Cryptology ePrint Archive: Report 2015/1020
Attacking the Network Time Protocol
Aanchal Malhotra and Isaac E. Cohen and Erik Brakke and Sharon Goldberg
Abstract: We explore the risk that network attackers can exploit unauthenticated Network Time Protocol (NTP) traffic to alter the time on client systems. We first discuss how an on-path attacker, that hijacks traffic to an NTP server, can quickly shift time on the server's clients. Then, we present a extremely low-rate (single packet) denial-of-service attack that an off-path attacker, located anywhere on the network, can use to disable NTP clock synchronization on a client. Next, we show how an off-path attacker can exploit IPv4 packet fragmentation to shift time on a client. We discuss the implications on these attacks on other core Internet protocols, quantify their attack surface using Internet measurements, and suggest a few simple countermeasures that can improve the security of NTP.
Category / Keywords: network security, network time protocol, NTP, off-path attacks, denial of service
Original Publication (with minor differences): NDSS '16, 21-24 February 2016, San Diego, CA, USA
Date: received 21 Oct 2015, last revised 7 Jan 2016
Contact author: goldbe at cs bu edu
Available format(s): PDF | BibTeX Citation
Note: Revised according to NDSS'16 reviewer comments.
Version: 20160107:152938 (All versions of this report)
Short URL: ia.cr/2015/1020
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]