The security of NTP
Daniel Sangorrin <daniel.sangorrin@...>
Hi Pavel,toggle quoted messageShow quoted text
*I renamed the subject and added cip-security to Cc
-----Original Message-----In the past, I read a bit about this topic because NTP seemed to be weak against man-in-the-middle attacks and that could cause problems when updating software:
- the device may not be able to judge correctly whether a certificate is expired or not
- the device may reject updates because it thinks they are older than the current update (when using timestamps)
Both cases would cause the device not being updated (a freeze attack).
[Note] civil infrastructure devices may also use GPS Satellites for time synchronization, or contract private leased lines and set up their own NTP server there. Not perfect but probably there are easier ways to compromise your device.
After some reading, I found out that NTP includes authentication support nowadays (symmetric keys, autokey..) but apparently nobody uses them.
https://chrony.tuxfamily.org/comparison.html (check NTP authentication)
It seems there is a new standard called Network Time Security (NTS) now.
Also, during my investigation on software update technology I also found out that TUF (the update framework) and its child UPTANE had a separate Time server to limit the freeze attacks.
There was a nice presentation by Justin Cappos in Japan last year: