perhaps a simple question, but it kept me awake all night and google didn't help either.. Most services have a ssl/tls equivalent, like http, imap, ldap. But how about an ssl/tls version of ntp? How can i know for certain that a time server is who he claims to be? Or am i looking for something impossible?? There are situations where a gps-receiver is not feasable. hw -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, Apr 15, 2010 at 06:43:52AM +0200, Hans Witvliet wrote:
perhaps a simple question, but it kept me awake all night and google didn't help either..
Most services have a ssl/tls equivalent, like http, imap, ldap. But how about an ssl/tls version of ntp?
How can i know for certain that a time server is who he claims to be?
Or am i looking for something impossible?? There are situations where a gps-receiver is not feasable.
NTP does have cryptography support, authentication, symmetric and assymetric encryption. I have however not set it up personally, but there is "ntp-doc" with HTML docu in /usr/share/doc/packages/ntp-doc/ and likely web documentation how to do it. Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2010-04-15 06:43, Hans Witvliet wrote:
perhaps a simple question, but it kept me awake all night and google didn't help either..
Most services have a ssl/tls equivalent, like http, imap, ldap. But how about an ssl/tls version of ntp?
How can i know for certain that a time server is who he claims to be?
Or am i looking for something impossible?? There are situations where a gps-receiver is not feasable.
There is provision for authentication. See man ntpd and search for "auth". But in any case, if and ntp server is incorrect, it would be discovered when your client compares time against several other servers, and then disabled from your list of peers. No damage would be done. Install the ntp-doc rpm, and read authopt.html: +++ Authentication Support Authentication support allows the NTP client to verify that the server is in fact known and trusted and not an intruder intending accidentally or on purpose to masquerade as that server. The NTPv3 specification RFC-1305 defines a scheme which provides cryptographic authentication of received NTP packets. Originally, this was done using the Data Encryption Standard (DES) algorithm operating in Cipher Block Chaining (CBC) mode, commonly called DES-CBC. Subsequently, this was replaced by the RSA Message Digest 5 (MD5) algorithm using a private key, commonly called keyed-MD5. Either algorithm computes a message digest, or one-way hash, which can be used to verify the server has the correct private key and key identifier. NTPv4 retains the NTPv3 scheme, properly described as symmetric key cryptography, and, in addition, provides a new Autokey scheme based on public key cryptography. Public key cryptography is generally considered more secure than symmetric key cryptography, since the security is based on a private value which is generated by each host and never revealed. With the exception of the group key described later, all key distribution and management functions involve only public values, which considerably simplifies key distribution and storage. Public key management is based on X.509 certificates, which can be provided by commercial services or produced by utility programs in the OpenSSL software library or the NTPv4 distribution. ++- - -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iF4EAREIAAYFAkvGsSYACgkQja8UbcUWM1zQGgD/T5Y6XCg64C4uRWZLCQx4CcOL JQkXX82oHTmrFWXjEw0A/idpKAsZ4XLDtf5Mv0rMok4TP6fkHKZYMcsjfTMFXPSc =iYMp -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, 2010-04-15 at 08:24 +0200, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 2010-04-15 06:43, Hans Witvliet wrote:
perhaps a simple question, but it kept me awake all night and google didn't help either..
Most services have a ssl/tls equivalent, like http, imap, ldap. But how about an ssl/tls version of ntp?
How can i know for certain that a time server is who he claims to be?
Or am i looking for something impossible?? There are situations where a gps-receiver is not feasable.
There is provision for authentication. See man ntpd and search for "auth".
But in any case, if and ntp server is incorrect, it would be discovered when your client compares time against several other servers, and then disabled from your list of peers. No damage would be done.
Install the ntp-doc rpm, and read authopt.html:
+++ Authentication Support
Authentication support allows the NTP client to verify that the server is in fact known and trusted and not an intruder intending accidentally or on purpose to masquerade as that server. The NTPv3 specification RFC-1305 defines a scheme which provides cryptographic authentication of received NTP packets. Originally, this was done using the Data Encryption Standard (DES) algorithm operating in Cipher Block Chaining (CBC) mode, commonly called DES-CBC. Subsequently, this was replaced by the RSA Message Digest 5 (MD5) algorithm using a private key, commonly called keyed-MD5. Either algorithm computes a message digest, or one-way hash, which can be used to verify the server has the correct private key and key identifier.
