SecureTime: Secure Multicast Time Synchronization

TL;DR

SecureTime introduces a novel security framework for multicast time synchronization protocols like NTP and PTP, utilizing high-performance digital signatures to ensure data authenticity without compromising precision.

Contribution

It proposes a new security approach employing Ed25519 and MQQ-SIG signatures, along with measures against replay and delay attacks, applicable to both 1-step and 2-step modes of NTP and PTP.

Findings

Efficient implementation of digital signatures in time protocols

Security measures prevent replay and delay attacks

No impact on synchronization precision

Abstract

Due to the increasing dependency of critical infrastructure on synchronized clocks, network time synchronization protocols have become an attractive target for attackers. We identify data origin authentication as the key security objective and suggest to employ recently proposed high-performance digital signature schemes (Ed25519 and MQQ-SIG)) as foundation of a novel set of security measures to secure multicast time synchronization. We conduct experiments to verify the computational and communication efficiency for using these signatures in the standard time synchronization protocols NTP and PTP. We propose additional security measures to prevent replay attacks and to mitigate delay attacks. Our proposed solutions cover 1-step mode for NTP and PTP and we extend our security measures specifically to 2-step mode (PTP) and show that they have no impact on time synchronization's precision.