Re: [Ntp] Follow-up to yesterday's mic comment about PTP security
kristof.teichel@ptb.de Thu, 25 July 2019 07:13 UTC
Return-Path: <kristof.teichel@ptb.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB0CA120275 for <ntp@ietfa.amsl.com>; Thu, 25 Jul 2019 00:13:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.801
X-Spam-Level:
X-Spam-Status: No, score=0.801 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GUARANTEED_100_PERCENT=2.699, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wcX6XhM8Lj_q for <ntp@ietfa.amsl.com>; Thu, 25 Jul 2019 00:13:35 -0700 (PDT)
Received: from mx1.bs.ptb.de (mx1.bs.ptb.de [192.53.103.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F140C12007C for <ntp@ietf.org>; Thu, 25 Jul 2019 00:13:34 -0700 (PDT)
Received: from smtp-hub.bs.ptb.de (smtpint01.bs.ptb.de [141.25.87.32]) by mx1.bs.ptb.de with ESMTP id x6P7DWIT027850-x6P7DWIV027850 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 25 Jul 2019 09:13:32 +0200
Received: from lotus.bs.ptb.de (lotus.bs.ptb.de [141.25.85.200]) by smtp-hub.bs.ptb.de (Postfix) with ESMTPS id 1343181595F; Thu, 25 Jul 2019 09:13:32 +0200 (CEST)
In-Reply-To: <626997121-17255@srv-kerioconnect.py.meinberg.de>
References: <OFBC3F40BE.7ED6BF0D-ONC1258441.0023FF5E-C1258441.002675FE@ptb.de> <626997121-17255@srv-kerioconnect.py.meinberg.de>
To: Doug Arnold <doug.arnold@meinberg.de>
Cc: Daniel Franke <dfoxfranke@gmail.com>, NTP WG <ntp@ietf.org>
MIME-Version: 1.0
Message-ID: <OFA2356644.91C0B8AD-ONC1258442.00272352-C1258442.0027B093@ptb.de>
From: kristof.teichel@ptb.de
Date: Thu, 25 Jul 2019 09:14:19 +0200
Content-Type: multipart/alternative; boundary="=_alternative 0027B093C1258442_="
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/GKahdzOtSyQAuAdU1jdXjPd9dEg>
Subject: Re: [Ntp] Follow-up to yesterday's mic comment about PTP security
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jul 2019 07:13:38 -0000
Good morning all, what you will really need from these folks, Doug, is a clear statement of whether they need their level of synchronicity (50ms, 100us, whatever) only locally between all their machines or also in reference to a global time scale such as UTC. And maybe if they need different precision/accuracy levels for both, such as needing/wanting sub-ns level locally and a 100% guaranteed 100us within UTC or something like that (I suspect something like this will turn out to be true for most of them). Using PTP to make sure that all of their devices agree on the time to a better-than-100us level is fine, but if they need actual guarantees with regard to UTC, it might be short-sighted to just go "well, our server is GPS-disciplined, so basically as good as UTC". Best regards, Kristof Von: "Doug Arnold" <doug.arnold@meinberg.de> An: "NTP WG" <ntp@ietf.org> Kopie: kristof.teichel@ptb.de, "Daniel Franke" <dfoxfranke@gmail.com> Datum: 24.07.2019 21:17 Betreff: Re: [Ntp] Follow-up to yesterday's mic comment about PTP security Hello Everyone, Some financial companies only need 50 ms, and for them I recommend NTP. It is cheaper and easier to install than PTP, and the protocol is more mature and implementations are usually robust. In general they prefer to have their own NTP servers, inside their network, and behind the fire wall. I will be recommending NTS when available from their vendor. That will be an easy sell, since they generally want to turn on security options for the protocols they use. Some network operators tell me that achieving 100 us time synchronization in their network is near the edge of what they currently get using NTP, so they want to switch to PTP for this spec and the coming tighter specs. Most of them have switches and routers which have PTP on path support or the operators expect them to in the near future. This will be an issue which needs discussion since that represents a security challenge. If every switch is shaping the information, then there is either a "secret" every node knows, or many secrets, each of which must be kept. Doug From: <kristof.teichel@ptb.de> To: Daniel Franke <dfoxfranke@gmail.com> Cc: NTP WG <ntp@ietf.org> Sent: 7/24/2019 9:00 AM Subject: Re: [Ntp] Follow-up to yesterday's mic comment about PTP security Hey all, first of all, I'm really glad if this whole thing (security of one-way mechanisms and mechanism selection) is a discussion that we're going to have in the WG. To comment on your assertions, Daniel: 1. It is established in general (and I have a proof lying around for a model of NTS in particular) that a client performing a request-response exchange with NTS and using all relevant checks gets a strong guarantee that the error in its measured offset is no larger than half the added flight times of the packets (plus some negligibly small delta accounting for frequency instability of the clocks used on client and server side). For anyone wondering why we bothered to prove this again: this guarantee is 100%, and the new part is "no matter what a Man-in-the-Middle attacker did in the process". So I would be careful about naming a specific amount, because flight times do depend on the specific client's connection - but 50ms seems like a good rule of thumb, and I overall agree with your assertion. 