[time-nuts] Time security musing - attacking the clock itself
jwalck at netnod.se
Tue Dec 4 07:50:48 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
On 12/04/2012 04:44 AM, Hal Murray wrote:
> PTP is basically making the network transit times more accurate
> than "symmetrical" by measuring them. Each box that processes a
> packet updates the packet with the processing/queuing delays.
> I think the PTP geeks are working on crypto. I'm not tracking the
We're shifting slightly off topic here, apologies in advance. As far
as I know PTP cannot calculate link asymmetry, even though it does
indeed take delays in switches/routers into account if they are
IEEE1588-aware by updating timestamps en route.
IEEE1588-2008 can compensate for link asymmetry too, but have no way
of calculating it. That is to say, something else has to give input
telling PTP the characteristics of the link asymmetry. This is
measurable in a static local network but is a hopeless task over Internet.
I've seen some trials of using IPSec to protect PTP-traffic from
tampering/manipulation, and I think there has been extensions tested
similar to those used in NTP but I haven't seen those in IEEE1588.
Using the approaches of NTP applied directly to PTP is hopeless with a
IEEE1588-aware network though, all checksums will fail given that the
path actively prods around in the packet like a true MITM (one can
only hope these men in the middle are friendly:).
I found a possibly good read on IETF tictoc re: security requirements
for PTP and NTP for those who want to learn how deep the rabbit hole
goes. As Harlan Stenn pointed out in another part of the thread, we
have to know what we're protecting ourselves against before we start
to throw in counter-measures.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the time-nuts