SIDN Labs’ TimeNL service gains support for Network Time Security

Spread the love

SIDN Labs’ time synchronization service TimeNL is getting an experimental Network Time Security server. The current NTP server will be expanded with an NTS server that should increase the security of the protocol.

The servers will be added to TimeNL, SIDN’s public NTP service that allows system and website administrators to synchronize their system clocks with the internet. The public service based on the Network Time Protocol was released in July by the Stichting Internet Domeinregistratie Nederland. Since then, TimeNL has been free to use, but according to the tld authority it is also ‘a research project’. According to SIDN, NTP is not completely secure, and the NTS protocol could work better.

One problem with NTP is that it is relatively easy to forge the senders of UDP packages, and to perform a man-in-the-middle attack on an NTP connection. To prevent this, the standards authority IETF has added an authentication method to the protocol, based on symmetric key exchange. However, the feature added to simplify that process also contains several vulnerabilities. Network Time Security would be both safer and more user-friendly, says SIDN.

SIDN has therefore set up an experimental NTS server, the authority writes in a blog post. The server is intended for experiments by SIDN itself, but the organization ‘warmly invites everyone to get started with it’. According to SIDN, there are only a few functioning NTS servers available on the Internet. The organization wants to change that. SIDN says that some problems have already come to light via the server. For example, Cloudflare’s own NTP software would not be compatible with the service. The service has also already led to an NTS client written in Go.

You might also like