Abstract
In network-based broadcast time synchronization, an important security goal is integrity protection linked with source authentication. One technique frequently used to achieve this goal is to secure the communication by means of the TESLA protocol or one of its variants. This paper presents an attack vector usable for time synchronization protocols that protect their broadcast or multicast messages in this manner. The underlying vulnerability results from interactions between timing and security that occur specifically for such protocols. We propose possible countermeasures and evaluate their respective advantages. Furthermore, we discuss our use of the UPPAAL model checker for security analysis and quantification with regard to the attack and countermeasures described, and report on the results obtained. Lastly, we review the susceptibility of three existing cryptographically protected time synchronization protocols to the attack vector discovered.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
To model \(\varDelta \) as factually constant in the network simplifies the analysis. Assuming that Alice treats it as constant makes sense because, as long as she only has one-way time synchronization communication data available, she cannot reliably determine or compensate for varying network delays.
- 2.
This assumption is made for simplification. The assumed situation is equivalent to a situation where several attackers are cooperating, or to a situation where one attacker is being helped by one or more dishonest protocol participants [25].
- 3.
Note that the value of \(d_2\) is unknown to Mallory. However, she is able to estimate it from her knowledge of the time synchronization mechanism.
- 4.
The UPPAAL source code is available for download here: http://www8.cs.fau.de/~milius/UPPAAL%20Model%20(TESLA-Like%20Mechanisms).zip.
References
Alur, R., Courcoubetis, C., Dill, D.: Model-checking for real-time systems. In: Proceedings of Fifth Annual IEEE Symposium on Logic in Computer Science, LICS 1990, pp. 414–425, June 1990
Behrmann, G., David, A., Larsen, K.G.: A tutorial on Uppaal. In: Bernardo, M., Corradini, F. (eds.) SFM-RT 2004. LNCS, vol. 3185, pp. 200–236. Springer, Heidelberg (2004). doi:10.1007/978-3-540-30080-9_7
Brakke, E., Cohen, I.E., Goldberg, S., Malhotra, A.: Attacking the network time protocol. In: Network and Distributed System Security Symposium (NDSS), February 2016
Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory IT–29, 198–208 (1983)
Dowling, B., Stebila, D., Zaverucha, G.: Authenticated network time synchronization. Cryptology ePrint Archive, Report 2015/171 (2015). http://eprint.iacr.org/2015/171
Floeter, R.: Authenticated TLS constraints in ntpd(8). Web Post, February 2015. https://marc.info/?l=openbsd-tech&m=142356166731390&w=2
Ganeriwal, S., Pöpper, C., Capkun, S., Srivastava, M.B.: Secure time synchronization in sensor networks (E-SPS). In: Proceedings of 2005 ACM Workshop on Wireless Security (WiSe 2005), pp. 97–106, September 2005
Hu, X., Feng, R.: Message broadcast authentication in \(\mu \)TESLA based on double filtering mechanism. In: 2011 International Conference on Internet Technology and Applications (iTAP), pp. 1–4 (2011). http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6006446
Lee, K., Eidson, J.: IEEE-1588 standard for a precision clock synchronization protocol for networked measurement and control systems. In: 34th Annual Precise Time and Time Interval (PTTI) Meeting, pp. 98–105 (2002)
Liu, D., Ning, P.: Multilevel \(\mu \)TESLA: broadcast authentication for distributed sensor networks. ACM Trans. Embed. Comput. Syst. 3(4), 800–836 (2004). http://dl.acm.org/citation.cfm?doid=1027794.1027800
Mills, D., Haberman, B.: Network time protocol version 4: autokey specification. RFC 5906, IETF Secretariat, June 2010. https://tools.ietf.org/html/rfc5906
Mills, D., Martin, J., Burbank, J., Kasch, W.: Network time protocol version 4: protocol and algorithms specification. RFC 5905, IETF Secretariat, June 2010. https://tools.ietf.org/html/rfc5905
Mills, D.L.: Network time protocol (version 3): specification, implementation and analysis. RFC 1305, IETF Secretariat, March 1992. https://tools.ietf.org/html/rfc1305
Mills, D.L.: Computer Network Time Synchronization: The Network Time Protocol. CRC Press, Boca Raton (2006). http://www.loc.gov/catdir/enhancements/fy0664/2005056889-d.html
Mills, D.L., Acm, M.: Adaptive hybrid clock discipline algorithm for the network time protocol. IEEE/ACM Trans. Networking 6, 505–514 (1998)
Mizrahi, T.: Security Requirements of Time Protocols in Packet Switched Networks (2014). http://www.rfc-editor.org/rfc/pdfrfc/rfc7384.txt.pdf
Na, R., Hori, Y.: DoS attack-tolerant TESLA-based broadcast authentication protocol in Internet of Things. In: 2012 International Conference on Selected Topics in Mobile and Wireless Networking (iCOST), pp. 60–65, June 2012. http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6271291
Perrig, A., Song, D., Canetti, R., Tygar, J.D., Briscoe, B.: Timed efficient stream loss-tolerant authentication (TESLA): multicast source authentication transform introduction. RFC 4082, IETF Secretariat, June 2005. https://tools.ietf.org/html/rfc4082
Perrig, A., Szewczyk, R., Wen, V., Culler, D., Tygar, J.D.: SPINS: security protocols for sensor networks. In: Wireless Networks, pp. 189–199 (2001)
Roettger, S.: Analysis of the NTP autokey procedures. Web Publication of Project Thesis, February 2012. http://zero-entropy.de/autokey_analysis.pdf
Shpiner, A., Revah, Y., Mizrahi, T.: Multi-path time protocols. In: 2013 International IEEE Symposium on Precision Clock Synchronization for Measurement Control and Communication (ISPCS), pp. 1–6, September 2013
Sibold, D., Teichel, K., Roettger, S.: Network time security, July 2013. https://datatracker.ietf.org/doc/draft-ietf-ntp-network-time-security/
Sibold, D., Teichel, K., Roettger, S.: Using the network time security specification to secure the network time protocol, March 2015. https://datatracker.ietf.org/doc/draft-ietf-ntp-using-nts-for-ntp/
Sun, K., Ning, P., Wang, C.: TinySeRSync: secure and resilient time synchronization in wireless sensor networks. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, NY, USA, pp. 264–277 (2006). http://dl.acm.org/citation.cfm?doid=1180405.1180439
Syverson, P., Meadows, C., Cervesato, I.: Dolev-Yao is no better than Machivelli. In: First Workshop on Issues in the Theory of Security - WITS 2000, pp. 87–92 (2000)
Weiss, M.A., Eidson, J., Barry, C., Broman, D., Iannucci, B., Lee, E.A., Stanton, S.K., Goldin, L.: Time-aware applications, computers, and communication systems (TAACCS). NIST Technical note 1867, February 2015
Xianglan, Y., Wangdong, Q., Fei, F.: ASTS: an agile secure time synchronization protocol for wireless sensor networks. In: International Conference on Wireless Communications, Networking and Mobile Computing, WiCom 2007, pp. 2808–2811, September 2007
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Teichel, K., Sibold, D., Milius, S. (2016). An Attack Possibility on Time Synchronization Protocols Secured with TESLA-Like Mechanisms. In: Ray, I., Gaur, M., Conti, M., Sanghi, D., Kamakoti, V. (eds) Information Systems Security. ICISS 2016. Lecture Notes in Computer Science(), vol 10063. Springer, Cham. https://doi.org/10.1007/978-3-319-49806-5_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-49806-5_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49805-8
Online ISBN: 978-3-319-49806-5
eBook Packages: Computer ScienceComputer Science (R0)