ABSTRACT
The Network Time Protocol (NTP) synchronizes time across computer systems over the Internet. Unfortunately, NTP is highly vulnerable to "time shifting attacks", in which the attacker's goal is to shift forward/backward the local time at an NTP client. This has severe implications for the correctness and safety of time-sensitive applications and for security mechanisms. Importantly, time shifting attacks on NTP are possible even if all NTP communications are encrypted and authenticated.
We present Chronos, a new NTP client that achieves good synchronization even in the presence of powerful man-in-the-middle attackers. Chronos is backwards compatible with legacy NTP and involves no changes whatsoever to NTP servers. In addition, Chronos is carefully engineered to minimize communication overhead so as to avoid overloading NTP servers.
We evaluate Chronos' security and network efficiency guarantees via a combination of theoretical analyses and experiments with a prototype implementation. Our results indicate that to succeed in shifting time at a Chronos client by over 100ms from the UTC, even a powerful man-in-the-middle attacker requires over 20 years of effort in expectation. Based on work published at [1].
Index Terms
- Preventing (Network) Time Travel with Chronos
Recommendations
Authenticated network time synchronization
SEC'16: Proceedings of the 25th USENIX Conference on Security SymposiumThe Network Time Protocol (NTP) is used by many network-connected devices to synchronize device time with remote servers. Many security features depend on the device knowing the current time, for example in deciding whether a certificate is still valid. ...
Preventing time synchronization in NTP broadcast mode
AbstractNetwork Time Protocol (NTP) is used by millions of hosts on the Internet today to synchronize their clocks. The clock synchronization is necessary for many network applications to function correctly. An unsynchronized clock may lead to ...
Network classless time protocol based on clock offset optimization
Time synchronization is critical in distributed environments. A variety of network protocols, middleware and business applications rely on proper time synchronization across the computational infrastructure and depend on the clock accuracy. The Network ...
Comments