Re: [TICTOC] [ntpwg] security ID submitted for review

["David L. Mills" <mills@udel.edu>]

dieter.sibold@ptb.de wrote:

> Dieter,

There are several minor points I might mention.  First the easy ones.  
You mentioned TESLA , which sound very much like the existing Autokey in 
broadcast mode.  Actually, the Autokey scheme was stolen from S-KEY of 
many years ago.   I still think this should all be replaced by a 
signature using the server public key. This is complicated in the case 
of multiple broadcast servers implemented in the same system.  In these 
cases,  the network delay calibration might be different, as is the case 
in the current NTP implementation. In order to support this requirement, 
the extension field for the broadcast message needs to include the 
process ID for the broadcast association.  The process ID is used for 
the particular security protocol in the delay calculation.  Other means 
might be devised in the new protocol to perform this function.

For client/server and symmetric modes, I suggest the following design 
candidate.  This would be appropriate for national time servers operated 
by NIST , USNO and NRC.  A certain number of these servers currently 
support symmetric key verification, where each key is chosen for each 
subscriber upon payment of a fee.  For instance, NIST has over 25 
million clients of their public servers, and where probably several 
million use the bolder complex with no cryptographic support.  One 
machine includes support for symmetric key cryptography, so probably 
several hundred different keys could be supported. 

Symmetric key cryptography becomes unwieldy when the number of customer 
clients much exceeds this number.  An alternative design using public 
key cryptography might be more appropriate.  This design would use 
Diffy-Hellman key agreement.  The client would send the public value to 
the server signed by the client public key.  The server would respond 
with its public value signed by the server public key.  The agreed key 
for both the client and server would be split in two portions, the 
32-bit key identifier and a 160-bit symmetric key.  Both the client and 
the server would save the values in the same data structure used for 
static symmetric keys.  Subsequently, operation would continue as in 
ordinary static symmetric keys. 

The devil is in the details.  The server needs a table with entries 
corresponding to the client IP address and certificate. This is what the 
subscriber pays for.  Additional provisions are necessary to time out 
old keys and regenerate accordingly. 

This scheme avoids the use of extension fields in all cases except when 
a new agreement is negotiated.  A question remains on whether the 
sgreement messages are to be authenticated by other than the agreed key 
itself.  My suggestion is simply to avoid this step on condition that 
the NTP header time values are ignored. 

My experience over 17 years operating experiment configurations on up to 
17 different machines running various combinations of unsecured 
symmetric and public key combinations suggests that the supporting 
infrastructure is of serious concern.  For one thing, certificate 
lifetimes are meaningless until the correct time has been verified.  
There is no a-priori assumption about the certificate lifetimes other 
than a continuous trail, possibly spanning several intermediate 
servers,   Consider the effect of replacing a public/private key when a 
server fails and is replaced.  Consider what happens when an 
intermediate server rolls a new certificate which interupts  the trail 
continuity.  Remember, a typical NTP client runs multiple servers, each 
of which might have a different trail to the same server or servers.  A 
large crop of obscure interworking issues have been found and corrented 
over the years.  I suspect similar issues and corrections will be found 
in PTP applications.

The particular set of rules and constraints described in previous 
reports and RFC 5906 were constructed with great care.  They established 
the security model and partial-order precidents relations considered at 
a meeting of computer science theorists and myself at the Dagstuhl 
(Germany) meeting in 1996.   The rules require that all security changes 
conform to Lamport's "happens before" relation.  The filestamps and 
timestamps described in RFC 5906 conform to these rules.  Unfortunately, 
to my knowledge, current applications do not necessarily conform to 
these rules.  It may be a lost cause to incorporate these rules in new 
NTP or PTP protocols and applications.

I hope these comments are useful in the evolution of NTP and PTP 
security protocols.

