Time Synchronisation

Network Time Protocol (NTP) is an Internet protocol used for the transfer of accurate time, providing time information so that a precise time can be obtained and maintained on a network

Most UNIX and Linux operating systems provide built-in time synchronisation functionality with its NTP (Network Time Protocol) daemon. If the NTP service is not available on your version of UNIX\Linux, NTP version 4 is open source and can easily be downloaded and configured, compiled and installed from www.ntp.org.

Network Time Protocol is the standard service for time dissemination across TCP/IP networks. It provides accuracies of 1-50 milliseconds, depending on the characteristics of the synchronization source and network paths.

The configuration file fro the NTP daemon is named NTP.conf and contains a list of reference clocks that it can synchronise too. The command ‘server’ specifies the reference clock, any characters after the ‘#’ symbol are comments, example:
server time-a.nist.gov # Public NTP server: NIST
driftfile /var/lib/ntp/ntp.drift

The drift file command identifies the location where the drift is recorded (sometimes referred to as a ‘frequency error). This value can be offset by NTP to ensure of increased accuracy. When configured, NTP can be controlled using the commands ‘ntpd start’ ‘ntpd stop’ ‘ ntpq –p’ (displays status)

NTP can also authenticate timing resources Note: It is strongly recommends that you configure a time server with a hardware source rather than from the internet where there is no authentication. Authentication codes are specified in the ‘NTP.keys’ file.

Specialist NTP servers are available that can receive transmissions from either GPS or national time reference broadcasts. They are relatively cheap and the signal is authenticated providing a secure time reference.

Authentication allows passwords to be specified by the NTP server and its clients. NTP passwords or keys are stored in the NTP.keys file in the following format: number M (The M stands for MD5 encryption), password:

1 M mypassword

3 M my2ndpassword

5 M my3rdpassword

Authentication for NTP has been developed to prevent malicious tampering with system synchronisation just as firewalls have been developed to protect networks from attack but as with any system of security it only works if it is utilised.

NTP – Network Time Protocol

SNTP – Simple Network Time Protocol

GPS – Global Positioning System

UTC – Coordinated Universal Time

MSF – Radio Time Signal for United Kingdom

WWVB – Radio Time Signal for American

DCF – Radio Time Signal for Germany

LAN – Local Area Network

UDP – User Datagram Protocol

TCP – Transmission Control Protocol

IP – Internet Protocol

TDF – Radio Time Signal for France

CHU – Radio Time Signal for Canada

JJY – Radio Time Signal for Japan

HBG – Radio Time Signal for Switzerland

USB – Universal Serial Bus

RTC – Real Time Clock

AM – Amplitude Modulation

APM – Automatic Power Management

DES – Data Encryption Standard

ESD – Electrostatic Discharge

FM – Frequency Modulation

IETF – Internet Engineering Task Force

IRIG – Inter-Range Instrumentation Group

MD5 – Message Digest

PPM – Part Per Million

PPS – Pulse Per Second

RFC – Request For Comments

SA – Selective Availability

TAI – International Atomic Time

SI – International System of Units

NTP – Network Time Protocol

SNTP – Simple Network Time Protocol

GPS – Global Positioning System

UTC – Coordinated Universal Time

MSF – Radio Time Signal for United Kingdom

WWVB – Radio Time Signal for American

DCF – Radio Time Signal for Germany

LAN – Local Area Network

UDP – User Datagram Protocol

TCP – Transmission Control Protocol

IP – Internet Protocol

TDF – Radio Time Signal for France

CHU – Radio Time Signal for Canada

JJY – Radio Time Signal for Japan

HBG – Radio Time Signal for Switzerland

USB – Universal Serial Bus

RTC – Real Time Clock

AM – Amplitude Modulation

APM – Automatic Power Management

DES – Data Encryption Standard

ESD – Electrostatic Discharge

FM – Frequency Modulation

IETF – Internet Engineering Task Force

IRIG – Inter-Range Instrumentation Group

MD5 – Message Digest

PPM – Part Per Million

PPS – Pulse Per Second

RFC – Request For Comments

SA – Selective Availability

TAI – International Atomic Time

SI – International System of Units

NTP (Network Time Protocol) synchronises networks to a single time source using timestamps to represent the current time of the day, this is essential for time sensitive transactions and many system applications such as email.

