Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Security Analysis of the Network Time Protocol (NTP) Presentation by Tianen Liu.

Published byElaine Wright Modified over 9 years ago

Similar presentations

Presentation on theme: "A Security Analysis of the Network Time Protocol (NTP) Presentation by Tianen Liu."— Presentation transcript:

1 A Security Analysis of the Network Time Protocol (NTP) Presentation by Tianen Liu

2 Overview NTP version 2 Five types of attacks against NTP Suggested Improvements

3 Requirements of NTP Deliver accurate time over wide-area network Synchronize time and frequency Work with a variety of computers Overcome problem with transmission delay Loss of a single transmission path does not prevent other portions from obtaining correct time

4 Multi Tiered System Each layer is a stratum Stratum 1: Primary servers connected to atomic or radio clocks Stratum >1: Secondary servers synchronize with primary servers or other secondary servers at lower stratum numbers Hosts on subnet receive time propagated by secondary servers.

5 NTP Hierarchy

6 Operating Modes Client/Server mode Client polls (secondary) server for time Symmetric active mode Periodically broadcasts time messages to synchronize other servers Symmetric passive mode Receives time messages from peers at equal or lower stratum number than host.

7 NTP Message Transmit Timer associated with each peer is decremented periodically. When 0, NTP packet is sent. Source and destination addresses and ports copied to IP packet variables. Store NTP version, mode, stratum, distance to primary source, timestamp info, etc in packet, and transmit it.

8 NTP Message Receive Checks if packet is reasonable Resets internal variables based on message received Adjusts local clock Possibly select new peer to be used as clock source

9 Sanity Checks

10 Selection of Source Peer Algorithm Goal: determine which peer should be allowed to synchronize current host’s clock NTP assumes that there is correct time value and that by using multiple sources, inaccurate values can be discarded.

11 Delay Calculated for each NTP message Values computed from last 8 messages constitute a sample Lowest delay and stratum number favored when selecting a source Round trip delay: (t i – t i-3 ) – (t i-1 – t i-2 )

12 Access Control Mechanism All hosts divided into 3 categories: trusted, friendly, others Trusted hosts allowed to synchronize local clock Friendly hosts are sent timestamps but may not synchronize local clock Messages from others category ignored

13 Access Control Mechanism(2) Relies on source address to determine category of host Attacker can choose source address that allows synchronization of the victim

14 Authentication Mechanism Uses symmetric key encryption between two parties (host and peer) Algorithm and key distributed by means other than NTP Most of the packet is checksummed using key Upon receipt, checksum recomputed and compared to transmitted checksum Keys are per-host based. Compromise of one host’s key can compromise all hosts it synchronizes with.

15 Five Possible Attacks on NTP A non-time server impersonates a time server (masquerade) An attacker modifies messages sent by time server (modification) An attacker resends a timer server’s message (replay) An attacker intercepts a time server’s message and deletes it (denial of service) An attacker delays time messages (delay)

16 Masquerade Attack: Send packets to the victim with the source address of the time server to be imitated Countermeasure: Authentication method

17 Message Modification Alter packets sent to the victim. Examples of fields to alter: Pkt.version – changed to earlier version will result in the packet being discarded Pkt.mode – modes of host and peer become incompatible, packet is discarded Pkt.stratum – altered value less than the true value may cause peer to be chosen as a clock source Pkt.dispersion – altered value affects estimated round trip delay from the primary source, may cause peer to be chosen as clock source Countermeasure: Use authentication

18 Replay Attack: Record messages sent at one time and resend them later Countermeasures: Reject any packet with timestamp no newer than the last one received But when clock runs fast, it must be set back. Require a special packet to be sent when clock is to be moved back. Provide a nonce to ensure packet cannot be replayed.

19 Delay Attack: Artificially increase roundtrip delay to the peer Countermeasure: Redundancy of clock sources

20 Denial of Service Attack: Prevent packets from clock sources from reaching host Countermeasure: Redundancy of clock sources

21 Suggested Improvements Authentication should be used with keys issued on a per-path, not per-host basis. Access control should be based on routes recorded, not simply on IP address. Servers should have several other source servers to limit effectiveness of delay and denial of service attacks.

Download ppt "A Security Analysis of the Network Time Protocol (NTP) Presentation by Tianen Liu."

Similar presentations

AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
Network Attacks Mark Shtern.

Network Attacks Mark Shtern.
1 Version 3 Module 8 Ethernet Switching. 2 Version 3 Ethernet Switching Ethernet is a shared media –One node can transmit data at a time More nodes increases.

1 Version 3 Module 8 Ethernet Switching. 2 Version 3 Ethernet Switching Ethernet is a shared media –One node can transmit data at a time More nodes increases.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Internet Control Message Protocol (ICMP)

Internet Control Message Protocol (ICMP)
Distributed Systems Fall 2010 Time and synchronization.

Distributed Systems Fall 2010 Time and synchronization.
1 Version 3 Module 8 Ethernet Switching. 2 Version 3 Ethernet Switching Ethernet is a shared media –One node can transmit data at a time More nodes increases.

1 Version 3 Module 8 Ethernet Switching. 2 Version 3 Ethernet Switching Ethernet is a shared media –One node can transmit data at a time More nodes increases.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Analysis of Key Agreement Protocols Brita Vesterås Supervisor: Chik How Tan.

Analysis of Key Agreement Protocols Brita Vesterås Supervisor: Chik How Tan.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Distributed Systems CS 15-440 Synchronization – Part II Lecture 8, Sep 28, 2011 Majd F. Sakr, Vinay Kolar, Mohammad Hammoud.

Distributed Systems CS Synchronization – Part II Lecture 8, Sep 28, 2011 Majd F. Sakr, Vinay Kolar, Mohammad Hammoud.

Similar presentations

Ads by Google