A Security Analysis of the Network Time Protocol (NTP) Presentation by Tianen Liu.

Slides:



Advertisements
Similar presentations
AUTHENTICATION AND KEY DISTRIBUTION
Advertisements

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Chapter 14 – Authentication Applications
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
Network Attacks Mark Shtern.
1 Version 3 Module 8 Ethernet Switching. 2 Version 3 Ethernet Switching Ethernet is a shared media –One node can transmit data at a time More nodes increases.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Internet Control Message Protocol (ICMP)
Distributed Systems Fall 2010 Time and synchronization.
1 Version 3 Module 8 Ethernet Switching. 2 Version 3 Ethernet Switching Ethernet is a shared media –One node can transmit data at a time More nodes increases.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Analysis of Key Agreement Protocols Brita Vesterås Supervisor: Chik How Tan.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Distributed Systems CS Synchronization – Part II Lecture 8, Sep 28, 2011 Majd F. Sakr, Vinay Kolar, Mohammad Hammoud.
Applied Cryptography for Network Security
1 CCNA 2 v3.1 Module 8. 2 TCP/IP Suite Error and Control Messages CCNA 2 Module 8.
Network Layer4-1 Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving side,
Lecture 9: Time & Clocks CDK4: Sections 11.1 – 11.4 CDK5: Sections 14.1 – 14.4 TVS: Sections 6.1 – 6.2 Topics: Synchronization Logical time (Lamport) Vector.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Layer 2 Switch  Layer 2 Switching is hardware based.  Uses the host's Media Access Control (MAC) address.  Uses Application Specific Integrated Circuits.
1 Physical Clocks need for time in distributed systems physical clocks and their problems synchronizing physical clocks u coordinated universal time (UTC)
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Enhanced NTP IETF – TicToc BOF Greg Dowd – Jeremy Bennington –
A Security Analysis of Version 2 of the Network Time Protocol NTP Matt Bishop Presented by Alexander Gorman.
ICMP (Internet Control Message Protocol) Computer Networks By: Saeedeh Zahmatkesh spring.
Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;
1 Transport Layer Computer Networks. 2 Where are we?
1 Version 3.1 modified by Brierley Module 8 TCP/IP Suite Error and Control Messages.
Page 19/13/2015 Chapter 8 Some conditions that must be met for host to host communication over an internetwork: a default gateway must be properly configured.
Internet Control Message Protocol (ICMP). Objective l IP and ICMP l Why need ICMP? l ICMP Message Format l ICMP fields l Examples: »Ping »Traceroute.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 2 Module 8 TCP/IP Suite Error and Control Messages.
A Security Analysis of Network Time Protocol Andy Hospodor COEN /03/03 Paper by Matt Bishop, 1991.
© 2002, Cisco Systems, Inc. All rights reserved..
Network Security Lecture 23 Presented by: Dr. Munam Ali Shah.
Time and Coordination March 13, Time and Coordination What is time? :-)  Issue: How do you coordinate distributed computers if there is no global.
1 Internet Control Message Protocol (ICMP) Used to send error and control messages. It is a necessary part of the TCP/IP suite. It is above the IP module.
Security Issues in Control, Management and Routing Protocols M.Baltatu, A.Lioy, F.Maino, D.Mazzocchi Computer and Network Security Group Politecnico di.
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings.
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
SSL/TLS How to send your credit card number securely over the internet.
Error and Control An IP datagram travels from node to node on the way to its destination Each router operates autonomously Failures or problems may occur.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Time This powerpoint presentation has been adapted from: 1) sApr20.ppt.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Network Security Introduction
6 SYNCHRONIZATION. introduction processes synchronize –exclusive access. –agree on the ordering of events much more difficult compared to synchronization.
Identify Friend or Foe (IFF) Chapter 9 Simple Authentication protocols Namibia Angola 1. N 2. E(N,K) SAAF Impala Russian MIG 1 Military needs many specialized.
Lecture 7 (Chapter 17) Wireless Network Security Prepared by Dr. Lamiaa M. Elshenawy 1.
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
1 Example security systems n Kerberos n Secure shell.
Fourth Edition by William Stallings Lecture slides by Lawrie Brown
21-2 ICMP(Internet control message protocol)
Distributed Computing
Byungchul Park ICMP & ICMPv DPNM Lab. Byungchul Park
Lecture 2 Overview.
Net 435: Wireless sensor network (WSN)
Logical time (Lamport)
Module 8: Ethernet Switching
DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S
Internet Control Message Protocol
CDK: Sections 11.1 – 11.4 TVS: Sections 6.1 – 6.2
Logical time (Lamport)
Logical time (Lamport)
Logical time (Lamport)
Presentation transcript:

