Cryptology ePrint Archive: Report 2016/055
Attacking NTP's Authenticated Broadcast Mode
Aanchal Malhotra and Sharon Goldberg
Abstract: We identify two attacks on the Network Time Protocol (NTP)'s cryptographically-authenticated broadcast mode. First, we present a replay attack that allows an on-path attacker to indefinitely stick a broadcast client to a specific time. Second, we present a denial-of-service (DoS) attack that allows an off-path attacker to prevent a broadcast client from ever updating its system clock; to do this, the attacker sends the client a single malformed broadcast packet per query interval. Our DoS attack also applies to all other NTP modes that are `ephemeral' or `preemptable' (including manycast, pool, etc). We then use network measurements to give evidence that NTP's broadcast and other ephemeral/preemptable modes are being used in the wild. We conclude by discussing why NTP's current implementation of symmetric-key cryptographic authentication does not provide security in broadcast mode, and make some recommendations to improve the current state of affairs.
Category / Keywords: applications / network security, network time protocol, NTP, broadcast, off-path attacks, denial of service
Original Publication (in the same form): ACM SIGCOMM Computer Communication Review. April 2016
Date: received 23 Jan 2016, last revised 26 Feb 2016
Contact author: goldbe at cs bu edu
Available format(s): PDF | BibTeX Citation
Note: Revised per comments of SIGCOMM CCR reviewers.
Version: 20160226:164140 (All versions of this report)
Short URL: ia.cr/2016/055
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]