network time security nts
play

Network Time Security (NTS) The Road to Deployment Karen ODonoghue - PowerPoint PPT Presentation

Aug 28, 2022 •341 likes •543 views

LACNIC 6 May 2020 Network Time Security (NTS) The Road to Deployment Karen ODonoghue Director, Internet Trust Technology odonoghue@isoc.org Presentation title Client name Humans have always measured time 2 Accurate time is

  1. LACNIC – 6 May 2020 Network Time Security (NTS) The Road to Deployment Karen O’Donoghue Director, Internet Trust Technology odonoghue@isoc.org Presentation title – Client name

  2. Humans have always measured time… 2

  3. Accurate time is vitally important. 3

  4. Where does accurate time come from? UTC  Time Reference Time Reference • A time source traceable to a (Clock) reference (e.g. UTC(USNO))  Time Dissemination • Distribution of time and Time Dissemination frequency information (e.g. GNSS)  Time Distribution and Synchronization Time • Distribution of time to users and Distribution applications (e.g. NTP and PTP) User

  5. Network Time Synchronization Two basic network time synchronization protocols: Network Time Protocol (NTP): Defined by the IETF • (RFC 5905) Precision Time Protocol (PTP) : Defined by IEEE • 1588 NTP and PTP both: Exchange time information over a network for • the purposes of clock synchronization Use this exchanged time information to • determine the offset between two independent clocks Form a hierarchical tree structure as the basis for • the distribution of time information Are somewhat resilient in the presence of packet • loss 5

  6. Security has not been a high priority of the time synchronization community in the past … • What has changed... Increasing interconnection and decentralization • Increasing evidence of the impact of inadequate security • Interdependency between security and time • Legal and Compliance requirements • 6

  7. Attacks are occurring… 7

  8. Vulnerabilities are being discovered… 8

  9. Multiple sources of problems… Flaws in Weaknesses in the configuration and actual protocol implementation itself Lack of adequate security mechanisms 9

  10. And yet… We had not had an updated specification for time synchronization security in 8+ years. Until 2020! 10

  11. IETF approach to the problem… Flaws in configuration and NTP Best Current Practice (RFC 8633) implementation of the protocol. Weaknesses in the Updated MAC for NTP (RFC 8573), protocol itself. NTP client data minimization, etc. Lack of adequate Network Time Security (NTS) security mechanisms 11

  12. Network Time Security (NTS) NTS Approved by IESG in March 2020!

  13. Network Time Security (NTS) NTS provides: NTS includes: • Integrity for NTP packets • NTS Key Establishment protocol (NTS-KE) • Unlinkability (once an NTS session has been • TLS to establish key material and established and if the client uses data negotiate some additional protocol minimization techniques) options • Request-Response consistency (for avoiding replay attacks) • NTS extensions for NTPv4 • Authentication of servers • A collection of NTP extension fields for • Authorization of clients (optionally) cryptographically securing NTPv4 using key material previously negotiated using • Support for NTP client-server mode only NTS-KE. • Suitable for client/server mode 13

  14. It’s time to focus on the road to deployment… 14

  15. Steps on the road to NTS deployment Technology / Standards Development Preliminary / Prototype Implementations Interoperability Testing Production quality open source implementations Commercial products Tools for testing and troubleshooting Preliminary deployments Lessons Learned and Best Practices Large scale deployments 15

  16. Internet Society Time Security Project Building a • Network operators community (of key • Time service providers collaborators) • Enterprise IT groups • Distributed multi-party testbed Maturing the NTS • Virtual test events products • Test and measurement tools Developing NTS • Lessons Learned and BCPs deployment • Monitoring Tools guidance Outreach to expand • Training NTS deployment • Resources 16

  17. It is Time to Act! The Internet Society is looking for potential collaborators: Network operators, developers, potential testbed • participants, time service providers Join us: Send email to odonoghue@isoc.org • Follow us: https://www.internetsociety.org/issues/time- • security/ Any questions? 17

  18. A few resources https://datatracker.ietf.org/group/ntp/about/ https://www.internetsociety.org/blog/2017/09/ti me-synchronization-security-trust/ https://www.internetsociety.org/resources/doc/2 017/new-security-mechanisms-network-time- synchronization-protocols/ https://www.netnod.se/time-and- frequency/network-time-security https://www.netnod.se/time-and- frequency/how-to-use-nts 18

  19. Thank you. Rue Vallin 2 11710 Plaza America Drive CH-1201 Geneva Suite 400 Switzerland Reston, VA 20190, USA Rambla Republica de Mexico 6125 66 Centrepoint Drive 11000 Montevideo, Nepean, Ontario, K2G 6J5 Uruguay Canada Karen O’Donoghue Science Park 400 3 Temasek Avenue, Level 21 1098 XH Amsterdam Centennial Tower Director, Internet Trust Technology Netherlands Singapore 039190 odonoghue@isoc.org internetsociety.org @internetsociety 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Securing Networks Applications Layer Monitoring/Logging/Intrusion Detection Where to put the

Securing Networks Applications Layer Monitoring/Logging/Intrusion Detection Where to put the

Real-Time Communication Security: SSL/TLS Guevara Noubir noubir@ccs.neu.edu Network Security Reading Assignment: chapters 16, 19 Network Security SSL TLS 1 Some Issues with Real-time Communication Session key establishment

312 views • 8 slides
Time Synchronization Security Chaudhry Tanmay Agenda Time Synchronization Protocols?

Time Synchronization Security Chaudhry Tanmay Agenda Time Synchronization Protocols?

