Art. 9 GeBüV, Timestamps and DCF 77

Bad news for operators of systems which use the DCF 77 signal for time stamping. According to Art. 9, the following requirements apply when working with changeable memories:

Art. 9 Permissible information carriers

1 For the retention of records are permissible:

  1. ..
  2. changeable information carriers, if:

technical procedures are used which guarantee the integrity of the stored information (e.g. digital signature procedures),

the time at which the information is stored is verifiable in an unforgeable manner (e.g. by “time stamp”)

These requirements are to be understood cumulatively. The timestamp is enormously important, because it can be used to prevent data from being subsequently changed and saved with an old date. Fulfilling this requirement is almost only possible if the timestamp comes from a trusted source (e.g. Time Stamping Provider). Consequently, this means that the time itself must come from a trusted source, which the provider or the client uses to create the timestamp. In many cases, the DCF77 signal is used for this purpose. Unfortunately, it now appears that this source can be duped by simple means. The technical article by Compass employee Reto Schaedler shows how this attack works.


Submit a Comment

Your email address will not be published. Required fields are marked *

Related articles

On 16.3. is Digital Cleanup Day

On 16.3. is Digital Cleanup Day

Tidying up is clearly not everyone's cup of tea, but we all know the good feeling that a tidy room, a tidy desk or ... a tidy drive! You can feel proud with a clear conscience, because deleting data also has an important effect on energy consumption. I have calculated...

read more
Dealing with data risks: Data breach notification

Dealing with data risks: Data breach notification

A data breach notification or "data breach notification" refers to the process by which an organization or company is required to notify the relevant data protection authorities and, if applicable, data subjects of a data breach that is likely to result in a high risk...

read more