Donate
NTS RFC Published: New Standard to Ensure Secure Time on the Internet Thumbnail
‹ Back
Time Security 1 October 2020

NTS RFC Published: New Standard to Ensure Secure Time on the Internet

Karen O'Donoghue
By Karen O'DonoghueDirector, Internet Trust and Technology

The Internet Society is pleased to see the publication of RFC 8915: Network Time Security for the Network Time Protocol by the Internet Engineering Task Force (IETF). This standard represents a new security mechanism for one of the oldest protocols on the Internet, the Network Time Protocol (NTP).

Secure and Accurate Time

NTP enables the synchronization of time on computers connected by a network. Time is very important for many vital everyday functions, such as financial transactions and the correct operation of electrical power systems and transportation systems. Secure and accurate time is also crucial for many Internet security technologies including basic website security. As everything becomes more distributed and more online, synchronized time in computers becomes even more important. But despite all this, security for NTP has lagged behind in development and deployment. Network Time Security (NTS) was developed to fill this gap.

The publication of the NTS protocol on 1 October, 2020 represents the culmination of many years of work by the IETF NTP Working Group. NTS adds cryptographic security for the client-server mode of NTP. So, what does this mean? It means that NTP can now confirm the identity of the network clocks that are exchanging time information and protect the transmission of that time information across the network.

NTS is basically two loosely coupled sub-protocols that together add security to NTP. NTS Key Exchange (NTS-KE) is based on TLS 1.3 and performs the initial authentication of the server and exchanges security tokens with the client. The NTP client then uses these tokens in NTP extension fields for authentication and integrity checking of the NTP protocol messages that exchange time information.

Global Collaborative Effort

Many organizations and individuals deserve credit for helping to get this new standard to publication. This includes those who helped write the document itself, those who developed the early open source implementations and provided feedback to the NTP Working Group, and those who participated in early hackathons and interoperability testing. While it is not possible to recognize everyone involved, I do think it is important to acknowledge the authors of the RFC:

These authors, in conjunction with the NTP working group, put in a great deal of time and effort over many years to get to this milestone.

Additionally, I would like to recognize the early implementors and the vital feedback that they provided. Martin Langer from Ostfalia University of Applied Sciences deserves special mention as the person who wrote the first prototype implementation demonstrating the viability of the NTS approach and bringing other developers to the table. Additional open source server implementations are now available from chrony (github) and NTPsec (github). Public open NTS-enabled time servers have been established by both Netnod and Cloudflare.

Congratulations to everyone involved in this effort! The Internet Society believes that the publication of RFC 8915 will be a significant step forward in addressing the significant gap in NTP security.

More Information

The Internet Society promotes the global deployment of network time security by collaborating with and supporting the open source development community, network time product vendors, time service providers, network operators, and policymakers to encourage implementation. Find  out more about our work on time security, NTP and NTS, on the Time Security project homepage and in this blog post.

You can also find out more about the work that some of the organizations involved in getting the NTS protocol finalized are doing on Time Security:


Image by Ariel Pilotto via Unsplash

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Can You Spare a Minute? Network Time Security Featured on The Hedge Podcast
Can You Spare a Minute? Network Time Security Featured on The Hedge Podcast
Time Security30 September 2020

Can You Spare a Minute? Network Time Security Featured on The Hedge Podcast

Are you interested in finding out more about Network Time Protocol (NTP), Network Time Security (NTS), and discovering why synchronized...

Everything You Need to Know about Network Time Security
Everything You Need to Know about Network Time Security
Time Security6 August 2020

Everything You Need to Know about Network Time Security

This article was first published on Netnod's Blog. It is reposted here with permission of Netnod. A lot of the...

Working Collaboratively to Improve Emerging Network Time Security Implementations
Working Collaboratively to Improve Emerging Network Time Security Implementations
Time Security21 August 2020

Working Collaboratively to Improve Emerging Network Time Security Implementations

Accurate and secure time is essential for the security and trustworthiness of the Internet. Many systems that we regularly interact...

Join the conversation with Internet Society members around the world