An effort to secure the Network Time Protocol
10 hours ago
- #Network Time Protocol
- #Time Synchronization
- #Cybersecurity
- The Network Time Protocol (NTP), introduced in 1985, is widely used but remains insecure despite efforts to secure it.
- Ruben Nijveld from Trifecta Tech Foundation is working on adopting RFC-8915 for Network Time Security (NTS) to secure NTP traffic.
- NTP is essential for various activities, including Kerberos tickets, TOTP tokens, database synchronization, and distributed computing.
- NTP can be easily spoofed, leading to potential man-in-the-middle attacks.
- NTS extends NTP with TLS key exchange, using cookies for authentication without encrypting the payload.
- Despite being standardized in 2020, NTS adoption has been slow, with few implementations supporting it.
- Trifecta Tech Foundation is experimenting with approaches to scale NTS for large deployments like pool.ntp.org.
- Two proposed solutions include a load-balancing proxy with a single certificate and client modifications for DNS SRV lookups.
- Trifecta is seeking volunteers to join their experimental NTS-only pool to test and improve NTS adoption.