It’s a sign of the times. I haven’t really heard of IEEE 1588 Precision Time Protocol (PTP)*, when I learn that it has grievous, sphincter tightening security flaws [2].
PTP is intended to enable nodes on a local network to coordinate their clocks with greater precision than NTP when GPS is unavailable. This use case is especially common in industrial plants, data centers, and other heavily networked installations with lots of sensors and other devices, and poor GPS reception.
“Security for the timing network is essential, since there is no end to the damage a bad actor might accomplish if they could steer the clock or make it unavailable” ([1], p. 3)
Monkeying with the time stamps could interfere with the order of transactions, scheduling of critical actions, or, for that matter, network security protocols. (There is a circular, chicken and egg problem here: security protocols rely on time stamps to determine the validity of keys and certificates, and time stamps rely need to use keys and certificates to assure their validity.)
The basic idea of the PTP is to propagate a time signal from a central “master” clock, allowing for network latency. Unfortunately, the currentl version 2 of the PTP is “Surprisingly Easy to Hack”, as Michelle Hampson reports [2].
Specifically, researchers at IBM and Marist College report several simple insider attacks that can really, really hose PTP [1].
Yoiks!
The attacks are a form of denial of service during the “ANNOUNCE” process of establishing the master clock. The overwhelmed receiver can be given a bad time, and cannot recover from the attack. Another attack sniffs packets and inserts a malicious duplicate master clock (an “evil twin”), that manipulates the whole network.
These are “insider” attacks, requiring access to the network. But they are pretty simple to introduce to the network, so they would require only brief access.
Version 3 of PTP is in the late stages of development, and we all can hope that it addresses these issues. Then all we have to do is get all the PTP software and hardware in the world upgraded….
* because I’m simply not involved in things that would use PTP.
- C. DeCusatis, R. M. Lynch, W. Kluge, J. Houston, P. Wojciak, and S. Guendert, Impact of Cyberattacks on Precision Time Protocol. IEEE Transactions on Instrumentation and Measurement (early access):1-1, 2019. https://ieeexplore.ieee.org/document/8721270
- Michelle Hampson, It’s Surprisingly Easy to Hack the Precision Time Protocol, in IEEE Spectrum – Tech Talk. 2019. https://spectrum.ieee.org/tech-talk/computing/networks/synchronizing-networks-with-ptp-yields-precision-but-also-vulnerability
Robert McGrath's Blog 