Re: [Ntp] Follow-up to yesterday's mic comment about PTP security

Daniel Franke <dfoxfranke@gmail.com> Wed, 24 July 2019 14:09 UTC

Return-Path: <dfoxfranke@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4655F120240 for <ntp@ietfa.amsl.com>; Wed, 24 Jul 2019 07:09:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ohJYaT19H6ol for <ntp@ietfa.amsl.com>; Wed, 24 Jul 2019 07:09:31 -0700 (PDT)
Received: from mail-io1-xd44.google.com (mail-io1-xd44.google.com [IPv6:2607:f8b0:4864:20::d44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34E6912017D for <ntp@ietf.org>; Wed, 24 Jul 2019 07:09:31 -0700 (PDT)
Received: by mail-io1-xd44.google.com with SMTP id j6so14703136ioa.5 for <ntp@ietf.org>; Wed, 24 Jul 2019 07:09:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=1g2XG3qLLa9kskPf4ia/qwrQGxqst55s0u9QP8e/GAY=; b=X5NTbhXQUbjubQuOFVo7IeFTp2SMLtM0MpHiWUB2p9ZNT3ZEV8OUBRV6dETW0s3LYd KfHQd2y8BnZISzYGjcXTFOSsfSU+9xo3peBJ7Qv+ksXZkBapAPq/1B1H09vmVfjyphxU TRDLzuVEuU/cn8FXIYK2h3qITuxv0x2W65G/FQnSJnGtwQ3lnAXUTKXXe5E6GzYAl81H dRzRfWnTxYSERoUcce4ioqoR3hHOFxL5k5Q9Jy/GZLjOs0fJk69t6UDRAdBIs0wO/G9l oxy2ZZSOmJDcvf7NgdagcUGphhqzZXcNX9u31DOL9m+NEtNq35dSU5utPFc7uqV0ZVY8 S75g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=1g2XG3qLLa9kskPf4ia/qwrQGxqst55s0u9QP8e/GAY=; b=hDM3CE86Z1VppYpIT9gFMLC8y2IxNzaEq/FoHEpDwQOyIxktaGMc/DGFahoAczmZLH FxEeDLbmRoY0mFkTp9DdzQBWXKXRQHb+So2TmBpLZ8va/TGQiZly2C5qadaHxZ/X9nuH jL7DKpF//5aLZeuqtb6AK2EJlMghofCx/I2zbHqWfSzg0F4tw4EyDC7G3bU/FpQO8qto 3YtgPbiS5pTvpRK3DFsJ0A5NWXHrBcYeA0tCVMKVTI6Z3S4VnNwXQ0sCohVmPvx+dt2y Mmm7E2R2JsJadXjfaXi1TysiHU5CnSLGgdMV1VmxH0E1QFRPn22xESTHtzvlhNCKsHET Qhsw==
X-Gm-Message-State: APjAAAW8BjiKMWHEWZNIStINgtP9A33dBi86Gu7lkjyesty0p1UgEpLy rEO1x9PHk2hGUjAEFDULGlpOrySLfvLAbjt0YPE=
X-Google-Smtp-Source: APXvYqy5y5Om1uaFkgMCIM7flYzQ4Qqn7oFyW+9a/Kv3Sfn5zHUzEuGG+itFazmB6yx3K1PpnznWjMYr6KLe6mnXibY=
X-Received: by 2002:a05:6638:303:: with SMTP id w3mr31187416jap.103.1563977370380; Wed, 24 Jul 2019 07:09:30 -0700 (PDT)
MIME-Version: 1.0
References: <CAJm83bD89oPE+WouWUD=qVqFzZ5-vw6E3RVsdVRteH0cEXyYjg@mail.gmail.com> <OFBC3F40BE.7ED6BF0D-ONC1258441.0023FF5E-C1258441.002675FE@ptb.de>
In-Reply-To: <OFBC3F40BE.7ED6BF0D-ONC1258441.0023FF5E-C1258441.002675FE@ptb.de>
From: Daniel Franke <dfoxfranke@gmail.com>
Date: Wed, 24 Jul 2019 10:09:19 -0400
Message-ID: <CAJm83bA74UiYbVbfYOHk4Vsw=go0d5P70uwbJ7CDvFrkdtcbfw@mail.gmail.com>
To: kristof.teichel@ptb.de
Cc: NTP WG <ntp@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/YGb5TKL4pROhL-E8fBqff04IHQE>
Subject: Re: [Ntp] Follow-up to yesterday's mic comment about PTP security
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jul 2019 14:09:33 -0000

On Wed, Jul 24, 2019 at 3:00 AM <kristof.teichel@ptb.de>; wrote:
> 1.
> It is established in general (and I have a proof lying around for a model of NTS in particular) that a client performing a request-response exchange with NTS and using all relevant checks gets a strong guarantee that the error in its measured offset is no larger than half the added flight times of the packets (plus some negligibly small delta accounting for frequency instability of the clocks used on client and server side).
> For anyone wondering why we bothered to prove this again: this guarantee is 100%, and the new part is "no matter what a Man-in-the-Middle attacker did in the process".

The "half the RTT" error bound can be improved somewhat if you know
the physical distance between yourself and the server. In which case
the error bound is ±(RTT/2 - distance / speed_of_light), because it is
safe to assume that the network adversary does not have a wormhole
through which to route your packets. (If you do have one, Akamai wants
your resume).