Blog
Time synchronization and trust assurance
To ensure trust in the electronic communications environment you need to ensure accurate time. But the distribution of time itself must ensure the credibility of the source, protecting the integrity from unauthorized change. Because time is extremely important from the point of view of IT systems.
Time synchronization, standardization and precision
Time synchronization is essential both in the local network environment and to ensure trust
in the Internet environment. Without time synchronization, it is difficult to verify the validity of certificates of websites,
mail servers, or certificates of individual users, without synchronization it is difficult to verify
the validity of digital signatures. You simply do not connect, pay, order ...
Without the appropriate time, it is also difficult to verify users (e.g. Active Directory or Azure
Active Directory), as well as internal synchronization of databases, applications, or industrial protocols.
Similarly, in case of time breakdown, it is difficult to determine from records what actually happened on
the network.
Because it is a critical service, it is necessary to tell a bit more about its development and capabilities.
Almost everyone today uses NTP (Network Time Protocol), in the Microsoft Windows network environment it is then possible
to still encounter SNTP (Simple Network Time Protocol). From the point of view of safety and accuracy SNTP is not
the top, and in sporting terms, it is somewhere in the middle of a bunch of racers. Therefore, it is advisable
to prefer a much more robust environment. But if we talk about time synchronization and its
accuracy, it is possible to use PTP (Precision Time Protocol) in extreme cases. Individual
versions and corresponding accuracy can be found in the following table.
| Version | Year | Accuracy | Standard | Port | IP |
| Daytime | 1983 | ±1 s | RFC 868 | tcp/13 | IPv4 |
| Time/Netdate | 1983 | ±1 s | RFC 868 | tcp/37 udp/37 | IPv4 |
| NTP | 1985 | LAN: ±10 to ±100 ms WAN: ±10 ms to ±3 s | RFC 958 | tcp/123 udp/123 | IPv4 |
| NTPv1 | 1988 | LAN: ±10 to ±100 ms WAN: ±10 ms to ±3 s | RFC 1059 | tcp/123 udp/123 | IPv4 |
| NTPv2 | 1989 | LAN: ±1 to ±50 ms WAN: ±10 ms to ±1 s | RFC 1119 | tcp/123 udp/123 | IPv4 |
| NTPv3 | 1992 | LAN: ±1 to ±10 ms WAN: ±10 to ±500 ms | RFC 1305 | tcp/123 udp/123 | IPv4 |
| SNTPv3 | 1995 | LAN: ±10 to ±100 ms WAN: ±1 to ±2 s | RFC 1769 | tcp/123 udp/123 | IPv4 |
| SNTPv4 | 1996 | LAN: ±10 to ±100 ms WAN: ±1 to ±2 s | RFC 2030 RFC 4330 | tcp/123 udp/123 | IPv4 IPv6 |
| PTP | 2002 | LAN: ±100 ns | IEEE 1588-2002 RFC 4330 | udp/319 udp/320 | IPv4 IPv6 |
| PTPv2 | 2008 | LAN: ±50 ns | IEEE 1588-2008 RFC 4330 | udp/319 udp/320 | IPv4 IPv6 |
| NTPv4 | 2010 | LAN: ±1 to ±500 µs WAN: ±10 to ±100 ms | RFC 5905 RFC 5906 RFC 5907 RFC 5908 | tcp/123 udp/123 | IPv4 IPv6 |
| NTPv4 extension | 2019 | LAN: ±1 to ±500 µs WAN: ±10 to ±100 ms | RFC 8573 | tcp/123 udp/123 | IPv4 IPv6 |
| PTPv2.1 | 2019 | LAN: ±50 ns | IEEE 1588-2019 RFC 4330 | udp/319 udp/320 | IPv4 IPv6 |
| NTS | 2020 | LAN: ±1 to ±500 µs WAN: ±10 to ±100 ms | RFC 8915 | tcp/123 udp/123 tcp/4060 | IPv4 IPv6 |
| NTPv5 draft | ±1 µs | Draft | tcp/123 udp/123 | IPv4 IPv6 |
Methods of protecting time synchronization
Several problems are encountered in time distribution at the same time. The only relief is the possibility of not using content encryption.
