IETF Logo Mail Archive

Re: [Ntp] draft-schiff-ntp-chronos-01.txt

Neta R S <neta.r.schiff@gmail.com> Sat, 03 November 2018 14:54 UTC

Return-Path: <neta.r.schiff@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 582D31277D2 for <ntp@ietfa.amsl.com>; Sat, 3 Nov 2018 07:54:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HPOlH5hh9K3t for <ntp@ietfa.amsl.com>; Sat, 3 Nov 2018 07:54:00 -0700 (PDT)
Received: from mail-ot1-x32c.google.com (mail-ot1-x32c.google.com [IPv6:2607:f8b0:4864:20::32c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DAD5F124408 for <ntp@ietf.org>; Sat, 3 Nov 2018 07:53:59 -0700 (PDT)
Received: by mail-ot1-x32c.google.com with SMTP id k9so4191240otl.10 for <ntp@ietf.org>; Sat, 03 Nov 2018 07:53:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=gqZB4hrISpRwVtDJBj+ogXnJhVBsMcS+SgxFe9k+G6I=; b=Dc5amdW7WQRccv9gdyeBBKXfAYvhigfw4JrnHlW+RtQ6tAM1BuBv9rbDfl1MYsAKkM ddSELePKmqStiKBYqtJuFEYF3dHbWCzNt7RdrPM8Nog/+86dYUKLYT0gKQqzdbo1sDFg V27z9PBMvRh5+F5NEjquGB9gNwZUVPNoRfK61UCpIVE9r0I/7dokOzj8a0XqJ6KzHrrY 8UUjvMB7FlLXpmYPeKGcL8csDVwEWs/1Qpzcvr8YCumd6LsEzLcn6MFUP1TKyQVL7SFt dqnaYC6vrak2layUXPOw3jjJI0HQGdhpL2piyCfQYzO+S2i+uWyL4PBdwZJLPwZ4xPHw ki1w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=gqZB4hrISpRwVtDJBj+ogXnJhVBsMcS+SgxFe9k+G6I=; b=T9riMmKytS/kzgddrjx2bTMWutNBtInNONri38vAit3ffH10/hZX5S4YEDcc6oPl46 E3kFzKds9oNrHzF/2h67fgJKYt6hrL3UrvhpLc+LZ7FuGBP5vi1G0A3P6PjWgOjP/Xk1 mdPNRrYdjlZfqYUB8B9/gR7bC6aiZK9asUhckuaNo/97Na0QxxvacUQZxoW4PbcV8qPO u+jJnwrneIypgk9IjK+GMEZWyoE8Ag+XHj/jRszxLvAu6fUotvi8g0pVp7Oa8wA2ZWBe W1UTbwC8jUVoRVTGZnJGHOAxgq1VhN8oN01RNiGMJCxSJnijtU40tfoVRcWW4OeEnijQ MwJA==
X-Gm-Message-State: AGRZ1gLvBY5nmugwk4j0v3BQUoB5Jmu7l2Es9XqEqRK6lMIeWtck/zVM /lj2CTtTv8FiPi0D5JoTM8VYEpQqn4SQmSsr2Tc=
X-Google-Smtp-Source: AJdET5eEAD7k9hK6/xtXjIwH2mDlZGkO+jblcITmJ19aPFqEzWdLzuOq2OFnqqzq5RJR3Hl+ZvJUI+yzg4jaxbP7i94=
X-Received: by 2002:a9d:74d:: with SMTP id 71mr9760631ote.239.1541256839106; Sat, 03 Nov 2018 07:53:59 -0700 (PDT)
MIME-Version: 1.0
References: <CAM-HxCPqjaq5rDUYmoA66YhQnhxCQP6FF=N73arsCj1+SWXJbg@mail.gmail.com> <BY2PR11MB0645E5C0BA6FAD04944AEC49FCF50@BY2PR11MB0645.namprd11.prod.outlook.com> <AM4PR0801MB2738E45DBF59A93F1380EE64F8CC0@AM4PR0801MB2738.eurprd08.prod.outlook.com> <BY2PR11MB06455893329A34FFC589D571FCCC0@BY2PR11MB0645.namprd11.prod.outlook.com> <E708CC30-2E06-4D95-8E2B-8B568DC31C5B@gmail.com> <BY2PR11MB06457D9EA06F32FD8C01F8D9FCCC0@BY2PR11MB0645.namprd11.prod.outlook.com> <20BBA9EF-F5B7-49C9-B1C6-2F84B805D0A0@gmail.com>
In-Reply-To: <20BBA9EF-F5B7-49C9-B1C6-2F84B805D0A0@gmail.com>
From: Neta R S <neta.r.schiff@gmail.com>
Date: Sat, 03 Nov 2018 16:53:45 +0200
Message-ID: <CAM-HxCNuri4aiAE9AJMA3Ue87FZGk3cwUw1Cav--okDSAxK_8g@mail.gmail.com>
To: dsibold.ietf@gmail.com
Cc: Greg.Dowd@microchip.com, ntp@ietf.org
Content-Type: multipart/alternative; boundary="00000000000067181b0579c3d238"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/J2OGnkAYpkQOJeVCA5GDszbq_Vg>
Subject: Re: [Ntp] draft-schiff-ntp-chronos-01.txt
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Nov 2018 14:54:03 -0000

