# **Securing Critical Timing Infrastructure** By: Samer Darras Senior Technical Staff Engineer and Manager in Frequency & Time Systems at Microchip Technology Member of 1588-2019 Standard Working Group # **Table of Contents** | 1. | Status of Precision Time Protocol (PTP) Standards | | | | | |-----|--------------------------------------------------------------|----|--|--|--| | | 1.1. Integrated Security Mechanism – Prong A | | | | | | | 1.2. External Security Mechanisms – Prong B | | | | | | | 1.3. Architecture Guidance – Prong C | 5 | | | | | | 1.4. Monitoring and Management – Prong D | 7 | | | | | 2. | Recommendations to Secure PTP Today | | | | | | | 2.1. Authentication and Encryption | 9 | | | | | | 2.2. Security and Resiliency | 9 | | | | | 3. | Conclusion – Taking the Appropriate Steps to Timing Security | 11 | | | | | 4. | Revision History | 12 | | | | | The | ne Microchip Website | 13 | | | | | Pro | roduct Change Notification Service | 13 | | | | | Cus | ustomer Support | 13 | | | | | Mic | icrochip Devices Code Protection Feature | 13 | | | | | Leg | egal Notice | 13 | | | | | Tra | ademarks | 14 | | | | | Qua | uality Management System | 15 | | | | | Wο | orldwide Sales and Service | 16 | | | | #### 1. Status of Precision Time Protocol (PTP) Standards Precision Timing Protocol (PTP) is a protocol used to synchronize clocks in many critical infrastructure networks such as telecommunication, energy, utilities, transportation and other industries. An important aspect of these crucial networks is that they need to be secure. So the question is, should PTP also be secure - and if so, what are the essentials operators must know to effectively maintain service continuity? PTP has been used for many years to synchronize clocks based on the assumption that critical infrastructure networks are mostly closed environments, thus less vulnerable to attacks. However, with more focus and awareness today about security across multiple industries, addressing security to protect timing – and more specifically, packetbased timing such as PTP 1588 – has become a much more prominent priority. In the latest release of the PTP standard IEEE® 1588-2019 (version 2.1), four new security prongs or concepts were introduced to address security and resiliency. These prongs can be used individually or in combination to protect against security attacks. This paper presents a brief introduction on the four security prongs and addresses the reasons why Prong C and Prong D are key priorities to address PTP security now, while also recognizing the need for authentication or encryption in the longer term. #### 1.1 Integrated Security Mechanism – Prong A In Prong A, a new Authentication Type-Length-Value (TLV), a normative TLV, was added at the end of PTP messages to ensure the integrity and authenticity of the messages. Figure 1-1. PTP Frame with Authentication TLV Figure 1-1 shows a 1588 PTP packet with various fields and the specific Authentication TLV appended right ahead of the Message Authentication Code. Right after the PTP header a field ("S") indicates the Authentication TLV is used in this packet. Since PTP messages do not carry sensitive information and nothing confidential in timestamps, the integrity and authenticity of the PTP messages are what is important. Integrity ensures the packets were not changed, maliciously or accidentally, along the path. That is why authentication is considered secure without the need for encryption, since PTP information is not confidential. The security key distribution for the Authentication TLV has not been finalized yet. Currently, proposals are being discussed and reviewed by the Internet Engineering Task Force (IETF) and Institute of Electrical and Electronics Engineers (IEEE). For this reason, while the authentication of timing packets is a very valuable security enhancement, this capability is probably best implemented once the key distribution is finalized. Therefore, the focus of this paper will not be on this capability, pending further progress in the standards bodies or adoption of authentication keys in PTP clients. White Paper DS00004262A-page 3 © 2021 Microchip Technology Inc. #### 1.2 External Security Mechanisms – Prong B This prong encompasses using well known transport security mechanisms such as IPsec (IP Security) and MACsec (Media Access Control Security) for securing PTP and basically, using existing security infrastructures that may already have been deployed in a network to secure the transport of PTP messages. Figure 1-2. PTP Payload Encapsulation in MACsec