Donate
Working Collaboratively to Improve Emerging Network Time Security Implementations Thumbnail
‹ Back
Time Security 21 August 2020

Working Collaboratively to Improve Emerging Network Time Security Implementations

Karen O'Donoghue
By Karen O'DonoghueDirector, Internet Trust and Technology

Accurate and secure time is essential for the security and trustworthiness of the Internet. Many systems that we regularly interact with rely on accurate time to function properly. Accurate time also provides an essential foundation for online security, and many security mechanisms, such as digital certificates used for Transport Layer Security (TLS), depend on accurate timekeeping. The Network Time Protocol (NTP) provides time synchronization for clocks on computer networks.

NTP’s security mechanisms were designed back in an era when most Internet traffic was trusted, and the risk of attack was unlikely. Due to the continued exponential expansion of the Internet, these mechanisms became outdated and needed to be redesigned. The Internet Engineering Task Force (IETF) has been working on a specification for Network Time Security (NTS) for several years now. This specification was approved by the Internet Engineering Steering Group (IESG) in March of this year and is currently in the RFC editing process for the final publication. Over the course of the last couple of years, there have been a series of NTS projects held as part of the IETF Hackathons. These projects have worked to identify mistakes and ambiguities in the specification and to test and improve interoperability between implementations.

Time Community Collaboration

Recently, as part of the IETF 108 virtual hackathon, there was another successful event in this series. Representatives from several organizations including chrony, Cloudflare, Netnod, Orolia, Ostfalia University of Applied Sciences, Physikalisch-Technische Bundesanstalt (PTB), and the Internet Society took part in the project on Network Time Security (NTS) in July 2020. By the end of the week, there were 13 installations of six different NTS server implementations. These server implementations were tested against five different client implementations showing improvements in the maturity and interoperability of both the client and server implementations of NTS.

Additionally, a key highlight from the effort was the contribution of the first NTS test tool. This tool was contributed by Miroslav Lichvar and checked an implementation’s adherence to the specification as well as performing some basic performance tests. A short presentation on the outcomes of the NTS project at the IETF 108 virtual Hackathon is available here

NTS Support

At this point, there are now two mainstream open source NTP implementations that have added NTS support: chrony and NTPsec. Additionally, there are open source NTS implementations from Netnod, Ostfalia, and Cloudflare. The Internet Society’s Time Security project is building a distributed testbed with some of these implementations to provide additional test and implementation opportunities for the wide community.

Find out more:


Image by Josh Redd via Unsplash

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Everything You Need to Know about Network Time Security
Everything You Need to Know about Network Time Security
Time Security6 August 2020

Everything You Need to Know about Network Time Security

This article was first published on Netnod's Blog. It is reposted here with permission of Netnod. A lot of the...

Time Synchronization, Security, and Trust
Time Synchronization, Security, and Trust
Improving Technical Security1 September 2017

Time Synchronization, Security, and Trust

Time is something that is often overlooked or taken for granted, but the accuracy and reliability of time is critical...

Rough Guide to IETF 98: Trust, Identity, and Privacy
Rough Guide to IETF 98: Trust, Identity, and Privacy
Building Trust24 March 2017

Rough Guide to IETF 98: Trust, Identity, and Privacy

It should come as no surprise that there are numerous activities related to Trust, Identity, and Privacy on the agenda...

Join the conversation with Internet Society members around the world