Thanks Greg and Dieter for this discussion,
I will be happy to bring up these ideas in the next IETF meeting (103).

Dieter - regarding Table 1, indeed, small w and the capital W represent the
same quantity
(we will fix it in the next submission).

Thanks,
Neta

On Wed, Oct 31, 2018 at 6:19 PM Dieter Sibold <dsibold.ietf@gmail.com>
wrote:

> Thanks Greg
> I suppose I’ve got it.
> Dieter
>
> On 30 Oct 2018, at 22:59, Greg.Dowd@microchip.com wrote:
>
> Somewhat.  My intent was to suggest that the new algorithm should NOT
> replace the current steering part of the loop but instead operate in front
> or alongside or even post (although that would only report, not prevent
> attacks).  I was not focused on the part it would replace (see my other
> comments) but to suggest there is a part it perhaps should not replace.  As
> an example, there is no mention of hysteresis in the secure selection.
> This doesn’t mean it could not include it but it is not necessary to solve
> the security problem.  However, it is vital to the clock steering algorithm
> and supplied in the form of anti-clockhopping and maybe the prefer logic.
> This mix of requirements led to my comments trying to compartmentalize the
> security as an envelope under which the steering could hopefully continue
> to operate without significant noise being introduced.
>
>
>
> Thanks..Greg
>
>
>
>
>
> *Greg Dowd*
>
> Principal Engineer, FTD
>
> Microsemi
>
> 3870 N. First St. | San Jose | CA 95134 | USA
>
> Office: 408.964.7643
>
> Email: *greg.dowd@microchip.com <greg.dowd@microsemi.com>*
>
> Company Website:  www.microsemi.com
>
> [image: cid:image005.png@01D3FE6E.AC0E43B0]
>
>
>
>
>
> *From:* Dieter Sibold [mailto:dsibold.ietf@gmail.com]
> *Sent:* Tuesday, October 30, 2018 1:38 PM
> *To:* Greg Dowd - C32313 <Greg.Dowd@microchip.com>
> *Cc:* neta.r.schiff@gmail.com; ntp@ietf.org
> *Subject:* Re: [Ntp] draft-schiff-ntp-chronos-01.txt
>
>
>
>
>
> Thanks for the answer Greg.
> Does this imply that chronos will „only“ replaces NTP’s selection process?
> After that NTP’s cluster and combination algorithms are applied in order to
> calculate the clock offset. Additionally, chronos will provide an upper
> bound for a valid clock offset?
>
> Dieter
>
>
>
> On 30 Oct 2018, at 17:39, Greg.Dowd@microchip.com wrote:
>
> Hi Dieter,
>
> This mirrors a statement by Danny recently that information is being lost
> in the suggested approach.  The current clock combining algorithm uses the
> weighted average of the clocks left after the selection algorithm.  This
> provides mitigation against network bias, jitter and clockhopping.  My
> intent in comment 3 was to suggest that instead of using the secure
> selection algorithm to determine a single “jam synchronization”, the secure
> algorithm could perhaps be used as a new “clustering” step that would
> complement or bracket the current produced clock correction.  If the
> filtered, smoothed clock correction is within the bracket, it would be
> used.  If it fell outside, some other step would take place, marking
> outlier as falseticker and re-running or some other step.  This technique
> was discussed I think years ago in the SNTP work and was part of the DSNTP
> (Datum Secure Network Time Protocol) we produced back then.  The idea was
> that the authentication code validated the steering section but did not
> replace it.
>
>
>
> Does that make sense?
>
>
>
>
>
>
>
> *Greg Dowd*
>
> Principal Engineer, FTD
>
> Microsemi
>
> 3870 N. First St. | San Jose | CA 95134 | USA
>
> Office: 408.964.7643
>
> Email: *greg.dowd@microchip.com <greg.dowd@microsemi.com>*
>
> Company Website:  www.microsemi.com
>
> [image: cid:image005.png@01D3FE6E.AC0E43B0]
>
>
>
>
>
> *From:* Dieter Sibold [mailto:dsibold.ietf@gmail.com
