UCONN | UNIVERSITY OF CONNECTICUT

Secure Computation Laboratory

Professor Marten van Dijk
Advertisment
Purpose

These seminars are open for attendance to anyone interested in security research

Mailing List
Anyone can subscribe to the list by going to: https://listserv.uconn.edu/scripts/wa.exe?INDEX.
Register, login, find "SECURITYSEMINAR-L", and subscribe. Instructions are available here.
Contact
For any questions, please contact: Haibin Zhang

Network Time Protocol

Speaker: Aanchal Malhotra

For decades, the Network Time Protocol (NTP) has been used to synchronize computer clocks over untrusted network paths. We explore the risk that network attackers can exploit unauthenticated NTP traffic to alter the time on client systems. First, we present an extremely low-rate (single packet) denial-of-service attack that an off-path attacker, located anywhere on the network, can use to disable NTP clock synchronization on a client. Next, we show how an off-path attacker can exploit IPv4 packet fragmentation to shift time on a client. In the following work, we identify two attacks on the NTP's cryptographically-authenticated broadcast mode. First, we present a replay attack that allows an on-path attacker to inde finitely stick a broadcast client to a specifi c time. Second, we present a DoS attack that allows an off-path attacker to prevent a broadcast client from ever updating its system clock.

In our most recent work we take a new look at the security of NTP’s datagram protocol. We argue that NTP’s datagram protocol in RFC5905 is both underspecified and flawed, which has lead to vulnerabilities in NTP’s ‘reference implementation’. We then present one of the strongest off-path attacks on NTP client the 'Zero 0rigin timestamp attack'. Finally, we move beyond identifying attacks by developing a cryptographic model and using it to prove the security of two improved client/server protocols for NTP.