Network time protocol could be misused for attacks on https and dnssec’




-Encrypted traffic based on the network time protocol is to intercept, after which time the client is adjustable. This fact is exploited to include https, dnssec- and bitcoin attacks, claim researchers.

The researchers from Boston University describe the ways in which an attacker can intercept traffic to a NTP server, and what the implications of adjusting the times. The network time protocol or network time protocol is a protocol in 1985 that provides clock synchronization between systems. That abuse ntp servers for DDoS attacks was already known and it has also been referred to the possibility of man-in-the-middle attacks. The researchers now have different attacks and their implications mapped.

The security and proper operation of many protocols and programs based on the accuracy of the time, they describe. Some applications, such as authentication software and bitcoin, can be sent already in the confused by shifting the time by a few hours or days, for example, while DNSSEC TLS certificates, and can be attacked by months or years to suit.

NTP-combat table

“An attacker who ntp-client move back in time, can cause a host accepts certificates issued an attacker fraudulently, but after that time are withdrawn” is notably in the report. By moving the time when a DNS resolver forward a ntp-attack could cause the cryptographic dnssec-validation fails so the resolver and all his clients connecting to domains that are protected with dnssec lose.

By adjusting the system time of a bitcoin user could be a victim in theory a legitimate block of the block chain can reject. The blocks namely contain a timestamp and a validity period of about two hours, the researchers note. They point out that, although ntp has support for cryptographic authentication, but that it is rarely used in practice.

Besides so-called on-path attacks that traffic is intercepted, the report also appoints an off-path – dos attack referenced. The attacker spoofs a single kiss-of-death packet from a server, the client stops the queries to the server and its local clock can no longer update. The kiss-of-death-packets are designed to reduce the load on an NTP server if it receives too many queries, but according to the researchers, these very easy to spoof.

Boston University has put a page containing tips on how to protect ntp servers and clients against attacks.


In: A Technology & Gadgets Asked By: [21358 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »