Working Collaboratively to Improve Emerging Network Time Security Implementations Thumbnail
Time Security 21 August 2020

Working Collaboratively to Improve Emerging Network Time Security Implementations

By Karen O'DonoghueFormer Director, Internet Trust and Technology

Accurate and secure time is essential for the security and trustworthiness of the Internet. Many systems that we regularly interact with rely on accurate time to function properly. Accurate time also provides an essential foundation for online security, and many security mechanisms, such as digital certificates used for Transport Layer Security (TLS), depend on accurate timekeeping. The Network Time Protocol (NTP) provides time synchronization for clocks on computer networks.

NTP’s security mechanisms were designed back in an era when most Internet traffic was trusted, and the risk of attack was unlikely. Due to the continued exponential expansion of the Internet, these mechanisms became outdated and needed to be redesigned. The Internet Engineering Task Force (IETF) has been working on a specification for Network Time Security (NTS) for several years now. This specification was approved by the Internet Engineering Steering Group (IESG) in March of this year and is currently in the RFC editing process for the final publication. Over the course of the last couple of years, there have been a series of NTS projects held as part of the IETF Hackathons. These projects have worked to identify mistakes and ambiguities in the specification and to test and improve interoperability between implementations.

Time Community Collaboration

Recently, as part of the IETF 108 virtual hackathon, there was another successful event in this series. Representatives from several organizations including chrony, Cloudflare, Netnod, Orolia, Ostfalia University of Applied Sciences, Physikalisch-Technische Bundesanstalt (PTB), and the Internet Society took part in the project on Network Time Security (NTS) in July 2020. By the end of the week, there were 13 installations of six different NTS server implementations. These server implementations were tested against five different client implementations showing improvements in the maturity and interoperability of both the client and server implementations of NTS.

Additionally, a key highlight from the effort was the contribution of the first NTS test tool. This tool was contributed by Miroslav Lichvar and checked an implementation’s adherence to the specification as well as performing some basic performance tests. A short presentation on the outcomes of the NTS project at the IETF 108 virtual Hackathon is available here

NTS Support

At this point, there are now two mainstream open source NTP implementations that have added NTS support: chrony and NTPsec. Additionally, there are open source NTS implementations from Netnod, Ostfalia, and Cloudflare. The Internet Society’s Time Security project is building a distributed testbed with some of these implementations to provide additional test and implementation opportunities for the wide community.

Find out more:

Image by Josh Redd via Unsplash

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

About Internet Society 5 November 2020

Changes to Our Work in 2021

Here at the Internet Society, we believe that the Internet is for everyone. Our work focuses on ensuring that...

Time Security 1 October 2020

NTS RFC Published: New Standard to Ensure Secure Time on the Internet

The Internet Society is pleased to see the publication of RFC 8915: Network Time Security for the Network Time...

Time Security 30 September 2020

Can You Spare a Minute? Network Time Security Featured on The Hedge Podcast

Are you interested in finding out more about Network Time Protocol (NTP), Network Time Security (NTS), and discovering why...