Categories
Strengthening the Internet Time Security

Working Collaboratively to Improve Emerging Network Time Security Implementations

Accurate and secure time is essential for the security and trustworthiness of the Internet. Many systems that we regularly interact with rely on accurate time to function properly. Accurate time also provides an essential foundation for online security, and many security mechanisms, such as digital certificates used for Transport Layer Security (TLS), depend on accurate timekeeping. The Network Time Protocol (NTP) provides time synchronization for clocks on computer networks.

NTP’s security mechanisms were designed back in an era when most Internet traffic was trusted, and the risk of attack was unlikely. Due to the continued exponential expansion of the Internet, these mechanisms became outdated and needed to be redesigned. The Internet Engineering Task Force (IETF) has been working on a specification for Network Time Security (NTS) for several years now. This specification was approved by the Internet Engineering Steering Group (IESG) in March of this year and is currently in the RFC editing process for the final publication. Over the course of the last couple of years, there have been a series of NTS projects held as part of the IETF Hackathons. These projects have worked to identify mistakes and ambiguities in the specification and to test and improve interoperability between implementations.

Time Community Collaboration

Recently, as part of the IETF 108 virtual hackathon, there was another successful event in this series. Representatives from several organizations including chrony, Cloudflare, Netnod, Orolia, Ostfalia University of Applied Sciences, Physikalisch-Technische Bundesanstalt (PTB), and the Internet Society took part in the project on Network Time Security (NTS) in July 2020. By the end of the week, there were 13 installations of six different NTS server implementations. These server implementations were tested against five different client implementations showing improvements in the maturity and interoperability of both the client and server implementations of NTS.

Additionally, a key highlight from the effort was the contribution of the first NTS test tool. This tool was contributed by Miroslav Lichvar and checked an implementation’s adherence to the specification as well as performing some basic performance tests. A short presentation on the outcomes of the NTS project at the IETF 108 virtual Hackathon is available here

NTS Support

At this point, there are now two mainstream open source NTP implementations that have added NTS support: chrony and NTPsec. Additionally, there are open source NTS implementations from Netnod, Ostfalia, and Cloudflare. The Internet Society’s Time Security project is building a distributed testbed with some of these implementations to provide additional test and implementation opportunities for the wide community.

Find out more:


Image by Josh Redd via Unsplash

Categories
Strengthening the Internet Time Security

Everything You Need to Know about Network Time Security

This article was first published on Netnod’s Blog. It is reposted here with permission of Netnod.

A lot of the Internet’s most important security tools are dependent on accurate time. But until recently there was no way to ensure that the time you were getting came from a trusted source. The new Network Time Security (NTS) standard has been designed to fix that. In this post, we will summarise the most important NTS developments and link to a range of recent Netnod articles providing more information on the background, the NTS standard and the latest implementations.

What is NTS and why is it important?

NTS is an essential development of the Network Time Protocol (NTP). It has been developed within the Internet Engineering Task Force (IETF) and adds a much needed layer of security to a protocol that is more than 30 years old and is vulnerable to certain types of attack. Netnod has played an important role in the development of Network Time Security (NTS) from the standardization effort in the IETF to the development of several implementations and the launch of one of the first NTS-enabled NTP services in the world.

NTS consists of two protocols, a key exchange and extended NTP. This ensures that clients can validate that the time that they receive has been sent from the correct server. More detailed information about how NTS works and why it is important is available here and in a guest post recently published on RIPE Labs here.

The NTS standard in the IETF

In March 2020, the Internet Draft ‘Network Time Security for the Network Time Protocol’ was approved as a Proposed Standard, which describes NTS as: “a mechanism for using Transport Layer Security (TLS) and Authenticated Encryption with Associated Data (AEAD) to provide cryptographic security for the client-server mode of the Network Time Protocol (NTP).” It’s currently in the RFC editor queue awaiting publication as an RFC proper.

NTS implementations

Netnod launched one of the first NTS-enabled NTP services in the world on 28 October 2019. It’s available to the public at:

  1. nts.ntp.se (for users anywhere in the world)
  2. nts.sth1.ntp.se & nts.sth2.ntp.se (for users close to Stockholm)

More information on this service is available here. Netnod has also published a HOWTO explaining how to set up an NTS client and to connect to Netnod’s NTS servers here. Some current NTP clients supporting NTS (two of which were written by Netnod staff) include:

  1. ntpsec (written by Eric Raymond)
  2. A Python implementation (written by Christer Weinigel, Netnod)
  3. A Go implementation (written by Michael Cardell Widerkrantz (Netnod), Daniel Lublin and Martin Samuelsson)

Joachim Strömbergson and Peter Magnusson from Assured have been asked by Netnod to work on a Verilog implementation of the extended NTP. More information about this will be available later in the year.