Frame Figure 1-2 shows an encrypted payload preceded by a security TAG field as well as a MACsec layer, both on transmit and receive sides, inserted between the MAC layer and the 1588 layer. While this approach may sound effective, it is worth noting that because of the added layer of encrypting of PTP packets, the accuracy of the timestamps may degrade, causing it to be outside of the required specifications for some applications. Also, the definition of the timestamp mark is the first byte after the Start of Header (SOH). Prepending data moves, the timestamp is relative to the receiver and requires additional complexity to correct. Application accuracy requirements vary widely and can range from a few nanoseconds in applications such as 5G to milliseconds in a company enterprise network where the primary use case is to synchronize PCs for logging and accounting purposes. These challenges will be discussed later in this paper, along with steps to address them. The main hurdle to encryption is the requirement to adapt hardware to include a PHY (physical layer of the OSI model) chip that embeds MACsec capabilities. Discussed here also will be the benefits presented by this form of security. In the short term, however, the assumption will be that operators do not wish to invest in new hardware that supports new PHYs – therefore, the focus here will concentrate on other aspects that can be addressed with today's timing appliances. © 2021 Microchip Technology Inc. White Paper DS00004262A-page 4 and its subsidiaries IPsec is a secure network protocol suite that authenticates and encrypts packets to provide secure communication between two devices. IPsec is a layer 3 OSI model scheme, it typically processes authentication and encryption of packets in software which adds a lot of variability to the accuracy of timestamps. It somewhat diminishes the value of PTP being so accurate using hardware timestamping. ### 1.3 Architecture Guidance – Prong C The architecture that Prong C proposes is a set of methods describing three approaches of securing PTP via resiliency. #### 1.3.1 Multiple Inputs Using Various Timing Systems There are other types of timing systems that can be used to complement PTP. Examples include the Global Navigation Satellite System (GNSS), Inter-Range Instrumentation Group (IRIG), and Time-of-Day (ToD), as defined in the ITU G.8271 standard. A timing appliance can test the performance of PTP against other available timing systems to detect timing errors. Having three or more timing systems as potential inputs, the timing appliance can run a majority vote scheme to detect spoofing or delay attacks on the PTP timing system. A priority scheme can also be used to assign a higher priority value to the more trusted timing systems in the case of a tie when having an even number of timing systems. Figure 1-3. Timing Appliance with Multiple Timing Systems Figure 1-3 shows a timing appliance with multiple timing references, with Priority 1 assigned to GNSS and ToD while Priority 2 is assigned to PTP. If the PTP timing reference path gets compromised, the timing appliance can reject it and use an alternate timing references. #### 1.3.2 Multiple PTP Grandmasters Multiple grandmasters can also be used to increase robustness and resiliency against security attacks. In this case, multiple domains and/or multiple profiles can be used to run a majority voting algorithm between multiple PTP instances to detect timing errors. White Paper Figure 1-4. Multiple PTP Grandmaster with Different Domains Figure 1-4 shows a timing appliance receiving PTP messages from three separate grandmasters using different PTP domain numbers. If grandmaster A was spoofed, the timing appliance should be able to detect that the timing from grandmaster A does not match the timing coming from grandmasters B and C. In this case, it disqualifies grandmaster A as a timing reference and potentially raises an alarm to the Network Management System (NMS), so a network engineer can investigate and take appropriate action. #### 1.3.3 Multiple Network Paths This method describes the use of multiple paths to the timing appliance. A single multi-port grandmaster or multiple grandmasters can be used in this case. If a timing appliance supports multiple physical ports capable of running PTP, then it can compare the timing performance on the paths and run a majority voting algorithm to detect anomalies. The timing appliance can detect large time jumps or unexpected path delay on the path by comparing the timing performance against the other paths. Figure 