Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG adoption

Doug Arnold <doug.arnold@meinberg-usa.com> Wed, 02 June 2021 00:15 UTC

Return-Path: <doug.arnold@meinberg-usa.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A2123A2CD2 for <ntp@ietfa.amsl.com>; Tue, 1 Jun 2021 17:15:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=meinbergfunkuhren.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4k1J_m9D0daw for <ntp@ietfa.amsl.com>; Tue, 1 Jun 2021 17:15:16 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2056.outbound.protection.outlook.com [40.107.20.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52A763A2CCC for <ntp@ietf.org>; Tue, 1 Jun 2021 17:15:15 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=I2nvsXX7ZyjNiDw7qQRpIgxOhP/16ck41JTZMuFbLjkHD4vGkz0enCHR+CfSuVoxIqyx4ZX3wq4j6UkmUPrSLV9RcxCN2O+ibOqtwIm1vKP/w8YH32vi5+qzV10pDpGMrYcfNXpvTSLX+33q6n8NoDjNOac3Sc9P2iHPz/+tMlZ+7IVIkkauiRODIFap4SVxNP3nAC0ZQPzoh0uxlhUd6PKhO7KtH0Q4sIEksi7R8/R66tEHJDjgZn3R3nquPA/0KWIC/RlAjtMNdIUdBHqZBCcQDlLeW/FpP2L06HNVg7A9aKahahOSGblTBr4HwFAOGNXUJto7YcMIcO6lUP9Mgw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+Y+cQIrFBFXWjkhfjCAtgqsqgXHysYD80o+IwnhhLAo=; b=cggq7CfdlMDS37gzBBHY3nCMvGr5v61JWVPUrkAVMqgqm+7QIBkI3GHco3mRsho2Y5wR92pzYf9QcKHMaMEjP4IOB2DSh4AHd0TC/DsEZxrbxR+uqB/8fw7YI7XLO1BagPWJUKzgEVTyUpps6TMQJptjjEoa78XBmvO86KDrSYrEZJsxz69WMvf4hG1fJAhb4RPZWaKLfbPGNLb4JBG2/GmOXZI/Hnemzlapm8CXjT+JNzFeZ8kNuPT4ZEHOzsqwUT6eTTdYs3Ux1MliRqbc2Z3lc4gpkBnvazoJbpKPp/L1e26cD1F7RQ/aUs4urdccoVx54OgIxo0qYnu+NvuZDg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=meinberg-usa.com; dmarc=pass action=none header.from=meinberg-usa.com; dkim=pass header.d=meinberg-usa.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meinbergfunkuhren.onmicrosoft.com; s=selector1-meinbergfunkuhren-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+Y+cQIrFBFXWjkhfjCAtgqsqgXHysYD80o+IwnhhLAo=; b=kSM3ydMjeErW/I9AKptL/j8nGRtsLUnTrrJ9idqxtwlDhEC/wbtnfXVrNCsgkp7/Crkyil0PDhobPDmUPBgpolofaZ5kIs89tTsBXiXRdDpYaaQRd4JFyzjaBXqJuhPuWFQP0Om9uJQb3x/UpJhHYmhNa4kUX1Na2B1wPGcs+pY=
Received: from AM7PR02MB5765.eurprd02.prod.outlook.com (2603:10a6:20b:102::15) by AM6PR02MB4632.eurprd02.prod.outlook.com (2603:10a6:20b:3b::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.24; Wed, 2 Jun 2021 00:15:13 +0000
Received: from AM7PR02MB5765.eurprd02.prod.outlook.com ([fe80::aca9:7944:745f:78ef]) by AM7PR02MB5765.eurprd02.prod.outlook.com ([fe80::aca9:7944:745f:78ef%6]) with mapi id 15.20.4173.030; Wed, 2 Jun 2021 00:15:12 +0000
From: Doug Arnold <doug.arnold@meinberg-usa.com>
To: Daniel Franke <dfoxfranke@gmail.com>, Heiko Gerstung <heiko.gerstung=40meinberg.de@dmarc.ietf.org>, NTP WG <ntp@ietf.org>
Thread-Topic: [Ntp] NTS4UPTP Rev 03 - Formal request for WG adoption
Thread-Index: AZ2x3tU+ZTljNmQ4N2MwN2VmZGRlN/NAqFsQAUNi050=
Date: Wed, 2 Jun 2021 00:15:12 +0000
Message-ID: <AM7PR02MB57657BD65E85DC1E8F679EFDCF3E9@AM7PR02MB5765.eurprd02.prod.outlook.com>
References: <7F9B8D13-BC90-4E15-9BDF-81714DF0F0C6@meinberg.de> <CAJm83bD1yGjtCkSkCQbXKznyPDZC6-bXigsm_BFiprNXkEY49Q@mail.gmail.com>, <CAJm83bAXZmJX-7tUFefCMWPsn2QHpxsqe_n=HbjwW4YQSvT23A@mail.gmail.com>
In-Reply-To: <CAJm83bAXZmJX-7tUFefCMWPsn2QHpxsqe_n=HbjwW4YQSvT23A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none; gmail.com; dmarc=none action=none header.from=meinberg-usa.com;
x-originating-ip: [64.30.82.72]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: fba93e07-bed0-4612-9c79-08d9255b7da3
x-ms-traffictypediagnostic: AM6PR02MB4632:
