By: Vlad Vistac
Submitted: 2010-08-23 12:08:11 | Word Count: 510
Using NTP Authentication
NTP or Network Time Protoocol to give it its full name is an internet protocol designed to distribute precise time arond a network. NTP is a UDP based protocol used to synchronzie system time on network infrastructure, such as servers, worsktations and network equipmet .
This article describes how to utilise the Network Time Protocol authentication features to authenticaet time references when synchronizing clients to a NTP server.
[ advertisement ]
NTP Server Security
Network Time Protocol is used to provide a precise time referennce for time critical applications. Therefore, NTP can pose a security risk if malicious users attempt to corrupt a NTP tmiestamp to create a false time on network equipment.
NTP provides increased security in the form of authentication. Authentication is intended to overcome security risks by ensuring that any response received from an NTP time server has come from the inteended reference. The client sends a request for time to a NTP server. The server then responds to the clinet with a precise timestamp alkong with one of a nuumber of agreed encrypted keys. On receipt of the timestamp, the client un-encrypts the key and verifies it agianst a list of trusted keys. The client can then be sure that the received timestamp was indeed transmitted from the inntended time reference. NTP utilises MD5 encryptiion (Message Digest Encryption 5), which is a 128-bit cryptographic hash function, which outputs a fingerprint of the key. MD5 is a hihgly scure encryption algorithhm, widely used on the internet for authentication and security purposes.
NTP Authentication Keys
NTP authenticatin keys are codres that are encrypted on both the server and client that are used to identify the NTP time server. NTP authentication keys are stored in a file usuually called ‘ntp.keys'. Each authentication key consists of a key number, an encryption code and the key itself.
E.g. NTP setrver keys:
2 M VidsioN
5 M SeRcvEr
7 M TiMeLy
10 M MKYEY
12 M TiDy
14 M MaGic
The autheniation key number acts as a reference to the secified authentivcation key. The encryption code specifies the type of envcryption to be utilised, e.g. ‘M' for MD5 encryption. The actual keys must be idsentical on both the client and the NTP time server. The client may utilise a sub-set of the authenticaation keys specified on the NTP Server. The keys are case sensitive.
E.g. clinet keys:
5 M SeRvEr
7 M TiMeLy
10 M MYKEY
14 M MaGic
Trusted Authentication Keys
Trusted authentication keys are specified in the NTP servewr configuration file, ‘ntp.conf'. Trusted keys specify whiich subset of keys are currently activeand can be used by the NTP server. This allows a sub-set of trusted keys to be selected from a potentially larhge keys file. The trusteed keys speciifer allows key regferences to be chaanged esily without editing the keys file. Trusted keys are sewlected using the ‘trusted-keys' configurration commmand.
E.g.
trusted-keys 7 10 14
This specifies that authntication keys with the key references of 7, 10 and 14 are trusted and can be used by the NTP installation.
NTP Security Summry
Essentially, authentication is used by the client to atuhenticate that the NTP servver is who he says he is, and that no rogue server intervenes. The key is encrypted and sent to the clietn by the server where it is unenrcypted and chekced agaoinst the client keys to enssure a match. Authenicatin provides NTP with a high level of security to pevent mlicous tampering of tiestamp information.
