Re: [Ntp] Antwort: Re: A simpler way to secure PTP

Joachim Fabini <Joachim.Fabini@tuwien.ac.at> Tue, 11 May 2021 08:42 UTC

Return-Path: <joachim.fabini@tuwien.ac.at>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86E7A3A08F9 for <ntp@ietfa.amsl.com>; Tue, 11 May 2021 01:42:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z0VeiDdCUp04 for <ntp@ietfa.amsl.com>; Tue, 11 May 2021 01:42:17 -0700 (PDT)
Received: from secgw1.intern.tuwien.ac.at (secgw1.intern.tuwien.ac.at [IPv6:2001:629:1005:30::71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A19AD3A08ED for <ntp@ietf.org>; Tue, 11 May 2021 01:42:17 -0700 (PDT)
Received: from totemomail (localhost [127.0.0.1]) by secgw1.intern.tuwien.ac.at (8.14.7/8.14.7) with ESMTP id 14B8gCvj020198; Tue, 11 May 2021 10:42:12 +0200
Received: from localhost ([127.0.0.1]) by totemomail (Totemo SMTP Server) with SMTP ID 791; Tue, 11 May 2021 10:42:11 +0200 (CEST)
Received: from edge13b.intern.tuwien.ac.at (edge13b.intern.tuwien.ac.at [IPv6:2001:629:1005:30::67]) by secgw1.intern.tuwien.ac.at (8.14.7/8.14.7) with ESMTP id 14B8gBw8020182 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=FAIL); Tue, 11 May 2021 10:42:11 +0200
Received: from mbx13c.intern.tuwien.ac.at (2001:629:1005:30::63) by edge13b.intern.tuwien.ac.at (2001:629:1005:30::67) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 11 May 2021 10:42:11 +0200
Received: from [IPv6:2001:871:222:b6a0:16ca:c15f:152a:b35d] (2001:871:222:b6a0:16ca:c15f:152a:b35d) by mbx13c.intern.tuwien.ac.at (2001:629:1005:30::63) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 11 May 2021 10:42:10 +0200
To: Heiko Gerstung <heiko.gerstung=40meinberg.de@dmarc.ietf.org>, "kristof.teichel@ptb.de" <kristof.teichel@ptb.de>, Doug Arnold <doug.arnold=40meinberg-usa.com@dmarc.ietf.org>
CC: Miroslav Lichvar <mlichvar@redhat.com>, NTP WG <ntp@ietf.org>, "Daniel Franke" <dfoxfranke@gmail.com>
References: <AM7PR02MB576597311CBC1EC81F961FB4CF549@AM7PR02MB5765.eurprd02.prod.outlook.com> <CAJm83bCpio5WwigY6nc9Y0Gt_XSdjUV=sHUz04dOQ0zELPwZxw@mail.gmail.com> <YJkrFjnRPJJHz9da@localhost> <AM7PR02MB57657C935D0E94D223B1D703CF549@AM7PR02MB5765.eurprd02.prod.outlook.com> <CAJm83bCRMJr4V59m97CUtOnF8Dbsg=pGPTD=n359imxUByJhVg@mail.gmail.com> <OFED5B2865.344FE7AB-ONC12586D1.005DE2E1-C12586D1.005DE2E2@ptb.de> <3b5d7881-2cbb-02f4-30d4-4b9627a6a18b@tuwien.ac.at> <4D727CE5-1D4A-47AA-8FE6-69847C3CBA7B@meinberg.de>
From: Joachim Fabini <Joachim.Fabini@tuwien.ac.at>
Message-ID: <9396cb61-4796-7395-0888-b7f2eb855c08@tuwien.ac.at>
Date: Tue, 11 May 2021 10:42:10 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1
MIME-Version: 1.0
In-Reply-To: <4D727CE5-1D4A-47AA-8FE6-69847C3CBA7B@meinberg.de>
Content-Type: text/plain; charset="utf-8"; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-ClientProxiedBy: mbx13a.intern.tuwien.ac.at (2001:629:1005:30::61) To mbx13c.intern.tuwien.ac.at (2001:629:1005:30::63)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/oKbrrO0J3x5VywXIzw7cQEYrJ6g>
Subject: Re: [Ntp] Antwort: Re: A simpler way to secure PTP
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 May 2021 08:42:23 -0000

Heiko,

the focus of the thesis was on improving secure multicast communication 
performance (or finding alternatives).
However, chapter 10 of the thesis focuses on the unicast case, including 
a successful attack on a commercially available system (NTP two-way time 
sync "protected" by an IPsec tunnel over public Internet) that exploits 
this property. This was a helpful "lessons learned" session.

regards Joachim

On 5/11/21 10:14 AM, Heiko Gerstung wrote:
> Joachim,
> 
> thanks for the provided document references. Both are focusing on multicast operation of NTP and PTP, is that correct? At least that is what I understood from the introduction paragraphs of both papers.
> 
> Regards,
>    Heiko
> 
> 
> 
> _______________________________________________
> ntp mailing list
> ntp@ietf.org
> https://www.ietf.org/mailman/listinfo/ntp
> 

-- 
---------------------------------------
Dr. Joachim Fabini
Senior Scientist
Institute of Telecommunications
TU Wien
Gusshausstrasse 25/E389
A-1040 Vienna, Austria
Tel: +43 1 58801-38813
mailto: Joachim.Fabini@tuwien.ac.at
---------------------------------------