NTP Time Server Security Solutions
NTP Time Server Security Solutions
The Network Time Protocol (NTP) is an Internet protocol
designed to propagate accurate time around a computer
network. NTP utilises UDP over TCP/IP to synchronise
network time clients to an accurate time reference. This
article describes the security aspects of the NTP protocol
and specifically using MD5 keys to authenticate a time
server.
The Network Time Protocol may be used to synchronise many
time critical processes on distributed computers across a
network. The NTP protocol is therefore a potential security
risk. Hackers or malicious users could attempt to disrupt
system synchronisation by attempting to modify or replicate
NTP time stamps.
Luckily, NTP has an integral security feature to thwart
attempts to tamper with system time synchronisation. NTP
can use MD5 encrypted keys to authenticate time stamps
received from a time server. The time client can utilise
keys to ensure that a time stamp has indeed been received
from a secure source.
NTP implements authentication by utilising an agreed set of
keys between a server and client that are encrypted in time
stamps. A NTP time server passes a timestamp to a client
with one of a selection of keys encrypted and appended to
the message. On receipt of the timestamp the client
un-encrypts the key to ensure it matches one of the agreed
keys. In this manner the client can ensure that the
received timestamp originated from the expected time source.
The Network Time Protocol utilises MD5 (Message Digest
Encryption 5) encrypted keys. MD5 is a widely used secure
encryption algorithm that utilises a 128-bit cryptographic
hash function. The algorithm outputs a fingerprint of the
supplied key, which is appended to the timestamp.
Linux NTP installations store keys in a file 'ntp.keys'.
Each record in the file describes an authentication key in
the format: 'key-number' 'encryption-code' 'key'. The
'key-number' is a reference to the key. The 'encryption
code' describes the encryption algorithm in use, usually
'M' for MD5 encryption. The 'key' field is the agreed key
that is to be encrypted by the encryption algorithm. A
subset of 'trusted keys' may be specified in the NTP
configuration file 'ntp.conf'. This allows a reduced subset
of keys to be utilised by the server. Allowing compromised
keys to be easily excluded from use. Trusted keys are
specified using the 'trusted-keys' command followed by a
space-delimited list of key references.
Cisco routers and switches implement the Network Time
Protocol and also include MD5 authentication. To enable a
Cisco router to perform MD5 authentication you must follow
a number of steps. Firstly, enable NTP authentication with
the 'ntp authenticate' command. Secondly, define an NTP
authentication key using the 'ntp authentication-key'
command. A unique reference number identifies each NTP key.
The reference number is the first argument to the command.
Thirdly, use the 'ntp trusted-key' command to tell the
router which keys are valid. The command's only argument is
the reference number of the key defined in the previous step
The Windows 200003\XP operating systems adopt a SNTP
(Simple Network Time Protocol) application for time
synchronisation. The implementation used by Microsoft does
not include authentication keys.
To summarise, MD5 key authentication can be utilised to
overcome potential security risks when implementing the NTP
protocol. Network time clients can be sure that timestamps
have indeed emanated from the expected time reference and
have not been intercepted for malicious purposes.
About the Author:
David Evans is a technical author that specialises in
documenting the installation and configuration of time
servers and network timing equipment. David has provided
technical authoring services to a number of leading
computer network time synchronisation hardware
manufacturers. For more information on NTP and time server
solutions see:
www.timetools.co.uk/ntp-servers/ntp-s5500.htm
|