Cryptology ePrint Archive: Report 2015/1020

Attacking the Network Time Protocol

Aanchal Malhotra and Isaac E. Cohen and Erik Brakke and Sharon Goldberg

Abstract: We explore the risk that network attackers can exploit unauthenticated Network Time Protocol (NTP) traffic to alter the time on client systems. We first discuss how an on-path attacker, that hijacks traffic to an NTP server, can quickly shift time on the server's clients. Then, we present a extremely low-rate (single packet) denial-of-service attack that an off-path attacker, located anywhere on the network, can use to disable NTP clock synchronization on a client. Next, we show how an off-path attacker can exploit IPv4 packet fragmentation to shift time on a client. We discuss the implications on these attacks on other core Internet protocols, quantify their attack surface using Internet measurements, and suggest a few simple countermeasures that can improve the security of NTP.

Category / Keywords: network security, network time protocol, NTP, off-path attacks, denial of service

Original Publication (with minor differences): NDSS '16, 21-24 February 2016, San Diego, CA, USA
DOI: 10.14722/ndss.2016.23090

Date: received 21 Oct 2015, last revised 7 Jan 2016

Contact author: goldbe at cs bu edu

Available format(s): PDF | BibTeX Citation

Note: Revised according to NDSS'16 reviewer comments.

Version: 20160107:152938 (All versions of this report)

Short URL: ia.cr/2015/1020