1-5. Timing Appliance Using Multiple Paths Figure 1-5 describes a multi-port grandmaster connected to a multi-port timing appliance via three different paths, one with three boundary clocks (BCs), one with two boundary clocks and one with a single boundary clock. The standard would select the path with the lower number of BCs. We will show in this document that specific implementation can provide more value than the standard by taking into account other factors than simply the number of BCs on the respective paths. ### 1.4 Monitoring and Management – Prong D In Prong D, signal monitoring and external management mechanisms can be used to detect time anomalies. Typically, this security approach has more value when it is combined with the architecture security prong, as it feeds very well into the majority voting algorithm to qualify or disqualify a timing system. Various parameters and aspects could be monitored to enhance security, including factors like link delay, unexpected offset jumps, or large variations in asymmetry between the Sync T1/T2 timestamps and Delay T3/T4 timestamps. Additional parameters such as counters that can check the PTP message rate or detection of duplicate PTP messages using sequence ID could also provide some indication of possible DoS or replay attacks. An external Network Management System (NMS) has a higher view of the network topology and can monitor all devices and network changes. Upon detection of an attack on grandmaster or path, it can inform a timing appliance to stop using the grandmaster or path for time synchronization. Figure 1-6. Monitoring and Management NMS detects that BC-A was attacked so it informs the Timing Appliance not to synchronize to BC-A, instead use sync from BC-C # 2. Recommendations to Secure PTP Today #### 2.1 Authentication and Encryption Critical infrastructure networks are closed and protected environments less prone to typical attacks than networks that are more open in nature. Typically, access control mechanisms are very much needed to secure the connectivity to the various timing devices in the network. Firewalls should be the critical first step. Implementing Authentication, Authorization, Accounting (AAA) mechanisms using servers deployed for the purpose of network security such as TACACS+ or Radius are of great value. The addition of two-factor authentication (2FA) and security levels to categorize users and respective rights also are recommended steps. However, authentication of PTP traffic per se (Prong A) is a capability to keep in mind but may not be urgent to deploy now, given the lack of finalization at the standard bodies on the topic of key exchange. Encryption used to be a hurdle as it relates to PTP, for performance reasons. However, today PHY chips not only embed MACsec encryption but also implement mitigation steps to alleviate the performance drawbacks. Therefore, it is recommended that operators move forward with adoption of encryption of PTP (Prong B) for devices now in the design stage and those in which a future-proof evolution is planned. ### 2.2 Security and Resiliency Prong C and Prong D have introduced security approaches that offer security benefits that can be leveraged to ensure the enablement of more resilient networks. Prong C referred to "majority vote" mechanisms to select the best clock. This majority vote algorithm is defined by the IEEE 1588-2019 standard and involves a Global-Best Master Clock Algorithm (G-BMCA). #### 2.2.1 Introduction of Global Best Master Clock Algorithm G-BMCA The Best Master Clock Algorithm (BMCA) is what PTP uses to select the best clock to use as a reference. In the case of a single grandmaster, the BMCA works by selecting the best path from the grandmaster by choosing a path with the least number of boundary clocks, irrespective of the presence of transparent clocks in the path or the path characteristics like jitter, asymmetry and path delay. G-BMCA was introduced to include path performance and support datasets from multiple PTP instances. The G-BMCA runs as a single instance and uses a Performance Figure of Merit (PFOM) metric calculated in the PTP instance. The PFOM check can be added at any stage in the BMCA datasets comparison tree depending on the confidence level in the metric. Along with datasets from the multiple PTP instances, the G-BMCA decides the best PTP instance that ultimately is used as the reference to the timing appliance. Figure 2-1. Timing Appliance Using Global BMC Algorithm It is important to note that Prong C and Prong D were defined for security purposes