Network Time Security
What is NTS?
NTS is an essential development of the Network Time Protocol (NTP). It has been developed within the Internet Engineering Task Force (IETF) and adds a much needed layer of security to a protocol that is more than 30 years old and is vulnerable to certain types of attack.
NTS consists of two protocols, a key exchange and extended NTP. This ensures that clients can validate that the time that they receive has been sent from the correct server. More detailed information about how NTS works is available here.
How to use NTS
NTS is a free service available to anyone, anywhere in the world. The only thing you need is an NTS-enabled NTP client. For more information about how to set this up, see here.
Netnod’s NTS-enabled NTP service is freely available to anyone. You can point your NTS-enabled NTP client (using port 3443*) to one of the following servers:
- nts.ntp.se (for users anywhere in the world)
- nts.sth1.ntp.se (for users close to Stockholm)
- nts.sth2.ntp.se (for users close to Stockholm)
* Note that the NTS protocol is still a so-called Internet-draft within the IETF. Once It is ratified and becomes an RFC, the port number used could change.
Update Apr 20, 2020: An incompatible change was made in the NTS draft as of version 26. For those using a NTS client supporting the new behaviour, port 3443 is to be used. Clients having the old behaviour should use port 4443. For more information see here
Update Oct 6, 2020: The NTS draft has been accepted as RFC8915. The official port number for NTS is now 4460. Port 3443 and 4443 are still supported by Netnod’s NTS service as described above. For more info see here
What are the benefits of using NTS?
NTP is vulnerable to Man-in-the-Middle (MITM) attacks. This is where a malicious actor sits between you and the NTP server, listens in on the conversation, forges messages and lies to you about time.
With many of today’s most important security processes dependent on accurate time, the consequences of receiving time from a malicious source are serious. Everything from establishing encrypted sessions and using DNSSEC to time-stamping financial transactions and preventing online fraud depends on accurate and secure time. By using NTS, you can be sure your devices are receiving accurate time from a reliable source.