The Impact of DNS Insecurity on Time
This work addresses security vulnerabilities in time synchronization protocols, which are critical for systems relying on accurate time, but it is incremental as it builds on known DNS insecurities.
The authors demonstrated practical off-path time shifting attacks against NTP and Chronos-enhanced NTP by exploiting DNS insecurity to redirect clients to attacker-controlled servers, performing large-scale measurements to quantify the threat.
We demonstrate the first practical off-path time shifting attacks against NTP as well as against Man-in-the-Middle (MitM) secure Chronos-enhanced NTP. Our attacks exploit the insecurity of DNS allowing us to redirect the NTP clients to attacker controlled servers. We perform large scale measurements of the attack surface in NTP clients and demonstrate the threats to NTP due to vulnerable DNS.