to-point. The transmitter of IRIG data cannot receive any information and the receiver cannot transmit any information to comply with the practices of network isolation.
At the time of this writing, Orolia utilizes Avago Technologies’ fiber optic ports (transmitter P/N = HFBR-1414TZ; receiver P/N = HFBR-2416TZ). However, if further qualification is required contact us to verify the current configuration.
Accurate Time with Network Isolation
- Compatible with SIPRNET and NIPRNET
- No wireless connection (GPS receiver)
- One-way communication via IRIG timing protocol does not allow unauthorized access
- Fiber optic connections protect against unauthorized access