NTPv4 retains the NTPv3 scheme, properly described as symmetric key cryptography, and, in addition, provides a new Autokey scheme based on public key cryptography. Public key cryptography is generally considered more secure than symmetric key cryptography, since the security is based on a private value which is generated by each host and never revealed. With the exception of the group key described later, all key distribution and management functions involve only public values, which considerably simplifies key distribution and storage. Public key management is based on X.509 certificates, which can be provided by commercial services or produced by utility programs in the OpenSSL software library or the NTPv4 distribution. ++-
Tnx all for the info I'll get working on it. To explain the sitiation a bit better: I'm drawing up a list of steps to take for installing a CA. One of the aspects is that i want to be sure that my time is correct. This is, because the certificate defines explicitly an begin/ending date of the validity. Further more, i can _NOT_ use an gps-time source, and can not rely of the date/time from the bios. Within my organisation, we have our own time-source, but i want to make sure that these are not spoofed. But i think i can solved that with above informations... tnx agn. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hans Witvliet wrote:
To explain the sitiation a bit better: I'm drawing up a list of steps to take for installing a CA. One of the aspects is that i want to be sure that my time is correct. This is, because the certificate defines explicitly an begin/ending date of the validity.
Hmm, you don't need NTP-style accuracy for that. A couple of seconds to one side or the other makes no difference. -- Per Jessen, Zürich (7.9°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Fri, 2010-04-16 at 11:21 +0200, Per Jessen wrote:
Hans Witvliet wrote:
To explain the sitiation a bit better: I'm drawing up a list of steps to take for installing a CA. One of the aspects is that i want to be sure that my time is correct. This is, because the certificate defines explicitly an begin/ending date of the validity.
Hmm, you don't need NTP-style accuracy for that. A couple of seconds to one side or the other makes no difference.
No, but if someone manage to shift it a year, makes a crt, shift it again, another crt,.... (perhaps i'm getting paranoid) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hans Witvliet wrote:
On Fri, 2010-04-16 at 11:21 +0200, Per Jessen wrote:
Hans Witvliet wrote:
To explain the sitiation a bit better: I'm drawing up a list of steps to take for installing a CA. One of the aspects is that i want to be sure that my time is correct. This is, because the certificate defines explicitly an begin/ending date of the validity.
Hmm, you don't need NTP-style accuracy for that. A couple of seconds to one side or the other makes no difference.
No, but if someone manage to shift it a year, makes a crt, shift it again, another crt,....
(perhaps i'm getting paranoid)
Regardless, you still don't need ntp-style accuracy. Just set your system clock from a website (manually) and that'll suffice. Assuming your PC is capable of running a stable clock for the time it takes to generate the CA. -- Per Jessen, Zürich (8.2°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2010-04-16 11:29, Hans Witvliet wrote:
On Fri, 2010-04-16 at 11:21 +0200, Per Jessen wrote:
Hans Witvliet wrote:
To explain the sitiation a bit better: I'm drawing up a list of steps to take for installing a CA. One of the aspects is that i want to be sure that my time is correct. This is, because the certificate defines explicitly an begin/ending date of the validity.
Hmm, you don't need NTP-style accuracy for that. A couple of seconds to one side or the other makes no difference.
No, but if someone manage to shift it a year, makes a crt, shift it again, another crt,....
(perhaps i'm getting paranoid)
Changing the time needs to be root. If the attacker has already root access, it does not matter if you use ntp auth or not >:-) On the practical side, if your ntp daemon is configured to interrogate, say, a dozen of presumably safe ntp servers, in order to get your server to shift the time they have to hack the majority of your ntp peers. I fail to see the need of authentication for ntp, but I can easily be misinformed O:-) - -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkvI0G0ACgkQU92UU+smfQUzuACfYdxM/KD694l7VmQjjVk1BEPy nlAAn2ubTC9SDIvZUXT6cUG3TleABQTE =MnAC -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Fri, 2010-04-16 at 23:02 +0200, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2010-04-16 11:29, Hans Witvliet wrote:
On Fri, 2010-04-16 at 11:21 +0200, Per Jessen wrote:
Hans Witvliet wrote:
To explain the sitiation a bit better: I'm drawing up a list of steps to take for installing a CA. One of the aspects is that i want to be sure that my time is correct. This is, because the certificate defines explicitly an begin/ending date of the validity.