On the one hand, this information is known to everyone, it further burdens resources and extends processing time. Important problems are
in communication, e.g. time signal integrity, i.e. signal integrity along the way. In other words, making sure that the time
tag has not been tampered with. On the other hand, it is source verification. Relying purely on source and destination addresses is completely
unsatisfactory. Anyone with access to communication could modify this information and the recipient could be shifted
in time. Source verification is generally a considerable problem when it is an initial communication. Last, it is about managing
who has access to this time source, i.e. authentication. This can be solved easily on the local network,
simply by providing a shared secret.
From around 1980 onwards, the daytime command was mainly used for time synchronization. It was gradually replaced by the NTP protocol,
which was able to run in the form of a process in the background. Only with gradual development, other functionalities were added,
including the protection of the protocol from unauthorized modification. In the past, there were efforts to use asymmetric algorithms, more precisely a digital signature, to ensure the integrity of
communication. Under the name "Autokey" was provided a set of algorithms,
capable of key exchange and digital signature. Apart from a significant influence on the complexity of the configuration, the accuracy of the synchronization
and the computational requirements, unfortunately, it did not yield anything significant. Of interest was only the possibility to use certificates
based on the X.509 standard for authentication. The available algorithms were:
- RSA with key size 512b to 2048b
- DSA with key size 1024b
- DH with key size 512b to 2048b
Based on the NTP algorithm, the SNTP algorithm, a simplified version of the NTP protocol, was created. It was mainly used in
Microsoft networks. The PTP protocol is available for synchronization of sensitive environments. The latest innovation is
the NTS protocol, capable of agreeing on shared secrets using TLS, the said secret is further used for authentication of
content.
| Version | Confidentiality | Autentization / Transformation | Integrity | Autokey support | Standard |
| Daytime | N/A | N/A | N/A | No | RFC 868 |
| Time/Netdate | N/A | N/A | N/A | No | RFC 868 |
| NTP | N/A | N/A | N/A | No | RFC 958 |
| NTPv1 | N/A | N/A | N/A | No | RFC 1059 |
| NTPv2 | N/A | N/A | N/A | No | RFC 1119 |
| NTPv3 | N/A | DES MD5 | MD5 | No | RFC 1305 |
| SNTPv3 | N/A | N/A | N/A | No | RFC 1769 |
| SNTPv4 | N/A | N/A | MD5 | No | RFC 2030 RFC 4330 |
| PTP | N/A | N/A | N/A | No | IEEE 1588-2002 |
| PTPv2 | N/A | N/A | N/A | No | IEEE 1588-2008 |
| NTPv4 | N/A | MD5 Update: - DSA - DSA-SHA - MD4 - MD5 - MDC3 - RIPEMD160 - SHA - SHA1 - SHA224 - SHA256 - SHA384 - SHA512 | MD5 Update: - HMAC-MD5 - HMAC-SHA1 - HMAC-SHA256 | Yes | RFC 5905 RFC 5906 RFC 5907 RFC 5908 |
| NTPv4 extension | N/A | AES-CMAC | AES-CMAC | Yes | RFC 8573 |
| PTPv2.1 | N/A | TESLA (RFC 4082) NTS4PTP | N/A | No | IEEE 1588-2019 |
| NTS | N/A | AES-SIV-CMAC-256 | AES-128-GCM AES-256-GCM AES-128-CCM AES-256-CCM AES-128-OCB AES-256-OCB ChaCha20/Poly1305 AEGIS128L AEGIS256 | No | RFC 8915 |
| NTPv5 draft | N/A | N/A | N/A | N/A | Draft |
Accuracy of other sources
Radio sources on long, medium and short waves. They contain no signal authentication, their accuracy It reaches up to ±10 ms, usually held in a matter of seconds. Examples are transmitters with the mark ALS162, BBC Radio 4, DCF-77, DCF39, DCF49, HGA22, MSF, WWV, WWVB, WWVH. Verified time sources over NTP protocol can provide time with accuracy ±100 ms, an example is the source provided at CERN and NIST. Global navigation systems may include an authentication channel. Some of them are for military applications only, others for civilian ones. Example of a source with civil channel authentication is Beidou. For the Galileo navigation system, authentication should be used using TESLA, Glonass and GPS algorithms for the civil component verification is not. The accuracy of these channels should be up to ±1 µs. Atomic clocks can reach accuracy up to ±10 ns, thermally stabilised hours thereafter ±50 ns. We have a huge advantage in the Czech Republic. We are one one of the few countries involved in creating a world coordinated UTC time in cooperation with the International Bureau of Weights and Measures (BIPM).
