Network Time Protocol (NTP) provides a time synchronization service to the internet and other computer networks. It is often used by time critical processes to ensure timing integrity. It therefore potentially poses a security risk to sensitive applications from malicious users or hackers. However, NTP includes a number of security features to help mitigate any risk. This article describes some of the security features of NTP, such as:
- NTP authentication.
- Using authentication.
- Specifying valid keys.
NTP provides a number of measures to reduce any security risks associated with time synchronization. Authentication is one such measure. It allows a client to be sure that a response has indeed been generated from an expected source, rather than being maliciously generated or intercepted.
Authentication is based on a list of agreed keys, or passwords, between a server and a client. Any communication between server hand client has an encrypted version of one of the agreed keys appended to the messages. The server or client can then un-encrypt the key appended to any received communication to ensure it matches one of the agreed keys before taking appropriate action.
Keys are encrypted using a hashing algorithm, the default and most popular being MD5 (Message Digest 5) encryption.
Authentication keys are stored in a keys file named, by default, ‘ntp.keys’. Each line of the file contains a key identifier, an encryption identifier and the key or password itself. The key identifier is a number in the range 1 to 99. The encryption identifier is used to select the algorithm that should be used to encrypt the key, this is usually a ‘M’, which signifies MD5 encryption. The key field, is a series of alphanumeric characters that forms the key, or password. An example of a key file is shown below:
3 M BirmingHAM
4 M ForEVer17
6 M REAListIC
9 M 88CANAry7833
47 M MonitoR21
63 M VeroNIKA
78 M TimeTABle
The keys stored in the key file on the client would generally be identical, but may be a subset of the key file stored on the server.
Specifying Valid Keys
In addition to specifying the individual keys, a user can also specify a subset of keys which should be considered as currently valid. For instance, you may have a large keys file of over 80 keys, however, you may only require a smaller subset of these to be valid, or trusted, at any one time. Using the ‘trusted-keys’ parameter in the ‘ntp.conf’ configuration file, you can specify just such as subset. The parameter takes the form of a space-delimited list of key identifiers:
trusted-keys 3 6 9 63
The above parameter would make keys 3, 6 , 9 and 63 in the keys file valid, or trusted, and the remaining keys invalid.