PTPsec: Securing the Precision Time Protocol Against Time Delay Attacks Using Cyclic Path Asymmetry Analysis

Andreas Finkenzeller,Oliver Butowski,Emanuel Regnath,Mohammad Hamad,Sebastian Steinhorst
2024-02-07
Abstract:High-precision time synchronization is a vital prerequisite for many modern applications and technologies, including Smart Grids, Time-Sensitive Networking (TSN), and 5G networks. Although the Precision Time Protocol (PTP) can accomplish this requirement in trusted environments, it becomes unreliable in the presence of specific cyber attacks. Mainly, time delay attacks pose the highest threat to the protocol, enabling attackers to diverge targeted clocks undetected. With the increasing danger of cyber attacks, especially against critical infrastructure, there is a great demand for effective countermeasures to secure both time synchronization and the applications that depend on it. However, current solutions are not sufficiently capable of mitigating sophisticated delay attacks. For example, they lack proper integration into the PTP protocol, scalability, or sound evaluation with the required microsecond-level accuracy. This work proposes an approach to detect and counteract delay attacks against PTP based on cyclic path asymmetry measurements over redundant paths. For that, we provide a method to find redundant paths in arbitrary networks and show how this redundancy can be exploited to reveal and mitigate undesirable asymmetries on the synchronization path that cause the malicious clock divergence. Furthermore, we propose PTPsec, a secure PTP protocol and its implementation based on the latest IEEE 1588-2019 standard. With PTPsec, we advance the conventional PTP to support reliable delay attack detection and mitigation. We validate our approach on a hardware testbed, which includes an attacker capable of performing static and incremental delay attacks at a microsecond precision. Our experimental results show that all attack scenarios can be reliably detected and mitigated with minimal detection time.
Cryptography and Security,Networking and Internet Architecture
What problem does this paper attempt to address?
The problem that this paper attempts to solve is: **How to effectively detect and mitigate time - delay attacks in the Precision Time Protocol (PTP)**. ### Background and Problem Description High - precision time synchronization is crucial for many modern applications and technologies, such as smart grids, Time - Sensitive Networking (TSN), and 5G networks. Although the PTP protocol can meet this requirement in a trusted environment, it becomes unreliable in the face of specific network attacks. In particular, time - delay attacks pose the greatest threat to the protocol, enabling attackers to deviate the target clock undetected. With the increase in cybersecurity threats, especially attacks against critical infrastructures, there is an urgent need for effective countermeasures to protect time synchronization and the applications that depend on it. However, existing solutions are insufficient in dealing with complex time - delay attacks, such as the lack of proper integration with the PTP protocol, scalability, or evaluation of micro - second - level precision. ### Main Contributions of the Paper 1. **Round - Trip Time (RTT) Measurement Analysis**: The paper analyzes the effectiveness of round - trip RTT measurements in identifying network path asymmetries and presents its theoretical model for detecting time - delay attacks in any network. 2. **Proposal of the PTPsec Protocol**: Based on the latest IEEE 1588 - 2019 standard, the paper proposes the PTPsec protocol and its implementation, aiming to support reliable detection and mitigation of time - delay attacks. 3. **Experimental Verification**: The paper verifies the implementation of PTPsec on a hardware test platform, which includes an attacker capable of performing static and incremental delay attacks with micro - second precision. The experimental results show that all attack scenarios can be reliably detected and mitigated, with the shortest detection time. ### Key Technical Methods - **Path Asymmetry Analysis**: By introducing dedicated measurement packets (Meas messages), the paper enables round - trip RTT measurements, thereby being able to detect and mitigate malicious clock deviations caused by path asymmetries. - **Redundant Path Utilization**: The paper provides a method for finding redundant paths in any network and shows how to use these redundant paths to reveal and mitigate adverse asymmetries on the synchronization path. - **Message Flow Design**: The PTPsec protocol ensures that any malicious delay will simultaneously affect the synchronization and detection mechanisms by integrating the RTT measurements of key event messages (Sync and Delay_Req) in the PTP synchronization process, preventing attackers from bypassing protection measures. ### Experimental Results The paper conducts experimental verification on a hardware test platform, and the results show that the PTPsec protocol can effectively detect and mitigate various time - delay attacks with the minimum detection time. ### Conclusion The PTPsec protocol provides an effective solution through round - trip RTT measurements and path asymmetry analysis, protecting the PTP protocol from the influence of time - delay attacks and ensuring the security of high - precision time synchronization.