Paper 2016/055

Attacking NTP's Authenticated Broadcast Mode

Aanchal Malhotra and Sharon Goldberg

Abstract

We identify two attacks on the Network Time Protocol (NTP)'s cryptographically-authenticated broadcast mode. First, we present a replay attack that allows an on-path attacker to indefinitely stick a broadcast client to a specific time. Second, we present a denial-of-service (DoS) attack that allows an off-path attacker to prevent a broadcast client from ever updating its system clock; to do this, the attacker sends the client a single malformed broadcast packet per query interval. Our DoS attack also applies to all other NTP modes that are `ephemeral' or `preemptable' (including manycast, pool, etc). We then use network measurements to give evidence that NTP's broadcast and other ephemeral/preemptable modes are being used in the wild. We conclude by discussing why NTP's current implementation of symmetric-key cryptographic authentication does not provide security in broadcast mode, and make some recommendations to improve the current state of affairs.

Note: Revised per comments of SIGCOMM CCR reviewers.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. ACM SIGCOMM Computer Communication Review. April 2016
Keywords
network securitynetwork time protocolNTPbroadcastoff-path attacksdenial of service
Contact author(s)
goldbe @ cs bu edu
History
2016-02-26: last of 2 revisions
2016-01-25: received
See all versions
Short URL
https://ia.cr/2016/055
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/055,
      author = {Aanchal Malhotra and Sharon Goldberg},
      title = {Attacking NTP's Authenticated Broadcast Mode},
      howpublished = {Cryptology ePrint Archive, Paper 2016/055},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/055}},
      url = {https://eprint.iacr.org/2016/055}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.