The security of NTP

Daniel Sangorrin <daniel.sangorrin@...>

Hi Pavel,
*I renamed the subject and added cip-security to Cc

-----Original Message-----
From: cip-dev@... <cip-dev@...> On Behalf Of Pavel Machek
Sent: Friday, July 24, 2020 5:58 PM
To: cip-dev@...
Subject: Re: [cip-dev] Resource describing the Deby workflow?


I'm almost done getting SSL working between the BBB and hawkbit. The
last piece of the puzzle is to get NTP working on the BBB (since I
need valid time to ensure that the server certificate is valid).
Unfortunately, I'm
Notice that in this case SSL is not adding as much security as you think it does.

SSL attempts to protect against active attackers, and those can manipulate NTP easily.
In the past, I read a bit about this topic because NTP seemed to be weak against man-in-the-middle attacks and that could cause problems when updating software:
- the device may not be able to judge correctly whether a certificate is expired or not
- the device may reject updates because it thinks they are older than the current update (when using timestamps)

Both cases would cause the device not being updated (a freeze attack).

[Note] civil infrastructure devices may also use GPS Satellites for time synchronization, or contract private leased lines and set up their own NTP server there. Not perfect but probably there are easier ways to compromise your device.

After some reading, I found out that NTP includes authentication support nowadays (symmetric keys, autokey..) but apparently nobody uses them. (check NTP authentication)

It seems there is a new standard called Network Time Security (NTS) now.

Also, during my investigation on software update technology I also found out that TUF (the update framework) and its child UPTANE had a separate Time server to limit the freeze attacks.

There was a nice presentation by Justin Cappos in Japan last year:


Best regards,
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

Join to automatically receive all group messages.