Pitfalls of Provably Secure Systems in Internet the Case of Chronos-NTP

The critical role that Network Time Protocol (NTP) plays in the Internet led to multiple efforts to secure it against time-shifting attacks. A recent proposal for enhancing the security of NTP with Chronos against on-path attackers seems the most promising one and is on a standardisation track of th...

Full description

Saved in:
Bibliographic Details
Published in2020 50th Annual IEEE-IFIP International Conference on Dependable Systems and Networks-Supplemental Volume (DSN-S) pp. 49 - 50
Main Authors Jeitner, Philipp, Shulman, Haya, Waidner, Michael
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.06.2020
Subjects
Attack
Chronos
Computer crime
DNS
Internet
IP networks
NTP
Off-path
Protocols
Servers
Online AccessGet full text

Cover

More Information
Summary:The critical role that Network Time Protocol (NTP) plays in the Internet led to multiple efforts to secure it against time-shifting attacks. A recent proposal for enhancing the security of NTP with Chronos against on-path attackers seems the most promising one and is on a standardisation track of the IETF. In this work we demonstrate off-path attacks against Chronos enhanced NTP clients. The weak link is a central security feature of Chronos: The server pool generation mechanism using DNS. We show that the insecurity of DNS allows to subvert the security of Chronos making the time-shifting attacks against Chronos-NTP even easier than attacks against plain NTP.
DOI:10.1109/DSN-S50200.2020.00027