This article describes how to utilise NTP authentication to authenticate a time reference when synchronising network time clients to a NTP server.
NTP Server Authentication
NTP is used to provide an accurate time reference for time critical processes. Therefore, NTP can pose a security risk if malicious users attempt to modify or replicate a timestamp to create a false time on a network device.
NTP authentication is intended to overcome security risks by ensuring that any response received from an NTP server has actually come from the intended reference. The client sends a request for time to a NTP server. The NTP server responds to the client with a timestamp along with one of a number of agreed encrypted keys. On receipt of the timestamp, the client un-encrypts the key and verifies it against a list of trusted keys. The client can then be sure that the received timestamp was indeed transmitted from the intended NTP server. NTP utilises MD5 encryption (Message Digest Encryption 5), which is a 128-bit cryptographic hash function, which outputs a fingerprint of the key. MD5 is a highly secure encryption, widely used on forums and by online communities for authentication purposes.
NTP KeysNTP keys are codes that are encrypted on both the server and client that are used to identify the NTP server. NTP keys are stored in a file usually called ‘ntp.keys'. Each key consists of a key number, an encryption code and the key itself.
E.g. NTP server keys:
1 M secret
5 M SeRvEr
7 M TiMeLy
10 M MYKEY
11 M TroPical
14 M MaGic
The key number acts as a reference to the specified key. The encryption code specifies the type of encryption to be utilised, e.g. ‘M' for MD5 encryption. The actual keys must be identical on both the client and the NTP server. The client may utilise a sub-set of the keys specified on the NTP Server. The keys are case sensitive.
E.g. client keys:
5 M SeRvEr
7 M TiMeLy
10 M MYKEY
14 M MaGic
Trusted Keys
Trusted keys are specified in the NTP configuration file, ‘ntp.conf'. Trusted keys specify which subset of keys are currently activeand can be used by the NTP server. This allows a sub-set of trusted keys to be selected from a potentially large keys file. Trusted keys are selected using the ‘trusted-keys' configuration command.
E.g.trusted-keys 5 7 14
This specifies that keys with the key references of 5, 7 and 14 are currently trusted and can be used by the NTP installation.
Summary
Essentially, authentication is used by the client to authenticate that the NTP server is who he says he is, and that no rogue server intervenes. The key is encrypted and sent to the client by the server where it is unencrypted and checked against the client keys to ensure a match.
Why Does My Organisation Need a NTP Time Server?
This article attempts to clearly and simply describe what a NTP server is and why it is an essential part of a modern computer network infrastructure.
Network Time Synchronisation using GPS
This article describes the components required to utilise GPS for computer timing applications. It also discusses how the GPS system can be used for computer network timing by using the Network Time Protocol (NTP) and NTP time servers.
Installing a Radio Referenced NTP Server
Many networks in organisations suffer from a lack of time synchronisation between servers, workstations and other network components. This can lead to problems processing time critical information and transactions. However, a solution has been available for many years in the form of NTP.