Dave


> Hello Dave and Kurt,
>
> thanks for your comments:
>
> As Kurt already pointed out. Currently the ID specifies only the 
> design of the security protocol. We believe that we need to be clear 
> about the design questions before specifying the technical details.
>
> The private key of the client is not needed for the MAC. Instead the 
> calculation of the MAC includes the cookie and the whole NTP packet 
> (i.e. the extension fields also). The cookie is calculated from the 
> server seed and the client's public key, which the client attaches to 
> each time request (which requires a new extension field as pointed out 
> in the draft). During cookie exchange the server encrypts the cookie 
> with the client's public key before transmission. An adversary is 
> therefore not able to abuse a cookie which he requests in behalf of 
> the client.
>
> As Kurt pointed out the certificate exchange works as in a standard 
> PKI. I emphasize that this is different to autokey. In autokey the 
> chain of trust and time are equal whereas in this ID chain of trust 
> and time might be disjunct.
>
> Regarding the broadcast mode. I agree with Dave that the use of TESLA 
> for the broadcast mode adds additional complexity.  It also has the 
> disadvantage that the authenticity of a packet can only be verified in 
> retrospect. But I don't see security vulnerabilities. Dave's 
> suggestion to use a combination of interleave mode with asymmetric 
> cryptography is interesting. We should consider this. The argument 
> that asymmetric cryptography might be feasible because of modern power 
> of CPUs is okay for traditional computer systems but I'm not sure 
> whether this assumption also applies for small devices with 
> constrained resources.
>
> Regards
> Dieter
>
>
> ----------------------------------
> Physikalisch-Technische Bundesanstalt
> Dr. Dieter Sibold
> Q.42 - Serversysteme und Datenhaltung
> QM-Verantwortlicher der Stelle IT-Infrastruktur
> Bundesallee 100
> D-38116 Braunschweig
> Tel: +49-531-592-84 20
> E-Mail: dieter.sibold@ptb.de
>
>
>
> Von:        Kurt Roeckx <kurt@roeckx.be>
> An:        "David L. Mills" <mills@udel.edu>
> Kopie:        NTP Working Group <ntpwg@lists.ntp.org>, 
> "tictoc@ietf.org" <tictoc@ietf.org>
> Datum:        03.08.2013 20:04
> Betreff:        Re: [ntpwg] security ID submitted for review
> Gesendet von:        ntpwg-bounces+dieter.sibold=ptb.de@lists.ntp.org
> ------------------------------------------------------------------------
>
>
>
> On Thu, Aug 01, 2013 at 08:42:08PM +0000, David L. Mills wrote:
> > Guys,
> >
> > Here are some general comments on the ID.  I apologize if they are a
> > little rough as I have to dictate this message instead of my usual
> > polished wordsmithing.
> >
> > format.
> > The ID does not specify an extension field format.
>
> The draft only seems to specify the the general idea of how it
> should work and doesn't seem to go into detail how this should
> work at the protocol level.  I assume he first wants to know if
> the solution is something that can work and that others see
> as a good solution before he works out the details.
>
> > In particular, the private key for the message
> > authentication code (MAC) , if used, must be known beforehand.  This
> > is where the "cookie snatcher" issue comes up as described in
> > previous messages.  In particular, an important constraint for
> > normal operation is that extension fields are not used unless
> > required for cookie determination.
>
> I'm not sure I understand your remark.  As far as I know the
> "cookie snatcher" you talk about is the normal "man in the middle"
> attack.  As I understand we would change the verification by
> replacing it by the normal X.509 verification as done for instance
> SSL/TLS.
>
> I assume you meant public key and note private key.
>
> > Glaring vulnerability exists when using extension fields, as the key
> > value is public and must be known in advance.  This invites a
> > cut-and-paste attack, as well as header changes, even if
> > subsequently detected by the on-wire protocol.
>
> I've seen this cut-and-paste attack mentioned before, but I've
> never really understood it.  As I understand things, the MAC
> is generated over the NTP + extensions.  I don't see how you
> can take the extension from 1 packet into an other and still
> have a valid MAC.  Or are you saying that you do something
> with a packet even when it doesn't have a valid MAC?
>
> > certificate.
> > Both RFC 5906 and the ID require the server certificate.  The server
> > certificate can be conveyed, either off-line, or directly or
> > indirectly via a certificate trail as described in RFC 5906 or the
> > ID.  If obtained via the trail, there is a hazzard due to a
> > middle-man attack and masquerade.
>
> I really don't understand how such a man in the middle attack
> can work.  Either the certificate + the chain validate, or they
> don't.  It is of course important to you check that the CommonName
> in the certificate matches the server you're trying to reach,
> and that the root CA is in your list of trusted CAs.  But there
> really isn't anything new or hard about this.
>
> > In broadcast mode, the protocols described in RFC 5906 and the ID
> > are messy and with several possible vulnerabilities.  Here is a
> > suggestion that might be useful.  Define a new broadcast packet
> > format as the NTP header followed by one extension field
> > representing the MAC.  The extension field represents the signature
> > of the header computed using the private key of the server and can
> > be verified by the client using the public key in the server
> > certificate.  Originally, this was considered an unacceptable
> > dilution of accuracy due to the variability of the signature
> > computing time and the length of the signature.  However, at least
> > in modern NTP, the interleaved broadcast mode can be used to correct
> > for this overhead.  This assumes that the overhead for either the
> > server or client is reduced using fast modern processors.
>
> I think that in all cases where it's no problem to keep track of
> all clients you should use the interleaved mode, and we can use
> something like the Diffie-Hellman key agreement for those.
>
> But there clearly is also a need for servers that can't keep
> the state of each client, and we need something else for that.
> So maybe we need to define 2 ways of working.
>
>
>
> Kurt
>
> _______________________________________________
> ntpwg mailing list
> ntpwg@lists.ntp.org
> http://lists.ntp.org/listinfo/ntpwg
>