Network Time Security for the Network Time Protocol

Sibold, Dieter; Franke, Daniel; Sundblad, Ragnar; Dansarie, Marcus; Teichel, Kristof

doi:10.17487/rfc8915

Cited by 30 publications

(26 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…NTP Security. Different recommendations for securing NTP were proposed, such as TLS for NTP (NTS) [41], or Roughtime [42] with proof of misbehaviour (wrong time) to report bad servers. However, none is deployed or used, mostly due to the significant changes to the NTP ecosystem that they require, or assumptions which cannot be fulfilled in practice.…”

Section: Countermeasures and Mitigationsmentioning

confidence: 99%

The Impact of DNS Insecurity on Time

Jeitner

Shulman

Waidner

2020

2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

View full text Add to dashboard Cite

show abstract

Section: Countermeasures and Mitigationsmentioning

confidence: 99%

The Impact of DNS Insecurity on Time

Jeitner

Shulman

Waidner

2020

2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

View full text Add to dashboard Cite

show abstract

“…Finally, in October 2020 the IETF introduced the Network Time Security mechanism in RFC8915 [6] using Transport Layer Security (TLS) [25] and Authenticated Encryption with Associated Data (AEAD) [17] to provide cryptographic security for the client-server mode of the Network Time Protocol (NTP). NTS is based on two loosely coupled sub-protocols, the NTS Key Establishment (NTS-KE) which handles initial authentication and key establishment over TLS and the NTS Extension Fields for NTPv4 (NTS-EF) which handles encryption and authentication during NTP time synchronization via extension fields in the NTPv4 packets.…”

Section: Network Time Securitymentioning

confidence: 99%

“…With security measures being too insecure [23], too complex or too inconvenient [19], today the default is still to use NTP and PTP without any countermeasures against manipulations [23]. This circumstance is potentially about to change as in October 2020 the IETF proposed a novel mechanism for cryptographic secured transmission of timestamps without major deficits in accuracy: RFC8915 standardizes the Network Time Security (NTS) mechanism, for using Transport Layer Security (TLS) and Authenticated Encryption with Associated Data (AEAD) in extension to NTPv4 to provide integrity and authenticity for timestamp transmission [6]. In February 2022, the German Federal Office for Information Security (BSI) even issued the official advisory to use NTS in favor of NTP where possible 1 .…”

Section: Introductionmentioning

confidence: 99%

Covert Channels in Network Time Security

Lamshöft

Dittmann

2022

Proceedings of the 2022 ACM Workshop on Information Hiding and Multimedia Security

View full text Add to dashboard Cite

Network Time Security (NTS) specified in RFC8915 is a mechanism to provide cryptographic security for clock synchronization using the Network Time Protocol (NTP) as foundation. By using Transport Layer Security (TLS) and Authenticated Encryption with Associated Data (AEAD) NTS is able to ensure integrity and authenticity between server and clients synchronizing time. However, in the past it was shown that time synchronisation protocols such as the Network Time Protocol (NTP) and the Precision Time Protocol (PTP) might be leveraged as carrier for covert channels, potentially infiltrating or exfiltrating information or to be used as Commandand-Control channels in case of malware infections. By systematically analyzing the NTS specification, we identified 12 potential covert channels, which we describe and discuss in this paper. From the 12 channels, we exemplary selected an client-side approach for a proof-of-concept implementation using NTS random UIDs. Further, we analyze and investigate potential countermeasures and propose a design for an active warden capable of mitigating the covert channels described in this paper.

show abstract

“…NTP is not encrypted nor cryptographically signed (past approaches like the Autokey-protocol [12] are broken [35], the newer Network Time Security (NTS) [10] was introduced recently in 2020 and has no practical relevance yet).…”

Section: Ntpmentioning

confidence: 99%

A Systematic Analysis of Covert Channels in the Network Time Protocol

Hielscher¹,

Lamshöft²,

Kraetzer³

et al. 2021

Proceedings of the 16th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

Covert channels in network protocols are a technique aiming to hide the very existence of secret communication in computer networks. In this work we present a systematic in-depth analysis of covert channels by modification for the Network Time Protocol (NTP). Our analysis results in the identification of 49 covert channels, by applying a covert channel pattern-based taxonomy. The summary and comparison based on nine selected key attributes show that NTP is a plausible carrier for covert channels. The analysis results are evaluated in regards to common behavior of NTP implementations in six major operating systems. Two channels are selected and implemented to be evaluated in network test-beds. By hiding encrypted high entropy data in a high entropy field of NTP we show in our first assessment that practically undetectable channels can be implemented in NTP, motivating the required further research.In our evaluation, we analyze 40,000 NTP server responses from public NTP server providers. We discuss the general approach of the research community that detection of covert channels is the more promising countermeasure, compared to active suppression of covert channels. Therefore, normalization approaches and a secure network environment are introduced. CCS CONCEPTS• Security and privacy → Web protocol security.

show abstract

Network Time Security for the Network Time Protocol

Cited by 30 publications

References 0 publications

The Impact of DNS Insecurity on Time

The Impact of DNS Insecurity on Time

Covert Channels in Network Time Security

A Systematic Analysis of Covert Channels in the Network Time Protocol

Contact Info

Product

Resources

About