but can be used to provide more resiliency, by providing a more robust Assisted Partial Timing Support (APTS). Combined with the ability to support three PTP client inputs and the use of G-BMCA, a grandmaster can leverage three other connected grandmasters in the network and select the best to use for APTS when its GNSS connection is poor, spoofed, jammed or otherwise unavailable. This enables operators to be confident about the robustness and performance of their critical infrastructure network so GNSS can be backed up by PTP in an intelligent, secure and performant manner. Using not only the number of BCs in the path as the standard defines but also the characteristics of the links in a broader sense shows the value of embedded algorithms in grandmasters offering capabilities beyond the pure definition of IEEE 1588-2019. ## 3. Conclusion – Taking the Appropriate Steps to Timing Security Security has become essential. Securing the timing infrastructure also is a necessity. The four security prongs analyzed in this paper each have strengths and weaknesses. For example, delay attacks cannot be easily detected by the authentication and encryption mechanisms proposed in Prong A and Prong B. Also, some timing appliances lack the complicated hardware of having multiple ports or even the capability of running multiple PTP instances as outlined in the architecture prong. Microchip Technology continues to invest in supporting the architecture and monitoring, Prong C and Prong D, respectively, as the first phase of addressing PTP security. These architecture and monitoring mechanisms can be easily deployed in existing networks. Similar mechanisms exist today in many telecommunication networks like Virtual Router Redundancy Protocol (VRRP) and can support the adoption of architecture and monitoring of PTP. These capabilities are at the core of Microchip's new 2.3 software version of TimeProvider 4100, which also supports many other security measures highlighted in this paper, beyond those defined by the four prongs of IEEE 1588-2019. Microchip offers PHY solutions that support MACsec, enabling critical performance which will be considered for new devices. # 4. Revision History | Revision | Date | Description | |----------|---------|------------------| | Α | 11/2021 | Initial Revision | ### The Microchip Website Microchip provides online support via our website at <a href="www.microchip.com">www.microchip.com</a>/. This website is used to make files and information easily available to customers. Some of the content available includes: - Product Support Data sheets and errata, application notes and sample programs, design resources, user's quides and hardware support documents, latest software releases and archived software - General Technical Support Frequently Asked Questions (FAQs), technical support requests, online discussion groups, Microchip design partner program member listing - Business of Microchip Product selector and ordering guides, latest Microchip press releases, listing of seminars and events, listings of Microchip sales offices, distributors and factory representatives ### **Product Change Notification Service** Microchip's product change notification service helps keep customers current on Microchip products. Subscribers will receive email notification whenever there are changes, updates, revisions or errata related to a specified product family or development tool of interest. To register, go to www.microchip.com/pcn and follow the registration instructions. ## **Customer Support** Users of Microchip products can receive assistance through several channels: - · Distributor or Representative - · Local Sales Office - Embedded Solutions Engineer (ESE) - · Technical Support Customers should contact their distributor, representative or ESE for support. Local sales offices are also available to help customers. A listing of sales offices and locations is included in this document. Technical support is available through the website at: www.microchip.com/support # **Microchip Devices Code Protection Feature** Note the following details of the code protection feature on Microchip products: - · Microchip products meet the specifications contained in their particular Microchip Data Sheet. - Microchip believes that its family of products is secure when used in the intended manner, within operating specifications, and under normal conditions. - Microchip values and aggressively protects its intellectual property rights. Attempts to breach the code protection features of Microchip product is strictly prohibited