Operational principles
Radio sources:
- The selected frequency of the source allows propagation beyond the horizon, the time of the signal's flight is usually
limited by reflection from the atmosphere to a distance of about 2000km. Every minute, the information valid for the
next minute is transmitted so that full synchronization takes place.
Global navigation:
- Each satellite sends its own mark and signaling. The combination of several sources allows the use of the trilateration method
which allows the determination of the exact position and time. To explain, one satellite can provide information on the surface
of the sphere about the time of the transmitter, two satellites can determine for example the ellipse (intersection of spherical surfaces),
three determine two points on this path and a fourth then allows the determination of a specific point and as a bonus,
the determination of the exact time at the same time.
NTP protocol:
- Forms a table of several different time sources, their mutual difference and uses the Marzul diagram to find the center
for the corresponding time. Thanks to the ability to process even previous deviations, there it gradually specifies
the changes caused by the propagation of the signal.
PTP protocol:
- For each time source evaluates several separate parameters and calculates the mean time of communication. Based on
the specified priority, accuracy and other data selects the time source closest to the exact time.
Recommendation
It is now advisable to use appropriate algorithms to protect time synchronization using the NTP protocol. Thus, either HMAC-SHA256, AES-CMAC-256, AES-256-GCM, ChaCha20/Poly1305, or AEGIS-256. If possible, it is advisable to use the NTS protocol, which ensures sufficient form of source authentication. For PTP, it is currently still necessary to provide a separate network, or to create a virtual network using e.g. VPN networks. Communication using PTP should therefore be limited within time sources, or for selected applications requiring this level of accuracy.
Conclusion
Time synchronization is a very important service for the operation of any network. Because such a service must be adequately
secured against misuse, it is advisable to address its appropriate isolation. Deciding whether you need this isolation
is part of the risk (and its impact) analysis. A suitable time source for a network environment should have several inputs themselves
which also account for the limitation of their accuracy. These inputs must be compared and secured against possible manipulation.
Small companies can make do with simple synchronization against time sources, but larger companies, or
organizations, whose operation requires accurate time, need an appropriate structure. This can mean a thermally stabilized
clock or an accurate internal time source with several correction inputs. Correction inputs can use communications
over the Internet as well as radio sources. But these sources are susceptible to attackers. Further, influencing communications
is part of radio-electronic warfare. By contrast, signal blocking, including GNSS signals, can be used to
protect the population. Therefore, it is not possible to rely entirely on the source of time from global navigation sources.
Reference:
- Welcome to the home of the Network Time Protocol (NTP) Project
Source: https://ntp.org/ - Welcome to NTPsec
Source: https://www.ntpsec.org/ - chrony package
Source: https://chrony-project.org/ - ptpd package
Source: https://github.com/ - ptpd2 package
Source: https://sourceforge.net/ - OpenNTP package
Source: https://github.com/ - IEEE 1588-2019 (PTP)
Source: https://ieeexplore.ieee.org - Everything You Have To Know About PTP or Precision Time Protocol?
Source: https://moniem-tech.com/ - NTS4PTP — A comprehensive key management solution for PTP networks
Source: https://www.sciencedirect.com/
Autor článku:
