What is Network Time Security and why is it important?
The Network Time Protocol (NTP) is a venerable Internet protocol for synchronising time. It has been with us since at least 1985 as the most commonly used protocol for synchronising the time on computer systems.It enables devices connected to the Internet to maintain clock synchronisation with reliable time sources, such as the atomic clocks used to provide Netnod’s NTP service.
Is NTP secure?
Unfortunately, NTP is vulnerable to Man-in-the-Middle (MITM) attacks. This is where a malicious actor sits between you and the NTP server, listens in on the conversation, forges messages and lies to you about time. How serious is this? As a lot of processes are dependent on establishing accurate time, the consequences can be very serious indeed. They can include:
- problems establishing encrypted sessions such as Transport Layer Security (TLS)
- incorrect timestamps on logs and transactions which can support fraudulent activities or help disguise other criminal action
- authentication problems, attacks and issues with authentication security measures (such as Kerberos)
- issues with DNS Security (DNSSEC)
NTP version 3 introduced support for symmetric authentication using pre-shared keys but this looks remarkably old-fashioned to modern eyes. It means you have to distribute a new secret key to every peer you want to talk to. This is not very realistic today, especially when operating a large, public NTP service like Netnod's.
A solution: Network Time Security (NTS)
Network Time Security (NTS) is an attempt in the NTP working group of the Internet Engineering Task Force to change the NTP authentication to something more useful. Netnod has played a central part of the standardisation effort in the working group and has sponsored development of several implementations.
NTS is really two protocols: a key exchange and extended NTP.
First, a client initiates a key exchange. In this exchange it gets some secret keys and some cookies to be used later. The cookies contain, in a form known only to the server, the secret keys. The client also gets information about what server to query for time.
Next, the client queries a server about time. It signs its query with one of the secret keys and includes one of the cookies it got from the key exchange.
The server knows how to unpack the cookie and then uses the keys inside to validate the signature of the query and to sign the response. It may also generate and send a new cookie along with the time response.
The client validates the signature on the incoming packet and can then set the time knowing that it was sent from the correct server. It stores the new cookie for later use.
The really neat thing about the cookie handling is that the NTS server doesn't have to hold any state about the clients. Since in Netnod's case there can potentially be hundreds of millions of clients, this is crucial for the smooth operation of a large-scale NTP service.
It's still early in the development of NTS. The only production-quality NTS server out there is time.cloudflare.com:1234 but there are a few public test servers as well.
Netnod has sponsored the work on a Python proof of concept (PoC) implementation written by Christer "wingel" Weinigel. This PoC implements both server and client.
Based on this PoC, Joachim Strömbergson and Peter Magnusson from Assured have been asked by Netnod to work on a Verilog implementation.
Netnod also sponsored a few mini hackathons held in the Netnod Malmö office. The result is ntsclient, the beginning of a simple NTS client in Go for Unix-like systems.
Keep an eye on the Netnod News section for more about NTS!
Why take time from Netnod?
On behalf of the Swedish Post and Telecom Authority (PTS) Netnod keeps a hardware (Verilog) implementation of NTP with attached atomic clocks running in locations across Sweden. This means you speak NTP directly to the FPGA chip! As there is no software involved, you get the most accurate time possible. The service is available to the general public worldwide for free on ntp.se, which resolves to anycast IPv4 and IPv6 addresses.
By taking time from Netnod’s NTP service, you get:
accurate time traceable to official Swedish time UTC(SP) within ± 250 ns
time from the closest server thanks to an anycast network that ensures redundancy
redundant locations: 5 nodes at Internet exchange points in Stockholm, Malmö-Copenhagen, Gothenburg, Sundsvall and Luleå.
very fast hardware implementation.
time from secure infrastructure that is DDoS resilient
Read more about Netnod’s free NTP service.