New security mechanisms for network time synchronization protocols

As evolving security concerns have prevailed, the network time synchronization protocol community has been actively engaged in the development of improved security mechanisms for both the IEEE 1588 Precision Time Protocol (PTP) and the IETF Network Time Protocol (NTP). These activities have matured to the point where this year should see the finalization of the first new security mechanisms for time protocols in ten years. This paper provides an overview of the two solutions being developed, compares and contrasts those solutions, and discusses relevant use cases and deployment scenarios.

[1]  Stefan Milius,et al.  An Attack Possibility on Time Synchronization Protocols Secured with TESLA-Like Mechanisms , 2016, ICISS.

[2]  Brian Weis,et al.  The Group Domain of Interpretation , 2003, RFC.

[3]  Karen O'Donoghue,et al.  Emerging solutions for time protocol security , 2016, 2016 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control, and Communication (ISPCS).

[4]  David L. Mills,et al.  Internet Engineering Task Force (ietf) Network Time Protocol Version 4: Protocol and Algorithms Specification , 2010 .

[5]  Stephen Röttger,et al.  Analysis of the NTP Autokey Procedures , 2012 .

[6]  Paul E. Hoffman,et al.  Internet Key Exchange Protocol Version 2 (IKEv2) , 2010, RFC.

[7]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[8]  Randall J. Atkinson,et al.  IP Encapsulating Security Payload (ESP) , 1995, RFC.

[9]  David A. McGrew,et al.  An Interface and Algorithms for Authenticated Encryption , 2008, RFC.

[10]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[11]  Joachim Fabini,et al.  It's about Time: Securing Broadcast Time Synchronization with Data Origin Authentication , 2017, 2017 26th International Conference on Computer Communication and Networks (ICCCN).

[12]  Ran Canetti,et al.  Timed Efficient Stream Loss-Tolerant Authentication (TESLA): Multicast Source Authentication Transform Introduction , 2005, RFC.

[13]  David L. Mills,et al.  Network Time Protocol Version 4: Autokey Specification , 2010, RFC.

[14]  Tal Mizrahi,et al.  Security Requirements of Time Protocols in Packet Switched Networks , 2014, RFC.

[15]  Pekka Aavikko,et al.  Network Time Protocol , 2010 .

[16]  Dieter Sibold,et al.  Network Time Protocol Best Current Practices , 2019, RFC.