| dc.contributor.author | Malhotra, Aanchal | en_US |
| dc.contributor.author | Gundy, Matthew Van | en_US |
| dc.contributor.author | Varia, Mayank | en_US |
| dc.contributor.author | Kennedy, Haydn | en_US |
| dc.contributor.author | Gardner, Jonathan | en_US |
| dc.contributor.author | Goldberg, Sharon | en_US |
| dc.contributor.editor | Kiayias, Aggelos | en_US |
| dc.date.accessioned | 2018-05-29T19:55:32Z | |
| dc.date.available | 2018-05-29T19:55:32Z | |
| dc.date.issued | 2017 | |
| dc.identifier | https://doi.org/10.1007/978-3-319-70972-7 | |
| dc.identifier.citation | Malhotra A., Van Gundy M., Varia M., Kennedy H., Gardner J., Goldberg S. (2017) The Security of NTP’s Datagram Protocol. In: Kiayias A. (eds) Financial Cryptography and Data Security. FC 2017. Lecture Notes in Computer Science, vol 10322. Springer, Cham. DOI
https://doi.org/10.1007/978-3-319-70972-7_23 | |
| dc.identifier.uri | https://hdl.handle.net/2144/29024 | |
| dc.description.abstract | For decades, the Network Time Protocol (NTP) has been
used to synchronize computer clocks over untrusted network paths. This
work takes a new look at the security of NTP’s datagram protocol. We
argue that NTP’s datagram protocol in RFC5905 is both underspecified
and flawed. The NTP specifications do not sufficiently respect (1) the
conflicting security requirements of different NTP modes, and (2) the
mechanism NTP uses to prevent off-path attacks. A further problem
is that (3) NTP’s control-query interface reveals sensitive information
that can be exploited in off-path attacks. We exploit these problems
in several attacks that remote attackers can use to maliciously alter a
target’s time. We use network scans to find millions of IPs that are
vulnerable to our attacks. Finally, we move beyond identifying attacks
by developing a cryptographic model and using it to prove the security
of a new backwards-compatible client/server protocol for NTP. | en_US |
| dc.description.uri | https://eprint.iacr.org/2016/1006.pdf | |
| dc.description.uri | https://eprint.iacr.org/2016/1006.pdf | |
| dc.format.extent | p. 405 - 423 | en_US |
| dc.publisher | Springer | en_US |
| dc.relation.ispartof | Financial Cryptography | |
| dc.subject | Network Time Protocol | en_US |
| dc.subject | RFC5905 | en_US |
| dc.title | The security of NTP's datagram protocol | en_US |
| dc.type | Conference materials | en_US |
| dc.description.version | Published version | en_US |
| pubs.elements-source | dblp | en_US |
| pubs.notes | Embargo: Not known | en_US |
| pubs.organisational-group | Boston University | en_US |
| pubs.organisational-group | Boston University, College of Arts & Sciences | en_US |
| pubs.organisational-group | Boston University, College of Arts & Sciences, Department of Computer Science | en_US |
