The security of NTP's datagram protocol

Malhotra, Aanchal; Gundy, Matthew Van; Varia, Mayank; Kennedy, Haydn; Gardner, Jonathan; Goldberg, Sharon

The security of NTP's datagram protocol

Files

1006.pdf(1018.48 KB)

Accepted manuscript

Date

2017

Authors

Malhotra, Aanchal

Gundy, Matthew Van

Varia, Mayank

Kennedy, Haydn

Gardner, Jonathan

Goldberg, Sharon

Version

Published version

URI

https://hdl.handle.net/2144/29024

Citation

Malhotra A., Van Gundy M., Varia M., Kennedy H., Gardner J., Goldberg S. (2017) The Security of NTP’s Datagram Protocol. In: Kiayias A. (eds) Financial Cryptography and Data Security. FC 2017. Lecture Notes in Computer Science, vol 10322. Springer, Cham. DOI https://doi.org/10.1007/978-3-319-70972-7_23

Abstract

For decades, the Network Time Protocol (NTP) has been used to synchronize computer clocks over untrusted network paths. This work takes a new look at the security of NTP’s datagram protocol. We argue that NTP’s datagram protocol in RFC5905 is both underspecified and flawed. The NTP specifications do not sufficiently respect (1) the conflicting security requirements of different NTP modes, and (2) the mechanism NTP uses to prevent off-path attacks. A further problem is that (3) NTP’s control-query interface reveals sensitive information that can be exploited in off-path attacks. We exploit these problems in several attacks that remote attackers can use to maliciously alter a target’s time. We use network scans to find millions of IPs that are vulnerable to our attacks. Finally, we move beyond identifying attacks by developing a cryptographic model and using it to prove the security of a new backwards-compatible client/server protocol for NTP.

Collections

BU Open Access Articles
CAS: Computer Science: Scholarly Papers

Full item page