NTS RFC Published: New Standard to Ensure Secure Time on the Internet Thumbnail
Time Security 1 October 2020

NTS RFC Published: New Standard to Ensure Secure Time on the Internet

By Karen O'DonoghueFormer Director, Internet Trust and Technology

The Internet Society is pleased to see the publication of RFC 8915: Network Time Security for the Network Time Protocol by the Internet Engineering Task Force (IETF). This standard represents a new security mechanism for one of the oldest protocols on the Internet, the Network Time Protocol (NTP).

Secure and Accurate Time

NTP enables the synchronization of time on computers connected by a network. Time is very important for many vital everyday functions, such as financial transactions and the correct operation of electrical power systems and transportation systems. Secure and accurate time is also crucial for many Internet security technologies including basic website security. As everything becomes more distributed and more online, synchronized time in computers becomes even more important. But despite all this, security for NTP has lagged behind in development and deployment. Network Time Security (NTS) was developed to fill this gap.

The publication of the NTS protocol on 1 October, 2020 represents the culmination of many years of work by the IETF NTP Working Group. NTS adds cryptographic security for the client-server mode of NTP. So, what does this mean? It means that NTP can now confirm the identity of the network clocks that are exchanging time information and protect the transmission of that time information across the network.

NTS is basically two loosely coupled sub-protocols that together add security to NTP. NTS Key Exchange (NTS-KE) is based on TLS 1.3 and performs the initial authentication of the server and exchanges security tokens with the client. The NTP client then uses these tokens in NTP extension fields for authentication and integrity checking of the NTP protocol messages that exchange time information.

Global Collaborative Effort

Many organizations and individuals deserve credit for helping to get this new standard to publication. This includes those who helped write the document itself, those who developed the early open source implementations and provided feedback to the NTP Working Group, and those who participated in early hackathons and interoperability testing. While it is not possible to recognize everyone involved, I do think it is important to acknowledge the authors of the RFC:

These authors, in conjunction with the NTP working group, put in a great deal of time and effort over many years to get to this milestone.

Additionally, I would like to recognize the early implementors and the vital feedback that they provided. Martin Langer from Ostfalia University of Applied Sciences deserves special mention as the person who wrote the first prototype implementation demonstrating the viability of the NTS approach and bringing other developers to the table. Additional open source server implementations are now available from chrony (github) and NTPsec (github). Public open NTS-enabled time servers have been established by both Netnod and Cloudflare.

Congratulations to everyone involved in this effort! The Internet Society believes that the publication of RFC 8915 will be a significant step forward in addressing the significant gap in NTP security.

More Information

The Internet Society promotes the global deployment of network time security by collaborating with and supporting the open source development community, network time product vendors, time service providers, network operators, and policymakers to encourage implementation. Find  out more about our work on time security, NTP and NTS, on the Time Security project homepage and in this blog post.

You can also find out more about the work that some of the organizations involved in getting the NTS protocol finalized are doing on Time Security:

Image by Ariel Pilotto via Unsplash

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

About Internet Society 5 November 2020

Changes to Our Work in 2021

Here at the Internet Society, we believe that the Internet is for everyone. Our work focuses on ensuring that...

Time Security 30 September 2020

Can You Spare a Minute? Network Time Security Featured on The Hedge Podcast

Are you interested in finding out more about Network Time Protocol (NTP), Network Time Security (NTS), and discovering why...

Time Security 21 August 2020

Working Collaboratively to Improve Emerging Network Time Security Implementations

Accurate and secure time is essential for the security and trustworthiness of the Internet. Many systems that we regularly...