Abstract: The opinion discussed here is based on the study of the current initiatives of the government in the growth of Digital Economy, there are needs to be a focused  to bring up the Suitable Infrastructure to cater the growing demand for the Digital transactions in the distributed Digital Resources. These resources are to be validated with authentic and accurate Time. These are prone to various threats that needs to be taken care. By addressing these issues and building the Infrastructure with minimum overhead and faster setup at a national level shall help the Digital Economy with effective support for legal and regulatory requirements.

The time clock in the computer/PC/CPU/Servers/workstations is used to preserve path after documents (files) were created and last changed, when electronic mail messages are sent and received, and when other time-sensitive events and transactions happen.

 

To precisely relate files, messages, and other records residing on different computers, their time clocks must be set from a common standard. In the best case, their clocks should be set from an accurate national standard.

 

The Network Time Protocol (NTP) is extensively used in the Internet to synchronize computer clocks to National Standard Time. The time information provided by the National Time service (Nationally Designated National Measurement Institutes (NMI)) is directly traceable to Coordinated Universal Time (UTC). The service responds to time requests from any Internet client in several formats including the DAYTIME, TIME, and NTP protocols.

 

NTP synchronizes clocks of hosts and routers in the Internet. NTP provides nominal accuracies of low tens of milliseconds on wide area networks, sub milliseconds on local area networks and sub microseconds using a precision time source such as a cesium oscillator or GPS receiver. The NTP architecture, protocol and algorithms have been evolved over the last two decades to the latest NTP Version 4 software distributions.Authenticated NTP messages using a symmetric-key algorithm that is compatible with the reference implementation of the NTP software.

 

NTP Version 4 architecture, protocol and algorithms have been evolved to achieve degree of accuracy for improved clock models for each synchronization source and network path. Engineered algorithms reduce the impact of network jitter and oscillator wander while speeding up initial convergence. Redesigned clock discipline algorithm operates in frequency-lock, phase-lock and hybrid modes.

These improve accuracy by about a factor of ten, while allowing operation at much longer poll intervals without significant reduction in accuracy. Network Time Protocol (NTP) is possibly the longest running, continuously operating world over available protocol in the Internet.

 

A suite of defensive measures has been incorporated in the latest NTP design. One of these, called the kiss-o’-death packet, is returned to a misbehaving client sending at terrorist rates. If the client uses the public NTP distribution, receiving this packet causes the client association to be demobilized and a pique sent to the system log.

 

Time is a concept that establishes an ordering of events relative to a timescale. In NTP, a date is a point on the timescale expressed in one of two formats, date stamp and timestamp. Date stamps are used in internal calculations where extended range and freedom from overflow are important, while timestamps are used in packet headers where economy of storage is important.

 

Interconnected Networks having NTP servers are synchronized using the same algorithm, and the accuracy of the time stamps (at the server) should be comparable for any one of them. The accuracy of the time stamps as seen by a user will usually be determined largely by the steadiness and exchange of the network connection between the server and the user's systems.

 

A server that can be proven authentic by one cryptographic means or another can deliver correct time with respect to its synchronization sources and best estimate according to the available mitigation algorithms. A server that has been proven authentic can deliver incorrect time if, for instance, its synchronization sources deliver incorrect time. On the other hand, a server that has not been proven authentic may or may not deliver correct time or even deliver bogus time not synchronized to any source.

 

Immediate objective of the National NTP infrastructure is to synchronize clocks of the network to a common national timescale. NTP infrastructure can be built with a minimum of network overhead and can also maintain a high level of synchronization accuracy and security. An effectively designed NTP infrastructure is relatively easy to implement, making NTP ideal for both small and large organizations, enterprise networks.

 

 

Building an NTP-based Time Service infrastructure has found internationally used methods:

1. Obtain an NTP Server appliance to use as a stratum 1 server. This is the easiest choice for providing an accurate, reliable, secure and autonomous UTC-synchronized network.

2. Obtain an external time source such as a GPS or CDMA reference to create a stratum 1 server.  This external time reference is then connected to an existing server to create a stratum 1 time server. Although this method is more difficult to setup and configure it will provide an accurate, reliable, secure and autonomous UTC-synchronized network.

 

3. Synchronize an internal NTP server from publicly available servers on the Internet, making it a stratum 2 or 3 server. However, as with any externally provided service, it is also an entry point for attackers. In addition, obtaining time from the Internet is less accurate. For secure environments where synchronized time is critical, the use of a public time server would not be appropriate.

