A security analysis and revised security extension for the precision time protocol

@article{Itkin2016ASA,
  title={A security analysis and revised security extension for the precision time protocol},
  author={Eyal Itkin and Avishai Wool},
  journal={2016 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control, and Communication (ISPCS)},
  year={2016},
  pages={1-6}
}
  • E. Itkin, A. Wool
  • Published 2 March 2016
  • Computer Science, Mathematics
  • 2016 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control, and Communication (ISPCS)
The Precision Time Protocol (PTP) aims to provide highly accurate and synchronized clocks. Its defining standard, IEEE 1588, has a security section (“Annex K”) which relies on symmetric-key secrecy. In this paper we present a detailed threat analysis of the PTP standard, in which we highlight the security properties that should be addressed by any security extension. During this analysis we identify a sequence of new attacks and non-cryptographic network-based defenses that mitigate them. We… 
Precision Time Protocol - Security Requirements
TLDR
Security requirements in the context of the Precision Time Protocol are examined and how they may be met by different security solutions, as well as one of its open-source implementations, linuxptp are evaluated.
Network-aware Mitigation of Undetectable PMU Time Synchronization Attacks
  • Ezzeldin Shereen, G. Dán
  • Computer Science
    2020 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm)
  • 2020
TLDR
This paper considers the problem of mitigating attacks that are undetectable by state-of-the-art power system state estimation, in precision time protocol networks, and provides a polynomial time approximation algorithm through a reduction from the group Steiner tree problem.
A Universally Composable Treatment of Network Time
TLDR
This work proposes ideal functionalities that capture a number of prevalent forms of time measurement within existing systems and shows how they can be realized by real-world protocols, and used to assert security of time-reliant applications — specifically, certificates with revocation and expiration times.
A Security Enhancement of the Precision Time Protocol Using a Trusted Supervisor Node
TLDR
This paper shows limitations of existing security approaches to tackle internal attacks and proposes a new security approach using a trusted supervisor node (TSN), in line with prong D as specified in IEEE 1588–2019.
Formal modelling of attack scenarios and mitigation strategies in IEEE 1588
TLDR
This work proposes the first formal framework for modelling and mitigating time delay attacks in IEEE 1588 on a specific type of Man-in-the-Middle (MITM) attack, where the attacker introduces random delays to the messages being exchanged between a master and a slave.
Precision time protocol attack strategies and their resistance to existing security extensions
TLDR
This paper provides a comprehensive analysis of strategies for advanced persistent threats to PTP infrastructure, possible attacker locations, and the impact on clock and network synchronization in the presence of security protocol extensions, infrastructure redundancy, and protocol redundancy.
Modeling and Security Analysis of IEEE 802.1AS Using Hierarchical Colored Petri Nets
TLDR
This paper model the IEEE 802.1AS Timing and Synchronization protocol using Hierarchical Colored Petri Nets (HCPNs) and verify the proposed model by state space analysis and synchronization performance analysis and proves the validity and practicability of the model.
Practical Implementation of APTs on PTP Time Synchronisation Networks
TLDR
A programmable Man-in-the-Middle (pMitM) and a programmable injector (pInj) device that allow the implementation of a variety of attacks, enabling security researchers to quantify the impact of APTs on time synchronisation.
Slave Clock Responses to Precision Time Protocol Attacks: A Case Study
  • Waleed Alghamdi, M. Schukat
  • Computer Science
    2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)
  • 2020
TLDR
This paper will focus on how two of these attacks, the asymmetric delay and the byzantine attack, can be implemented in a PTP network, and analyses their impact on slave clocks, and investigates how these attacks can be detected.
...
...

References

SHOWING 1-10 OF 35 REFERENCES
A security analysis and revised security extension for the precision time protocol, 2016, arXiv:1603.00707 [cs.cr
  • 2016
Standard for a Precision Clock Synchronization Protocol for Networked Measurement and Control Systems
A protocol is provided in this standard that enables precise synchronization of clocks in measurement and control systems implemented with technologies such as network communication, local computing,
A game theoretic analysis of delay attacks against time synchronization protocols
  • Tal Mizrahi
  • Computer Science, Mathematics
    2012 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control and Communication Proceedings
  • 2012
TLDR
A new approach to analyzing the delay attack, using a game theoretic model, is introduced, and a novel strategy for mitigating delay attacks using multiple paths between the master and slave clocks is introduced.
Technology Update on IEEE 1588: The Second Edition of the High Precision Clock Synchronization Protocol
TLDR
The paper introduces the concept of IEEE 1588 synchronization mechanisms and explains then in more detail how PTP was enhanced, e.g. by Transparent Clock, peer-to-peer delay measurement, unicast operation, pure layer 2 operation, enhanced accuracy, and extension mechanisms.
SNMPv3: A security enhancement for SNMP
  • W. Stallings
  • Computer Science
    IEEE Communications Surveys & Tutorials
  • 1998
TLDR
This article outlines the overall network management framework defined in SNMPv3, and then looks at the principal security facilities defined in snmpv3: authentication, privacy, and access control.
Deploying PTP as an Enterprise Service: Issues, challenges and design considerations
  • Wojciech Owczarek
  • Business, Computer Science
    2013 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control and Communication (ISPCS) Proceedings
  • 2013
TLDR
An industry experience and research-based analysis of issues that the deployment of PTP as a service is facing in the finance industry is presented, based on real life examples from a global stock exchange operator.
An FPGA based cut-through switch optimized for one-step PTP and real-time Ethernet
  • Holger Flatt, J. Jasperneite, Frank Schewe
  • Computer Science
    2013 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control and Communication (ISPCS) Proceedings
  • 2013
TLDR
This paper presents an FPGA based Ethernet cut-through switch that is optimized for one-step PTP clock synchronization and fast forwarding of real-time Ethernet frames and can be flexibly integrated into time-synchronized real- time networks in order to provide improved switching functions.
Improving PTP robustness to the byzantine failure
TLDR
This paper describes an alternative to improve PTP robustness to the byzantine failure without modifying PTP slaves.
Security mechanisms to protect IEEE 1588 synchronization: State of the art and trends
TLDR
A comparative study of the proposed security solutions within the working group is presented and a new MACsec use case to provide hop-by-hop group security is introduced.
Challenges deploying PTPv2 in a global financial company
  • P. Estrela, L. Bonebakker
  • Computer Science
    2012 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control and Communication Proceedings
  • 2012
This paper describes the challenges encountered when deploying PTPv2 on the worldwide network of a financial company, by upgrading nearly all servers in all data-centers over a period of two years,
...
...