International Conference on Research in Security Standardisation

Security Standardisation Research pp 218-245 | Cite as

First Results of a Formal Analysis of the Network Time Security Specification

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9497)

Abstract

This paper presents a first formal analysis of parts of a draft version of the Network Time Security specification. It presents the protocol model on which we based our analysis, discusses the decision for using the model checker ProVerif and describes how it is applied to analyze the protocol model. The analysis uncovers two possible attacks on the protocol. We present those attacks and show measures that can be taken in order to mitigate them and that have meanwhile been incorporated in the current draft specification.

Keywords

Time synchronization Security protocols Formal verification Model checking ProVerif 

References

  1. 1.
    Abadi, M.: Security protocols: principles and calculi. In: Aldini, A., Gorrieri, R. (eds.) FOSAD 2007. LNCS, vol. 4677, pp. 1–23. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  2. 2.
    Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: Proceedings of the 28th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2001, pp. 104–115. ACM, New York (2001). http://doi.acm.org/10.1145/360204.360213
  3. 3.
    Archer, M.: Proving correctness of the basic TESLA multicast stream authentication protocol with TAME. In: Workshop on Issues in the Theory of Security, pp. 14–15 (2002)Google Scholar
  4. 4.
    Basin, D., Capkun, S., Schaller, P., Schmidt, B.: Formal Reasoning About Physical Properties of Security Protocols. ACM Trans. Inf. Syst. Secur. 14(2), 16:1–16:28 (2011)CrossRefMATHGoogle Scholar
  5. 5.
    Behrmann, G., David, A., Larsen, K.G.: A tutorial on Uppaal. In: Bernardo, M., Corradini, F. (eds.) SFM-RT 2004. LNCS, vol. 3185, pp. 200–236. Springer, Heidelberg (2004). http://dx.doi.org/10.1007/978-3-540-30080-9_7 CrossRefGoogle Scholar
  6. 6.
    Blanchet, B., Smyth, B., Cheval, V.: ProVerif 1.88: automatic cryptographic protocol verifier, user manual and tutorial. Technical report, INRIA Paris-Rocquencourt, 08 2013Google Scholar
  7. 7.
    Blanchette, J.C., Nipkow, T.: Nitpick: a counterexample generator for higher-order logic based on a relational model finder. In: Kaufmann, M., Paulson, L.C. (eds.) ITP 2010. LNCS, vol. 6172, pp. 131–146. Springer, Heidelberg (2010). http://dblp.uni-trier.de/db/conf/itp/itp2010.html#BlanchetteN10 CrossRefGoogle Scholar
  8. 8.
    Cremers, C.J.F.: The scyther tool: verification, falsification, and analysis of security protocols. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 414–418. Springer, Heidelberg (2008). http://dx.doi.org/10.1007/978-3-540-70545-1_38 CrossRefGoogle Scholar
  9. 9.
    Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)MathSciNetCrossRefMATHGoogle Scholar
  10. 10.
    Durgin, N.A., Lincoln, P., Mitchell, J.C.: Multiset rewriting and the complexity of bounded security protocols. J. Comput. Secur. 12(2), 247–311 (2004). http://content.iospress.com/articles/journal-of-computer-security/jcs215 CrossRefGoogle Scholar
  11. 11.
    Ganeriwal, S., Pöpper, C., Capkun, S., Srivastava, M.B.: Secure time synchronization in sensor networks (E-SPS). In: Proceedings of 2005 ACM Workshop on Wireless Security (WiSe 2005), pp. 97–106. ACM, Sept 2005Google Scholar
  12. 12.
    Hopcroft, P., Lowe, G.: Analysing a stream authentication protocol using model checking. Int. J. Inf. Secur. 3(1), 2–13 (2004)CrossRefGoogle Scholar
  13. 13.
    Housley, R.: Cryptographic Message Syntax (CMS). RFC 5652, RFC Editor, September 2009. http://www.rfc-editor.org/rfc/rfc5652.txt
  14. 14.
    IEEE: IEEE Standard for a Precision Clock Synchronization Protocol for Networked Measurement and Control Systems (2008). http://ieeexplore.ieee.org/servlet/opac?punumber=4579757
  15. 15.
