Presentation is loading. Please wait.

Presentation is loading. Please wait.

Emerging Solutions in Network Time Synchronization Security

Published byMoses Powell Modified over 7 years ago

Similar presentations

Presentation on theme: "Emerging Solutions in Network Time Synchronization Security"— Presentation transcript:

1 Emerging Solutions in Network Time Synchronization Security
The Internet Society September 26, 2017 31 May 2017 TNC 17, Linz, Austria Emerging Solutions in Network Time Synchronization Security Karen O’Donoghue

2 Agenda Setting the stage… IETF NTP NTS IEEE 1588 (PTP)
Why Now? Requirements What currently exists? IETF NTP NTS IEEE 1588 (PTP) Next steps and parting thoughts…

3 Time Trust Why Security Now?
Security has not been a high priority of the time synchronization in the past… What has changed... Increasing interconnection and decentralization Increasing evidence of the impact of inadequate security Interdependency between security and time Legal and Compliance requirements Time Trust

4 Requirements for Time Synchronization Security
RFC 7384: Security Requirements of Time Protocols in Packet Switched Networks, Oct 2014 Threat model Internal versus external attacker Man-in-the-middle versus injection Threats Requirements analysis IEEE 1588 requirements analysis based on RFC 7384

5 RFC 7384: Threats Manipulation of time synchronization packets,
Masquerading as a legitimate participant in the time synchronization protocol, Replay of legitimate packets, Tricking nodes into believing time from the wrong master, Intercepting and removing valid synchronization packets, Delaying legitimate time synchronization packets on the network, Denial of service attacks on the network at layer 2 and layer 3, Denial of service by overloading the cryptographic processing components, Denial of service by overloading the time synchronization protocol, Corruption of the time source used by the grand master, Protocol design and implementation vulnerabilities, and Using the time synchronization protocol for broader network surveillance and fingerprinting types of activities.

6 RFC 7384: Requirements Authentication and authorization of a clock’s identity, Integrity of the time synchronization protocol messages, Prevention of various spoofing techniques, Protection against Denial of Service (availability), Protection against packet replay, Timely refreshing of cryptographic keys, Support for both unicast and multicast security associations, Minimal impact on synchronization performance, Confidentiality of the data in the time synchronization messages, Protection against packet delay and interception, and Operation in a mixed secure and non-secure environment.

7 What currently exists? Network Time Protocol (NTP)
Pre-shared key scheme for server authentication in the core specification (scaling issues) Autokey – Authentication of time servers using PKI (known flaws) IEEE 1588 Precision Time Protocol (PTP) Annex K – Group source authentication, message integrity, and replay attack protection (defined as Experimental, flaws identified)

8 IETF NTP Network Time Security (NTS)

9 Network Time Protocol Security Problems…
Sources of recent NTP security issues (resulting NTP wg activity) Flaws in implementation (BCP) Weaknesses in the protocol (protocol tweaks/clarifications) Lack of an adequate security mechanism (NTS) Network Time Security NTS (NTS) NTS for NTP: draft-ietf-ntp-using-nts-for-ntp Generic NTS: draft-ietf-ntp-network-time-security

10 Network Time Security (NTS) provides…
The Internet Society September 26, 2017 Network Time Security (NTS) provides… Integrity for NTP packets (not confidentiality) Unlinkability (once an NTS session has been established and if the client uses data minimization techniques) Request-Response consistency (for avoiding replay attacks) Authentication of servers Authorization of clients (optionally) Support for client-server and symmetric peer modes (broadcast mode not currently supported) Caveat emptor!!! (This is not published (done) yet… ) unlinkability for devices that (1) use NTS as clients and (2) minimize the information they expose in client query (mode 3) packets per

