A security risk of depending on synchronized clocks

Many algorithms or protocols, in particular cryptographic protocols such as authentication protocols, use synchronized clocks and depend on them for correctness. This note describes a scenario where a clock synchronization failure renders a protocol vulnerable to an attack even after the faulty clock has been resynchronized. The attack exploits a postdated message by first suppressing it and replaying it later.

[1]  Giovanni Maria Sacco,et al.  Timestamps in key distribution protocols , 1981, CACM.

[2]  Virgil D. Gligor,et al.  On replay detection in distributed systems , 1990, Proceedings.,10th International Conference on Distributed Computing Systems.

[3]  John Linn,et al.  Privacy enhancement for Internet electronic mail: Part II - certificate-based key management , 1987, RFC.

[4]  Steven M. Bellovin,et al.  Limitations of the Kerberos authentication system , 1990, CCRV.

[5]  Stephen T. Kent,et al.  Security Mechanisms in High-Level Network Protocols , 1983, CSUR.

[6]  Barbara Liskov,et al.  Practical uses of synchronized clocks in distributed systems , 1991, PODC '91.

[7]  David L. Mills,et al.  Network Time Protocol (Version 3) Specification, Implementation , 1992 .

[8]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[9]  David L. Mills Network Time Protocol (version 2) specification and implementation , 1989, RFC.

[10]  P. M. Melliar-Smith,et al.  Synchronizing clocks in the presence of faults , 1985, JACM.

[11]  Steve Kent,et al.  Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management , 1989, RFC.

[12]  Jerome H. Saltzer,et al.  Reducing risks from poorly chosen keys , 1989, SOSP '89.

[13]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[14]  Peter G. Neumann,et al.  Inside risks: the clock grows at midnight , 1991, CACM.

[15]  Mahadev Satyanarayanan,et al.  Integrating security in a large distributed system , 1989, TOCS.

[16]  Leslie Lamport,et al.  Time, clocks, and the ordering of events in a distributed system , 1978, CACM.