Andreas Finkenzeller,Oliver Butowski,Emanuel Regnath,Mohammad Hamad,Sebastian Steinhorst

2024-02-07

Abstract:High-precision time synchronization is a vital prerequisite for many modern applications and technologies, including Smart Grids, Time-Sensitive Networking (TSN), and 5G networks. Although the Precision Time Protocol (PTP) can accomplish this requirement in trusted environments, it becomes unreliable in the presence of specific cyber attacks. Mainly, time delay attacks pose the highest threat to the protocol, enabling attackers to diverge targeted clocks undetected. With the increasing danger of cyber attacks, especially against critical infrastructure, there is a great demand for effective countermeasures to secure both time synchronization and the applications that depend on it. However, current solutions are not sufficiently capable of mitigating sophisticated delay attacks. For example, they lack proper integration into the PTP protocol, scalability, or sound evaluation with the required microsecond-level accuracy. This work proposes an approach to detect and counteract delay attacks against PTP based on cyclic path asymmetry measurements over redundant paths. For that, we provide a method to find redundant paths in arbitrary networks and show how this redundancy can be exploited to reveal and mitigate undesirable asymmetries on the synchronization path that cause the malicious clock divergence. Furthermore, we propose PTPsec, a secure PTP protocol and its implementation based on the latest IEEE 1588-2019 standard. With PTPsec, we advance the conventional PTP to support reliable delay attack detection and mitigation. We validate our approach on a hardware testbed, which includes an attacker capable of performing static and incremental delay attacks at a microsecond precision. Our experimental results show that all attack scenarios can be reliably detected and mitigated with minimal detection time.

Cryptography and Security,Networking and Internet Architecture

Waleed Alghamdi,Michael Schukat

DOI: https://doi.org/10.3390/s22103671

IF: 3.9

2022-05-12

Sensors

Abstract:The Precision Time Protocol (PTP) as described in IEEE 1588–2019 provides a sophisticated mechanism to achieve microsecond or even sub-microsecond synchronization of computer clocks in a well-designed and managed network, therefore meeting the needs of even the most time-sensitive industrial and financial applications. However, PTP is prone to many security threats that impact on a correct clock synchronization, leading to potentially devastating consequences. Here, the most vicious attacks are internal attacks, where a threat actor has full access to the infrastructure including any cryptographic keys used. This paper builds on existing research on the impact of internal attack strategies on PTP networks. It shows limitations of existing security approaches to tackle internal attacks and proposes a new security approach using a trusted supervisor node (TSN), in line with prong D as specified in IEEE 1588–2019. A TSN collects and analyzes delay and offset outputs of monitored slaves, as well as timestamps embedded in PTP synchronization messages, allowing it to detect abnormal patterns that point to an attack. The paper distinguishes between two types of TSN with different capabilities and proposes two different detection algorithms. Experiments show the ability of the proposed method to detect all internal PTP attacks, while outlining its limitations.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Marthe Kassouf,Rachid Hadjidj,Bassam Moussa,M. Debbabi,C. Assi

DOI: https://doi.org/10.1109/TII.2019.2943913

IF: 12.3

2020-01-01

IEEE Transactions on Industrial Informatics

Abstract:The precision time protocol (PTP) is considered as one of the most favorable mechanisms for providing unified and precise time at the substation level in the smart grid. Nevertheless, PTP was shown to be vulnerable to cyber-attacks targeting its components and synchronization services. In this article, we capitalize on the theory and outcome of our previous work to contribute a more complete solution that addresses PTP cyber security. We propose to close the PTP loop through an extension that introduces new functionality and messages. This extension covers the PTP attack surface and enables the detection of attacks on PTP time synchronization. We formally model and verify the proposed extension using UPPAAL model checker. In addition, we validate the proposed extension using Omnet++ simulation. The evaluation demonstrates that our approach preserves PTP functionality, while successfully detecting cyber attacks against PTP components in a timely manner.

Engineering,Environmental Science,Computer Science

Robert Annessi,Joachim Fabini,Tanja Zseby

DOI: https://doi.org/10.48550/arXiv.1705.10669

2017-05-30

Cryptography and Security

Abstract:Due to the increasing dependency of critical infrastructure on synchronized clocks, network time synchronization protocols have become an attractive target for attackers. We identify data origin authentication as the key security objective and suggest to employ recently proposed high-performance digital signature schemes (Ed25519 and MQQ-SIG)) as foundation of a novel set of security measures to secure multicast time synchronization. We conduct experiments to verify the computational and communication efficiency for using these signatures in the standard time synchronization protocols NTP and PTP. We propose additional security measures to prevent replay attacks and to mitigate delay attacks. Our proposed solutions cover 1-step mode for NTP and PTP and we extend our security measures specifically to 2-step mode (PTP) and show that they have no impact on time synchronization's precision.

Michael Poernomo,H. Ferng,Mingfu Li

DOI: https://doi.org/10.1109/DASC-PICom-CBDCom-CyberSciTech49142.2020.00033

2020-08-01

Abstract:The current enhancements in the Internet of things (IoT) standardize a method to precisely synchronize computers or devices over the network. The precision time protocol (PTP) described in IEEE 1588 meets the necessity for higher accurate time synchronization. For achieving higher accuracy, security and resource issues arise. To tackle these issues, an authentication scheme for the lightweight PTP using the digital signature and polynomials is proposed in this paper. The proposed scheme is evaluated through the SimPy simulator and our simulation results show that our proposed scheme can outperform the closely related schemes in the literature.

Engineering,Computer Science

Robert Annessi,Joachim Fabini,Felix Iglesias,Tanja Zseby

DOI: https://doi.org/10.48550/arXiv.1811.08569

2018-11-21

Cryptography and Security

Abstract:Clock synchronization has become essential to modern societies since many critical infrastructures depend on a precise notion of time. This paper analyzes security aspects of high-precision clock synchronization protocols, particularly their alleged protection against delay attacks when clock synchronization traffic is encrypted using standard network security protocols such as IPsec, MACsec, or TLS. We use the Precision Time Protocol (PTP), the most widely used protocol for high-precision clock synchronization, to demonstrate that statistical traffic analysis can identify properties that support selective message delay attacks even for encrypted traffic. We furthermore identify a fundamental conflict in secure clock synchronization between the need of deterministic traffic to improve precision and the need to obfuscate traffic in order to mitigate delay attacks. A theoretical analysis of clock synchronization protocols isolates the characteristics that make these protocols vulnerable to delay attacks and argues that such attacks cannot be prevented entirely but only be mitigated. Knowledge of the underlying communication network in terms of one-way delays and knowledge on physical constraints of these networks can help to compute guaranteed maximum bounds for slave clock offsets. These bounds are essential for detecting delay attacks and minimizing their impact. In the general case, however, the precision that can be guaranteed in adversarial settings is orders of magnitude lower than required for high-precision clock synchronization in critical infrastructures, which, therefore, must not rely on a precise notion of time when using untrusted networks.

Jiajun Shen,Dongqin Feng

DOI: https://doi.org/10.1109/hpcc.2014.115

2014-01-01

Abstract:With the development of the industrial informatization, the problems of security in field device layer have been gradually exposed, which mainly involves specified industrial communication protocols. Clock synchronization protocol, as one of the most important industrial communication protocols, ensures the real-time performance of industrial control system. Considering that the related researches have not yet formed a mature system, we propose a new method for analyzing the vulnerability of clock synchronization protocol in this article. In this method, SPN(stochastic petri net) is introduced as a modeling tool, while IEEE 1588 PTP clock synchronization protocol is regarded as the research object. An SPN(stochastic petri net) model is strictly built according to the protocol. Then, steady-state probability expressions are obtained by the isomorphic Markov chain. Through changing trigger rate of transitions of several pivotal states which are related to vulnerability, the influences of each parameter has on the model could be quantitatively reflected in the result of simulation in order to analyze vulnerability of clock synchronization protocol by determining the critical factors that affect protocol's vulnerability.

Wei Dong,Xiaojin Liu

DOI: https://doi.org/10.1109/tii.2015.2495147

IF: 12.3

2015-01-01

IEEE Transactions on Industrial Informatics

Abstract:Time synchronization is crucial for cyber-physical systems (CPSs), e.g., wireless sensor and actuator networks. Cyber physical security is an important yet challenging problem. In particular, attacks to the time synchronization service may incur data distortion or even malfunction of the whole system. Sybil attack is one of the most common attack types for sensor networks, where a node illegitimately claims multiple identities. Existing secure time-synchronization protocols; however, cannot well address Sybil attacks in the time synchronization process. We propose a robust and secure time-synchronization protocol (RTSP) to defend against Sybil attacks. Different from previous secure timesync protocols, RTSP employs a novel graph theoretical approach, which is able to perform anomaly detection at the message level instead of the node level. This fine-grained detection ability enables RTSP to become robust against Sybil attacks, as well as node compromise and message manipulation attacks. Extensive experimental results show the effectiveness of our proposed protocol.

XIE Qi,CHEN De-ren,YU Xiu-yuan

IF: 2.034

2010-01-01

Systems Engineering

Abstract:In 2009, Park, et al. proposed an efficient remote user authentication protocol. They claimed that their protocol was the first password and smart card based remote user authentication scheme which can resist the off-line password guessing attack, and had many advantages over existing solutions such as no password tables and timestamp, low communication and computational costs. However, this paper shows that their protocol cannot resist the forgery attack and off-line password guessing attack. To overcome the security weaknesses, two improved schemes based on either nonce or timestamp without affecting the merits of the Park, et al. scheme are proposed. Technical discussions are provided to show that the improved protocol is secure, efficient and practical.

Yarin Perry,Neta Rozen Schiff,Michael Schapira

DOI: https://doi.org/10.14722/NDSS.2021.24302

Abstract:—The Network Time Protocol (NTP) synchronizes time across computer systems over the Internet and plays a crucial role in guaranteeing the correctness and security of many Internet applications. Unfortunately, NTP is vulnerable to so called time shifting attacks. This has motivated proposals and standardization efforts for authenticating NTP communications and for securing NTP clients . We observe, however, that, even with such solutions in place, NTP remains highly exposed to attacks by malicious timeservers . We explore the implications for time computation of two attack strategies: (1) compromising existing NTP timeservers, and (2) injecting new timeservers into the NTP timeserver pool. We first show that by gaining control over fairly few existing timeservers, an opportunistic attacker can shift time at state-level or even continent-level scale. We then demonstrate that injecting new timeservers with disproportionate influence into the NTP timeserver pool is alarmingly simple, and can be leveraged for launching both large-scale opportunistic attacks, and strategic, targeted attacks. We discuss a promising approach for mitigating such attacks.

Computer Science

Lakshay Narula,Todd E. Humphreys

DOI: https://doi.org/10.1109/jstsp.2018.2835772

IF: 7.695

2018-08-01

IEEE Journal of Selected Topics in Signal Processing

Abstract:This paper establishes a fundamental theory of secure clock synchronization. Accurate clock synchronization is the backbone of systems managing power distribution, financial transactions, telecommunication operations, database services, etc. Some clock synchronization (time transfer) systems, such as the global navigation satellite systems, are based on one-way communication from a master to a slave clock. Others, such as the network transport protocol, and the IEEE 1588 precision time protocol (PTP), involve two-way communication between the master and slave. This paper shows that all one-way time transfer protocols are vulnerable to replay attacks that can potentially compromise timing information. A set of conditions for secure two-way clock synchronization is proposed and proved to be necessary and sufficient. It is shown that IEEE 1588 PTP, although a two-way synchronization protocol, is not compliant with these conditions, and is therefore insecure. Requirements for secure IEEE 1588 PTP are proposed, and a second example protocol is offered to illustrate the range of compliant systems.