x-microsoft-antispam-prvs: <AM6PR02MB4632E65CA3A72650467FA6ECCF3D9@AM6PR02MB4632.eurprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Sil6Hyqdw44KMIl3rihmNuSZLMDh3z9UsFrVfXUyps7jVS1MfMuTe2JbyP4ivI3Waqvgsk6dMGvfDpH/wPHAwaigQ7ie9QcwUjkdfCQ6JUGy3dfoVmIK1Oi/ss3Oed0O+fNOOoYnKYO/4hII3cOMNK0d1gvHo5y/68Qdz2befIyRiLxgKXPxHF/lny5rUPxqTmoR+LdyUYS4zQ77lPEc2+tH0YEK4uZH1COo6n0rVNMygdIxmbEEyE2SmsytxDjDfK4yoBqarSb71Qh7TxjjhVDY5CKAeEQ5n3Uf9tjiOKJfAa0mx4Jf6rNuxBDBouusOItN/Wdg/oiyVXrdfz0P2p92/a2GB/R7rr3wsrliqoNBT+knkbveomF+Ln9gTf/oXDGG0kvRvHwVWMaS6WwnQEIdjiJfschdxe1Rvxd3BawcH3pWVpR1y4LPUY5eYjoDIiqnjeHlvXINdS8O6LIscHfuyLHkw0ODleyZhTPZD/ydY7saY4na2kE7NjB8YikYelP+DLPUfvB4EUMGgPxFJXHPj+A+G8byedQLJD8yaAseTugm2MB2stwkQUeUaztVnSWsGj3RjZVhC8agrodXcm/PZRS3X8UuBYfoPzSp6kBlF5vSarupV8imEOOAu+YCNCa6mZpqInx+zao7L71trztZViGBQLOdh00TlewJCSHmm1TEF0oMI4F+HkpsbcWTgHlTF9AmSBSgyjzB5E6/Iwz/4f2E06s3Fe41hXVY20LW4CO3/aCHnwvRVSlHiDM+yh4d/SArxCB2eO44P1w6vQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM7PR02MB5765.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(376002)(346002)(136003)(366004)(39830400003)(396003)(5660300002)(316002)(966005)(55016002)(33656002)(66476007)(6506007)(71200400001)(26005)(66556008)(122000001)(66946007)(64756008)(53546011)(166002)(66446008)(9686003)(8936002)(478600001)(38100700002)(52536014)(66574015)(76116006)(8676002)(44832011)(83380400001)(186003)(2906002)(7696005)(86362001)(110136005)(45080400002)(91956017)(32563001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?Windows-1252?Q?2mec8VkrLLZKzNdfWWAfd1TToou7l6zmGJo1OTLyNMQD7/T3oocpYmgF?= =?Windows-1252?Q?aS0IeT3mSHkcfGzr6qw+a39qgREsHXJ6koIj+hX5kn4bJGtVJC3xLl9S?= =?Windows-1252?Q?KKaFynO15igp0rMkuL+Gefn65M3RbMy7B2kIAX08uX6ZK2Lq1wuuGkmn?= =?Windows-1252?Q?Ol2GkDjik8GfV/2FkJ4Tb8l/4SAwpk0JlhEhhenPVXIZmQ9xxjEB9Yj/?= =?Windows-1252?Q?A9x5lo/k+PQXE7Qd7aNei/tZXG+zcfwoEJTYCX3VAiYtGHAeX4d85JrD?= =?Windows-1252?Q?8WxJ2kFWCYYDoep3HMX8RrwbFsoAeRFhnyDMb4/BuBS/mQ7OKuCpirzx?= =?Windows-1252?Q?5xCCy/eOQcmUtKhHGTvoG4yCKpL4jHZTz4vbxY6Y3Ep45O5xityXbTES?= =?Windows-1252?Q?Frq+ODUclJQyJ9yVJeaC9sh6qI07Q03C5ydVeTpcxF6ne6ZAQTkCot7H?= =?Windows-1252?Q?m7+/KGPK1WBK+pojeXbU7V4o84Xc+Y+TpcrNjE2Rj+FnBavV2SV53B4V?= =?Windows-1252?Q?ZzaU4uNIYHR9GU2QTauC6ZodmtPAJwTtdFj1RkjRZKxybdmL2d7zlKQ3?= =?Windows-1252?Q?zQuQKbZNAHgWwcdwEsBaaNwV1Fl6EyzDzTN3b+v5NWp9UIf3zDcrlHTe?= =?Windows-1252?Q?SdkxEHusgOQ4ol6LhEczwYb7b3Lhs/6K2ZNQhLKVB3EECZK3mk4GECIR?= =?Windows-1252?Q?WzVRdCnVVRA9GtqYSxxKbBjkpOeVYJdOdfcAqQGBhBFh/q4ROSOhbqas?= =?Windows-1252?Q?9DJwGvFCyQw23OzFR4a1pS5pIU8DEiSsGT/yU94cL+p7k5o5t55l2BnL?= =?Windows-1252?Q?7TFA7PCjfIPX/HHGpwfHD9Z8hcMiSlA34FmVP/sk/rpM3U/BmpXtAg3B?= =?Windows-1252?Q?QS3OR8z6b+z+xsEFcEP24CET5TrK3cSvoP3dkfOobVX4N9ZEUD26EyJw?= =?Windows-1252?Q?rc0MmV3Lqa+Aut6G7cZNEqPISMSS+yOs8aWq87oRWIbfHc2xXYfLl4w1?= =?Windows-1252?Q?wYwQ5SYUO9SUNnRTODURbB2RCPoYj3j2Nc1MKYQD1SZCUfGGgvfofofJ?= =?Windows-1252?Q?0UUC4YUQ/gtGxNMMRN6bZyQZlbamL3PZcsC47Rtm6X5SwHm2YJV34qsM?= =?Windows-1252?Q?N+bU0CTBKQKOjbsOG8/w9IFndbY82ynsam1tNcjD3M4/jcS7Qey8sevT?= =?Windows-1252?Q?8uEmMpdQB9l412io4j5eT8a0shCl/8CP4O52c8CUy2OAJR0z5ZRaQ3uJ?= =?Windows-1252?Q?mBlzpCGgSai0czTi0BT9oKRko92y42/mLPQbN4YnerybJJRcklKrlnW0?= =?Windows-1252?Q?UqE43IAjikeopSnS+ATsuHdO9+9g2m1WMuJubuPTQ5df8PfsMdz9u6z1?= =?Windows-1252?Q?/ZPVEqFIq84iL2XTq0cFZGe08cd/xPdwsiqqlUFf2dLe26YawmhKOsy6?= =?Windows-1252?Q?cZK+gl35PkUNI9jSqWF1+Q=3D=3D?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_AM7PR02MB57657BD65E85DC1E8F679EFDCF3E9AM7PR02MB5765eurp_"
MIME-Version: 1.0
X-OriginatorOrg: meinberg-usa.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM7PR02MB5765.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fba93e07-bed0-4612-9c79-08d9255b7da3
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Jun 2021 00:15:12.9174 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d59904cd-769f-4368-8bd0-f5f435893a38
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 1AWo81IuZk4ehWZ2NryfXisE4lEt1aJHjPeD7JqStA3ouAdQHlcRCYtiTXyUj5an0T75Lqc6FEXyDFiUZ49v4uTFH0agp3W9LWfIdFim+gI=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR02MB4632
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/v8fMv4gbjM5rxgLzvogJ8KNZEsI>
Subject: Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG adoption
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Jun 2021 00:15:23 -0000

