A Security Analysis of the Precise Time Protocol

Similar documents
A Security Analysis of the Precise Time Protocol

OpenID Security Analysis and Evaluation

Defenses against Wormhole Attack

Configuring Precision Time Protocol (PTP)

Configuring PTP. Information About PTP. This chapter contains the following sections:

The Kerberos Authentication System Course Outline

G Telecom Profile

arxiv: v3 [cs.cr] 25 May 2016

G Telecom Profile

Precision Time Protocol Software Configuration Guide for IE 2000U and Connected Grid Switches

Time Synchronization Security using IPsec and MACsec

Detection of Malicious Nodes in Mobile Adhoc Network

G Telecom Profile

Precision Time Protocol Software Configuration Guide for IE 4000, IE 4010, and IE 5000 Switches

Standards Update IEEE 1588

Certificate reputation. Dorottya Papp

Security Issues In Mobile IP

NETWORK INTRUSION. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

IEEE1588 profile development in ITU-T

ISO/IEC Common Criteria. Threat Categories

Authorization Recycling in RBAC Systems

Ruijie Anti-ARP Spoofing

CTS2134 Introduction to Networking. Module 08: Network Security

IEEE1588 Frequently Asked Questions (FAQs)

Secure Initial Access Authentication in WLAN

Authentication Handshakes

Nimbra - communication platform for the SmartGRID

Evaluating the performance of Network Equipment. Presenter: Tommy Cook, CEO Calnex Solutions Ltd

Distributed Systems. 05. Clock Synchronization. Paul Krzyzanowski. Rutgers University. Fall 2017

Chapter 24 Wireless Network Security

Mobile Security Fall 2013

CSC 474/574 Information Systems Security

IEEE 1588v2 Technology White Paper

Security in Ad Hoc Networks Attacks

Rogue Access Points and UBC s Wi-Fi Network

Internet Protocol and Transmission Control Protocol

Technical Brief Implementing IEEE 1588v2 for use in the mobile backhaul

PTP Implementation Challenges and Best Practices

Distributed Systems Exam 1 Review. Paul Krzyzanowski. Rutgers University. Fall 2016

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

Powering Next-Generation IP Broadcasting using QFX Series Switches. Tech Note

Cooperative Secondary Authorization Recycling

802.1AS Fast Master Clock Selection

Denial of Service and Distributed Denial of Service Attacks

Synchronization of Television, Audio and Moving Pictures in a Digital Age. Tim Frost, Symmetricom Inc.,

Process groups and message ordering

IEEE 1588 PTP clock synchronization over a WAN backbone

IEEE 1588 Hardware Assist

Session key establishment protocols

G Telecom Profile

NETLMM Security Threats on the MN-AR Interface draft-kempf-netlmm-threats-00.txt

TIME SYNCHRONIZATION TEST SOLUTION FROM VERYX TECHNOLOGIES

High Available Synchronization with IEEE 802.1AS bt

Threat Modeling. Bart De Win Secure Application Development Course, Credits to

Session key establishment protocols

Understanding PTP. A network device physically attached to the primary time source. All clocks are synchronized to the grandmaster clock.

Secure PTP - Protecting PTP with MACsec without losing accuracy. ITSF 2014 Thomas Joergensen Vitesse Semiconductor

WIRELESS sensor networks have received a lot of attention

Network Security. Chapter 0. Attacks and Attack Detection

CSCI 667: Concepts of Computer Security. Lecture 9. Prof. Adwait Nadkarni

Security Engineering. Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings)

CIS 6930/4930 Computer and Network Security. Topic 8.1 IPsec

User Authentication Protocols

Analysis of Attacks and Defense Mechanisms for QoS Signaling Protocols in MANETs

Configuring attack detection and prevention 1

Streamware Workbench Release

PtpHybridClock. Reference Manual. Product Info. Product Manager. Author(s) Reviewer(s) - Version 1.0. Date Sven Meier.

The IEEE 1588 Standard

Frequently Asked Questions WPA2 Vulnerability (KRACK)

National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report

A Survey On Attacks, Challenges and Security Mechanisms In Wireless Sensor Network

How Insecure is Wireless LAN?

Interoperability with a One-Step Clock on Receive in 802.1ASbt

CISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks

Attacking Networks. Joshua Wright LightReading LIVE! October 1, 2003

ITU-T G /Y

Security in Mobile Ad-hoc Networks. Wormhole Attacks

Gossiping Ad-hoc Wireless networking for First Responders GAWFR

Automation the process of unifying the change in the firewall performance

MULTICAST SECURITY. Piotr Wojciechowski (CCIE #25543)

Distributed Systems Exam 1 Review Paul Krzyzanowski. Rutgers University. Fall 2016

Wireless LAN Security (RM12/2002)

Identifier Binding Attacks and Defenses in Software-Defined Networks

A Simulation Framework for IEEE 1588

Overview and Timing 802.1AS. Geoffrey M. Garner. Broadcom Corporation

Network Security. The Art of War in The LAN Land. Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, September 27th, 2018

Evaluating 1588v2 Performance

Best Practices for IEEE 1588/ PTP Network Deployment

COMPUTER NETWORK SECURITY

Technical Brief Implementing IEEE 1588v2 for use in the mobile backhaul

CIS 6930/4930 Computer and Network Security. Topic 6.2 Authentication Protocols

Improving Mobile Backhaul Network Reliability with Carrier-Class IEEE 1588 (PTP) WHITE PAPER

