Paper 2016/1006

The Security of NTP’s Datagram Protocol

Aanchal Malhotra, Matthew Van Gundy, Mayank Varia, Haydn Kennedy, Jonathan Gardner, and Sharon Goldberg

Abstract

For decades, the Network Time Protocol (NTP) has been used to synchronize computer clocks over untrusted network paths. This work takes a new look at the security of NTP's datagram protocol. We argue that NTP's datagram protocol in RFC5905 is both underspecified and flawed. The NTP specifications do not sufficiently respect (1) the conflicting security requirements of different NTP modes, and (2) the mechanism NTP uses to prevent off-path attacks. A further problem is that (3) NTP's control-query interface reveals sensitive information that can be exploited in off-path attacks. We exploit these problems in several attacks that remote attackers can use to maliciously alter a target's time. We use network scans to find millions of IPs that are vulnerable to our attacks. Finally, we move beyond identifying attacks by developing a cryptographic model and using it to prove the security of a new backwards-compatible client/server protocol for NTP.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint. Minor revision.
Keywords
Network Time Protocol (NTP)Network securitytime synchronization
Contact author(s)
aanchal4 @ bu edu
History
2017-02-20: revised
2016-10-26: received
See all versions
Short URL
https://ia.cr/2016/1006
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/1006,
      author = {Aanchal Malhotra and Matthew Van Gundy and Mayank Varia and Haydn Kennedy and Jonathan Gardner and Sharon Goldberg},
      title = {The Security of NTP’s Datagram Protocol},
      howpublished = {Cryptology ePrint Archive, Paper 2016/1006},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/1006}},
      url = {https://eprint.iacr.org/2016/1006}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.