network cryptography
Cryptographic Authentication for Real-Time Network Protocols1,2
David L. Mills3
Abstract
This paper describes a new security model and authentication scheme for distributed, real-time network protocols used in time synchronization and event scheduling applications. It outlines the design requirements of these protocols and why these requirements cannot be met using conventional cryptography and algorithms. It proposes a new design called autokey, which uses a combination of public-key cryptography and a psuedo-random sequence of one-way hash functions. Autokey has been implemented for the
Network Time Protocol (NTP), but it can be adapted to other similar protocols. The paper describes the protocol operations, data structures and resources required for autokey, as well as a preliminary vulnerability assessment. ification is not yet complete, but transition documents are available [7] which describe the new features. The
NTP Version 4 reference implementation now under test supports most of these features, including the authentication scheme described in this paper. Additional information can be found at the NTP home page http:// www.eecis.udel.edu/~ntp and the author’s home page http://www.eecis.udel.edu/~mills. AMS keywords: cryptography 94A60, data encryption
68P25
1. Introduction
The Network Time Protocol (NTP) [5] is widely deployed in the Internet to synchronize computer time to national standards. The current NTP population includes over 230 primary servers and well over 100,000 secondary servers and clients. It provides comprehensive mechanisms to access national time and frequency dissemination services, organize the hierarchical network server-client topology and adjust the clock of each participant. It uses redundant servers, diverse network paths and crafted algorithms which cast out incorrect servers and minimize errors due to network latencies and clock frequency variations. The protocol can operate in peerpeer,
David L. Mills3
Abstract
This paper describes a new security model and authentication scheme for distributed, real-time network protocols used in time synchronization and event scheduling applications. It outlines the design requirements of these protocols and why these requirements cannot be met using conventional cryptography and algorithms. It proposes a new design called autokey, which uses a combination of public-key cryptography and a psuedo-random sequence of one-way hash functions. Autokey has been implemented for the
Network Time Protocol (NTP), but it can be adapted to other similar protocols. The paper describes the protocol operations, data structures and resources required for autokey, as well as a preliminary vulnerability assessment. ification is not yet complete, but transition documents are available [7] which describe the new features. The
NTP Version 4 reference implementation now under test supports most of these features, including the authentication scheme described in this paper. Additional information can be found at the NTP home page http:// www.eecis.udel.edu/~ntp and the author’s home page http://www.eecis.udel.edu/~mills. AMS keywords: cryptography 94A60, data encryption
68P25
1. Introduction
The Network Time Protocol (NTP) [5] is widely deployed in the Internet to synchronize computer time to national standards. The current NTP population includes over 230 primary servers and well over 100,000 secondary servers and clients. It provides comprehensive mechanisms to access national time and frequency dissemination services, organize the hierarchical network server-client topology and adjust the clock of each participant. It uses redundant servers, diverse network paths and crafted algorithms which cast out incorrect servers and minimize errors due to network latencies and clock frequency variations. The protocol can operate in peerpeer,
References: Mills, D.L. Internet time synchronization: the Network Time Protocol. IEEE Trans. Communications COM-39, 10 (October 1991), 1482-1493.