User Authentication Protocols Week 7

Chapter 7 Internet Protocol Version 4 (IPv4) Kyung Hee University

AUTHENTICATION SCHEME FOR DISTRIBUTED, UBIQUITOUS, REAL-TIME PROTOCOLS 1,2 David L. Mills University of Delaware Newark, DE 19716

Overview of Information Security

Configuring Clocking and Timing

VoIP Security Threat Analysis

The Revolution Evolution of the IEEE 1588 Standard

Time synchronization via IEE 1588

Transcription:

A Security Analysis of the Precise Time Protocol Jeanette Tsang & Konstantin Beznosov December 5, 2006 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) University of British Columbia

Outline 1. Work objectives 2. Assumptions 3. Discussion of Best Master Clock (BMC) attack 4. Results summary 5. Conclusion A Security Analysis of the Precise Time Protocol 2

Work Objectives 1. Identify generic security vulnerabilities 2. Identify PTP-specific vulnerabilities 3. Suggest countermeasures A Security Analysis of the Precise Time Protocol 3

Assumptions 1. Closed network i.e., no direct or indirect connections with the Internet 2. Insiders can mount passive & active attacks i.e., remove, modify, and inject messages 3. No IP-level data protection e.g., IPSec A Security Analysis of the Precise Time Protocol 4

Sample Run of the PTP Protocol Master Clock Slave Clock Record precise sending time Sync message: estimated sending time Follow_Up message: precise sending time of Sync Calculate offset A Security Analysis of the Precise Time Protocol 5

Attacks

Types of Attacks Identified 1. Modification 2. Masquerading 3. Delay 4. Replay 5. Denial of service A Security Analysis of the Precise Time Protocol 7

Attack 1: How to Masquerade as the Master Clock Two ways: 1) Impersonate Current Master Clock Steal current master clock identity 2) Switch the slave clock to the rogue master clock Win the Best Master Clock (BMC) election A Security Analysis of the Precise Time Protocol 8

How to Win Best Master Clock (BMC) Election (1/4) Sync message Legitimate Master 1. Snoop Grandmaster clock information sequenceid Uuid, etc. Rogue Master Victim Slave A Security Analysis of the Precise Time Protocol 9

How to Win BMC Election (2/4) 2. Send best Sync message to the slave clock Rogue Master Victim Slave A Security Analysis of the Precise Time Protocol 10

How to Win BMC Election (3/4) 3. Victim slave clock runs BMC and picks the rogue master Rogue Master Victim Slave A Security Analysis of the Precise Time Protocol 11

How to Win BMC Election (4/4) 4. Victim slave switches to the Rogue Master Rogue Master Victim Slave A Security Analysis of the Precise Time Protocol 12

Sample PTP Network Grandmaster Clock (GMC) Slave A1 Slave A2 Boundary Clock (Master) Boundary Clock (Slave) ETHERNET NETWORK 1 Boundary Clock (Slave) Port 1 Port 1 Switching Device A Port 2 ETHERNET NETWORK 2 Boundary Clock (Master) Boundary Clock (Master) Slave B1 Slave B2 Port 2 Port 3 Switching Device B A Security Analysis of the Precise Time Protocol 13

Attack 2: Depriving slave from synchronization Ways to attack: 1. Block sync messages Congestion Removal 2. Make victim slave to discard good sync messages Sync message modification Illegal update of sequenceid A Security Analysis of the Precise Time Protocol 14

Attack 2: Illegal update of sequenceid (1/4) Last sync sequenceid = 100 Sync Message sequenceid = 200 Rogue Master Victim Slave Current Master A Security Analysis of the Precise Time Protocol 15

Attack 2: Illegal update of sequenceid (2/4) Update last sync sequenceid 200 Rogue Master Victim Slave Current Master A Security Analysis of the Precise Time Protocol 16

Attack 2: Illegal update of sequenceid (3/4) Last sync sequenceid = 200 Sync Message sequenceid = 101 Rogue Master Victim Slave Current Master A Security Analysis of the Precise Time Protocol 17

Attack 2: Illegal update of sequenceid (4/4) Last sync sequenceid = 200 300 400 sequenceid = 300 sequenceid = 400 Cannot keep up Rogue Master Victim Slave Current Master A Security Analysis of the Precise Time Protocol 18

Attack Type Effects Countermeasures Would IPsec help to counter this attack type? Modification Denial of Service Incorrect resynchronization Cryptographic integrity protection Yes Changing clock hierarchy Masquerading resynchronization Centralized or chained authentication mechanism No Delay Delay in timing messages Timeout of synchronization process Increase in offset calculation Algorithm to detect abnormal timestamp Back up plan using previous timing records Yes Replay Disturbance of message sequence Authentication mechanism Yes Saturate process queue Tunneled connection Congest network paths Denial of Service Small-scaled: Affect accuracy of synchronization Big-scaled: Put halt on the whole PTP system Physical protection Pay precautions to other malicious attacks Monitor traffic No A Security Analysis of the Precise Time Protocol 19

Conclusions Could not ensure integrity of messages and authenticity of sender Analyzed five types of attacks Incorrectly resynchronize clocks Rearrange or disrupt hierarchy Bring protocol participants into an inconsistent state Deprive victim slave clocks from synchronization in ways undetectable by generic network intrusion detection systems Proposed countermeasures for the identified attacks A Security Analysis of the Precise Time Protocol 20

More information available on lersse.ece.ubc.ca A Security Analysis of the Precise Time Protocol 21

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback