Pitfalls of Provably Secure Systems in Internet The Case of Chronos-NTP

Philipp Jeitner; Haya Shulman; Michael Waidner

arXiv:2010.08460·cs.CR·October 19, 2020

Pitfalls of Provably Secure Systems in Internet The Case of Chronos-NTP

Philipp Jeitner, Haya Shulman, Michael Waidner

PDF

TL;DR

This paper reveals that DNS vulnerabilities undermine the security of Chronos-enhanced NTP, making time-shifting attacks easier than with standard NTP, despite efforts to secure it.

Contribution

It demonstrates off-path attacks against Chronos NTP, exposing DNS-based server pool generation as a critical security weakness.

Findings

01

DNS insecurity compromises Chronos NTP security

02

Time-shifting attacks are easier against Chronos NTP

03

DNS vulnerabilities affect other secure protocols

Abstract

The critical role that Network Time Protocol (NTP) plays in the Internet led to multiple efforts to secure it against time-shifting attacks. A recent proposal for enhancing the security of NTP with Chronos against on-path attackers seems the most promising one and is on a standardisation track of the IETF. In this work we demonstrate off-path attacks against Chronos enhanced NTP clients. The weak link is a central security feature of Chronos: The server pool generation mechanism using DNS. We show that the insecurity of DNS allows to subvert the security of Chronos making the time-shifting attacks against Chronos-NTP even easier than attacks against plain NTP.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.