preventing network time
play

Preventing (Network) Time Travel with Chronos Omer Deutsch, Neta - PowerPoint PPT Presentation

Aug 10, 2023 •398 likes •940 views

Preventing (Network) Time Travel with Chronos Omer Deutsch, Neta Rozen Schiff , Danny Dolev, Michael Schapira Network Time Protocol (N (NTP) NTP synchronizes time across computer systems over the Internet. Many applications rely on NTP

  1. Preventing (Network) Time Travel with Chronos Omer Deutsch, Neta Rozen Schiff , Danny Dolev, Michael Schapira

  2. Network Time Protocol (N (NTP) • NTP synchronizes time across computer systems over the Internet. • Many applications rely on NTP for correctness and safety:  TLS certificates  DNS (and DNSSEC)  HTTPS  Kerberos  Financial applications

  3. NTP Architecture • NTP ’ s client-server architecture consists of two main steps: 1. Poll process : The NTP client gathers time samples from NTP servers NTP server NTP server NTP server ? ? ? Poll process: NTP queries client

  4. NTP Architecture • NTP ’ s client-server architecture consists of two main steps: 1. Poll process : The NTP client gathers time samples from NTP servers NTP server NTP server NTP server Poll process: NTP responses: …… . client

  5. NTP Architecture • NTP ’ s client-server architecture consists of two main steps: 1. Poll process : The NTP client gathers time samples from NTP servers 2. Selection process : The “ best ” time samples are selected and are used to update the local clock NTP server NTP server NTP server Poll process: NTP responses: Selection process: …… . client

  6. NTP Architecture • NTP ’ s client-server architecture consists of two main steps: 1. Poll process : The NTP client gathers time samples from NTP servers 2. Selection process : The “ best ” time samples are selected and are used to update the local clock NTP server NTP server NTP server Poll process: NTP responses: Selection process: …… . client

  7. NTP Man-in-the-Middle (MitM) Attack • NTP is highly vulnerable to time shifting attacks, especially by a MitM attacker • Can tamper with NTP responses NTP server NTP server NTP server client

  8. NTP Man-in-the-Middle (MitM) Attack • NTP is highly vulnerable to time shifting attacks, especially by a MitM attacker • Can tamper with NTP responses NTP server NTP server NTP server MitM …… . client

  9. NTP Man-in-the-Middle (MitM) Attack • NTP is highly vulnerable to time shifting attacks, especially by a MitM attacker • Can tamper with NTP responses NTP server NTP server NTP server MitM …… . client

  10. NTP Man-in-the-Middle (MitM) Attack • NTP is highly vulnerable to time shifting attacks, especially by a MitM attacker • Can tamper with NTP responses • Can impact local time at client simply by dropping and delaying packets to/from servers (encryption and authentication are insufficient) NTP server NTP server NTP server • Previous studies consider MitM as “ too strong for NTP ” MitM …… . client

  11. Why is NTP so Vulnerable to MitM? • NTP ’ s poll process relies on a small set of NTP servers (e.g., from pool.ntp.org), and this set is often DNS-cached (implementation property).

  12. Why is NTP so Vulnerable to MitM? • NTP ’ s poll process relies on a small set of NTP servers (e.g., from pool.ntp.org), and this set is often DNS-cached (implementation property). Attacker only needs MitM capabilities with respect to few NTP servers

  13. Why is NTP so Vulnerable to MitM? • NTP ’ s poll process relies on a small set of NTP servers (e.g., from pool.ntp.org), and this set is often DNS-cached (implementation property). Attacker only needs MitM capabilities with respect to few NTP servers • NTP ’ s selection process assumes that inaccurate sources are rare and fairly well-distributed around the UTC (the correct time)

  14. Why is NTP so Vulnerable to MitM? • NTP ’ s poll process relies on a small set of NTP servers (e.g., from pool.ntp.org), and this set is often DNS-cached (implementation property). Attacker only needs MitM capabilities with respect to few NTP servers • NTP ’ s selection process assumes that inaccurate sources are rare and fairly well-distributed around the UTC (the correct time) Powerful and sophisticated MitM attackers are beyond the scope of traditional threat models

