Pitfalls of Provably Secure Systems in Internet The Case of Chronos-NTP
This work identifies critical vulnerabilities in a proposed secure NTP standard, impacting internet infrastructure security.
The paper demonstrates off-path attacks against Chronos-enhanced NTP clients, showing that the DNS-based server pool generation mechanism undermines security, making time-shifting attacks easier than against plain NTP.
The critical role that Network Time Protocol (NTP) plays in the Internet led to multiple efforts to secure it against time-shifting attacks. A recent proposal for enhancing the security of NTP with Chronos against on-path attackers seems the most promising one and is on a standardisation track of the IETF. In this work we demonstrate off-path attacks against Chronos enhanced NTP clients. The weak link is a central security feature of Chronos: The server pool generation mechanism using DNS. We show that the insecurity of DNS allows to subvert the security of Chronos making the time-shifting attacks against Chronos-NTP even easier than attacks against plain NTP.