2.-3. If we're operating und the assumptions that a) you can only use one time sync mechanism at a time and keep track of one clock disciplined via data from that mechansim, and b) end users always have exactly one requirement level for each of security and precision/accuracy and need to use the least-effort path to achieve them ... then I agree with your assertions whole-heartedly. But I really think both assumptions deserve their own hard looks and considerations. For example, it might be reasonable for someone, specifically a financial institute, to run NTP with NTS in their local network to obtain a 100% security guarantee for a 100us level (demanded by MiFID II for example) and also still use PTP / White Rabbit (unsecured for the time being) to have the precision/accuracy levels they actually want - with no strong guarantee, but still valid in the (most likely) case that their infrastructures are not currently under attack. 4. Again, I agree with the assertion for the most part and in the given status quo. But the underlying assumption that every relevant adversarial 2-way network also suffers from long, unpredictable and asymmetric travel times is mostly valid because the only candidate for such a network is the internet. If someone built, say, a GNSS network where two-way communication (with satellites or between two ground stations) was readily available to everyone, the whole situation would be different: That would still potentially qualify as an adversarial network, but with the proper crypto, your 100% security guarantees could be extended to much better precision/accuracy levels. The same thing could be true for long-distance tree-topology fibre-based networks exclusively for time synchronization - which are kind of in the process of being built all over Europe. Lengthy comments and caveats notwithstanding, I agree with and would endorse your 1.-4. decision making sheet as an excellent starting point. Best regards, Kristof "ntp" <ntp-bounces@ietf.org> schrieb am 23.07.2019 18:19:33: > Von: "Daniel Franke" <dfoxfranke@gmail.com> > An: "NTP WG" <ntp@ietf.org> > Datum: 23.07.2019 18:20 > Betreff: [Ntp] Follow-up to yesterday's mic comment about PTP security > Gesendet von: "ntp" <ntp-bounces@ietf.org> > > My comments yesterday about PTP security shifted context a few times > so it may have been hard to follow what I was claiming. My assertions > were: > > 1. If you need 50ms precision, pick some good public NTP servers and use NTS. > > 2. If you need 100µs precision, colocate a time source in the same > datacenter as the client systems. Use NTP and NTS; you don't need PTP > for this. > > 3. If you need 1µs precision, use PTP and physically secure the link > between the time source and the clients so that cryptographic > authentication is unnecessary. > > 4. If you need 1µs precision over an adversarial network, good luck! > This is simply not achievable and no amount of cryptographic pixie > dust is ever going to save you. > > _______________________________________________ > ntp mailing list > ntp@ietf.org > https://www.ietf.org/mailman/listinfo/ntp _______________________________________________ ntp mailing list ntp@ietf.org https://www.ietf.org/mailman/listinfo/ntp
- [Ntp] Follow-up to yesterday's mic comment about … Daniel Franke
- [Ntp] Antw: Follow-up to yesterday's mic comment … Ulrich Windl
- Re: [Ntp] Antw: Follow-up to yesterday's mic comm… Hal Murray
- Re: [Ntp] Follow-up to yesterday's mic comment ab… kristof.teichel
- Re: [Ntp] Antw: Follow-up to yesterday's mic comm… kristof.teichel
- Re: [Ntp] Follow-up to yesterday's mic comment ab… Daniel Franke
- Re: [Ntp] Follow-up to yesterday's mic comment ab… Watson Ladd
- [Ntp] Antw: Re: Follow-up to yesterday's mic comm… Ulrich Windl
- Re: [Ntp] Antw: Re: Follow-up to yesterday's mic … Harlan Stenn
- Re: [Ntp] Antw: Re: Follow-up to yesterday's mic … kristof.teichel
- Re: [Ntp] Follow-up to yesterday's mic comment ab… kristof.teichel
- Re: [Ntp] Follow-up to yesterday's mic comment ab… Heiko Gerstung
- Re: [Ntp] Antw: Re: Follow-up to yesterday's mic … Miroslav Lichvar
- Re: [Ntp] Follow-up to yesterday's mic comment ab… kristof.teichel
- Re: [Ntp] Follow-up to yesterday's mic comment ab… Daniel Franke