  15. Chronos to the Rescue The Chronos NTP client is designed to achieve the following: • Provable security in the face of fairly powerful MitM attacks  negligible probability for successful timeshifting attacks • Backwards-compatibility  no changes to NTP servers  limited software changes to client • Low computational and communication overhead  query few NTP servers

  16. Threat Model The attacker: • Controls a large fraction of the NTP servers in the pool (say, ¼) • Capable of both deciding the content of NTP responses and timing when responses arrive at the client • Malicious

  17. Chronos Architecture Chronos ’ design combines several ingredients: • Rely on many NTP servers  Generate a large server pool (hundreds) per client  E.g., by repeatedly resolving NTP pool hostnames and storing returned IPs  Sets a very high threshold for a MitM attacker

  18. Chronos Architecture Chronos ’ design combines several ingredients: • Rely on many NTP servers  Generate a large server pool (hundreds) per client  E.g., by repeatedly resolving NTP pool hostnames and storing returned IPs  Sets a very high threshold for a MitM attacker • Query few servers  Randomly query a small fraction of the servers in the pool (e.g., 10-20)  Avoids overloading NTP servers

  19. Chronos Architecture Chronos ’ design combines several ingredients: • Rely on many NTP servers  Generate a large server pool (hundreds) per client  E.g., by repeatedly resolving NTP pool hostnames and storing returned IPs  Sets a very high threshold for a MitM attacker • Query few servers  Randomly query a small fraction of the servers in the pool (e.g., 10-20)  Avoids overloading NTP servers • Smart filtering  Remove outliers via a technique used in approximate agreement algorithms  Limit the MitM attacker ’ s ability to contaminate the chosen time samples

  20. Chronos ’ Time-Update Algorithm: In Informal 100s of servers • Query m (10s of) servers …………… . …………… . …………… . at random

  21. Chronos ’ Time-Update Algorithm: In Informal 100s of servers • Query m (10s of) servers …………… . …………… . …………… . at random • Order time samples from low to high …………… .

  22. Chronos ’ Time-Update Algorithm: In Informal 100s of servers • Query m (10s of) servers …………… . …………… . …………… . at random • Order time samples from low to high …………… . • Remove the d lowest and highest time samples d d m-2d

  23. Chronos ’ Time-Update Algorithm: In Informal Check: If (the remaining samples are close) ? ? ? m-2d

  24. Chronos ’ Time-Update Algorithm: In Informal ? Remaining samples ’ average Client ’ s clock Check: If (the remaining samples are close) and (average time close to local time) m-2d

  25. Chronos ’ Time-Update Algorithm: In Informal Remaining samples ’ average Client ’ s clock Check: If (the remaining samples are close) and (average time close to local time) • Then: • Use average as the new client m-2d time

  26. Chronos ’ Time-Update Algorithm: In Informal Remaining samples ’ average Client ’ s clock Check: If (the remaining samples are close) and (average time close to local time) • Then: • Use average as the new client m-2d time • Else • Resample

  27. Chronos ’ Time-Update Algorithm: In Informal Check: If (the remaining samples are close) 100s of servers and (average time close to local time) …………… . …………… . …………… . • Then: • Use average as the new client time • Else • Resample

  28. Chronos ’ Time-Update Algorithm: In Informal Check: If (the remaining samples are close) 100s of servers and (average time close to local time) …………… . …………… . …………… . • Then: • Use average as the new client time • Else • Resample d d m-2d

  29. Chronos ’ Time-Update Algorithm: In Informal Check: If (the remaining samples are close) 100s of servers and (average time close to local time) …………… . …………… . …………… . • Then: • Use average as the new client time • Else • Resample m-2d

  30. Chronos ’ Time-Update Algorithm: In Informal 100s of servers if check & resample failed k times: \\ panic mode • Sample all servers …………… . …………… . …………… .

  31. Chronos ’ Time-Update Algorithm: In Informal 100s of servers if check & resample failed k times: \\ panic mode • Sample all servers …………… . …………… . …………… . • Drop outliers d' n-2d ’ d ’

  32. Chronos ’ Time-Update Algorithm: In Informal 100s of servers if check & resample failed k times: \\ panic mode • Sample all servers …………… . …………… . …………… . • Drop outliers n-2d ’

  33. Chronos ’ Time-Update Algorithm: In Informal 100s of servers if check & resample failed k times: \\ panic mode • Sample all servers …………… . …………… . …………… . • Drop outliers • Use average as new client time n-2d ’

  34. Chronos ’ Time-Update Algorithm: In Informal if check & resample failed k times: \\ panic mode • Sample all servers • Drop outliers Remaining • Use average as new Client ’ s samples ’ client time clock average n-2d ’

Recommend

Preventing and detecting network attacks Harald Vranken 1 About me Open University &

Preventing and detecting network attacks Harald Vranken 1 About me Open University &

Advanced Network Security (2019-2020) Preventing and detecting network attacks Harald Vranken 1 About me Open University & Radboud University Office: Mercator I, room 2.16 (Friday) Email: harald.vranken@ou.nl Skype: harald.vranken

1.11k views • 62 slides
Fieldbus : : Fieldbus Industrial Network Industrial Network Real Time Network Real Time

Fieldbus : : Fieldbus Industrial Network Industrial Network Real Time Network Real Time

Fieldbus : : Fieldbus Industrial Network Industrial Network Real Time Network Real Time Network Jean-Pierre Thomesse Institut National Polytechnique de Lorraine Nancy, France ETR 2005 - Fieldbus - Industrial Network - Real Time Network

1.4k views • 71 slides
Preventing Session Hijacking using Encrypted One-Time-Cookies Renascence Tarafder Prapty, Shuhana

Preventing Session Hijacking using Encrypted One-Time-Cookies Renascence Tarafder Prapty, Shuhana

Preventing Session Hijacking using Encrypted One-Time-Cookies Renascence Tarafder Prapty, Shuhana Azmin, Md. Shohrab Hossain Dept of CSE, Bangladesh University of Engineering and Technology & Husnu S. Narman Presentation @ WTS 2020

405 views • 23 slides
Securely Implementing Network Protocols: Detecting and Preventing Logical Flaws Mathy Vanhoef

Securely Implementing Network Protocols: Detecting and Preventing Logical Flaws Mathy Vanhoef

Securely Implementing Network Protocols: Detecting and Preventing Logical Flaws Mathy Vanhoef (KU Leuven) Black Hat Webcast, 24 August 2017 @vanhoefm Introduction Many protocols have been affected by logical bugs Design flaws Implementation

692 views • 31 slides
Hyponatremia & Preventing Thromboembolic Complications Peter P. Liu, MD Professor of

Hyponatremia & Preventing Thromboembolic Complications Peter P. Liu, MD Professor of

Advanced Heart Failure: Hyponatremia & Preventing Thromboembolic Complications Peter P. Liu, MD Professor of Medicine and Physiology Peter Munk Cardiac Centre University Health Network Toronto, Ontario ACC Rockies Conference, 2012 Case

412 views • 38 slides
Preventing Preventing Sepsis: Sepsis: A C A Community B ommunity Based ased Approach

Preventing Preventing Sepsis: Sepsis: A C A Community B ommunity Based ased Approach

Preventing Preventing Sepsis: Sepsis: A C A Community B ommunity Based ased Approach Approach NY NYS S Se Senior nior Acti Action on Co Coun uncil cil Dec Decem embe ber 13 r 13, , 20 2016 16 Ev Eve e Bank Bankert ert

283 views • 24 slides
Evidence of the Role of CCTV in Preventing Alcohol-Related Assaults In the Cairns Night Time

Evidence of the Role of CCTV in Preventing Alcohol-Related Assaults In the Cairns Night Time

Evidence of the Role of CCTV in Preventing Alcohol-Related Assaults In the Cairns Night Time Economy Shane Boris Pointing The Cairns Institute PO Box 6811, Cairns, Qld, 4870 Boris.Pointing@jcu.edu.au Thanks to Cairns Regional Council

406 views • 22 slides
CYBER BREACH Preventing Bodily Injury and Property Damage info@tacnetsol.com Tactical Network

