Re: [Ntp] Roughtime and Delay Attacks
kristof.teichel@ptb.de Wed, 03 April 2019 06:42 UTC
Return-Path: <kristof.teichel@ptb.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F9F91200D7 for <ntp@ietfa.amsl.com>; Tue, 2 Apr 2019 23:42:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nxF_tyYF58_4 for <ntp@ietfa.amsl.com>; Tue, 2 Apr 2019 23:42:15 -0700 (PDT)
Received: from mx1.bs.ptb.de (mx1.bs.ptb.de [192.53.103.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EC3E120059 for <ntp@ietf.org>; Tue, 2 Apr 2019 23:42:14 -0700 (PDT)
Received: from smtp-hub.bs.ptb.de (smtpint01.bs.ptb.de [141.25.87.32]) by mx1.bs.ptb.de with ESMTP id x336g696031344-x336g698031344 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=CAFAIL); Wed, 3 Apr 2019 08:42:06 +0200
Received: from lotus.bs.ptb.de (lotus.bs.ptb.de [141.25.85.200]) by smtp-hub.bs.ptb.de (Postfix) with ESMTPS id 44D397A36B8; Wed, 3 Apr 2019 08:42:05 +0200 (CEST)
In-Reply-To: <alpine.DEB.2.20.1904021625120.18432@grey.csi.cam.ac.uk>
References: <CABUE3Xmg1vZedhEras54LC6WyChPhcZnqB2s1TNcMaoLbarkdQ@mail.gmail.com> <OFF21B3920.9A750F87-ONC12583D0.002454E6-C12583D0.00297785@ptb.de> <alpine.DEB.2.20.1904021625120.18432@grey.csi.cam.ac.uk>
To: ntp@ietf.org
Cc: Aanchal Malhotra <aanchal4@bu.edu>, Tal Mizrahi <tal.mizrahi.phd@gmail.com>, Watson Ladd <watsonbladd@gmail.com>, Tony Finch <dot@dotat.at>
MIME-Version: 1.0
Message-ID: <OFD1EBEBD5.5B611EB8-ONC12583D1.0023D222-C12583D1.0024CF9E@ptb.de>
From: kristof.teichel@ptb.de
Date: Wed, 03 Apr 2019 08:42:23 +0200
Content-Type: multipart/alternative; boundary="=_alternative 0024CF9CC12583D1_="
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/evRfEBZyCyj9SnL5GCsm0nKyw7M>
Subject: Re: [Ntp] Roughtime and Delay Attacks
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Apr 2019 06:42:19 -0000
Hey Tony and everyone, I believe this idea sadly cannot work, due to the difference contexts of how Chronos resists delay attacks versus how delay attacks potentially affect the workings of Roughtime. Chronos mitigates delay attacks (and, actually, all kinds of attacks or malfeasance) by evaluating time signals from many sources and using this large collection of data to make smart estimations about the true time. Roughtime deliberately looks at the associations to single server and tries to judge whether (and potentially prove that) each single given server is showing signs of malfeasance. Their aims and scopes are so different (looking at the whole system to find the best estimation for a global truth versusbasically performing audits of singular parts of said system) - I just don't see how to combine or borrow techniques in the way you suggest. Best regards, Kristof Von: "Tony Finch" <dot@dotat.at> An: kristof.teichel@ptb.de Kopie: "Tal Mizrahi" <tal.mizrahi.phd@gmail.com>, ntp@ietf.org, "Aanchal Malhotra" <aanchal4@bu.edu>, "Watson Ladd" <watsonbladd@gmail.com> Datum: 02.04.2019 17:52 Betreff: Re: [Ntp] Roughtime and Delay Attacks kristof.teichel@ptb.de <kristof.teichel@ptb.de> wrote: > - Roughtime (AFAIK) still needs to include some considerations of RTT in > its analysis somehow (see below). Maybe roughtime clients should use the Chronos clock selection algorithm, because it is supposed to be resistant to delay attacks. https://tools.ietf.org/html/draft-schiff-ntp-chronos-02 Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ North Foreland to Selsey Bill: Westerly or southwesterly 5 or 6, becoming variable 3 or 4. Slight, occasionally moderate at first. Rain or showers, occasionally thundery. Good, occasionally moderate.
- [Ntp] Roughtime and Delay Attacks Tal Mizrahi
- Re: [Ntp] Roughtime and Delay Attacks kristof.teichel
- Re: [Ntp] Roughtime and Delay Attacks Tal Mizrahi
- Re: [Ntp] Roughtime and Delay Attacks Tony Finch
- Re: [Ntp] Roughtime and Delay Attacks kristof.teichel
- Re: [Ntp] Roughtime and Delay Attacks Hal Murray
- Re: [Ntp] Roughtime and Delay Attacks kristof.teichel
- Re: [Ntp] Roughtime and Delay Attacks Stewart Bryant
- Re: [Ntp] Roughtime and Delay Attacks Watson Ladd
- Re: [Ntp] Roughtime and Delay Attacks Greg.Dowd
- Re: [Ntp] Roughtime and Delay Attacks Joachim Fabini
- Re: [Ntp] Roughtime and Delay Attacks Stewart Bryant