Re: [Ntp] Roughtime and Delay Attacks
kristof.teichel@ptb.de Wed, 03 April 2019 08:03 UTC
Return-Path: <kristof.teichel@ptb.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F299120164; Wed, 3 Apr 2019 01:03:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LyjEVAW9tgdD; Wed, 3 Apr 2019 01:03:43 -0700 (PDT)
Received: from mx1.bs.ptb.de (mx1.bs.ptb.de [192.53.103.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B3651201A3; Wed, 3 Apr 2019 01:03:43 -0700 (PDT)
Received: from smtp-hub.bs.ptb.de (smtpint01.bs.ptb.de [141.25.87.32]) by mx1.bs.ptb.de with ESMTP id x3383ecY009692-x3383eca009692 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=CAFAIL); Wed, 3 Apr 2019 10:03:40 +0200
Received: from lotus.bs.ptb.de (lotus.bs.ptb.de [141.25.85.200]) by smtp-hub.bs.ptb.de (Postfix) with ESMTPS id A9FBD7A3A8F; Wed, 3 Apr 2019 10:03:38 +0200 (CEST)
In-Reply-To: <20190403072255.EA16E40605C@ip-64-139-1-69.sjc.megapath.net>
References: <20190403072255.EA16E40605C@ip-64-139-1-69.sjc.megapath.net>
To: Hal Murray <hmurray@megapathdsl.net>
Cc: ntp@ietf.org, ntp <ntp-bounces@ietf.org>
MIME-Version: 1.0
Message-ID: <OF1EB096AA.8F10FC47-ONC12583D1.002B338D-C12583D1.002C46D5@ptb.de>
From: kristof.teichel@ptb.de
Date: Wed, 03 Apr 2019 10:03:56 +0200
Content-Type: multipart/alternative; boundary="=_alternative 002C46D3C12583D1_="
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/w_89ZHpNRwjv1njWvS5z9Qq9moU>
Subject: Re: [Ntp] Roughtime and Delay Attacks
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Apr 2019 08:03:46 -0000
Perhaps I should have been more precise in my description. Roughtime does look at associations with many different servers, and from that tries to find the "outliers" that suggest server malfeasance. Its criterion for ruling "server X is bad" is not discrepancy with the client's local time, but examples where timestamps from one server visibly don't fit into the same timing context with timestamps from a majority of other servers. Specifically, it does not have to rely on local time. But I think all that is pretty far beside the point (the point being that the models of Chronos and Roughtime don't fit together well enough to transfer techniques against delay attacks from Chronos to Roughtime in a helpful way), don't you? Best regards, Kristof Von: "Hal Murray" <hmurray@megapathdsl.net> An: ntp@ietf.org Kopie: "Hal Murray" <hmurray@megapathdsl.net> Datum: 03.04.2019 09:23 Betreff: Re: [Ntp] Roughtime and Delay Attacks Gesendet von: "ntp" <ntp-bounces@ietf.org> kristof.teichel@ptb.de said: > Roughtime deliberately looks at the associations to single server and tries > to judge whether (and potentially prove that) each single given server is > showing signs of malfeasance. You can't do that unless you know your local time is accurate. You probably need to know how accurate. Even if you have something like GPS, you need to be suspicious of it. There have been many firmware bugs, and a 1024 week rollover is coming up this weekend. -- These are my opinions. I hate spam. _______________________________________________ ntp mailing list ntp@ietf.org https://www.ietf.org/mailman/listinfo/ntp
- [Ntp] Roughtime and Delay Attacks Tal Mizrahi
- Re: [Ntp] Roughtime and Delay Attacks kristof.teichel
- Re: [Ntp] Roughtime and Delay Attacks Tal Mizrahi
- Re: [Ntp] Roughtime and Delay Attacks Tony Finch
- Re: [Ntp] Roughtime and Delay Attacks kristof.teichel
- Re: [Ntp] Roughtime and Delay Attacks Hal Murray
- Re: [Ntp] Roughtime and Delay Attacks kristof.teichel
- Re: [Ntp] Roughtime and Delay Attacks Stewart Bryant
- Re: [Ntp] Roughtime and Delay Attacks Watson Ladd
- Re: [Ntp] Roughtime and Delay Attacks Greg.Dowd
- Re: [Ntp] Roughtime and Delay Attacks Joachim Fabini
- Re: [Ntp] Roughtime and Delay Attacks Stewart Bryant