A Security Analysis of the Network Time Protocol (NTP) Presentation by Tianen Liu

Overview NTP version 2 Five types of attacks against NTP Suggested Improvements

Requirements of NTP Deliver accurate time over wide-area network Synchronize time and frequency Work with a variety of computers Overcome problem with transmission delay Loss of a single transmission path does not prevent other portions from obtaining correct time

Multi Tiered System Each layer is a stratum Stratum 1: Primary servers connected to atomic or radio clocks Stratum >1: Secondary servers synchronize with primary servers or other secondary servers at lower stratum numbers Hosts on subnet receive time propagated by secondary servers.

NTP Hierarchy

Operating Modes Client/Server mode Client polls (secondary) server for time Symmetric active mode Periodically broadcasts time messages to synchronize other servers Symmetric passive mode Receives time messages from peers at equal or lower stratum number than host.

NTP Message Transmit Timer associated with each peer is decremented periodically. When 0, NTP packet is sent. Source and destination addresses and ports copied to IP packet variables. Store NTP version, mode, stratum, distance to primary source, timestamp info, etc in packet, and transmit it.

NTP Message Receive Checks if packet is reasonable Resets internal variables based on message received Adjusts local clock Possibly select new peer to be used as clock source

Sanity Checks

Selection of Source Peer Algorithm Goal: determine which peer should be allowed to synchronize current host’s clock NTP assumes that there is correct time value and that by using multiple sources, inaccurate values can be discarded.

Delay Calculated for each NTP message Values computed from last 8 messages constitute a sample Lowest delay and stratum number favored when selecting a source Round trip delay: (t i – t i-3 ) – (t i-1 – t i-2 )

Access Control Mechanism All hosts divided into 3 categories: trusted, friendly, others Trusted hosts allowed to synchronize local clock Friendly hosts are sent timestamps but may not synchronize local clock Messages from others category ignored

Access Control Mechanism(2) Relies on source address to determine category of host Attacker can choose source address that allows synchronization of the victim

Authentication Mechanism Uses symmetric key encryption between two parties (host and peer) Algorithm and key distributed by means other than NTP Most of the packet is checksummed using key Upon receipt, checksum recomputed and compared to transmitted checksum Keys are per-host based. Compromise of one host’s key can compromise all hosts it synchronizes with.

Five Possible Attacks on NTP A non-time server impersonates a time server (masquerade) An attacker modifies messages sent by time server (modification) An attacker resends a timer server’s message (replay) An attacker intercepts a time server’s message and deletes it (denial of service) An attacker delays time messages (delay)

Masquerade Attack: Send packets to the victim with the source address of the time server to be imitated Countermeasure: Authentication method

Message Modification Alter packets sent to the victim. Examples of fields to alter: Pkt.version – changed to earlier version will result in the packet being discarded Pkt.mode – modes of host and peer become incompatible, packet is discarded Pkt.stratum – altered value less than the true value may cause peer to be chosen as a clock source Pkt.dispersion – altered value affects estimated round trip delay from the primary source, may cause peer to be chosen as clock source Countermeasure: Use authentication

Replay Attack: Record messages sent at one time and resend them later Countermeasures: Reject any packet with timestamp no newer than the last one received But when clock runs fast, it must be set back. Require a special packet to be sent when clock is to be moved back. Provide a nonce to ensure packet cannot be replayed.

Delay Attack: Artificially increase roundtrip delay to the peer Countermeasure: Redundancy of clock sources

Denial of Service Attack: Prevent packets from clock sources from reaching host Countermeasure: Redundancy of clock sources

Suggested Improvements Authentication should be used with keys issued on a per-path, not per-host basis. Access control should be based on routes recorded, not simply on IP address. Servers should have several other source servers to limit effectiveness of delay and denial of service attacks.