> <dsibold.ietf@gmail.com>]
> *Sent:* Tuesday, October 30, 2018 9:02 AM
> *To:* Greg Dowd - C32313 <Greg.Dowd@microchip.com>;
> neta.r.schiff@gmail.com; ntp@ietf.org
> *Subject:* Re: [Ntp] draft-schiff-ntp-chronos-01.txt
>
>
>
> Hi Greg,
>
>
>
> maybe it is only me. But to be honest I don’t understand the third point.
> Especially, what do you mean with the opposite approach? I would like to
> understand your implications.
>
>
>
> Dieter
>
>
>
> *Von: *ntp <ntp-bounces@ietf.org> im Auftrag von "Greg.Dowd@microchip.com"
> <Greg.Dowd@microchip.com>
> *Datum: *Dienstag, 23. Oktober 2018 um 19:42
> *An: *"neta.r.schiff@gmail.com" <neta.r.schiff@gmail.com>, "ntp@ietf.org"
> <ntp@ietf.org>
> *Betreff: *Re: [Ntp] draft-schiff-ntp-chronos-01.txt
>
>
>
> Interesting evolution of the clustering concept.  A couple of thoughts.
>
>    1. It should be possible to perform this operation external to ntpd
>    and then use the resulting information to add/remove servers?  More complex
>    but same functionality?  Certainly cleaner in ntpd.
>    2. It should be possible to modify only the clock selection algorithm
>    and not the clock filtering algorithm although this may be moot if there
>    ends up being a lot of clock hopping.  It would likely result in better
>    precision.
>    3. Instead of taking the average of the sampled servers, have you
>    considered the opposite approach?  That would comprise statistical sampling
>    of the network clocks to validate the current selected clock as a
>    “truechimer”.  This should result in better performance with equivalent
>    security, right?
>
>
>
>
>
> *Greg Dowd*
>
> Principal Engineer, FTD
>
> Microsemi
>
> 3870 N. First St. | San Jose | CA 95134 | USA
>
> Office: 408.964.7643
>
> Email: *greg.dowd@microchip.com <greg.dowd@microsemi.com>*
>
> Company Website:  www.microsemi.com
>
> [image: cid:image005.png@01D3FE6E.AC0E43B0]
>
>
>
>
>
> *From:* ntp [mailto:ntp-bounces@ietf.org <ntp-bounces@ietf.org>] *On
> Behalf Of *Neta R S
> *Sent:* Tuesday, October 23, 2018 12:56 AM
> *To:* ntp@ietf.org
> *Subject:* [Ntp] draft-schiff-ntp-chronos-01.txt
>
>
>
> EXTERNAL EMAIL
>
> Hi,
>
>
>
> We submitted a new draft for Chronos (see below).
>
> The main change is a hybrid approach: by default NTPv4 updates the local
> clock but when a threat or evidence of attack is detected Chronos time is
> considered.
>
>
>
> Please take a look,
>
> Thanks,
>
> Neta
>
>
>
> Name:           draft-schiff-ntp-chronos
>
> Revision:       01
>
> Title:          A Secure Selection and Filtering Mechanism for the Network
> Time Protocol Version 4
>
> Document date:  2018-10-21
>
> Group:          Individual Submission
>
> Pages:          8
>
> URL:
> https://www.ietf.org/internet-drafts/draft-schiff-ntp-chronos-01.txt
>
> Status:         https://datatracker.ietf.org/doc/draft-schiff-ntp-chronos/
>
> Htmlized:       https://tools.ietf.org/html/draft-schiff-ntp-chronos-01
>
> Htmlized:
> https://datatracker.ietf.org/doc/html/draft-schiff-ntp-chronos
>
> Diff:
> https://www.ietf.org/rfcdiff?url2=draft-schiff-ntp-chronos-01
>
>
>
> Abstract:
>
>    The Network Time Protocol version 4 (NTPv4) defines the peer process,
>
>    the clock filter algorithm, the system process and the clock
>
>    description algorithm.  The clock filter algorithm and the system
>
>    process, as defined in RFC 5905, are the mechanism according to which
>
>    an NTP client chooses the NTP servers it synchronized with..  This
>
>    document specifies an alternative set of client mechanisms, named
>
>    Chronos, that is backward compatible with NTPv4, and offers an
>
>    improved level of security against time shifting attacks.
>
>
>
>

v2.23.0 | Report a Bug | By Email