Authenticated network time synchronization

Performance results for each phase of ANTP (top), a complete 3-phase execution of ANTP (middle), and NTP (bottom). <small>Throughput: mean completed phases per second. Latency: mean and standard deviation of the latency in microseconds of server responses at either 50% or 90% server load.</small>

Abstract

The Network Time Protocol (NTP) is used by many network-connected devices to synchronize device time with remote servers. Many security features depend on the device knowing the current time, for example in deciding whether a certificate is still valid. Currently, most services implement NTP without authentication, and the authentication mechanisms available in the standard have not been formally analyzed, require a pre-shared key, or are known to have cryptographic weaknesses. In this paper we present an authenticated version of NTP, called ANTP, to protect against desynchronization attacks. To make ANTP suitable for large-scale deployments, it is designed to minimize server-side public-key operations by infrequently performing a key exchange using public key cryptography, then relying solely on symmetric cryptography for subsequent time synchronization requests; moreover, it does so without requiring server-side per-connection state. Additionally, ANTP ensures that authentication does not degrade accuracy of time synchronization. We measured the performance of ANTP by implementing it in OpenNTPD using OpenSSL. Compared to plain NTP, ANTP’s symmetric crypto reduces the server throughput (connections/second) for time synchronization requests by a factor of only 1.6. We analyzed the security of ANTP using a novel provable security framework that involves adversary control of time, and show that ANTP achieves secure time synchronization under standard cryptographic assumptions; our framework may also be used to analyze other candidates for securing NTP.

Keywords: time synchronization, Network Time Protocol (NTP), provable security, network security

Reference

Benjaming Dowling, Douglas Stebila, Greg Zaverucha. Authenticated network time synchronization. In Proc. 25th USENIX Security Symposium 2016. USENIX, August 2016.

Download

BibTeX

Funding

This research was supported by:
  • Australian Research Council (ARC) Discovery Project grant DP130104304