| The Network Time Protocol (NTP) is an | | | | Linux NTP installations store keys in a file |
| Internet protocol designed to propagate | | | | 'ntp.keys'. Each record in the file describes |
| accurate time around a computer network. NTP | | | | an authentication key in the format: |
| utilises UDP over TCP/IP to synchronise | | | | 'key-number' 'encryption-code' 'key'. The |
| network time clients to an accurate time | | | | 'key-number' is a reference to the key. The |
| reference. This article describes the | | | | 'encryption code' describes the encryption |
| security aspects of the NTP protocol and | | | | algorithm in use, usually 'M' for MD5 |
| specifically using MD5 keys to authenticate a | | | | encryption. The 'key' field is the agreed key |
| time server. | | | | that is to be encrypted by the encryption |
| | | | algorithm. A subset of 'trusted keys' may be |
| The Network Time Protocol may be used to | | | | specified in the NTP configuration file |
| synchronise many time critical processes on | | | | 'ntp.conf'. This allows a reduced subset of |
| distributed computers across a network. The | | | | keys to be utilised by the server. Allowing |
| NTP protocol is therefore a potential | | | | compromised keys to be easily excluded from |
| security risk. Hackers or malicious users | | | | use. Trusted keys are specified using the |
| could attempt to disrupt system | | | | 'trusted-keys' command followed by a |
| synchronisation by attempting to modify or | | | | space-delimited list of key references. |
| replicate NTP time stamps. | | | | |
| | | | Many CISCO routers utilise secure MD5 |
| Luckily, NTP has an integral security feature | | | | authentication in the installed |
| to thwart attempts to tamper with system time | | | | implementation of NTP. To enable a Cisco |
| synchronisation. NTP can use MD5 encrypted | | | | router to perform MD5 authentication you must |
| keys to authenticate time stamps received | | | | follow a number of steps. Firstly, enable NTP |
| from a time server. Network time clients and | | | | authentication with the 'ntp authenticate' |
| devices can utilise secure keys to | | | | command. Secondly, define an NTP |
| authenticate time stamps and ensure their | | | | authentication key using the 'ntp |
| source of origin. | | | | authentication-key' command. A unique |
| | | | reference number identifies each NTP key. The |
| NTP implements authentication by utilising an | | | | key reference number is supplied as the first |
| agreed set of keys between a server and | | | | paramater to the 'ntp authentication-key' |
| client that are encrypted in time stamps. A | | | | command. Thirdly, use the 'ntp trusted-key' |
| NTP time server passes a timestamp to a | | | | command to tell the router which keys are |
| client with one of a selection of keys | | | | valid. The command's only argument is the |
| encrypted and appended to the message. When a | | | | reference number of the key defined in the |
| timestamp is received by the client, the | | | | previous step |
| security key is un-encrypted and checked | | | | |
| against the list of stored secure keys. In | | | | The Windows 2000\2003\XP operating systems |
| this manner the client can ensure that the | | | | adopt a SNTP (Simple Network Time Protocol) |
| received timestamp originated from the | | | | application for time synchronisation. The |
| expected time source. | | | | implementation used by Microsoft does not |
| | | | include authentication keys. |
| The Network Time Protocol utilises MD5 | | | | |
| (Message Digest Encryption 5) encrypted keys. | | | | To summarise, MD5 key authentication can be |
| MD5 is a widely used secure encryption | | | | utilised to overcome potential security risks |
| algorithm that utilises a 128-bit | | | | when implementing the NTP protocol. Network |
| cryptographic hash function. The algorithm | | | | time clients can be sure that timestamps have |
| outputs a fingerprint of the supplied key, | | | | indeed emanated from the expected time |
| which is appended to the timestamp. | | | | reference and have not been intercepted for |
| | | | malicious purposes. |