NTS server for the TimeNL NTP service

Our NTP service gets a security upgrade

SIDN Labs' public NTP service has been upgraded: TimeNL now has an NTS server. NTS stands for Network Time Security, a new standard that's being developed. Only a few NTS systems are currently operating around the world. But we've recently boosted the number by adding our own experimental server (https://nts.time.nl) to the park. We'll be carrying out extensive tests with the new server, and the wider internet community is invited to make use of it as well. This blog post explains the background. If you're new to this field, please note that, while the abbreviations are easily confused, NTP and NTS are very different technologies.

The importance of accurate time measurement and synchronisation

In July 2019, we wrote about the launch of TimeNL, our public NTP service. We explained the importance of good time synchronisation and how our NTP service can contribute. However, as well as being a 'production platform' that's free for everyone to use, TimeNL is a research project.

Two-swimmers-racing-to-touch-the-wall-in-a-pool

One line of research involves looking at the new NTS security extension, because the existing NTP (version 4 of the protocol originally introduced in 1981) has certain vulnerabilities. With NTP, a client and a server exchange a series of UDP queries and responses. However, the system can be abused. For example, it's fairly easy to falsify the sender addresses in UDP packets. Packet contents can also be manipulated by a 'man-in-the-middle' (MitM) attack, so that the client receives incorrect information. Being aware of the issues, the NTP Working Group at the IETF has gradually extended the protocol to include authentication procedures, for example. First came an extension based on symmetrical keys, then one based on the Autokey functionality, utilising public/private certificate pairs. While symmetrical key authentication may be secure, it's also cumbersome. It necessitates the prior exchange of shared keys via a separate channel, and therefore introduces an additional administrative burden. Autokey was therefore developed to get around that problem. Unfortunately, though, Autokey turned out to be less secure than expected and its use was later discouraged.

Network Time Security (NTS)

Any protocol intended for mass use needs to be user-friendly and reliable. And the extensions mentioned above don't tick those boxes. Over the last few years, the IETF's NTP Working Group has therefore been developing a new extension to replace the two earlier extensions. The new extension is now ready, but awaiting ratification. So how, in general terms, does NTS work? NTS is essentially a two-stage technology. First, the client establishes a TCP connection with the NTS server. A conventional handshake procedure is followed to realise an encrypted TLS connection. Using that connection, parameters (in the form of 'NTS records') are then sent from the server to the client. The exchanged NTS records stipulate which 'AEAD algorithm' the NTP server has to use, for example. As part of the exchange, the server also sends eight unique cookies to the client, for use as key material in the second stage. Because everything is done using TLS, the interaction is secure. In stage 2, the client accesses the NTP server on a conventional 'stateless' basis using UDP. However, the integrity of the NTP packets is now assured using the AEAD algorithm agreed in stage 1. The single-use cookies are exchanged using the extension fields provided for in the NTP protocol, enabling the server to check that it's dealing with a legitimate client. The NTP server's responses include new cookies, so that stage 1 doesn't constantly have to be repeated. NTS therefore makes the NTP query-response exchange secure. For more detailed information, see the following blog posts on Webernetz.net:

NTS in the wild

Although there are now several NTS software implementations, there are relatively few operating NTS servers on the internet. For that and other reasons, we decided to set up our own. The move has been welcomed by, for example, the makers of an NTS client written in the Go programming language. Our experimental server, which is based on NTPsec, will provide us with a clear understanding of how the NTS protocol is developing. Indeed, it's already delivering results. Following the service launch announcement via our mailing list, Cloudflare contacted us to say that the software used for time.cloudflare.com didn't work with our NTS server. That prompted a detailed analysis by SIDN Labs, leading to the identification of an interoperability problem. A fix was developed and made available to Cloudflare as a simple patch. As a result, Cloudflare's software now works smoothly with NTPsec.

Give TimeNL a try!

If you fancy having a go with NTS, you'll find advice at https://nts.time.nl/.

Comments

  • Wednesday 25 September 2019

    News

    "Alert Online's strength is its partner network"

    Thumb-portrait-Patricia-Zorko

    Patricia Zorko: "Alert Online's message is increasingly relevant."

    Read more
  • Monday 15 April 2019

    Weblog

    Dissecting DNS Defences during DDoS

    Thumb-DDoS-attack

    Recommendations for both operators and developers

    Read more
  • Wednesday 30 October 2019

    News

    New boost for IPv6 implementation in the Netherlands

    Thumb-IPv6-on-screen

    Global adoption of IPv6 continues

    Read more

Sorry

Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.