1 / 11

A Security Analysis of Network Time Protocol

A Security Analysis of Network Time Protocol. Paper by Matt Bishop, 1991. Andy Hospodor COEN 317 11/03/03. Sequence. NTP Architecture Overview of Security features Types of attacks on NTP Countermeasures Further reading. Where does time come from?.

timothy-slater
Download Presentation

A Security Analysis of Network Time Protocol

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Security Analysis of Network Time Protocol Paper by Matt Bishop, 1991 Andy Hospodor COEN 317 11/03/03

  2. Sequence • NTP Architecture • Overview of Security features • Types of attacks on NTP • Countermeasures • Further reading

  3. Where does time come from? • Originally from the motion of the earth around the sun • Today, NIST operates atomic clocks and masers that generate time • More recently, USNO • is responsible for distribution of time in the US • is the standard for time in the US • www.time.gov

  4. NTP Architecture 11 hydrogen masers 50 HP-5071 cesiums top level stratum Primary Servers • Primary servers are synchronized by radio or atomic clocks • Secondary servers exist at multiple strata on fixed route paths • Secondary servers measure path delay to n-1 strata periodically • Clients sample multiple secondary time servers • Clock filters select best from a window of eight time offset samples • Combining algorithm computes weighted average of time offsets. level 2 stratum 1 2 1 2 Secondary Servers level 3 stratum

  5. NTP Packet Format NTP Protocol Header Format (32 bits) LI leap warning indicator VN version number (4) Strat stratum (0-15) Poll poll interval (log2) Prec precision (log2) LI VN Mode Strat Poll Prec Root Delay Root Dispersion Reference Identifier Reference Timestamp (64) NTP Timestamp Format (64 bits) Originate Timestamp (64) Seconds (32) Fraction (32) Value is in seconds and fraction since 0h 1 January 1900 Cryptosum Receive Timestamp (64) Transmit Timestamp (64) NTPv4 Extension Field Extension Field 1 (optional) Field Length Field Type Extension Field (padded to 32-bit boundary) Extension Field 2… (optional) Last field padded to 64-bit boundary Key/Algorithm Identifier NTP v3 and v4 Authenticator (Optional) Message Hash (64 or 128) NTP v4 only authentication only Authenticator uses DES-CBC or MD5 cryptosum of NTP header plus extension fields (NTPv4)

  6. Security Features • Sanity checks • Is the packet correct and reasonable? • Access Control • Can the host change the clock? • Authentication • Is the message from a trusted source? • Redundant Time Sources • Is one of the secondary servers getting weird?

  7. Types of attacks on NTP • Masquerade Attack • Impersonate a time server • Modification Attack • Intercept and modify messages from time server • Replay Attack • Resend messages from a time server • Denial of Service Attack • Intercept and delete messages from a time server • Delay Attack • Delay the time messages, typically by flooding

  8. Countermeasures Masquerade Attack Authentication Modification Attack Sanity checks Replay Attack Access Control Denial of Service Attack RedundantTime Sources Delay Attack

  9. NTP Shortcomings • Susceptible to Combined attacks • Deny service except for one source • Delay packets from that source • Allow client clocks to drift • 64 bit DES encryption is broken • Keys authenticated per host, not per path • Does not deal with “wiretapping” • Cooperation amongst gov’t agencies?

  10. Further reading • Network Time Protocol (NTP) v3 and v4: http://www.ntp.org/ • David L. Mills: http://www.eecis.udel.edu/~mills • FTP server ftp.udel.edu (pub/ntp directory) • Related project descriptions and briefings • http://www.eecis.udel.edu/~mills/status.htm • US Naval Ovservatory – the US time standard http://tycho.usno.navy.mil/mc_to.html

  11. Leap Second is a second added to Coordinated Universal Time (UTC) to make it agree with astronomical time to within 0.9 second. UTC is an atomic time scale, based on the performance of atomic clocks. Astronomical time is based on the rotational rate of the Earth. Since atomic clocks are more stable than the rate at which the Earth rotates, leap seconds are needed to keep the two time scales in agreement. • The first leap second was added on June 30, 1972, and so far, leap seconds have occurred at an average rate of about 8 every 10 years. So far, all leap seconds have been added on either June 30th or December 31st. Although it is possible to have a negative leap second (a second removed from UTC), so far, all leap seconds have been positive (a second has been added to UTC). Based on what we know about the Earth's rotation, it is unlikely that we will ever have a negative leap second. For more information and a table of leap seconds, visit the NIST Time Scale Data Archive. Time Trivia Sidereal time is the hour angle of the vernal equinox, the ascending node of the ecliptic on the celestial equator. The daily motion of this point provides a measure of the rotation of the Earth with respect to the stars, rather than the Sun. Local mean sidereal time is computed from the current Greenwich Mean Sideral Time plus an input offset in longitude (converted to a sidereal offset by the ratio 1.00273790935 of the mean solar day to the mean sidereal day.) Applying the equation of equinoxes, or nutation of the mean pole of the Earth from mean to true position, yields local apparent sidereal time. Astronomers use local sidereal time because it corresponds to the coordinate right ascension of a celestial body that is presently on the local meridian.

More Related