and may violate the Digital Millennium Copyright Act - Neither Microchip nor any other semiconductor manufacturer can guarantee the security of its code. Code protection does not mean that we are guaranteeing the product is "unbreakable". Code protection is constantly evolving. Microchip is committed to continuously improving the code protection features of our products. # **Legal Notice** This publication and the information herein may be used only with Microchip products, including to design, test, and integrate Microchip products with your application. Use of this information in any other manner violates these terms. Information regarding device applications is provided only for your convenience and may be superseded by updates. It is your responsibility to ensure that your application meets with your specifications. Contact your local Microchip sales office for additional support or, obtain additional support at <a href="https://www.microchip.com/en-us/support/design-help/client-support-services">www.microchip.com/en-us/support/design-help/client-support-services</a>. © 2021 Microchip Technology Inc. White Paper DS00004262A-page 13 THIS INFORMATION IS PROVIDED BY MICROCHIP "AS IS". MICROCHIP MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHETHER EXPRESS OR IMPLIED, WRITTEN OR ORAL, STATUTORY OR OTHERWISE, RELATED TO THE INFORMATION INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE, OR WARRANTIES RELATED TO ITS CONDITION, QUALITY, OR PERFORMANCE. IN NO EVENT WILL MICROCHIP BE LIABLE FOR ANY INDIRECT, SPECIAL, PUNITIVE, INCIDENTAL, OR CONSEQUENTIAL LOSS, DAMAGE, COST, OR EXPENSE OF ANY KIND WHATSOEVER RELATED TO THE INFORMATION OR ITS USE, HOWEVER CAUSED, EVEN IF MICROCHIP HAS BEEN ADVISED OF THE POSSIBILITY OR THE DAMAGES ARE FORESEEABLE. TO THE FULLEST EXTENT ALLOWED BY LAW, MICROCHIP'S TOTAL LIABILITY ON ALL CLAIMS IN ANY WAY RELATED TO THE INFORMATION OR ITS USE WILL NOT EXCEED THE AMOUNT OF FEES, IF ANY, THAT YOU HAVE PAID DIRECTLY TO MICROCHIP FOR THE INFORMATION. Use of Microchip devices in life support and/or safety applications is entirely at the buyer's risk, and the buyer agrees to defend, indemnify and hold harmless Microchip from any and all damages, claims, suits, or expenses resulting from such use. No licenses are conveyed, implicitly or otherwise, under any Microchip intellectual property rights unless otherwise stated. #### **Trademarks** The Microchip name and logo, the Microchip logo, Adaptec, AnyRate, AVR, AVR logo, AVR Freaks, BesTime, BitCloud, CryptoMemory, CryptoRF, dsPIC, flexPWR, HELDO, IGLOO, JukeBlox, KeeLog, Kleer, LANCheck, LinkMD, maXStylus, maXTouch, MediaLB, megaAVR, Microsemi, Microsemi logo, MOST, MOST logo, MPLAB, OptoLyzer, PIC, picoPower, PICSTART, PIC32 logo, PolarFire, Prochip Designer, QTouch, SAM-BA, SenGenuity, SpyNIC, SST, SST Logo, SuperFlash, Symmetricom, SyncServer, Tachyon, TimeSource, tinyAVR, UNI/O, Vectron, and XMEGA are registered trademarks of Microchip Technology Incorporated in the U.S.A. and other countries. AgileSwitch, APT, ClockWorks, The Embedded Control Solutions Company, EtherSynch, Flashtec, Hyper Speed Control, HyperLight Load, IntelliMOS, Libero, motorBench, mTouch, Powermite 3, Precision Edge, ProASIC, ProASIC Plus, ProASIC Plus logo, Quiet- Wire, SmartFusion, SyncWorld, Temux, TimeCesium, TimeHub, TimePictra, TimeProvider, TrueTime, WinPath, and ZL are registered trademarks of Microchip Technology Incorporated in the U.S.A. Adjacent Key Suppression, AKS, Analog-for-the-Digital Age, Any Capacitor, AnyIn, AnyOut, Augmented Switching, BlueSky, BodyCom, CodeGuard, CryptoAuthentication, CryptoAutomotive, CryptoCompanion, CryptoController, dsPICDEM, dsPICDEM.net, Dynamic Average Matching, DAM, ECAN, Espresso T1S, EtherGREEN, GridTime, IdealBridge, In-Circuit Serial Programming, ICSP, INICnet, Intelligent Paralleling, Inter-Chip Connectivity, JitterBlocker, Knob-on-Display, maxCrypto, maxView, memBrain, Mindi, MiWi, MPASM, MPF, MPLAB Certified logo, MPLIB, MPLINK, MultiTRAK, NetDetach, NVM Express, NVMe, Omniscient Code Generation, PICDEM, PICDEM.net, PICkit, PICtail, PowerSmart, PureSilicon, QMatrix, REAL ICE, Ripple Blocker, RTAX, RTG4, SAM-ICE, Serial Quad I/O, simpleMAP, SimpliPHY, SmartBuffer, SmartHLS, SMART-I.S., storClad, SQI, SuperSwitcher, SuperSwitcher II, Switchtec, SynchroPHY, Total Endurance, TSHARC, USBCheck, VariSense, VectorBlox, VeriPHY, ViewSpan, WiperLock, XpressConnect, and ZENA are trademarks of Microchip Technology Incorporated in the U.S.A. and other countries. SQTP is a service mark of Microchip