Paper 2015/1020

Attacking the Network Time Protocol

Aanchal Malhotra, Isaac E. Cohen, Erik Brakke, and Sharon Goldberg

Abstract

We explore the risk that network attackers can exploit unauthenticated Network Time Protocol (NTP) traffic to alter the time on client systems. We first discuss how an on-path attacker, that hijacks traffic to an NTP server, can quickly shift time on the server's clients. Then, we present a extremely low-rate (single packet) denial-of-service attack that an off-path attacker, located anywhere on the network, can use to disable NTP clock synchronization on a client. Next, we show how an off-path attacker can exploit IPv4 packet fragmentation to shift time on a client. We discuss the implications on these attacks on other core Internet protocols, quantify their attack surface using Internet measurements, and suggest a few simple countermeasures that can improve the security of NTP.

Note: Revised according to NDSS'16 reviewer comments.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Minor revision. NDSS '16, 21-24 February 2016, San Diego, CA, USA
DOI
10.14722/ndss.2016.23090
Keywords
network securitynetwork time protocolNTPoff-path attacksdenial of service
Contact author(s)
goldbe @ cs bu edu
History
2016-01-07: last of 2 revisions
2015-10-23: received
See all versions
Short URL
https://ia.cr/2015/1020
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2015/1020,
      author = {Aanchal Malhotra and Isaac E.  Cohen and Erik Brakke and Sharon Goldberg},
      title = {Attacking the Network Time Protocol},
      howpublished = {Cryptology {ePrint} Archive, Paper 2015/1020},
      year = {2015},
      doi = {10.14722/ndss.2016.23090},
      url = {https://eprint.iacr.org/2015/1020}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.