NTP (Network Time Protocol) is the widely used protocol used by computers to ensure that their internal clocks are accurate. Surprisingly, connections between computers and NTP servers are rarely encrypted, making it possible for hackers to perform man-in-the-middle attacks that reset clocks to times that are months or even years in the past. Recently, in a paper titled Attacking the Network Time Protocol, the researchers described several techniques to bypass measures designed to prevent such drastic time shifts.
The attacks can be used to decrypt encrypted traffic or to bypass important security measures such as DNSSEC specification preventing the modification of domain name system records. The worst scenario is the possibility to bypassing HTTPS encryption by forcing a computer to accept an expired TLS certificate. In the recent article, the researchers wrote this interesting section:
An NTP attacker that sends a client back in time could cause the host to accept certificates that the attacker fraudulently issued (that allow the attacker to decrypt the connection), and have since been revoked. (For example, the client can be rolled back to mid-2014, when > 100K certificates were revoked due to heartbleed.) Alternatively, an attacker can send the client back to a time when a certificate for a cryptographically-weak key was still valid. (For example, to 2008, when a bug in Debian OpenSSL caused thousands of certificates to be issued for keys with only 15-17 bits of entropy.) Moreover, most browsers today accept (non-root) certificates for 1024- bit RSA keys, even though sources speculate that they can be cracked by well-funded adversaries; thus, even a domain that revokes its old 1024-bit RSA certificates (or lets them expire) is vulnerable to cryptanalytic attacks when its clients are rolled back to a time when these certificates were valid.
If DNSSEC and HTTPS security measures can be by-passed, there are also other important services that can be injured, for example Bitcoin service or even HSTS ! For remember and make it short, HSTS is a web security policy mechanism which helps to protect HTTPS websites against downgrade attacks and cookie hijacking by offer the possibility to web servers to force clients’ browser to interact with them using only a encrypted connection (HTTPS).
For, it’s not clear how practical attacks would be in real-world but it also might be possible to reset the clock to an earlier date to observe an encrypted Web session, and then change it back right afterward. Yet the NTP specification specifies that a change time should not exceed 16 minutes. If this limit is exceeded, the client is supposed ignore requests (instruction) and issue an error. The researchers said that this threshold can be bypassed in at least two ways.
- “Small-step-big-step” technique: The trick is to makes the change instruction gradually (always under 16 minutes)
- NTP reseting : Force NTP to reset the time directly after the reboot of the target computer and this functionality is turned on by default in some OS.
The attacks are possible because one of the main weakness is the difficulty to ensure that computers communicate only with truster NTP server. Of course, it is possible to use symmetric encryption to authenticate an NTP service but the keys are difficult to acquire because the NIST, which is responsible to distribute keys, sends these keys only to users who register using US e-mail address. Apparently, another measure, named Autokey, provided by the US Naval Office, can be available to verify that a client is connected to a trusted NTP server but currently, majority of servers don’t support it.
In addition to this post, please consult the following links.
- Main based article : http://arstechnica.com/security/2015/10/new-attacks-on-network-time-protocol-can-defeat-https-and-create-chaos/
- Researcher’s publication: http://www.cs.bu.edu/~goldbe/papers/NTPattack.pdf
- Information page of Boston University : http://www.cs.bu.edu/~goldbe/NTPattack.html