Network Time Security
What is NTS?
A lot of the Internet’s most important security tools are dependent on accurate time. But until recently there was no way to ensure that the time you were getting came from a trusted source. The new Network Time Security (NTS) standard has been designed to fix that.
NTS is an essential development of the Network Time Protocol (NTP). It has been developed within the Internet Engineering Task Force (IETF) and adds a much needed layer of security to a protocol that is more than 30 years old and is vulnerable to certain types of attack.
NTS consists of two protocols: a key exchange protocol and NTP with security extensions. This ensures that clients can validate that the time that they receive has been sent from the correct server. More detailed information about how NTS works is available here.
How to use NTS
NTS is a free service available to anyone, anywhere in the world. The only thing you need is an NTS-enabled NTP client. For more information about how to set this up, see here.
Netnod currently provides the following NTS servers:
- nts.netnod.se (for users anywhere in the world)
Note that the official port number for NTS is now 4460. Earlier versions of NTS at Netnod used different ports (3443 and 4443) in line with the NTS Internet-draft within the IETF. Once NTS was ratified as an RFC, the port number changed to 4460. Ports 3443 and 4443 are still supported by Netnod's NTS servers for backwards compatibility.
For full details on how to connect to Netnod’s NTS servers, see here.
What are the benefits of using NTS?
NTP is vulnerable to Man-in-the-Middle (MITM) attacks. This is where a malicious actor sits between you and the NTP server, listens in on the conversation, forges messages and lies to you about time.
With many of today’s most important security processes dependent on accurate time, the consequences of receiving time from a malicious source are serious. Everything from establishing encrypted TLS sessions and using DNSSEC to time-stamping financial transactions and preventing online fraud depends on accurate and secure time. By using NTS, you can be sure your devices are receiving accurate time from a reliable source.
Blog post: Implementing Network Time Security at the Hardware Level
Netnod’s press release announcing NTS service
How to set up an NTS-enabled NTP client