Network Time Security (NTS) is a standard approved in 2020 that provides a much more secure version of Network Time Protocol (NTP). It is free to use but is currently only available from a limited number of time services (one of which is the time service provided by Netnod.) You can find information on how to connect to an NTS service here.

NTS solves an intricate problem: how to introduce encryption into the time distribution system so as to allow time packets to be authenticated without increasing latency and affecting the accuracy of the time received. NTS does this by keeping the encryption process separate from the low latency time synchronisation. To find out more about how this works, you can read the white paper here. If you are interested in how this was implemented at a hardware level (and the benefits for even more accurate and secure time services), you can read this explanation or watch a recent presentation here. 

How does NTS work?

NTS uses modern cryptography to add an important layer of security to NTP services. It prevents spoofing and MITM attacks by using authenticated packets. Amplification attacks are prevented by ensuring that request and response packets are always the same size.

NTS is really two protocols: a key establishment protocol, and NTP with some new Extension Fields. 

The reason for using two protocols is separation of concerns:

1. The seldom used key establishment on top of standard Transport Layer Security (TLS), and;
2. The (already existing) low latency UDP-based time synchronisation path.

This means that the existing NTP functionality is the same as before, but the time data can now be authenticated.

The authentication process consists of a key establishment and a timestamp request. The key establishment server typically runs on an ordinary computer, but the slim NTS-enabled NTP server is UDP-based and stateless. It can be served from anycast addresses and can be implemented at the hardware level. The NTP server’s state about each client is kept in a cookie provided by the client itself with each request. As there can potentially be hundreds of millions of clients, this is crucial for the smooth operation of a large-scale NTS service. If you want to find out more about how the NTS key establishment and timestamping process works, see Netnod’s NTS white paper from 2020.

Since the cryptographic operations in the NTS path are symmetric it is both easier to implement them in hardware and possible to make them use constant time. This increases the accuracy of the time synchronisation and keeps the slower key establishment outside of the time synchronisation path.

NTS uses Authenticated Encryption using the Advanced Encryption Standard (AES), more specifically what is known as Synthetic Initialization Vector (RFC5297). This is a block cipher mode of operation providing nonce-based, misuse-resistant authenticated encryption. Using AES-SIV enables the encryption processes to add integrity and origin authentication.

What are the benefits of NTS?

NTP is vulnerable to Man-in-the-Middle (MITM) attacks. This is where a malicious actor sits between you and the NTP server,  listens in on the conversation, forges messages and lies to you about time.

With many of today’s most important security processes dependent on accurate time, the consequences of receiving time from a malicious source are serious. Everything from establishing encrypted sessions and using DNSSEC to time-stamping financial transactions and preventing online fraud depends on accurate and secure time. By using NTS, you can be sure your devices are receiving accurate time from a reliable source.

How to use NTS

NTS is a free service available to anyone, anywhere in the world. The only thing you need is an NTS-enabled NTP client. For more information about how to set this up, see here.