Regarding delay attacks and PTP.

First, in most applications that include PTP, for example power substations, if a malicious agent takes over a switch or router in the network, then there might be 10 things they could do that are worse than manipulating the time.

That being said, PTP needs to have resistance to delay attacks, which won’t likely come from cryptography.  Approaches that are used or are being discussed are:

  *   Multiple PTP domains, and a voting algorithm.  In this case the PTP domains need to  have different network paths. An equivalent approach is measuring PTP clients using a reverse PTP mechanism through a different path than the time transfer path.
  *   Heuristic checks on incoming time compared to the stability of the local oscillator.  No sudden jumps, or ramps that are faster than the local oscillator drift rate.  This works best if the local oscillator is very stable or if physical layer syntonization is used.
  *   GNSS capable probes in the network to spot check the PTP accuracy, and report issues.
  *   Other means of verifying the time at the clients outside of PTP

What cryptography can do for PTP is prevent attacks by entities that have not taken over a switch or router, but have gained access to the network, such as impersonating a PTP server.

PTP is

From: ntp <ntp-bounces@ietf.org> on behalf of Daniel Franke <dfoxfranke@gmail.com>
Date: Wednesday, May 26, 2021 at 9:28 AM
To: Heiko Gerstung <heiko.gerstung=40meinberg.de@dmarc.ietf.org>rg>, NTP WG <ntp@ietf.org>
Subject: Re: [Ntp] NTS4UPTP Rev 03 - Formal request for WG adoption
(Resending to reply to the list)

I finally gave this draft a close read this morning. I have to oppose
adoption, on the grounds that it doesn't appear to achieve any of
NTS's goals.

