NTP Security
We demonstrate the first practical off-path time shifting attacks against NTP as well as against Man-in-the-Middle (MitM) secure Chronos-enhanced NTP. Our attacks exploit the insecurity of DNS allowing us to redirect the NTP clients to attacker controlled servers. We perform large scale measurements of the attack surface in NTP clients and demonstrate the threats to NTP due to vulnerable DNS.
Publications
-
The Impact of DNS Insecurity on Time [Accepted PDF]
Philipp Jeitner, Haya Shulman, Michael Waidner
2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), July 2020.
DOI: 10.1109/DSN48063.2020.00043 -
Pitfalls of Provably Secure Systems in Internet - The Case of Chronos-NTP [Accepted PDF]
Philipp Jeitner, Haya Shulman, Michael Waidner
2020 50th Annual IEEE-IFIP International Conference on Dependable Systems and Networks-Supplemental Volume (DSN-S), July 2020.
DOI: 10.1109/DSN-S50200.2020.00027 -
Secure Consensus Generation with Distributed DoH [Accepted PDF]
Philipp Jeitner, Haya Shulman, Michael Waidner
2020 50th Annual IEEE-IFIP International Conference on Dependable Systems and Networks-Supplemental Volume (DSN-S), July 2020.
DOI: 10.1109/DSN-S50200.2020.00023
Code for reproduction
To prevent abuse, we provide the tools needed to reproduce our attack to researchers upon request only. To send a request, click here.