Network Time Protocol (NTP) provides a time synchronisation service to the internet and other computer networks. It is often used by time critical processes to ensure timing integrity. It therefore potentially poses a security risk to sensitive applications from malicious users or hackers. However, NTP includes a number of security features to help mitigate any risk. This article describes some of the security features of NTP, such as:
- NTP authentication.
- Using authentication.
- Specifying valid keys.
NTP provides a number of measures to reduce any security risks associated with time synchronisation. Authentication is one such measure. It allows a client to be sure that a response has indeed been generated from an expected source, rather than being maliciously generated or intercepted.
Authentication is based on a list of agreed keys, or passwords, between a server and a client. Any communication between server hand client has an encrypted version of one of the agreed keys appended to the messages. The server or client can then unencrypt the key appended to any received communication to ensure it matches one of the agreed keys before taking appropriate action.
Keys are encrypted using a hashing algorithm, the default and most popular being MD5 (Message Digest 5) encryption.
Authentication keys are stored in a keys file named, by default, ‘ntp.keys’. Each line of the file contains a key identifier, an encryption identifier and the key or password itself. The key identifier is a number in the range 1 to 99. The encryption identifier is used to select the algorithm that should be used to encrypt the key, this is usually a ‘M’, which signifies MD5 encryption. The key field, is a series of alphanumeric characters that forms the key, or password. An example of a key file is shown below:
3 M BirmingHAM
4 M ForEVer17
6 M REAListIC
9 M 88CANAry7833
47 M MonitoR21
63 M VeroNIKA
78 M TimeTABle
The keys stored in the key file on the client would generally be identical, but may be a subset of the key file stored on the server.
Specifying Valid Keys
In addition to specifying the individual keys, a user can also specify a subset of keys which should be considered as currently valid. For instance, you may have a large keys file of over 80 keys, however, you may only require a smaller subset of these to be valid, or trusted, at any one time. Using the ‘trusted-keys’ parameter in the ‘ntp.conf’ configuration file, you can specify just such as subset. The parameter takes the form of a space-delimited list of key identifiers:
trusted-keys 3 6 9 63
The above parameter would make keys 3, 6 , 9 and 63 in the keys file valid, or trusted, and the remaining keys invalid.
Andrew Everett has worked in the Computer Time and Frequency sector for almost his entire career. He now leads TimeTools development department. Andrew has written many articles that help IT professionals make informed decisions about network and computer systems timing solutions.