Attacking the Network Time Protocol

Malhotra, Aanchal; Cohen, Isaac E.; Brakke, Erik; Goldberg, Sharon

doi:10.14722/ndss.2016.23090

Cited by 52 publications

(53 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Recently, Malhotra et al [36] showed that attacks on the Network Time Protocol can trick a client system to revert its clock back in time by several years. Such attacks may revive expired certificates with weak RSA keys (easily broken), and weak hashing algorithms (i.e., re-enabling any certificate colliding with a previously-valid certificate, e.g., the colliding CA certificate forged in [60]).…”

Section: ) Invalid Chain Of Trustmentioning

confidence: 99%

Killed by Proxy: Analyzing Client-end TLS Interception Software

Carnavalet¹,

Mannan²

2016

Proceedings 2016 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Abstract-To filter SSL/TLS-protected traffic, some antivirus and parental-control applications interpose a TLS proxy in the middle of the host's communications. We set out to analyze such proxies as there are known problems in other (more matured) TLS processing engines, such as browsers and common TLS libraries. Compared to regular proxies, client-end TLS proxies impose several unique constraints, and must be analyzed for additional attack vectors; e.g., proxies may trust their own root certificates for externally-delivered content and rely on a custom trusted CA store (bypassing OS/browser stores). Covering existing and new attack vectors, we design an integrated framework to analyze such client-end TLS proxies. Using the framework, we perform a thorough analysis of eight antivirus and four parentalcontrol applications for Windows that act as TLS proxies, along with two additional products that only import a root certificate. Our systematic analysis uncovered that several of these tools severely affect TLS security on their host machines. In particular, we found that four products are vulnerable to full server impersonation under an active man-in-the-middle (MITM) attack out-of-the-box, and two more if TLS filtering is enabled. Several of these tools also mislead browsers into believing that a TLS connection is more secure than it actually is, by e.g., artificially upgrading a server's TLS version at the client. Our work is intended to highlight new risks introduced by TLS interception tools, which are possibly used by millions of users.

show abstract

Section: ) Invalid Chain Of Trustmentioning

confidence: 99%

Killed by Proxy: Analyzing Client-end TLS Interception Software

Carnavalet¹,

Mannan²

2016

Proceedings 2016 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…Time services such as NTP [95], [96] enable hosts to learn the current time and synchronize their clocks against authoritative sources such as NIST's Internet Time Service [83]. Cryptographic authentication was a late addition to NTP [64] and is still in limited use, leading to many vulnerabilities [86]. For example, an attacker impersonating a legitimate time service might falsify the current time, to trick a client into accepting an expired certificate or other stale credentials.…”

Section: Time and Timestamping Authoritiesmentioning

confidence: 99%

“…Attackers obtaining the secret keys of any of hundreds of CAs [50] can and have misused CA authority to impersonate web sites and spy on users [8], [21], [22], [129]. By impersonating a time service an attacker can trick clients into accepting expired certificates or other stale credentials [86]. Criminals increasingly use stolen codesigning keys to make their malware appear trustworthy [66].…”

Section: Introductionmentioning

confidence: 99%

Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning

Syta

Tamas

Visher

et al. 2016

2016 IEEE Symposium on Security and Privacy (SP)

213

154

View full text Add to dashboard Cite

Abstract-The secret keys of critical network authoritiessuch as time, name, certificate, and software update services -represent high-value targets for hackers, criminals, and spy agencies wishing to use these keys secretly to compromise other hosts. To protect authorities and their clients proactively from undetected exploits and misuse, we introduce CoSi, a scalable witness cosigning protocol ensuring that every authoritative statement is validated and publicly logged by a diverse group of witnesses before any client will accept it. A statement S collectively signed by W witnesses assures clients that S has been seen, and not immediately found erroneous, by those W observers. Even if S is compromised in a fashion not readily detectable by the witnesses, CoSi still guarantees S's exposure to public scrutiny, forcing secrecy-minded attackers to risk that the compromise will soon be detected by one of the W witnesses. Because clients can verify collective signatures efficiently without communication, CoSi protects clients' privacy, and offers the first transparency mechanism effective against persistent man-inthe-middle attackers who control a victim's Internet access, the authority's secret key, and several witnesses' secret keys. CoSi builds on existing cryptographic multisignature methods, scaling them to support thousands of witnesses via signature aggregation over efficient communication trees. A working prototype demonstrates CoSi in the context of timestamping and logging authorities, enabling groups of over 8,000 distributed witnesses to cosign authoritative statements in under two seconds.

