The Threat of Covert Channels in Network Time Synchronisation Protocols

Abstract: Synchronized clocks are vital for most communication scenarios in networks of Information Technology (IT) and Operational Technology (OT). The process of time synchronisation requires transmission of high-precision timestamps often originating from external sources. In this paper, we analyze how time synchronization protocols impose a threat by being leveraged as carrier for network covert channels. This paper is an extended version version of our open-access paper [15] in which we performed an in-depth analys… Show more

“…The complete transfer of the text (169kb) takes roughly 12 hours in the test environment (256 bit per UID, 62 seconds between time requests using chrony). First tests with statistical methods (entropy, runs-test, chi-squared) and rand-test 9 we were not able to differentiate between original and embedded UIDs. In the following, we describe how to overcome this issue and design an active warden, capable of mitigating the covert channels described in this paper.…”

“…With the decrypted client-to-server 𝐾 𝐶2𝑆 the server verifies the signature of the NTS time request (8). The server generates a NTP response (9), inserts the same Unique Identifier from the request, generates and encrypts new cookies using its secret server key 𝐾 𝑆 (10) and inserts these into the NTS response (11). To secure the transmission, the new cookies are encrypted using the server-to-client key 𝐾 𝑆2𝐶 (12) (so that only the authenticated client can decrypt the cookies).…”

“…For retrieval on the server side, the server seeds the PRNG with the shared secret 𝐾 𝑆𝑡𝑒𝑔 (8) and generates a pseudorandom ID as well. To retrieve the plaintext the server extracts the UID from the clients NTS time request (9) and performs an XOR operation on the extracted UID and the pseudo-random ID it generated with the stego key (10). To retrieve the next message block the server seeds the PRNG with the previous pseudo-random ID (11), generates a new pseudo-random ID, extracts the next UID from the clients time request and performs again an XOR operation on both the UID from the client and the newly generated UID from the server (12).…”

“…This paper aims at closing that gap. In the past related protocols, namely NTP and PTP were analysed in regards to their potential to be used as carrier for covert channels [7,9], for example to covertly infiltrate or exfiltrate information out of network, or to establish Command-and-Control channels (shortened C2 channel). Therefore, in this paper we want to shed light on the threat of covert channels in the novel Network Time Security protocol as the use of cryptography adds further options to establish covert channels and makes their detection even harder.…”

“…However, these form a sub-protocol on their own and do not play a role in NTS. In [9] Lamshöft et al investigate networked time synchronisation protocols as carrier for hidden communication and propose covert channels for the Precision Time Protocol (PTP). In this paper, we focus specifically on covert channels to be found in the NTS specification.…”

Covert Channels in Network Time Security

“…The complete transfer of the text (169kb) takes roughly 12 hours in the test environment (256 bit per UID, 62 seconds between time requests using chrony). First tests with statistical methods (entropy, runs-test, chi-squared) and rand-test 9 we were not able to differentiate between original and embedded UIDs. In the following, we describe how to overcome this issue and design an active warden, capable of mitigating the covert channels described in this paper.…”

“…With the decrypted client-to-server 𝐾 𝐶2𝑆 the server verifies the signature of the NTS time request (8). The server generates a NTP response (9), inserts the same Unique Identifier from the request, generates and encrypts new cookies using its secret server key 𝐾 𝑆 (10) and inserts these into the NTS response (11). To secure the transmission, the new cookies are encrypted using the server-to-client key 𝐾 𝑆2𝐶 (12) (so that only the authenticated client can decrypt the cookies).…”

“…For retrieval on the server side, the server seeds the PRNG with the shared secret 𝐾 𝑆𝑡𝑒𝑔 (8) and generates a pseudorandom ID as well. To retrieve the plaintext the server extracts the UID from the clients NTS time request (9) and performs an XOR operation on the extracted UID and the pseudo-random ID it generated with the stego key (10). To retrieve the next message block the server seeds the PRNG with the previous pseudo-random ID (11), generates a new pseudo-random ID, extracts the next UID from the clients time request and performs again an XOR operation on both the UID from the client and the newly generated UID from the server (12).…”

“…This paper aims at closing that gap. In the past related protocols, namely NTP and PTP were analysed in regards to their potential to be used as carrier for covert channels [7,9], for example to covertly infiltrate or exfiltrate information out of network, or to establish Command-and-Control channels (shortened C2 channel). Therefore, in this paper we want to shed light on the threat of covert channels in the novel Network Time Security protocol as the use of cryptography adds further options to establish covert channels and makes their detection even harder.…”

“…However, these form a sub-protocol on their own and do not play a role in NTS. In [9] Lamshöft et al investigate networked time synchronisation protocols as carrier for hidden communication and propose covert channels for the Precision Time Protocol (PTP). In this paper, we focus specifically on covert channels to be found in the NTS specification.…”

Covert Channels in Network Time Security

Feasibility of Using Seq-GAN Model in Vulnerability Detection of Industrial Control Protocols