It clearly doesn't attempt to achieve server statelessness. It doesn't
achieve client unlinkability either, since only one cookie is provided
and there's no mechanism for refreshing it without a new NTS-KE. The
case possibly could be made (but hasn't been) that these goals aren't
as important for PTP as they are for NTP, but after this I would still
object that calling a protocol "NTS" when it doesn't provide these
things is bad marketing for NTS4NTP.

The killer, though, is that the protocol fails to provide time
authentication to within any reasonable error bounds. The only secure
time exchange is the one that happens in phase 2 during the
DELAY_REQ/DELAY_RESP exchange. Transmissions during phase 3 are
vulnerable to delay attacks. Checking sequence numbers is not
sufficient mitigation against these. A MitM could forward packet N
when (and only when) the server sends packet 2N. All sequence number
checks would pass, but absent any other sanity checks the client's
clock would be slowed by a factor of two.

The NTS TLV is missing any field that corresponds to the Unique
Identifier EF from NTS4NTP. Without this, an attacker can drop or
reorder the server's messages and confuse the client as to what
request a response corresponds to. This is easy to fix, but absent a
fix, clients would have to mitigate this by making sure they only ever
have one request in flight at a time. Failure to promptly obtain a
response to any time-sensitive request such as DELAY_REQ would require
rerunning NTS-KE. Non-time-sensitive requests could simply be
retransmitted.

To salvage the security of this protocol, you could first fix the
Unique Identifier issue and then have the client send DELAY_REQ
messages at NTP-like intervals, rather than just once per handshake,
in order to regularly reëstablish tight error bounds that can be used
to sanity-check the phase 3 packets. This would achieve time security
about equal to what you get from the NTP/PTP hybrid I proposed last
month, but without privacy, without server statelessness, and with an
added requirement for support from the server rather than being able
to unilaterally implement it on the client side.

On Wed, May 26, 2021 at 4:31 AM Heiko Gerstung <heiko.gerstung=40meinberg.de@dmarc.ietf.org<mailto:40meinberg.de@dmarc.ietf.org>> wrote:
Dear fellow NTP working group members,

I just submitted the latest revision of our NTS for Unicast PTP draft (-02) which you can find here:
https://datatracker.ietf.org/doc/draft-gerstung-nts4uptp/


Based on our experience of more than 20 years (NTP) and 15 years of PTP based network time synchronization for quite a large number of different applications and industries, we believe that the proposed draft will increase the number of potential use cases for unicast PTP by adding serious and sound security mechanisms to this protocol. It will enable users in a large variety of areas to transport highly accurate and reliable time over wide area networks and hard to protect large-scale private networks.

Unicast PTP is a protocol that has been designed to be used in protected network environments and requires additional protection to allow using it in other types networks, i.e. the Internet or wide-area-networks where it is impossible to ensure that no malicious actor with access to the network can carry out various attacks. The proposed draft offers protection against most of the possible attacks.

The authors acknowledge that other variants of PTP, namely the multicast and hybrid (i.e. unicast and multicast) forms, need to be protected as well. However, those forms are rarely used over wide area networks and are much more common in local area networks and protected network environments. Securing multicast and hybrid PTP requires a more complex solution and our expectation is that the proposed standard for securing unicast PTP will be completed faster due to the fact that we built it on the work that already went into RFC8915. The similarities in the key exchange phase of the protocol also offer an efficient way to implement combined NTS4NTP and NTS4UPTP key exchange service daemons and therefore helps to simplify deploying secure time synchronization solutions that support NTP, PTP or both in parallel.

I therefore would like to formally request adoption of this draft by this working group and kindly ask you to review the draft, and send your questions, comments and general feedback to the WG and/or one of the authors of this draft.

Thank you and best regards,
  Heiko



--
Heiko Gerstung
Managing Director

MEINBERG® Funkuhren GmbH & Co. KG
Lange Wand 9
D-31812 Bad Pyrmont, Germany
Phone: +49 (0)5281 9309-404
Fax: +49 (0)5281 9309-9404

Amtsgericht Hannover 17HRA 100322
Geschäftsführer/Management: Günter Meinberg, Werner Meinberg, Andre Hartmann, Heiko Gerstung

Email:
heiko.gerstung@meinberg.de<mailto:heiko.gerstung@meinberg.de>
Web:
Deutsch https://www.meinberg.de
English https://www.meinbergglobal.com

Do not miss our Time Synchronization Blog:
https://blog.meinbergglobal.com

Connect via LinkedIn:
https://www.linkedin.com/in/heikogerstung


_______________________________________________
ntp mailing list
ntp@ietf.org<mailto:ntp@ietf.org>
https://www.ietf.org/mailman/listinfo/ntp