CYBER BREACH Preventing Bodily Injury and Property Damage info@tacnetsol.com Tactical Network

CYBER BREACH Preventing Bodily Injury and Property Damage info@tacnetsol.com Tactical Network Solutions LLC Proprietary Information 1 THE WORLD WE KNOW TODAY info@tacnetsol.com Tactical Network Solutions LLC Proprietary Information 2

508 views • 46 slides
RESEARCH PROJECT PREVENTING MOST COMMON ATTACKS ON CRITICAL INFRASTRUCTURES Wouter Miltenburg

RESEARCH PROJECT PREVENTING MOST COMMON ATTACKS ON CRITICAL INFRASTRUCTURES Wouter Miltenburg

RP#80 RESEARCH PROJECT PREVENTING MOST COMMON ATTACKS ON CRITICAL INFRASTRUCTURES Wouter Miltenburg & Koen Veelenturf University of Amsterdam Students Master System and Network Engineering Supervisors: Jaya Baloo & Oscar Koeroo

314 views • 14 slides
Preventing and Managing Overpayments: A Webinar for Social Security Beneficiaries Date:

Preventing and Managing Overpayments: A Webinar for Social Security Beneficiaries Date:

Preventing and Managing Overpayments: A Webinar for Social Security Beneficiaries Date: Wednesday, December 19, 2018 Time: 3 4:30 PM ET Produced at U.S. taxpayer expense. Accessing Todays Webinar (Slide 1 of 3) You can manage your

896 views • 51 slides
(YiCwL) & Preventing/Countering Violent Extremism (P/CVE) A PRACTICAL EXPERIENCE SAMI

(YiCwL) & Preventing/Countering Violent Extremism (P/CVE) A PRACTICAL EXPERIENCE SAMI

Youth in Conflict with the Law (YiCwL) & Preventing/Countering Violent Extremism (P/CVE) A PRACTICAL EXPERIENCE SAMI GATHII Youth Arts, Development & Entrepreneurship Network (YADEN East Africa) at a glance. A Youth

337 views • 5 slides
When In Network Processing Meets Time: When In-Network Processing Meets Time: Complexity and

When In Network Processing Meets Time: When In-Network Processing Meets Time: Complexity and

When In Network Processing Meets Time: When In-Network Processing Meets Time: Complexity and Effects of Joint Optimization in Wireless Sensor Networks Department of Computer Science Wayne State University Department of Computer Science, Wayne

617 views • 23 slides
1 Creating a network app application transport network data link write programs that

1 Creating a network app application transport network data link write programs that

Last time Mobile network Internet overview Global ISP whats a protocol? network edge, core, access network Home network Regional ISP Regional ISP packet-switching versus k t it hi circuit-switching Internet/ISP

524 views • 20 slides
Case Study Preventing repeat fires in hospitals Tony Hanley MD FirePro UK Ltd What is FirePro ?

Case Study Preventing repeat fires in hospitals Tony Hanley MD FirePro UK Ltd What is FirePro ?

Case Study Preventing repeat fires in hospitals Tony Hanley MD FirePro UK Ltd What is FirePro ? FirePro is a modular fire suppression system Suitable for a variety of risks large and small Distribution Network AMERICAS GULF & AFRICA

558 views • 43 slides
HEPATITIS B: PREVENTING PERINATAL HEPATITIS B TRANSMISSION Su Wang, MD MPH Medical Director,

HEPATITIS B: PREVENTING PERINATAL HEPATITIS B TRANSMISSION Su Wang, MD MPH Medical Director,

GIVING BIRTH TO THE END OF HEPATITIS B: PREVENTING PERINATAL HEPATITIS B TRANSMISSION Su Wang, MD MPH Medical Director, Center for Asian Health at SBMC suwang@barnabashealth.org May 18, 2016 New Jersey Immunization Network Asian Health

511 views • 31 slides
Network Layer Goals: Overview: understand principles last time behind network layer

Network Layer Goals: Overview: understand principles last time behind network layer

Network Layer Goals: Overview: understand principles last time behind network layer network layer services services: virtual circuit and datagram forwarding networks routing (path selection) whats inside a router?