 

4. Designate a machine as the Time Authority, using its internal clock as the arbitrary time source. However, as this time source wanders all of the NTP clients connected to it will wander with it. While the primary clock could be manually adjusted to the true time occasionally, this would cause all of the clients to jump when the server adjusts. If a clock is ever adjusted to shift more than 17minutes, all of the NTP client software will abort due to the sudden time shift. This option can still provide a synchronized network and may be acceptable in a few rare cases, but in any sort of large installation it is critical to keep the clocks synchronized with some maintained time standard.

 

Largely planned national laboratories serving as National measurements Institute provide the national legal time services to a large client population on local networks connected to the public Internet by routers. These are prone to a wide range of attack scenarios that an intruder might attempt to exploit communicates to all servers and clients.

All recognized trustworthy threats must be assessed to decide the Authenticity. To protect against a specific threat, means to identify it and take counter measures against it. NTP operating over the public Internet can be susceptible to all kinds of attacks that are regularly attempted to disturb the protocol or the data it conveys.

 

Understanding the evident threats that are Active Attacks:

  1. Bogus attack, intruder attempts to manufacture a packet acceptable to the client or server.

  2. Wiretap attack, intruder copies client and server packets, and in principle can archive them forever.

  3. Replay attack the intruder replays one or more of these packets.

  • Duplicate is a replay of the most recent packet sent, most likely due to a retransmission in the network.

  • Old duplicate is a replay of a packet other than the most recent one sent, most likely due to an intruder.

Replayed packets cannot arrive before the original packet. Attacks like these might be possible by a rogue computer on a shared Ethernet

 

The noticeable Passive Attacks: Packets can be lost due to collisions, queue overflow or bit errors resulting in checksum failure. There are some conditions under which a lost packet causes a protocol restart, which can cause delays with certain mitigation algorithms.

 

  1. Middleman attack, an intruder can intercept a client or server packet and optionally prevent its onward transmission. Middleman can then fabricate bogus or misleading packets acceptable to the server or client.

  2. Cut-and-paste attack to substitute old or bogus information in an Auto key extension field can be attempted by a middle man.

  3. Masquerade attack, in which the intruder assumes the identity of a legitimate server likely use by a compromised router or bogus DNS server.

  4. Delay attack by an intruder, in which client or server packets are delayed by a constant or variable time, but otherwise are unchanged. If the delays in the two directions between the client and server are substantially the same, the offset error may be insignificant. Attacks like these might be possible by a compromised router. They can occur independently or in combination with other security vulnerabilities. (This is the case with space data links, where the light time varies with spacecraft maneuvers. If the delays in the two directions are significantly different, the offset error is half the difference between the delays in the two directions.)

  5. Denial of service (DoS)/(DDOS) attack by one are more collaborated intruders, which attempts to deny service by flooding the network, clients or servers with a high level of bogus traffic. DoS attack may be effective if it forces needless and expensive cryptographic calculations.

  6. NTP Reflection attack that involves sending requests with spoofed source IP addresses to NTP servers with the intention of forcing those servers to return large responses to the spoofed addresses instead of the real senders.

 

Organized law-breaking groups are using the Internet for key fraud and stealing activities. There are developments indicating organized law-breaking involvement in white-collar offense. As offenders move away from outdated methods, internet-based crime is becoming more predominant. Internet-based stock fraud has earned offenders millions per year leading to loss to investors, creating it a lucrative area for such offense.

 

Accurate, consistent local time is necessary for financial and legal transactions, transportation and distribution systems, database management and many other applications involving widely distributed digital resources. Accurate local time is essential to determining the order in which events occur and is a fundamental aspect of transaction integrity, logging/auditing, trouble shooting and forensics.

 

Legal traceability means that the Time service provider need to be prepared to convince a jury in an adversarial proceeding that your time was correct at some instant in the past. The exact amount of evidence required to prove traceability in a court of law varies from case to case. If you have established metrological traceability for a given time period, then you have also established legal traceability for that time period. To prove this in court some recordkeeping, such as log files, is essential. The services provider shall put in place the policies and procedures to be in order to prove traceability decided based on statutory requirements.

 

Reference:

  1. Computer Network Time Synchronization The Network Time Protocol, Author Dr. David L. Mills © 2006 by Taylor & Francis Group, LLC

  2. www.tteddo.com/download/MacNistTime.pdf

  3. www.endruntechnologies.com

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform