Time Synchronization, Security, and Trust Thumbnail
Improving Technical Security 1 September 2017

Time Synchronization, Security, and Trust

By Karen O'DonoghueFormer Director, Internet Trust and Technology

Time is something that is often overlooked or taken for granted, but the accuracy and reliability of time is critical to our lives and must be protected. Time is a core concept underlying nearly all physical and virtual systems. Distributed computer systems, key to many functions inherent in our daily lives, rely on accurate and reliable time, yet we rarely stop and think about how that time is constructed and represented. Accurate and reliable time is needed to determine when an event occurs, in what order a particular sequence of events occurs, or when to schedule an event that is to occur at a particular time in the future. Finally, and of particular interest to our trust agenda here at the Internet Society, quality reliable time is required for many of the security technologies that help provide trust for the Internet. It is a vital and often overlooked part of the Internet infrastructure.

Some specific examples where accurate reliable secure time information is vital include:

  • The finance sector where there are high demands on the time synchronization of business clocks in trading systems. This is especially true in the high frequency trading where a new EU legislation called Markets in Financial Instruments Directive (MiFID II) requires a timestamping granularity of 1 microsecond and a maximal divergence from Coordinated Universal Time (UTC) of 100 microseconds. Similar requirements are formulated by the US Securities and Exchange Commission (SEC Rule 613).
  • The power industry for control of devices in the energy transmission and distribution network along with components in substation automation networks. These devices provide information about voltage, current, and phase angle used to derive the current state of the electrical infrastructure, a critical piece of national infrastructure.
  • Various manufacturing industries for the synchronization of machine parts in motion control type processes, for instance in a rolling mill or for printing presses.
  • Virtually all distributed systems where synchronization of logging information enables error tracking and thus contributes to system stability and system integrity.
  • Internet security technologies rely on a crucial interdependent relationship between security mechanisms and time synchronization. For example, certificates, a key component of security solutions, are used to determine that numerous types of resources are identified securely and correctly. These solutions rely on accurate time of day to establish the validity of certificates. There is a stereotypical “chicken and egg” problem where accurate time is needed to establish the security mechanism (the certificate). In turn, you need the security mechanism (the certificate) to be valid in order to establish that the information exchanged for time synchronization purposes has not been corrupted. As more security mechanisms are being deployed, we are increasingly relying on certificates and, in turn, secure time.

Despite the vital nature of time, the protocols that have historically provided the time infrastructure that we rely upon have not adopted adequate security mechanisms. There are two primary protocols for the synchronization of time over packet based (IP) networks. The Network Time Protocol (NTP), defined primarily by RFC 5905, and the IEEE Standard for a Precision Clock Synchronization Protocol for Networked Measurement and Control Systems (IEEE 1588). Both of these standards lack mechanisms to secure these protocols.

However, as threats against Internet infrastructure have increased, both the IETF and IEEE technical communities have been working to provide new security mechanisms to address this deficiency. Later today, I will be presenting an analysis (https://www.internetsociety.org/resources/doc/2017/new-security-mechanisms-network-time-synchronization-protocols/) of the emerging security solutions for both NTP and IEEE 1588 at the IEEE International Symposium of Precision Clock Synchronization (ISPCS). Slides are also available online at https://www.slideshare.net/ISOCtech/new-security-mechanisms-for-network-time-synchronization-protocols.

Both of the IETF NTP working group and IEEE 1588 working group standards efforts described in the paper are open standards (https://open-stand.org) processes. Participation is open and comments and contributions are welcome!

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Building Trust 21 February 2020

NDSS 2020: The Best in Security Research – For the Good of the Internet

On 23 February, the 27th consecutive Network and Distributed System Security Symposium (NDSS) kicks off in San Diego, CA....

Improving Technical Security 23 October 2019

Securing the Internet: Introducing Oracle Internet Intelligence IXP Filter Check

Oracle is an Organization Member of the Internet Society. We welcome this guest post announcing a new tool that...

Improving Technical Security 4 October 2019

Network Operators in Latin America and the Caribbean Take Steps to Strengthen Routing Security

2019 has been a very good year for the Internet in Latin America and the Caribbean. In May, during...