Technology Incorporated in the U.S.A. The Adaptec logo, Frequency on Demand, Silicon Storage Technology, Symmcom, and Trusted Time are registered trademarks of Microchip Technology Inc. in other countries. GestIC is a registered trademark of Microchip Technology Germany II GmbH & Co. KG, a subsidiary of Microchip Technology Inc., in other countries. All other trademarks mentioned herein are property of their respective companies. © 2021, Microchip Technology Incorporated and its subsidiaries. All Rights Reserved. ISBN: 978-1-5224-9124-8 | Quality Management System | | | | | | | | |-----------------------------------------------------------------------------------------------------------|--|--|--|--|--|--|--| | For information regarding Microchip's Quality Management Systems, please visit www.microchip.com/quality. | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | # **Worldwide Sales and Service** | AMERICAS | ASIA/PACIFIC | ASIA/PACIFIC | EUROPE | |--------------------------|-----------------------|-------------------------|-----------------------| | Corporate Office | Australia - Sydney | India - Bangalore | Austria - Wels | | 355 West Chandler Blvd. | Tel: 61-2-9868-6733 | Tel: 91-80-3090-4444 | Tel: 43-7242-2244-39 | | handler, AZ 85224-6199 | China - Beijing | India - New Delhi | Fax: 43-7242-2244-393 | | el: 480-792-7200 | Tel: 86-10-8569-7000 | Tel: 91-11-4160-8631 | Denmark - Copenhagen | | ax: 480-792-7277 | China - Chengdu | India - Pune | Tel: 45-4485-5910 | | echnical Support: | Tel: 86-28-8665-5511 | Tel: 91-20-4121-0141 | Fax: 45-4485-2829 | | ww.microchip.com/support | China - Chongqing | Japan - Osaka | Finland - Espoo | | /eb Address: | Tel: 86-23-8980-9588 | Tel: 81-6-6152-7160 | Tel: 358-9-4520-820 | | ww.microchip.com | China - Dongguan | Japan - Tokyo | France - Paris | | tlanta | Tel: 86-769-8702-9880 | Tel: 81-3-6880- 3770 | Tel: 33-1-69-53-63-20 | | uluth, GA | China - Guangzhou | Korea - Daegu | Fax: 33-1-69-30-90-79 | | el: 678-957-9614 | Tel: 86-20-8755-8029 | Tel: 82-53-744-4301 | Germany - Garching | | ax: 678-957-1455 | China - Hangzhou | Korea - Seoul | Tel: 49-8931-9700 | | ustin, TX | Tel: 86-571-8792-8115 | Tel: 82-2-554-7200 | Germany - Haan | | el: 512-257-3370 | China - Hong Kong SAR | Malaysia - Kuala Lumpur | Tel: 49-2129-3766400 | | oston | Tel: 852-2943-5100 | Tel: 60-3-7651-7906 | Germany - Heilbronn | | /estborough, MA | China - Nanjing | Malaysia - Penang | Tel: 49-7131-72400 | | el: 774-760-0087 | Tel: 86-25-8473-2460 | Tel: 60-4-227-8870 | Germany - Karlsruhe | | ax: 774-760-0088 | China - Qingdao | Philippines - Manila | Tel: 49-721-625370 | | hicago | Tel: 86-532-8502-7355 | Tel: 63-2-634-9065 | Germany - Munich | | asca, IL | China - Shanghai | Singapore | Tel: 49-89-627-144-0 | | el: 630-285-0071 | Tel: 86-21-3326-8000 | Tel: 65-6334-8870 | Fax: 49-89-627-144-44 | | ax: 630-285-0075 | China - Shenyang | Taiwan - Hsin Chu | Germany - Rosenheim | | allas | Tel: 86-24-2334-2829 | Tel: 886-3-577-8366 | Tel: 49-8031-354-560 | | ddison, TX | China - Shenzhen | Taiwan - Kaohsiung | Israel - Ra'anana | | el: 972-818-7423 | Tel: 86-755-8864-2200 | Tel: 886-7-213-7830 | Tel: 972-9-744-7705 | | ax: 972-818-2924 | China - Suzhou | Taiwan - Taipei | Italy - Milan | | etroit | Tel: 86-186-6233-1526 | Tel: 886-2-2508-8600 | Tel: 39-0331-742611 | | lovi, MI | China - Wuhan | Thailand - Bangkok | Fax: 39-0331-466781 | | el: 248-848-4000 | Tel: 86-27-5980-5300 | Tel: 66-2-694-1351 | Italy - Padova | | ouston, TX | China - Xian | Vietnam - Ho Chi Minh | Tel: 39-049-7625286 | | el: 281-894-5983 | Tel: 86-29-8833-7252 | Tel: 84-28-5448-2100 | Netherlands - Drunen | | dianapolis | China - Xiamen | | Tel: 31-416-690399 | | oblesville, IN | Tel: 86-592-2388138 | | Fax: 31-416-690340 | | el: 317-773-8323 | China - Zhuhai | | Norway - Trondheim | | ax: 317-773-5453 | Tel: 86-756-3210040 | | Tel: 47-72884388 | | el: 317-536-2380 | | | Poland - Warsaw | | os Angeles | | | Tel: 48-22-3325737 | | lission Viejo, CA | | | Romania - Bucharest | | el: 949-462-9523 | | | Tel: 40-21-407-87-50 | | ax: 949-462-9608 | | | Spain - Madrid | | el: 951-273-7800 | | | Tel: 34-91-708-08-90 | | aleigh, NC | | | Fax: 34-91-708-08-91 | | el: 919-844-7510 | | | Sweden - Gothenberg | | ew York, NY | | | Tel: 46-31-704-60-40 | | el: 631-435-6000 | | | Sweden - Stockholm | | an Jose, CA | | | Tel: 46-8-5090-4654 | | el: 408-735-9110 | | | UK - Wokingham | | el: 408-436-4270 | | | Tel: 44-118-921-5800 | | anada - Toronto | | | Fax: 44-118-921-5820 | | el: 905-695-1980 | | | | | Fax: 905-695-2078 | | | |