It's about Time: Securing Broadcast Time Synchronization with Data Origin Authentication

Due to the increasing dependency of critical infrastructure on synchronized clocks, network time synchronization protocols have become an attractive target for attackers. We identify data origin authentication as the key security objective and therefore conduct a comprehensive, theoretical evaluation of data origin authentication schemes from different application fields with regard to their applicability to secure broadcast time synchronization. Some evaluated schemes were found to be susceptible to message delay attacks in the context of time synchronization - including TESLA, the approach currently favored by the IETF NTP working group and also on the shortlist of the P1588 Security Subcommittee for PTP. Two of the evaluated schemes, however, come somewhat close to meeting the evaluation criteria derived from our time synchronization specific threat analysis, and therefore qualify as promising candidates to secure broadcast time synchronization.

[1]  Yacine Challal,et al.  A taxonomy of multicast data origin authentication: Issues and solutions , 2004, IEEE Communications Surveys & Tutorials.

[2]  Srdjan Capkun,et al.  Secure Time Synchronization in Sensor Networks , 2008, TSEC.

[3]  Bart Preneel,et al.  Power consumption evaluation of efficient digital signature schemes for low power devices , 2005, WiMob'2005), IEEE International Conference on Wireless And Mobile Computing, Networking And Communications, 2005..

[4]  Kristof Teichel,et al.  Using the Network Time Security Specification to Secure the Network Time Protocol , 2016 .

[5]  David L. Mills,et al.  Internet Engineering Task Force (ietf) Network Time Protocol Version 4: Protocol and Algorithms Specification , 2010 .

[6]  Kristof Teichel,et al.  Network Time Security , 2016 .

[7]  Albert Treytl,et al.  Secure tunneling of high-precision clock synchronization protocols and other time-stamped data , 2010, 2010 IEEE International Workshop on Factory Communication Systems Proceedings.

[8]  Pankaj Rohatgi,et al.  A compact and fast hybrid signature scheme for multicast packet authentication , 1999, CCS '99.

[9]  Michael O. Rabin,et al.  Efficient dispersal of information for security, load balancing, and fault tolerance , 1989, JACM.

[10]  Russ Housley,et al.  Protecting Network Time Security Messages with the Cryptographic Message Syntax (CMS) , 2016 .

[11]  Ran Canetti,et al.  Timed Efficient Stream Loss-Tolerant Authentication (TESLA): Multicast Source Authentication Transform Introduction , 2005, RFC.

[12]  Stefan Milius,et al.  First Results of a Formal Analysis of the Network Time Security Specification , 2015, SSR.

[13]  Ran Canetti,et al.  Efficient authentication and signing of multicast streams over lossy channels , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[14]  Douglas Stebila,et al.  Authenticated Network Time Synchronization , 2016, USENIX Security Symposium.

[15]  Edwin K. P. Chong,et al.  Efficient multicast packet authentication using signature amortization , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[16]  Dawn Song,et al.  The TESLA Broadcast Authentication Protocol , 2002 .

[17]  Jennifer Seberry,et al.  Fundamentals of Computer Security , 2003, Springer Berlin Heidelberg.

[18]  Tal Mizrahi,et al.  Security Requirements of Time Protocols in Packet Switched Networks , 2014, RFC.

[19]  Jesus Lazaro,et al.  Security mechanisms to protect IEEE 1588 synchronization: State of the art and trends , 2015, 2015 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control, and Communication (ISPCS).

[20]  Stephen Röttger,et al.  Analysis of the NTP Autokey Procedures , 2012 .

[21]  Moni Naor,et al.  Multicast security: a taxonomy and some efficient constructions , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[22]  Silvio Micali,et al.  On-line/off-line digital signatures , 1996, Journal of Cryptology.

[23]  Adrian Perrig,et al.  The BiBa one-time signature and broadcast authentication protocol , 2001, CCS '01.

[24]  Kang Lee,et al.  IEEE 1588 standard for a precision clock synchronization protocol for networked measurement and control systems , 2002, 2nd ISA/IEEE Sensors for Industry Conference,.

[25]  T. Mizrahi A game theoretic analysis of delay attacks against time synchronization protocols , 2012, 2012 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control and Communication Proceedings.

[26]  Yacine Challal,et al.  RLH: receiver driven layered hash-chaining for multicast data origin authentication , 2005, Comput. Commun..

[27]  Klara Nahrstedt,et al.  Time Valid One-Time Signature for Time-Critical Multicast Data Authentication , 2009, IEEE INFOCOM 2009.

[28]  Tommaso Cucinotta,et al.  Adopting redundancy techniques for multicast stream authentication , 2003, The Ninth IEEE Workshop on Future Trends of Distributed Computing Systems, 2003. FTDCS 2003. Proceedings..

[29]  Rosario Gennaro,et al.  How to Sign Digital Streams , 1997, CRYPTO.

[30]  David L. Mills,et al.  Computer network time synchronization : the network time protocol on earth and in space , 2006 .

[31]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[32]  Edwin K. P. Chong,et al.  Efficient multicast stream authentication using erasure codes , 2003, TSEC.

[33]  Marimuthu Palaniswami,et al.  Comparative study of multicast authentication schemes with application to wide-area measurement system , 2013, ASIA CCS '13.

[34]  Jonathan Katz,et al.  Digital Signatures , 2010 .

[35]  Leonid Reyzin,et al.  Better than BiBa: Short One-Time Signatures with Fast Signing and Verifying , 2002, ACISP.

[36]  Robert W. Shirey,et al.  Internet Security Glossary, Version 2 , 2007, RFC.

[37]  Huaxiong Wang,et al.  Authentication of Digital Streams , 2011, IEEE Transactions on Information Theory.

[38]  Albert Treytl,et al.  Security flaws and workarounds for IEEE 1588 (transparent) clocks , 2009, 2009 International Symposium on Precision Clock Synchronization for Measurement, Control and Communication.

[39]  David L. Mills,et al.  Network Time Protocol Version 4: Autokey Specification , 2010, RFC.

[40]  Sharon Goldberg,et al.  Attacking NTP's Authenticated Broadcast Mode , 2016, CCRV.