Why take time from Netnod?

On behalf of the Swedish Post and Telecom Authority (PTS) Netnod keeps a Verilog implementation of NTP with attached atomic clocks running in locations across Sweden. This means you speak NTP directly to the FPGA chip! As there is no software involved, you get the most accurate time possible. The service is available to the general public worldwide for free on ntp.se, which resolves to anycast IPv4 and IPv6 addresses.

In a recent blogpost, Netnod looked at some of the fundamentals in providing accurate time. These include looking at what makes a clock, how to ensure accuracy down to the level of nanoseconds and what Netnod is doing to ensure accurate time throughout Sweden.

The Internet Society believes that the security of the Internet’s time synchronization infrastructure has a direct impact on the overall trustworthiness of the global Internet. We’re working to promote global deployment of time security protocols and to encourage operational best practices. Take a look at our Time Security project homepage to find out more about our work.

Categories
Building Trust Improving Technical Security Time Security

Time Synchronization, Security, and Trust

Time is something that is often overlooked or taken for granted, but the accuracy and reliability of time is critical to our lives and must be protected. Time is a core concept underlying nearly all physical and virtual systems. Distributed computer systems, key to many functions inherent in our daily lives, rely on accurate and reliable time, yet we rarely stop and think about how that time is constructed and represented. Accurate and reliable time is needed to determine when an event occurs, in what order a particular sequence of events occurs, or when to schedule an event that is to occur at a particular time in the future. Finally, and of particular interest to our trust agenda here at the Internet Society, quality reliable time is required for many of the security technologies that help provide trust for the Internet. It is a vital and often overlooked part of the Internet infrastructure.

Some specific examples where accurate reliable secure time information is vital include:

  • The finance sector where there are high demands on the time synchronization of business clocks in trading systems. This is especially true in the high frequency trading where a new EU legislation called Markets in Financial Instruments Directive (MiFID II) requires a timestamping granularity of 1 microsecond and a maximal divergence from Coordinated Universal Time (UTC) of 100 microseconds. Similar requirements are formulated by the US Securities and Exchange Commission (SEC Rule 613).
  • The power industry for control of devices in the energy transmission and distribution network along with components in substation automation networks. These devices provide information about voltage, current, and phase angle used to derive the current state of the electrical infrastructure, a critical piece of national infrastructure.
  • Various manufacturing industries for the synchronization of machine parts in motion control type processes, for instance in a rolling mill or for printing presses.
  • Virtually all distributed systems where synchronization of logging information enables error tracking and thus contributes to system stability and system integrity.
  • Internet security technologies rely on a crucial interdependent relationship between security mechanisms and time synchronization. For example, certificates, a key component of security solutions, are used to determine that numerous types of resources are identified securely and correctly. These solutions rely on accurate time of day to establish the validity of certificates. There is a stereotypical “chicken and egg” problem where accurate time is needed to establish the security mechanism (the certificate). In turn, you need the security mechanism (the certificate) to be valid in order to establish that the information exchanged for time synchronization purposes has not been corrupted. As more security mechanisms are being deployed, we are increasingly relying on certificates and, in turn, secure time.

Despite the vital nature of time, the protocols that have historically provided the time infrastructure that we rely upon have not adopted adequate security mechanisms. There are two primary protocols for the synchronization of time over packet based (IP) networks. The Network Time Protocol (NTP), defined primarily by RFC 5905, and the IEEE Standard for a Precision Clock Synchronization Protocol for Networked Measurement and Control Systems (IEEE 1588). Both of these standards lack mechanisms to secure these protocols.

However, as threats against Internet infrastructure have increased, both the IETF and IEEE technical communities have been working to provide new security mechanisms to address this deficiency. Later today, I will be presenting an analysis (https://dev.internetsociety.org/resources/doc/2017/new-security-mechanisms-network-time-synchronization-protocols/) of the emerging security solutions for both NTP and IEEE 1588 at the IEEE International Symposium of Precision Clock Synchronization (ISPCS). Slides are also available online at https://www.slideshare.net/ISOCtech/new-security-mechanisms-for-network-time-synchronization-protocols.

Both of the IETF NTP working group and IEEE 1588 working group standards efforts described in the paper are open standards (https://open-stand.org) processes. Participation is open and comments and contributions are welcome!