Securing IEEE 1588 by IPsec tunnels - An analysis

IPsec is one of the most widespread protocols to establish secure communication for the Internet Protocol. Besides the fact that this protocol is fully integrated in the Internet Protocol suite, the main advantage of using secure tunnels for IEEE 1588 clock synchronization is the reduced maintenance effort. Instead of requiring, e.g., different key management or connection setup protocols for each application a single tunnel can be used to protect underlying services such as clock synchronization by IEEE 1588 and many other applications. This paper analyzes the usage of IPsec security mechanisms to protect the IEEE 1588 clock synchronization protocol and, in particular, its impact on the precision of clock synchronization. Straightforward application as well as dedicated designs to integrate high-precision, hardware-supported clock synchronization are investigated. Measurements show that for lower precision IPsec can be applied straightforward, for high precision dedicated modification on hardware and algorithms are required.

[1]  A. Treytl,et al.  Practical application of 1588 security , 2008, 2008 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control and Communication.

[2]  Kang Lee,et al.  IEEE 1588 standard for a precision clock synchronization protocol for networked measurement and control systems , 2002, 2nd ISA/IEEE Sensors for Industry Conference,.

[3]  Albert Treytl,et al.  Secure tunneling of high-precision clock synchronization protocols and other time-stamped data , 2010, 2010 IEEE International Workshop on Factory Communication Systems Proceedings.

[4]  G. Gaderer,et al.  Boundaries of Ethernet layer 2 hardware timestamping , 2008, 2008 IEEE International Workshop on Factory Communication Systems.

[5]  Thilo Sauter,et al.  Embedded SynUTC and IEEE 1588 clock synchronization for industrial Ethernet , 2003, EFTA 2003. 2003 IEEE Conference on Emerging Technologies and Factory Automation. Proceedings (Cat. No.03TH8696).

[6]  J.C. Eidson,et al.  Spider transparent clock , 2008, 2008 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control and Communication.

[7]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.

[8]  Paul E. Hoffman,et al.  Cryptographic Suites for IPsec , 2005, RFC.

[9]  Darryl Veitch,et al.  Counter availability and characteristics for feed-forward based synchronization , 2009, 2009 International Symposium on Precision Clock Synchronization for Measurement, Control and Communication.

[10]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[11]  Stephen T. Kent,et al.  IP Authentication Header , 1995, RFC.

[12]  Randall J. Atkinson,et al.  IP Encapsulating Security Payload (ESP) , 1995, RFC.

[13]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[14]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..