Time is a fundamental building block for computing applications, and is heavily utilized by many cryptographic protocols (eg. digital certificates and TLS, bitcoin, authentication with Kerberos, DNSSEC, etc). Time on computer clocks is commonly set using the Network Time Protocol (NTP). This project considers the security of NTP, and its specifications, and its reference implementation ntpd. We consider various threats to NTP that allow an attacker to either (a) alter time on computer systems that set their clocks using NTP (timeshifting attacks), or (b) prevent those systems from synchronizing their clocks (denial of service attacks). We are also designing protocols that can secure NTP against these attacks.

Papers:

• The Security of NTP's Datagram Protocol
  Aanchal Malhotra, Haydn Kennedy, Mayank Varia, Matthew Van Gundy, Jonathan Gardner and Sharon Goldberg
  FC'17, Malta. April 2017.
  Disclosed: June 2016. Posted: October 2016.
      ePrint (Cryptology) Report (2016/055)     Media: The Register,
  
  
• draft-aanchal4-ntp-mac: Message Authentication Codes for the Network Time Protocol
  Aanchal Malhotra and Sharon Goldberg. IETF Internet Draft. First submitted to IETF'96, Berlin. July 2016.
  IETF draft.    
  
  
• draft-stenn-ntp-not-you-refid: Network Time Protocol Not You REFID
  Sharon Goldberg and Harlan Stenn. IETF Internet Draft. First submitted to IETF'96, Berlin. July 2016.
  IETF draft.    
  
  
• Attacking NTP's Authenticated Broadcast Mode
  Aanchal Malhotra and Sharon Goldberg
  SIGCOMM Computer Communications Review (CCR), April 2016.
  Disclosed: October 2015. Posted: January 2016.
      ePrint (Cryptology) Report (2016/055)     advice for users and implementors
  
  
• Attacking the Network Time Protocol
  Aanchal Malhotra, Isaac E. Cohen, Erik Brakke and Sharon Goldberg
  NDSS'16, San Diego, CA. Feb 2016.
  Disclosed: August 2015. Posted: October 2015.
      ePrint (Cryptology) Report (2015/1020)     advice for users and implementors
      Media: CS Monitor, ars technica, threatpost.
  

CVEs

• Denial of Service by Spoofed Kiss-o-Death (CVE-2015-7704)
• Denial of Service by Priming the Pump (CVE-2015-7705)
• Small-step-big-step Attack (CVE-2015-5300)
• Deja Vu Attack (CVE-2015-7973)
• Authenticated Preemptable Modes Denial-of-Service Vulnerability (CVE-2015-7979)
• Regression: 010-origin: Zero Origin Timestamp Bypass. (CVE-2016-7431)
• Reboot sync calculation problem. (CVE-2016-7433)

Acknowledgements:
We thank the Network Time Foundation, NTPsec, Cisco, and RedHat's security team for quickly issuing patches for various issues described in this work. We thank Jared Mauch and the openNTPproject for measurement data and assistance with coordinating responsible disclosure of our attacks. Our work was supported, in part, by NSF awards 1347525, 1350733 and 1012910 and a gift from Cisco. Any opinions, findings and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the sponsors.