engineering, electrical & electronic

Qianying Zhang,Shijun Zhao

DOI: https://doi.org/10.1016/j.comnet.2020.107369

IF: 5.493

2020-10-01

Computer Networks

Abstract:<p>The Trusted Platform Module (TPM) version 2.0 provides a two-phase key exchange primitive which can be used to implement three widely-standardized authenticated key exchange protocols: the Full Unified Model, the Full MQV, and the SM2 key exchange protocols. However, vulnerabilities have been found in all of these protocols. Fortunately, it seems that the protections offered by TPM chips can mitigate these vulnerabilities. In this paper, we present a security model which captures TPM's protections on keys and protocols' computation environments and in which multiple protocols can be analyzed in a unified way. Based on the unified security model, we give the first formal security analysis of the key exchange primitive of TPM 2.0, and the analysis results show that, with the help of hardware protections of TPM chips, the key exchange primitive indeed satisfies the well-defined security property of our security model, but unfortunately under some impractical limiting conditions, which would prevent the application of the key exchange primitive in real-world networks. To make TPM 2.0 applicable to real-world networks, we present a revision of the key exchange primitive of TPM 2.0, which can be secure without the limiting conditions. We give a rigorous analysis of our revision, and the results show that our revision achieves not only the basic security property of modern AKE security models but also some further security properties.</p>

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Daniel Moghimi,Berk Sunar,Thomas Eisenbarth,Nadia Heninger

DOI: https://doi.org/10.48550/arXiv.1911.05673

2019-11-13

Cryptography and Security

Abstract:Trusted Platform Module (TPM) serves as a hardware-based root of trust that protects cryptographic keys from privileged system and physical adversaries. In this work, we perform a black-box timing analysis of TPM 2.0 devices deployed on commodity computers. Our analysis reveals that some of these devices feature secret-dependent execution times during signature generation based on elliptic curves. In particular, we discovered timing leakage on an Intel firmware-based TPM as well as a hardware TPM. We show how this information allows an attacker to apply lattice techniques to recover 256-bit private keys for ECDSA and ECSchnorr signatures. On Intel fTPM, our key recovery succeeds after about 1,300 observations and in less than two minutes. Similarly, we extract the private ECDSA key from a hardware TPM manufactured by STMicroelectronics, which is certified at Common Criteria (CC) EAL 4+, after fewer than 40,000 observations. We further highlight the impact of these vulnerabilities by demonstrating a remote attack against a StrongSwan IPsec VPN that uses a TPM to generate the digital signatures for authentication. In this attack, the remote client recovers the server's private authentication key by timing only 45,000 authentication handshakes via a network connection. The vulnerabilities we have uncovered emphasize the difficulty of correctly implementing known constant-time techniques, and show the importance of evolutionary testing and transparent evaluation of cryptographic implementations. Even certified devices that claim resistance against attacks require additional scrutiny by the community and industry, as we learn more about these attacks.

K.Zhang,M. Spanghero,P. Papadimitratos

DOI: https://doi.org/10.1109/PLANS46316.2020.9110224

2022-02-22

Abstract:Global navigation satellite systems (GNSS) provide pervasive accurate positioning and timing services for a large gamut of applications, from Time based One-Time Passwords (TOPT), to power grid and cellular systems. However, there can be security concerns for the applications due to the vulnerability of GNSS. It is important to observe that GNSS receivers are components of platforms, in principle having rich connectivity to different network infrastructures. Of particular interest is the access to a variety of timing sources, as those can be used to validate GNSS-provided location and time. Therefore, we consider off-the-shelf platforms and how to detect if the GNSS receiver is attacked or not, by cross-checking the GNSS time and time from other available sources. First, we survey different technologies to analyze their availability, accuracy, and trustworthiness for time synchronization. Then, we propose a validation approach for absolute and relative time. Moreover, we design a framework and experimental setup for the evaluation of the results. Attacks can be detected based on WiFi supplied time when the adversary shifts the GNSS provided time, more than 23.942us; with Network Time Protocol (NTP) supplied time when the adversary-induced shift is more than 2.046ms. Consequently, the proposal significantly limits the capability of an adversary to manipulate the victim GNSS receiver.