Lehrstuhl Netzarchitekturen und Netzdienste Institut fr Informatik Technische Universitt Mnchen Time Synchronization Security Chaudhry Tanmay Agenda Time Synchronization Protocols? Security Concerns Network Time Protocol

413 views • 13 slides
Economics of network security Harald Vranken 1 Economics of network security Note that

Economics of network security Harald Vranken 1 Economics of network security Note that

Advanced Network Security (2019-2020) Economics of network security Harald Vranken 1 Economics of network security Note that network in this lecture means Physical communication network (eg. Internet, telephony, fax, telegraph)

769 views • 49 slides
Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able to Skills identify design and Ability to analyze the implementation security of networked vulnerabilities in network systems protocols

564 views • 33 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J CSCI 6268/TLEN 5831, Fall 2004 Introduction UC Davis PhD in 2000 Cryptography Interested in broader security as well

492 views • 12 slides
Network Security Where we are in the Course Security crosses all layers Applicatjon

Network Security Where we are in the Course Security crosses all layers Applicatjon

Network Security Where we are in the Course Security crosses all layers Applicatjon Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

1.12k views • 92 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

932 views • 55 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

374 views • 13 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 3 Network Protocol Attacks Roadmap Network security The basic objectives: CIA

1.68k views • 39 slides
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 3 Network Protocol Attacks Roadmap Network security The

502 views • 39 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #2 Aug 25 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Economist Survey Please read it Main points Security is a MUCH

600 views • 27 slides
TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of

TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of

TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of TCP/IP IP, Ethernet, ARP Sniffing the network and forging packets tcpdump, wireshark Today: ICMP and UDP Eike Ritter Network Security -

881 views • 38 slides
13 - Computer Security Network Security 1 Context

13 - Computer Security Network Security 1 Context

13 - Computer Security Network Security 1 Context Computers connected in a network - but also: smartphones, fridges, IoT devices, Each device has an IP address Packets are routed via

771 views • 51 slides
Re Re-thinking Ne Network Security in the Presence of Unknown Ne Network Elements Soo-Jin Moon

Re Re-thinking Ne Network Security in the Presence of Unknown Ne Network Elements Soo-Jin Moon

Re Re-thinking Ne Network Security in the Presence of Unknown Ne Network Elements Soo-Jin Moon 4 th year Ph.D. Student Carnegie Mellon University Advisor: Vyas Sekar Research Area: Network Security A Vulnerable Network! Networks: explosion

583 views • 7 slides
matasano Hacking Capitalism Agenda What are we talking about? Elemental Pieces Key

matasano Hacking Capitalism Agenda What are we talking about? Elemental Pieces Key

Exploring Financial Services Protocols matasano Hacking Capitalism Agenda What are we talking about? Elemental Pieces Key Protocols General problems Tools for testing matasano What are we talking about? Finance

418 views • 13 slides
Protocol Specific Presentation 818 West Diamond Avenue - Third Floor, Gaithersburg, MD 20878

Protocol Specific Presentation 818 West Diamond Avenue - Third Floor, Gaithersburg, MD 20878

PacketScan Protocol Specific Presentation 818 West Diamond Avenue - Third Floor, Gaithersburg, MD 20878 Phone: (301) 670-4784 Fax: (301) 670-9187 Email: info@gl.com 1 1 Website: http://www.gl.com Index LTE SIP, MGCP, MEGACO,

1.04k views • 67 slides
Multiple Component Pricing Federal Order 5 Skim/Butterfat vs. Component Pricing Handlers

Multiple Component Pricing Federal Order 5 Skim/Butterfat vs. Component Pricing Handlers

Multiple Component Pricing Federal Order 5 Skim/Butterfat vs. Component Pricing Handlers Value Class I Value No Difference Based on Class I Skim/Butterfat Prices Class II Value In MCP, based on Nonfat Solids Price (including

403 views • 23 slides
Investor Presentation April 2015 The a2 Milk Company (a2MC) at a glance a2MC is in the

Investor Presentation April 2015 The a2 Milk Company (a2MC) at a glance a2MC is in the

Investor Presentation April 2015 The a2 Milk Company (a2MC) at a glance a2MC is in the business of producing, marketing a2MC sees itself as different from many other dairy and selling branded dairy and infant formula businesses:

457 views • 22 slides
Conversations about Diversity with Undergraduate Students Context for this Study Historically,

Conversations about Diversity with Undergraduate Students Context for this Study Historically,

Jennifer Green, Ed.D Teacher Education Department Weber State University / Ogden, Utah Using Protocols to Facilitate Sensitive Conversations about Diversity with Undergraduate Students Context for this Study Historically, Weber State

249 views • 22 slides
OVERVIEW AnniList is a powerful tracking application that uses RFID/NFC technology with an easy

OVERVIEW AnniList is a powerful tracking application that uses RFID/NFC technology with an easy

OVERVIEW AnniList is a powerful tracking application that uses RFID/NFC technology with an easy to operate platform, allowing you to track just about anything protocol and process related - No more paper checklists or notepads - Easy-to-use

787 views • 10 slides
Addressing the System-on-a- Addressing the System-on-a- Chip Interconnect Woes Through Chip

Addressing the System-on-a- Addressing the System-on-a- Chip Interconnect Woes Through Chip

Addressing the System-on-a- Addressing the System-on-a- Chip Interconnect Woes Through Chip Interconnect Woes Through Communication-Based Design Communication-Based Design J. J. Rabaey, Rabaey, M. Sgroi Sgroi, M. Sheets, A. Mihal, K.

834 views • 47 slides
Development of a Mul/disciplinary Team Protocol for ORCA

Development of a Mul/disciplinary Team Protocol for ORCA

Development of a Mul/disciplinary Team Protocol for ORCA Childrens Advocacy Centre Serena Bedwal, Project Assistant/Researcher Fred Ford, Board Chair/Ac/ng Project

902 views • 24 slides

More recommend