show abstract

“…Applications and demand for accurate network time transfer include securities trading [5], distributed databases [6], and realtime cyber-physical systems [7][8][9]. Generally, while information security applications do not yet require UTC at high resolution, they do rely on time accuracy and network integrity [10]. For these reasons, trusted, highly available primary sources of network time like the ITS are vital public resources.…”

Section: Overviewmentioning

confidence: 99%

“…While the message format is unchanged from version 3, the synchronization servo is much improved in later versions. Also, it is likely that security issues [10,36] will be remedied only for current clients. Simple-NTP (SNTP) [14] shares NTP's messaging format but implements fewer features, such as use of the stratum distribution model; popular implementations include sntp and ntpdate [21].…”

Section: Analysis and Findingsmentioning

confidence: 99%

Usage Analysis of the NIST Internet Time Service

Sherman¹,

Levine²

2016

J. RES. NATL. INST. STAN.

View full text Add to dashboard Cite

The Internet Time Service (ITS) at the National Institute of Standards and Technology (NIST) currently receives over 16 billion time requests per day. ITS servers derive their system time from the NIST atomic-referenced time scale and distribute it freely to the public. Here we explore ITS usage patterns discovered by analysis of inbound network traffic. For example, over a period of four weeks, just two of the ≈ 20 ITS servers received requests from 316 million unique Internet Protocol (IPv4) addresses, which is at least 8.5 % of the entire Internet. We offer recommendations for networked device/software manufacturers, and providers and consumers of network time services. OverviewAmong national metrological institutes, NIST operates the largest ensemble of time-serving computers (timesevers) on the public Internet [1]. The approximately twenty [2] servers' system clocks are synchronized to a time scale governed by atomic clocks and primary frequency standards [3], the laboratory's realization of Coordinated Universal Time, UTC(NIST). The timeservers are geographically diverse, operate with independent synchronization links, and provide a source of time independent of Global Navigation Satellite Systems such as the Global Positioning System (GPS) [4]. Historically, traffic to the ITS has grown exponentially and now (at time of writing) exceeds 1.6 × 10 10 requests daily (see Fig. 1). Applications and demand for accurate network time transfer include securities trading [5], distributed databases [6], and realtime cyber-physical systems [7][8][9]. Generally, while information security applications do not yet require UTC at high resolution, they do rely on time accuracy and network integrity [10]. For these reasons, trusted, highly available primary sources of network time like the ITS are vital public resources. Industry forecasts predict even more classes of appliances will become networked (i.e., Internet of Things [11]), implying further significant growth potential in demand for network time. Therefore, it is important to understand ITS usage patterns in order to optimally use and provision ITS resources.Since background information about network time transfer and the ITS [12] is available elsewhere, we cover only relevant details in Sec. 2. Thus far, the only published ITS usage statistics are daily request totals. In this work, we explore usage patterns in finer detail. In Sec. 3 we present new findings including temporal patterns in request rate, and estimates of the number, character, and behavior of unique clients. Given the large request rate (averaging over 28,000/s on one server), and the delay-sensitive nature of the

show abstract

Attacking the Network Time Protocol

Cited by 52 publications

References 14 publications

Killed by Proxy: Analyzing Client-end TLS Interception Software

Killed by Proxy: Analyzing Client-end TLS Interception Software

Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning

Usage Analysis of the NIST Internet Time Service

Contact Info

Product

Resources

About