11 (D)TLS for NTP Security
NTS-encapsulated NTPv4 NTP over DTLS: DTLS handshake followed by NTP encapsulated as DTLS Most suitable for symmetric and control modes NTS Key Establishment protocol (NTS-KE) TLS to establish key material and negotiate some additional protocol options NTS extensions for NTPv4 A collection of NTP extension fields for cryptographically securing NTPv4 using key material previously negotiated using NTS-KE. Suitable for client/server mode

12 IEEE 1588 PTP Security

13 IEEE 1588 Security Approach
IEEE 1588 security will include a set of mechanisms and tools that can be used together or individually. Individual mechanisms will be optional. The specific mechanisms chosen will vary by application and environment. More Caveat emptor!!! (This is also still in DRAFT at this point!)

14 IEEE 1588 Security The multi-pronged approach:
PTP Integrated Security Mechanisms (Prong A) External Transport Security Mechanisms (Prong B) Architecture Guidance (Prong C) Monitoring and Management Guidance (Prong D)

15 PTP Integrated Security Mechanism (Prong A)
TLV definition and processing rules (normative but optional) Guidance of key management schemes (informative) Examples for immediate or delayed security processing Specification of key management schemes in IETF Transport Trailer PTP Payload PTP Header Transport Header 0 or more TLVs Security TLV S I C V Security Indication in the PTP Header to signal the support of a security TLV (re-using former Annex K field) Security TLV, structured to support different key management options Integrity Check Value (ICV) providing integrity protection for marked PTP packet area Utilized common header information: sourcePortIdentity sequenceNo SPI secParam Indicator disclosedKey (optional) Security Parameter Index ICV Key Identifier or Current Key Time Interval depending on verification scheme Disclosed key from prior period (optional) Length tlvType TLV Type TLV Length Information RES ICV based on algorithm OID Sequence number (optional) sequenceNo (optional) keyID Security Parameter Indicator Reserved (optional)

16 Key Management for Group Based Security

17 External Transport Security Mechanisms (Prong B)
MACSec Based on IEEE 802.1AE Media Access Control (MAC) Security Integrity protection between two IEEE 802 ports Key management is manual or based on MACsec Key Agreement (MKA) specified in IEEE 802.1X-2010. IPSec Base architecture defined in IETF RFC 4301 Node authentication and key exchange defined in RFC 7296 Integrity checking and encryption of data defined in RFC 4303

18 Architecture Guidance (Prong C)
Redundancy Redundant timing systems Redundant PTP grandmasters Redundant paths Monitoring and Management Guidance (Prong D) Definition of parameters in IEEE 1588 data sets that can be monitored to detect security problems A recommendation to not use unsecure management protocols including IEEE 1588 native management … and Best Practices!

19 Next Steps

20 Gather feedback from implementers and users!!!
Next Steps NTS Finalize NTS for NTP specification Publish BCP Clean up protocol issues Data minimization Extension field clarifications REFID updates IEEE 1588 Complete proposal for next revision of IEEE 1588 Continue specification of key management options Gather feedback from implementers and users!!!

21 Final remarks Why has this been so hard? When will we be done?
Hopefully these two solutions will be somewhat aligned to help development, deployment, and operation! Contact me if you are interested in helping: Karen O’Donoghue,

22 For questions (or to volunteer!):
The Internet Society September 26, 2017 Questions? For questions (or to volunteer!):

Download ppt "Emerging Solutions in Network Time Synchronization Security"

Similar presentations

Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.

Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Karlstad University IP security Ge Zhang

Karlstad University IP security Ge Zhang
IPsec. 18.1 Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.

IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.

IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.

IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.

Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.

IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.

IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
RPSEC WG Issues with Routing Protocols security mechanisms Vishwas Manral, SiNett Russ White, Cisco Sue Hares, Next Hop IETF 63, Paris, France.

RPSEC WG Issues with Routing Protocols security mechanisms Vishwas Manral, SiNett Russ White, Cisco Sue Hares, Next Hop IETF 63, Paris, France.
1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002.

1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002.

Similar presentations

Ads by Google