The Impact of DNS Insecurity on Time

Philipp Jeitner; Haya Shulman; Michael Waidner

arXiv:2010.09338·cs.CR·October 20, 2020

The Impact of DNS Insecurity on Time

Philipp Jeitner, Haya Shulman, Michael Waidner

PDF

TL;DR

This paper reveals practical off-path attacks on NTP leveraging DNS insecurity, demonstrating significant threats to time synchronization systems through large-scale measurements.

Contribution

It introduces the first real-world off-path time shifting attacks on NTP exploiting DNS vulnerabilities, highlighting new security risks.

Findings

01

Successful off-path attacks on NTP via DNS manipulation

02

Large-scale measurement of NTP client vulnerabilities

03

Demonstration of threats to secure time synchronization systems

Abstract

We demonstrate the first practical off-path time shifting attacks against NTP as well as against Man-in-the-Middle (MitM) secure Chronos-enhanced NTP. Our attacks exploit the insecurity of DNS allowing us to redirect the NTP clients to attacker controlled servers. We perform large scale measurements of the attack surface in NTP clients and demonstrate the threats to NTP due to vulnerable DNS.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.