    Krawczyk, H., Bellare, M., Canetti, R.: HMAC: Keyed-Hashing for Message Authentication. RFC 2104, RFC Editor, 02 1997. http://www.rfc-editor.org/rfc/rfc2104.txt
  16. 16.
    Levine, J.: A Review of Time and Frequency Transfer Methods. Metrologia 45(6), 162–174 (2008)CrossRefGoogle Scholar
  17. 17.
    Li, L., Sun, J., Liu, Y., Dong, J.S.: TAuth: verifying timed security protocols. In: Merz, S., Pang, J. (eds.) ICFEM 2014. LNCS, vol. 8829, pp. 300–315. Springer, Heidelberg (2014). http://dx.doi.org/10.1007/978-3-319-11737-9_20 Google Scholar
  18. 18.
    Meier, S., Schmidt, B., Cremers, C., Basin, D.: The TAMARIN prover for the symbolic analysis of security protocols. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 696–701. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  19. 19.
    Milius, S., Sibold, D., Teichel, K.: An Attack Possibility on Time Synchronization Protocols Secured with TESLA-Like Mechanisms, Draft version: https://www8.cs.fau.de/staff/milius/AttackPossibilityTimeSyncTESLA.pdf
  20. 20.
    Mills, D., Haberman, B.: Network Time Protocol Version 4: Autokey Specification. RFC 5906, RFC Editor, 06 2010. http://www.rfc-editor.org/rfc/rfc5906.txt
  21. 21.
    Mills, D., Martin, J., Burbank, J., Kasch, W.: Network Time Protocol Version 4: Protocol and Algorithms Specification. RFC 5905, RFC Editor, 06 2010. http://www.rfc-editor.org/rfc/rfc5905.txt
  22. 22.
    Mizrahi, T.: Security Requirements of Time Protocols in Packet Switched Networks. RFC 7384, RFC Editor, 10 2014. http://www.rfc-editor.org/rfc/rfc7384.txt
  23. 23.
    Nipkow, T., Wenzel, M., Paulson, L.C.: Isabelle/HOL: A Proof Assistant for Higher-order Logic. Springer, Heidelberg (2002) CrossRefMATHGoogle Scholar
  24. 24.
    Paulson, L.C.: The inductive approach to verifying cryptographic protocols. J. Comput. Secur. 6(1–2), 85–128 (1998)CrossRefGoogle Scholar
  25. 25.
    Perrig, A., Song, D., Canetti, R., Tygar, J.D., Briscoe, B.: Timed Efficient Stream Loss-Tolerant Authentication (TESLA): Multicast Source Authentication Transform Introduction. RFC 4082, RFC Editor, 06 2005. http://www.rfc-editor.org/rfc/rfc4082.txt
  26. 26.
    Röttger, S.: Analysis of the NTP Autokey Procedures, 2 2012. http://zero-entropy.de/autokey_analysis.pdf
  27. 27.
    Ryan, M.D., Smyth, B.: Applied pi calculus. In: Cortier, V., Kremer, S. (eds.) Formal Models and Techniques for Analyzing Security Protocols, Chap. 6. IOS Press (2011). http://www.bensmyth.com/files/Smyth10-applied-pi-calculus.pdf
  28. 28.
    Saeedloei, N., Gupta, G.: Timed \(\pi \)-calculus. In: Abadi, M., Lluch Lafuente, A. (eds.) TGC 2013. LNCS, vol. 8358, pp. 119–135. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  29. 29.
    Sibold, D., Teichel, K., Röttger, S.: Network time security. Technical report, IETF Secretariat, 07 2013. https://datatracker.ietf.org/doc/draft-ietf-ntp-network-time-security/history/
  30. 30.
    Sibold, D., Teichel, K., Röttger, S., Housley, R.: Protecting network time security messages with the cryptographic message syntax (CMS). Technical report, IETF Secretariat, 10 2014. https://datatracker.ietf.org/doc/draft-ietf-ntp-cms-for-nts-message/history/
  31. 31.
    Sun, K., Ning, P., Wang, C.: TinySeRSync: secure and resilient time synchronization in wireless sensor networks. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, pp. 264–277. ACM, New York (2006)Google Scholar
  32. 32.
    Syverson, P., Meadows, C., Cervesato, I.: Dolev-yao is no better than machiavelli. In: Degano, P. (ed.) First Workshop on Issues in the Theory of Security – WITS 2000, pp. 87–92, Jul 2000. http://theory.stanford.edu/~iliano/papers/wits00.ps.gz

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Physikalisch-Technische BundesanstaltBraunschweigGermany
  2. 2.Chair for Theoretical Computer ScienceFriedrich-Alexander Universität Erlangen-NürnbergErlangenGermany

Personalised recommendations