1 / 21

A Security Analysis of the Network Time Protocol (NTP)

A Security Analysis of the Network Time Protocol (NTP). Presentation by Tianen Liu. Overview. NTP version 2 Five types of attacks against NTP Suggested Improvements. Requirements of NTP. Deliver accurate time over wide-area network Synchronize time and frequency

elgin
Télécharger la présentation

A Security Analysis of the Network Time Protocol (NTP)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Security Analysis of the Network Time Protocol (NTP) Presentation by Tianen Liu

  2. Overview • NTP version 2 • Five types of attacks against NTP • Suggested Improvements

  3. Requirements of NTP • Deliver accurate time over wide-area network • Synchronize time and frequency • Work with a variety of computers • Overcome problem with transmission delay • Loss of a single transmission path does not prevent other portions from obtaining correct time

  4. Multi Tiered System • Each layer is a stratum • Stratum 1: Primary servers connected to atomic or radio clocks • Stratum >1: Secondary servers synchronize with primary servers or other secondary servers at lower stratum numbers • Hosts on subnet receive time propagated by secondary servers.

  5. NTP Hierarchy

  6. Operating Modes • Client/Server mode • Client polls (secondary) server for time • Symmetric active mode • Periodically broadcasts time messages to synchronize other servers • Symmetric passive mode • Receives time messages from peers at equal or lower stratum number than host.

  7. NTP Message Transmit • Timer associated with each peer is decremented periodically. When 0, NTP packet is sent. • Source and destination addresses and ports copied to IP packet variables. • Store NTP version, mode, stratum, distance to primary source, timestamp info, etc in packet, and transmit it.

  8. NTP Message Receive • Checks if packet is reasonable • Resets internal variables based on message received • Adjusts local clock • Possibly select new peer to be used as clock source

  9. Sanity Checks

  10. Selection of Source Peer Algorithm • Goal: determine which peer should be allowed to synchronize current host’s clock • NTP assumes that there is correct time value and that by using multiple sources, inaccurate values can be discarded.

  11. Delay Calculated for each NTP message • Values computed from last 8 messages constitute a sample • Lowest delay and stratum number favored when selecting a source • Round trip delay: (ti –ti-3)–(ti-1 –ti-2 )

  12. Access Control Mechanism • All hosts divided into 3 categories: trusted, friendly, others • Trusted hosts allowed to synchronize local clock • Friendly hosts are sent timestamps but may not synchronize local clock • Messages from others category ignored

  13. Access Control Mechanism(2) • Relies on source address to determine category of host • Attacker can choose source address that allows synchronization of the victim

  14. Authentication Mechanism • Uses symmetric key encryption between two parties (host and peer) • Algorithm and key distributed by means other than NTP • Most of the packet is checksummed using key • Upon receipt, checksum recomputed and compared to transmitted checksum • Keys are per-host based. Compromise of one host’s key can compromise all hosts it synchronizes with.

  15. Five Possible Attacks on NTP • A non-time server impersonates a time server (masquerade) • An attacker modifies messages sent by time server (modification) • An attacker resends a timer server’s message (replay) • An attacker intercepts a time server’s message and deletes it (denial of service) • An attacker delays time messages (delay)

  16. Masquerade • Attack: Send packets to the victim with the source address of the time server to be imitated • Countermeasure: Authentication method

  17. Message Modification • Alter packets sent to the victim. • Examples of fields to alter: • Pkt.version – changed to earlier version will result in the packet being discarded • Pkt.mode – modes of host and peer become incompatible, packet is discarded • Pkt.stratum – altered value less than the true value may cause peer to be chosen as a clock source • Pkt.dispersion – altered value affects estimated round trip delay from the primary source, may cause peer to be chosen as clock source • Countermeasure: Use authentication

  18. Replay • Attack: Record messages sent at one time and resend them later • Countermeasures: • Reject any packet with timestamp no newer than the last one received • But when clock runs fast, it must be set back. Require a special packet to be sent when clock is to be moved back. Provide a nonce to ensure packet cannot be replayed.

  19. Delay • Attack: Artificially increase roundtrip delay to the peer • Countermeasure: Redundancy of clock sources

  20. Denial of Service • Attack: Prevent packets from clock sources from reaching host • Countermeasure: Redundancy of clock sources

  21. Suggested Improvements • Authentication should be used with keys issued on a per-path, not per-host basis. • Access control should be based on routes recorded, not simply on IP address. • Servers should have several other source servers to limit effectiveness of delay and denial of service attacks.

More Related