TimeNL: the transparent new NTP service from SIDN Labs
At SIDN Labs, we've created TimeNL, a new service that internet-enabled devices can use for time synchronisation. Time services based on the NTP standard, such as TimeNL, play a vital role for many internet applications. However, the lack of transparency regarding the public and non-public services that are available is problematic, making it hard for users to make an informed choice. In this blog, we explain how TimeNL can help to improve things.
The importance of accurate time measurement and synchronisation
Time plays a big part in our daily lives. There are countless situations where it's important to know whether one event happened before another, or after. Situations where we need to know when an event occurred, or what the interval was between two events. In many cases, precision is vital.
In computing, knowing the right time is often important as well. Computers have built-in clocks, which many applications refer to, and some depend on. Many such applications are security-related. Time is vital to, for example, the correlation of system logging by various systems, the use of legally valid time stamps, or something as simple as the exact time displayed in a recording made by an IP camera. In its role as the registry for .nl, SIDN needs accurate time checks in order to fairly apply the first-come, first-served principle to domain name registrations, for example. If a domain name is released from quarantine, and several people are interested in registering it, we may receive applications via different systems. And we can't be sure which one arrived first unless the various systems' internal clocks are precisely synchronised. Time is also important in the context of standards such as DNSSEC, PKI certificates, TOTP and OAuth. The list of time-dependent applications is endless.
A good system for synchronising computers' internal clocks is therefore essential.
Network Time Protocol (NTP)
One widely used system for synchronising computers over a network is NTP, a well-established, UDP-based de facto client-server standard. NTP allows synchronisation with an accuracy of milliseconds. The protocol is in current use and the number of users is growing strongly, driven partly by the proliferation of IoT devices. However, the average user is hardly aware of it. In that respect, NTP is like the Domain Name System (DNS) protocol, which is also used under the hood by many applications. A small group of insiders know a lot about it, but most users simply set it up without really understanding how it works.
Although internet time services are crucial, we have found at SIDN Labs that the quality and service levels of the NTP services currently available are often unclear and somewhat variable. It isn't uncommon to go for an NTP server, without being clear about the service level provided. It has also become apparent to us that GPS is very dominant, implying considerable reliance on the American system. Most public NTP services that we looked at use GPS for their reference clock, even though Europe also has GNSS system called Galileo. In addition, there is a good alternative for use as a secondary time source, in the form of the DCF77 radio signal broadcast by Germany's PTB.
TimeNL from SIDN Labs
Against that background, and inspired by the Swedish national time service (ntp.se), we have set up TimeNL, an NTP service aimed primarily at the Dutch and European internet communities (although it can, of course, be used by anyone, anywhere). In developing TimeNL, our aims were to emphasise the importance of NTP, to help reinforce the internet's NTP infrastructure, and to conduct research in this important and interesting field. Although new, TimeNL is a fully featured service. We are using robust hardware (Meinberg M3000, with the well-known ntpd 4.2.8p13 open-source software), a multi-homed network infrastructure, multiple reference clocks (Galileo and GPS as primary clocks, with the German DCF77 signal as a secondary, and good stratum-1 NTP servers as backups/fallbacks). And all operated to the standard you would expect from SIDN. Of course, we are always happy to answer your questions and listen to your feedback. The photograph below shows the antennas installed on the roof of our office for receiving the various time signals.
One important difference between TimeNL and other NTP services is that we publish full specifications of our service on https://time.nl/, including details of the hardware and configurations in use. So users have a clear idea what level of service they can expect from TimeNL. The service itself can be reached at ntp.time.nl, and of course IPv6 is fully supported. :-)
With the launch of TimeNL, SIDN Labs has entered the world of digital time synchronisation. Having realised the first tangible and fully functional product, we envisage various opportunities for further research. One possible research topic is Network Time Security (NTS), a standard currently under development, which provides additional security for the basic NTP protocol. That has significant potential in the context of DNS and DNSSEC. Another possibility is research to support improved measurement-based mapping of the NTP landscape and, where relevant, the associated vulnerabilities.
Give TimeNL a try!
We're inviting everyone to make TimeNL part of their internal NTP policy. All the information needed is available from our website. You may actually be using our service already without realising, since it's part of the widely utilised NTP pool.