Cryptography and Security

Sabina Szymoniak,Olga Siedlecka-Lamch,Mirosław Kurkowski

DOI: https://doi.org/10.1007/978-3-319-92459-5_28

IF: 5.493

2018-01-01

Computer Networks

Abstract:In many verification approaches for security protocols analysis time aspects are omitted. According to this in our work we try to show how these problems are important in this area. To do this we present new ideas as well as methods for calculating and checking several types of time parameters that characterize some time aspects during and after the protocol’s execution. As an example we present the timed analysis in the case of the timed version of the well known the NSPKL protocol (Needham Schroeder Public Key Protocol revised by Lowe). The experimental results obtained using a proprietary tool are also shown. Using this, during the running of the protocol, the “presence” of the Intruder can be followed by observing incorrect time of the protocol execution. As we will see, both those too short and too long allows this.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Abdullah Al Mamun,Akid Abrar,Mizanur Rahman,M Sabbir Salek,Mashrur Chowdhury

2024-11-20

Abstract:The rise of quantum computing threatens traditional cryptographic algorithms that secure Transportation Cyber-Physical Systems (TCPS). Shor's algorithm poses a significant threat to RSA and ECC, while Grover's algorithm reduces the security of symmetric encryption schemes, such as AES. The objective of this paper is to underscore the urgency of transitioning to post-quantum cryptography (PQC) to mitigate these risks in TCPS by analyzing the vulnerabilities of traditional cryptographic schemes and the applicability of standardized PQC schemes in TCPS. We analyzed vulnerabilities in traditional cryptography against quantum attacks and reviewed the applicability of NIST-standardized PQC schemes, including CRYSTALS-Kyber, CRYSTALS-Dilithium, and SPHINCS+, in TCPS. We conducted a case study to analyze the vulnerabilities of a TCPS application from the Architecture Reference for Cooperative and Intelligent Transportation (ARC-IT) service package, i.e., Electronic Toll Collection, leveraging the Microsoft Threat Modeling tool. This case study highlights the cryptographic vulnerabilities of a TCPS application and presents how PQC can effectively counter these threats. Additionally, we evaluated CRYSTALS-Kyber's performance across wired and wireless TCPS data communication scenarios. While CRYSTALS-Kyber proves effective in securing TCPS applications over high-bandwidth, low-latency Ethernet networks, our analysis highlights challenges in meeting the stringent latency requirements of safety-critical wireless applications within TCPS. Future research should focus on developing lightweight PQC solutions and hybrid schemes that integrate traditional and PQC algorithms, to enhance compatibility, scalability, and real-time performance, ensuring robust protection against emerging quantum threats in TCPS.

Cryptography and Security

Alex Minetto,Benoit Rat,Marco Pini,Brendan David Polidori,Ivan De Francesca,Luis Contreras Murillo,Fabio Dovis

DOI: https://doi.org/10.1109/jsyst.2023.3341243

IF: 4.802

2024-03-19

IEEE Systems Journal

Abstract:In recent years, the push for accurate and reliable time synchronization has gained momentum in critical infrastructures, especially in telecommunication networks, driven by the demands of 5G new radio and next-generation technologies that rely on submicrosecond timing accuracy for radio access network (RAN) nodes. Traditionally, atomic clocks paired with global navigation satellite systems (GNSS) timing receivers have served as grand master clocks, supported by dedicated network timing protocols. However, this approach struggles to scale with the increasing numbers of RAN intermediate nodes. To address scalability and high-accuracy synchronization, a more cost-effective and capillary solution is needed. Standalone GNSS timing receivers leverage ubiquitous satellite signals to offer stable timing signals but can expose networks to radio-frequency attacks due to the consequent proliferation of GNSS antennas. Our research introduces a solution by combining the white rabbit precise time protocol with a backup timing source logic acting in case of timing disruptive attacks against GNSS for resilient GNSS-based network synchronization. It has been rigorously tested against common jamming, meaconing, and spoofing attacks, consistently maintaining 2 ns relative synchronization accuracy between nodes, all without the need for an atomic clock.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Jacob Ginesin,Max von Hippel,Evan Defloor,Cristina Nita-Rotaru,Michael Tüxen

