New Proposed Standard to ensure secure time on the Internet
The current standard for receiving time information over the internet, the Network Time Protocol (NTP), was created in 1985. Over the last 35 years, a number of issues as well as some high-profile attacks have shown that NTP needs an increased level of security. The new Network Time Security (NTS) standard has been designed to fix that.
NTS uses modern cryptography to add an essential layer of security to NTP. It prevents a range of security vulnerabilities including amplification attacks, packet manipulation, and replay attacks. The protection against packet manipulation and replay attacks secures NTP against Man-in-the-Middle (MITM) attacks. MITM attacks are used by malicious actors to sit between the client and the NTP server, forge messages and lie about time. Since many processes are dependent on accurate time, the consequences here are very serious. Everything from establishing encrypted sessions and using DNSSEC to time-stamping financial transactions and preventing online fraud depends on accurate and secure time.
In March 2015, the first Internet-Draft of the NTS standard was published by the NTP working group in the IETF. Over the next 5 years, the draft went through 28 further iterations until the Internet Draft ‘Network Time Security for the Network Time Protocol’ was approved as a Proposed Standard in March 2020. Following some time in the RFC editor queue and final approval from the authors, the RFC proper has today been published.
“The publication of RFC8915 is an important moment both for the development of NTS and for security on the Internet in general,” said Lars Michael Jogbäck, Netnod CEO. “Netnod is proud to have been at the forefront of developing the NTS standard and implementations. We will continue to focus on services such as NTS to make the Internet as secure and robust as possible for everyone.”
Netnod provides NTP, NTS and Precision Time Protocol (PTP) services offering a robust, reliable and highly accurate source for time and frequency traceable to official Swedish time UTC(SP). Netnod’s time service, funded by the Swedish Post and Telecom Authority (PTS), uses a distributed timescale on multiple, autonomous sites throughout Sweden to provide a time service available over IPv4 and IPv6. Each site has full redundancy: multiple servers, caesium clocks, and FPGA boards provide an extremely fast hardware implementation of NTP. The service is available to the general public worldwide for free on ntp.se, which resolves to anycast IPv4 and IPv6 addresses. The NTS-enabled service is available at: nts.ntp.se. More information about Netnod’s NTS service is available here.
Netnod provides critical infrastructure support ranging from interconnection services and Internet Exchanges to DNS services, root server operations, and time and frequency services. With a worldwide reputation for its services and the expertise of its staff, Netnod ensures a stable and secure Internet for the Nordics and beyond.Established in 1996 as a neutral and independent Internet infrastructure organisation, Netnod is fully owned by the non-profit foundation TU-stiftelsen (Stiftelsen för Telematikens utveckling). More information is available at: www.netnod.se