709 views • 24 slides
Preventing Slips, Trips and Falls Rob Shaw www.robshawassociates.com Who We Are Rob: Over

Preventing Slips, Trips and Falls Rob Shaw www.robshawassociates.com Who We Are Rob: Over

Preventing Slips, Trips and Falls Rob Shaw www.robshawassociates.com Who We Are Rob: Over 14 years with HSE investigating and preventing falls Technical Lead for the HSE Falls Prevention Team Has delivered training and consultancy

471 views • 36 slides
REFUGE CONTAINER FIRE PREVENTION PREVENTING PROTECTING RESPONDING [etc] PREVENTING PROTECTING

REFUGE CONTAINER FIRE PREVENTION PREVENTING PROTECTING RESPONDING [etc] PREVENTING PROTECTING

REFUGE CONTAINER FIRE PREVENTION PREVENTING PROTECTING RESPONDING [etc] PREVENTING PROTECTING RESPONDING FIRE KILLS BIN FIRE RISKS DELIBERATE ACCIDENTAL PREVENTING PROTECTING RESPONDING BIN FIRE RISKS PREVENTING PROTECTING RESPONDING BIN

141 views • 10 slides
Preventing Cerebral Palsy in Preterm Labour (PReCePT) Webinar Tuesday 6 March 2018 @WEAHSN

Preventing Cerebral Palsy in Preterm Labour (PReCePT) Webinar Tuesday 6 March 2018 @WEAHSN

Preventing Cerebral Palsy in Preterm Labour (PReCePT) Webinar Tuesday 6 March 2018 @WEAHSN Welcome and Introductions Deborah Evans, Managing Director, West of England Academic Health Science Network (WEAHSN) Dr. Karen Luyt,

709 views • 58 slides
Diabetes Update Exploring lifestyle and risk in preventing Type 2 Diabetes Mellitus N I C O L E

Diabetes Update Exploring lifestyle and risk in preventing Type 2 Diabetes Mellitus N I C O L E

Diabetes Update Exploring lifestyle and risk in preventing Type 2 Diabetes Mellitus N I C O L E T E M O F O N T E D . O . M A R C H 2 0 1 7 Objectives Identify the prevalence of diabetes and obesity in the United 1. States over time.

922 views • 42 slides
Preventing Needless Preventing Needless Work Disability Work Disability By Helping People By

Preventing Needless Preventing Needless Work Disability Work Disability By Helping People By

Preventing Needless Preventing Needless Work Disability Work Disability By Helping People By Helping People Stay Employed Stay Employed Jennifer Christian, MD, MPH Webility Corporation Plan for This Session Introduce ACOEMs newest

877 views • 29 slides
Preventing Bullying in Rhode Island Schools #PreventBullyRI #EdChatRI December 6, 2016 Special

Preventing Bullying in Rhode Island Schools #PreventBullyRI #EdChatRI December 6, 2016 Special

Preventing Bullying in Rhode Island Schools #PreventBullyRI #EdChatRI December 6, 2016 Special thanks to for its support of this Issue Brief 2 Defining Bullying Behavior that is aggressive, is carried out repeatedly and over time, and

708 views • 33 slides
Connecting to a Real Time GNSS Connecting to a Real Time GNSS Network with TopSURV Network with

Connecting to a Real Time GNSS Connecting to a Real Time GNSS Network with TopSURV Network with

Connecting to a Real Time GNSS Connecting to a Real Time GNSS Network with TopSURV Network with TopSURV July 2009 Connecting to a Real Time GNSS Network with TopSURV Training Agenda Training Agenda Two methods for Internet connection

986 views • 31 slides
Pr Preventing g a Technol hnology ogy Heada dache he Presented by Trina Willard, Founder and

Pr Preventing g a Technol hnology ogy Heada dache he Presented by Trina Willard, Founder and

Pr Preventing g a Technol hnology ogy Heada dache he Presented by Trina Willard, Founder and Principal of The Knowledge Advisory Group Preventing a Technology Headache Welc elcome t e to the e Clien lientTrack web webin inar: We

325 views • 30 slides

More recommend