2024-03-09

Abstract:SCTP is a transport protocol offering features such as multi-homing, multi-streaming, and message-oriented delivery. Its two main implementations were subjected to conformance tests using the PacketDrill tool. Conformance testing is not exhaustive and a recent vulnerability (CVE-2021-3772) showed SCTP is not immune to attacks. Changes addressing the vulnerability were implemented, but the question remains whether other flaws might persist in the protocol design. We study the security of the SCTP design, taking a rigorous approach rooted in formal methods. We create a formal Promela model of SCTP, and define 10 properties capturing the essential protocol functionality based on its RFC specification and consultation with the lead RFC author. Then we show using the Spin model checker that our model satisfies these properties. We define 4 attacker models - Off-Path, where the attacker is an outsider that can spoof the port and IP of a peer; Evil-Server, where the attacker is a malicious peer; Replay, where an attacker can capture and replay, but not modify, packets; and On-Path, where the attacker controls the channel between peers. We modify an attack synthesis tool designed for transport protocols, Korg, to support our SCTP model and four attacker models. We synthesize 14 unique attacks using the attacker models - including the CVE vulnerability in the Off-Path attacker model, 4 attacks in the Evil-Server attacker model, an opportunistic ABORT attack in the Replay attacker model, and eight connection manipulation attacks in the On-Path attacker model. We show that the proposed patch eliminates the vulnerability and does not introduce new ones according to our model and protocol properties. Finally, we identify and analyze an ambiguity in the RFC, which we show can be interpreted insecurely. We propose an erratum and show that it eliminates the ambiguity.

Cryptography and Security

Yang Li,Yujie Luo,Yichen Zhang,Ao Sun,Wei Huang,Shuai Zhang,Tao Zhang,Chuang Zhou,Li Ma,Jie Yang,Mei Wu,Heng Wang,Yan Pan,Yun Shao,Xing Chen,Ziyang Chen,Song Yu,Hong Guo,Bingjie Xu

2024-06-19

Abstract:Secure precision time synchronization is important for applications of Cyber-Physical Systems. However, several attacks, especially the Time Delay Attack (TDA), deteriorates the performance of time synchronization system seriously. Multiple paths scheme is thought as an effective security countermeasure to decrease the influence of TDA. However, the effective secure combination algorithm is still missed for precision time synchronization. In this paper, a secure combination algorithm based on Dempster-Shafer theory is proposed for multiple paths method. Special optimizations are done for the combination algorithm to solve the potential problems due to untrusted evidence. Theoretical simulation shows that the proposed algorithm works much better than Fault Tolerant Algorithm (FTA) and the attack detection method based on single path. And experimental demonstration proves the feasibility and superiority of the proposed algorithm, where the time stability with 27.97 ps, 1.57 ps, and 1.12 ps at average time 1s, 10s, 100s is achieved under TDA and local clock jump. The proposed algorithm can be used to improve the security and resilience of many importance synchronization protocol, such as NTP, PTP, and TWFTT.

Cryptography and Security

R. Bermbach,Kai Heine,Martin Langer,D. Sibold

DOI: https://doi.org/10.1109/EFTF/IFCS52194.2021.9604317

2021-07-07

Abstract:This work describes a concept for extending the Network Time Security (NTS) protocol to enable implementation- independent communication between the NTS key establishment (NTS-KE) server and the connected time server(s). It Alls a specification gap left by RFC 8915 for securing the Network Time Protocol (NTP) and enables the centralized and public deployment of an NTS key management server that can support both secured NTP and secured PTP.

Engineering,Computer Science