## Cryptology ePrint Archive: Report 2016/055

Aanchal Malhotra and Sharon Goldberg

Abstract: We identify two attacks on the Network Time Protocol (NTP)'s cryptographically-authenticated broadcast mode. First, we present a replay attack that allows an on-path attacker to indefinitely stick a broadcast client to a specific time. Second, we present a denial-of-service (DoS) attack that allows an off-path attacker to prevent a broadcast client from ever updating its system clock; to do this, the attacker sends the client a single malformed broadcast packet per query interval. Our DoS attack also applies to all other NTP modes that are ephemeral' or preemptable' (including manycast, pool, etc). We then use network measurements to give evidence that NTP's broadcast and other ephemeral/preemptable modes are being used in the wild. We conclude by discussing why NTP's current implementation of symmetric-key cryptographic authentication does not provide security in broadcast mode, and make some recommendations to improve the current state of affairs.

Category / Keywords: applications / network security, network time protocol, NTP, broadcast, off-path attacks, denial of service

Original Publication (in the same form): ACM SIGCOMM Computer Communication Review. April 2016

Date: received 23 Jan 2016, last revised 26 Feb 2016

Contact author: goldbe at cs bu edu

Available format(s): PDF | BibTeX Citation

Note: Revised per comments of SIGCOMM CCR reviewers.

Short URL: ia.cr/2016/055

[ Cryptology ePrint archive ]