DoS-resistant distributed time synchronization for virtual private networks

In order to securely exchange data over the Internet, more and more organizations utilize virtual private networks (VPNs) which form potentially large overlay networks. Recently, approaches for VPN autoconfiguration have been presented, and while VPNs usually do not address availability, novel systems based on peer-to-peer communication can do so. Nevertheless, there are no satisfying solutions for time synchronization within VPNs that are designed for availability against denial-of-service (DoS) attacks, node failure, and network partitioning. The Network Time Protocol (NTP) is widely used, but relies on hierarchical structures, and thus is not suitable for scenarios with high availability requirements. Thus, in this article we present a novel, fully distributed, and fault tolerant time synchronization approach, that is designed to be transparently integrated in VPN gateways. Combining diffusion-based round-trip-synchronization with an external and internal attacker detection, the proposed mechanism is making a contribution to resilient VPN design.

[1]  Cheng Li,et al.  Adaptive Time Synchronization for Wireless Sensor Networks with Self-Calibration , 2009, 2009 IEEE International Conference on Communications.

[2]  Flaviu Cristian,et al.  Probabilistic clock synchronization , 1989, Distributed Computing.

[3]  A. Varga,et al.  THE OMNET++ DISCRETE EVENT SIMULATION SYSTEM , 2003 .

[4]  Yan Sun,et al.  Securing Time-Synchronization Protocols in Sensor Networks: Attack Detection and Self-Healing , 2008, IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference.

[5]  Sencun Zhu,et al.  Attack-resilient time synchronization for wireless sensor networks , 2007, Ad Hoc Networks.

[6]  Fikret Sivrikaya,et al.  Time synchronization in sensor networks: a survey , 2004, IEEE Network.

[7]  Hartmut Ritter,et al.  Drahtlose Sensornetze , 2005, PIK Prax. Informationsverarbeitung Kommun..

[8]  Srdjan Capkun,et al.  Secure time synchronization service for sensor networks , 2005, WiSe '05.

[9]  Peng Ning,et al.  Secure and resilient clock synchronization in wireless sensor networks , 2006, IEEE Journal on Selected Areas in Communications.

[10]  Qun Li,et al.  Global Clock Synchronization in Sensor Networks , 2006, IEEE Trans. Computers.

[11]  Riccardo Gusella,et al.  The Accuracy of the Clock Synchronization Achieved by TEMPO in Berkeley UNIX 4.3BSD , 1987, IEEE Trans. Software Eng..

[12]  Günter Schäfer,et al.  Distributed Automatic Configuration of Complex IPsec-Infrastructures , 2010, Journal of Network and Systems Management.

[13]  Kay Römer,et al.  Time Synchronization and Calibration in Wireless Sensor Networks , 2005, Handbook of Sensor Networks.

[14]  David L. Mills,et al.  Simple Network Time Protocol (SNTP) Version 4 for IPv4, IPv6 and OSI , 1996, RFC.

[15]  Péter Benkö,et al.  A large-scale, passive analysis of end-to-end TCP performance over GPRS , 2004, IEEE INFOCOM 2004.

[16]  Yongdae Kim,et al.  The Frog-Boiling Attack: Limitations of Anomaly Detection for Secure Network Coordinate Systems , 2009, SecureComm.