Modern timing systems are critical to infrastructure including PKI, smart grids, and autonomous vehicles, yet remain vulnerable to malicious manipulation due to weak security mechanisms, latency sensitivity, and implementation flaws. Method: This work presents the first systematic analysis of hidden attack surfaces in the physical-layer components and device-side timekeeping stages of the digital clock stack, thereby invalidating foundational security assumptions of prevailing trusted timing architectures. We propose a novel hardware-software co-designed trusted timing architecture that jointly models timing protocols and physical-layer behavior, eliminating reliance on holistic system security. Contribution/Results: Leveraging a systematic security analysis framework, we identify multiple previously unknown timing attack vectors and deliver a deployable tamper-resistant timing design, significantly enhancing timing robustness in safety-critical systems.

Despite the critical role of timing infrastructure in enabling essential services, from public key infrastructure and smart grids to autonomous navigation and high-frequency trading, modern timing stacks remain highly vulnerable to malicious attacks. These threats emerge due to several reasons, including inadequate security mechanisms, the timing architectures unique vulnerability to delays, and implementation issues. In this paper, we aim to obtain a holistic understanding of the issues that make the timing stacks vulnerable to adversarial manipulations, what the challenges are in securing them, and what solutions can be borrowed from the research community to address them. To this end, we perform a systematic analysis of the security vulnerabilities of the timing stack. In doing so, we discover new attack surfaces, i.e., physical timing components and on-device timekeeping, which are often overlooked by existing research that predominantly studies the security of time synchronization protocols. We also show that the emerging trusted timing architectures are flawed and risk compromising wider system security, and propose an alternative design using hardware-software co-design.