Secure Time Synchronization Protocol

This paper describes the Secure Time Synchronization (STS) protocol that enables client and server mutual authentication, supports the property of non-repudiation, and offloads the negotiation and authorization phases to an Authorization Server (AS). We also propose a solution for bootstrapping time synchronization to solve the problem of certificate validation that depends on time. We analyze the main security properties of STS with the ProVerif tool, implement STS by extending OpenNTPD, and compare its precision to unauthenticated NTP.

[1]  Kristof Teichel,et al.  Network Time Security for the Network Time Protocol , 2020, RFC.

[2]  Tanja Lange,et al.  High-speed high-security signatures , 2011, Journal of Cryptographic Engineering.

[3]  Douglas Stebila,et al.  ANTP: Authenticated NTP Implementation Specification , 2015 .

[4]  David L. Mills,et al.  Network Time Protocol Version 4: Autokey Specification , 2010, RFC.

[5]  Benjamin Dowling Provable security of internet protocols , 2017 .

[6]  Myla Archer Proving Correctness of the Basic TESLA Multicast Stream Authentication Protocol with TAME , 2002 .

[7]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[8]  Donald E. Eastlake,et al.  US Secure Hash Algorithms (SHA and HMAC-SHA) , 2006, RFC.

[9]  John Viega,et al.  The Security and Performance of the Galois/Counter Mode of Operation (Full Version) , 2004, IACR Cryptol. ePrint Arch..

[10]  Radha Poovendran,et al.  The AES-CMAC Algorithm , 2006, RFC.

[11]  Bruno. Blanchet,et al.  Modeling and Verifying Security Protocols with the Applied Pi Calculus and ProVerif , 2016, Found. Trends Priv. Secur..

[12]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[13]  Gavin Lowe,et al.  Analysing a stream authentication protocol using model checking , 2002, International Journal of Information Security.

[14]  Douglas Stebila,et al.  Authenticated Network Time Synchronization , 2016, USENIX Security Symposium.

[15]  Joachim Fabini,et al.  It's about Time: Securing Broadcast Time Synchronization with Data Origin Authentication , 2017, 2017 26th International Conference on Computer Communication and Networks (ICCCN).

[16]  Eric Rescorla,et al.  Datagram Transport Layer Security Version 1.2 , 2012, RFC.

[17]  Allan Liska Vulnerabilities in NTP , 2016 .

[18]  Sharon Goldberg,et al.  Message Authentication Code for the Network Time Protocol , 2019, RFC.

[19]  Sharon Goldberg,et al.  The Security of NTP's Datagram Protocol , 2017, Financial Cryptography.