NTP is therefore vulnerable to security threats, whether from a malicious hacker who wants to alter the timestamp to commit fraud or a DDoS attack (Distributed Denial of Service – normally caused by malicious malware that floods a server with traffic) that blocks server access.

However, being one of the Internet’s oldest protocols and having been developed for over 25 years, NTP is equipped with its own security measures in the form of authentication.

Authentication verifies that each timestamp has come from the intended time reference by analysing a set of agreed encryption keys that are sent along with the time information. NTP, using Message Digest encryption (MD5) to un-encrypt the key, analyses it and confirms whether it has come from the trusted time source by verifying it against a set of trusted keys.

Trusted authentication keys are listed in the NTP server configuration file (NTP.conf) and are normally stored in the NTP.keys file. The key file is normally very large but trusted keys tell the NTP server which set of subset of keys is currently active and which are not. Different subsets can be activated without editing the NTP.keys file using the trusted-keys config command.

Authentication is therefore highly important in protecting a NTP server from malicious attack; however there are many time references were authentication can’t be trusted.

Microsoft, who has installed a version of NTP in their operating systems since Windows 2000, strongly recommends that a hardware source is used as a timing reference as Internet sources can’t be authenticated.

NTP is vital in keeping networks synchronised but equally important is keeping systems secure. Whilst network administrators spend thousands in anti-viral/malware software many fail to spot the vulnerability in their time servers.

Many network administrators still entrust Internet sources for their time reference. Whilst many do provide a good source for UTC time (Coordinated Universal Time – the international standard of time), such as nist.gov, the lack of authentication means the network is open to abuse.

Other sources of UTC time are more secure and can be utilized with relatively low cost equipment. The easiest method is to use a specialist NTP GPS time server that can connect to a GPS antenna and receive an authenticated timestamp by satellite.

GPS time servers can provide accuracy to UTC time to within a few nanoseconds as long as the antenna has a good view of the sky. They are relatively cheap and the signal is authenticated providing a secure time reference.

Alternatively there are several national broadcasts that transmit a time reference. In the UK this is broadcast by the National Physics Laboratory (NPL) in Cumbria. Similar systems operate in Germany, France and the US. Whilst this signal is authenticated, these radio transmissions are vulnerable to interference and have a finite range.

Authentication for NTP has been developed to prevent malicious tampering with system synchronisation just as firewalls have been developed to protect networks from attack but as with any system of security it only works if it is utilised.

Network Time Protocol (NTP) is an Internet protocol used for the transfer of accurate time, providing time information so that a precise time can be obtained and maintained on a network

Most UNIX and Linux operating systems provide built-in time synchronisation functionality with its NTP (Network Time Protocol) daemon. If the NTP service is not available on your version of UNIX\Linux, NTP version 4 is open source and can easily be downloaded and configured, compiled and installed from www.ntp.org.

Network Time Protocol is the standard service for time dissemination across TCP/IP networks. It provides accuracies of 1-50 milliseconds, depending on the characteristics of the synchronization source and network paths.

The configuration file fro the NTP daemon is named NTP.conf and contains a list of reference clocks that it can synchronise too. The command ‘server’ specifies the reference clock, any characters after the ‘#’ symbol are comments, example:
server time-a.nist.gov # Public NTP server: NIST
driftfile /var/lib/ntp/ntp.drift

The drift file command identifies the location where the drift is recorded (sometimes referred to as a ‘frequency error). This value can be offset by NTP to ensure of increased accuracy. When configured, NTP can be controlled using the commands ‘ntpd start’ ‘ntpd stop’ ‘ ntpq –p’ (displays status)

NTP can also authenticate timing resources Note: It is strongly recommends that you configure a time server with a hardware source rather than from the internet where there is no authentication. Authentication codes are specified in the ‘NTP.keys’ file.

Specialist NTP servers are available that can receive transmissions from either GPS or national time reference broadcasts. They are relatively cheap and the signal is authenticated providing a secure time reference.

Authentication allows passwords to be specified by the NTP server and its clients. NTP passwords or keys are stored in the NTP.keys file in the following format: number M (The M stands for MD5 encryption), password.