Hmm, you don't need NTP-style accuracy for that. A couple of seconds to one side or the other makes no difference.
No, but if someone manage to shift it a year, makes a crt, shift it again, another crt,....
(perhaps i'm getting paranoid)
Changing the time needs to be root. If the attacker has already root access, it does not matter if you use ntp auth or not >:-)
On the practical side, if your ntp daemon is configured to interrogate, say, a dozen of presumably safe ntp servers, in order to get your server to shift the time they have to hack the majority of your ntp peers.
I fail to see the need of authentication for ntp, but I can easily be misinformed O:-)
How about spoofing the ntp-source and doing a reboot? Logging in as ca-admin and signing a CSR... No need for root privilege... afaics, just the knowledge of the ip of the ntp-server and some iron doing an ntp-impersonation! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2010-04-17 01:24, Hans Witvliet wrote:
On Fri, 2010-04-16 at 23:02 +0200, Carlos E. R. wrote:
How about spoofing the ntp-source and doing a reboot? Logging in as ca-admin and signing a CSR...
No need for root privilege... afaics, just the knowledge of the ip of the ntp-server and some iron doing an ntp-impersonation!
As I said, no, it would not work, if you do things properly. :-) You do not sync against a single ntp server. You sync against a dozen, simultaneously, so the attacker has to pervert the majority of them, and do so in sync or the perversion is detected immediately. Obviously, as the protocol and applications do support auth, there must be use cases in which it is necesary. The programming effort must have been considerable. Thus, there must be strong reasons to use it. But I don't know them :-) - -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkvI9EAACgkQU92UU+smfQW5hACeP9dj8msWzYPGwvgTOcR2adkV S5kAnjvzEX9gRWh8qD8AJKw/log8Lai3 =2C8X -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sat, 2010-04-17 at 01:35 +0200, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2010-04-17 01:24, Hans Witvliet wrote:
On Fri, 2010-04-16 at 23:02 +0200, Carlos E. R. wrote:
How about spoofing the ntp-source and doing a reboot? Logging in as ca-admin and signing a CSR...
No need for root privilege... afaics, just the knowledge of the ip of the ntp-server and some iron doing an ntp-impersonation!
As I said, no, it would not work, if you do things properly. :-)
You do not sync against a single ntp server. You sync against a dozen, simultaneously, so the attacker has to pervert the majority of them, and do so in sync or the perversion is detected immediately.
Well, that's the issue. afaics, we have just a single reliable (!) ntp-source..... There might be others, but i allways get the same one. hw -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* Hans Witvliet
Well, that's the issue. afaics, we have just a single reliable (!) ntp-source..... There might be others, but i allways get the same one.
/etc/ntp.conf server 0.us.pool.ntp.org iburst server 1.us.pool.ntp.org iburst server 2.us.pool.ntp.org iburst server 3.us.pool.ntp.org iburst -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday, 2010-04-17 at 02:09 +0200, Hans Witvliet wrote: ...
Well, that's the issue. afaics, we have just a single reliable (!) ntp-source..... There might be others, but i allways get the same one.
How do you know? - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkvJAb0ACgkQtTMYHG2NR9WELQCZAYOw7cL860MtkfskTSFz8uNB tbsAn2fZiVyL7eGhMlia3l9BflGAoDgV =Fiqa -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sat, 2010-04-17 at 02:32 +0200, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Saturday, 2010-04-17 at 02:09 +0200, Hans Witvliet wrote:
...
Well, that's the issue. afaics, we have just a single reliable (!) ntp-source..... There might be others, but i allways get the same one.
How do you know?
corporate network, strictly isolated from internet. Physical evidence of one machine, which is being used by all other machines on the the network as far as i can detect. But as said, there might be others.... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday, 2010-04-17 at 16:50 +0200, Hans Witvliet wrote:
On Sat, 2010-04-17 at 02:32 +0200, Carlos E. R. wrote:
Well, that's the issue. afaics, we have just a single reliable (!) ntp-source..... There might be others, but i allways get the same one.
How do you know?
corporate network, strictly isolated from internet. Physical evidence of one machine, which is being used by all other machines on the the network as far as i can detect.
Well, in that case, you absolutely need to sync against a GPS or radio clock (or two), yes or yes, no excuses. No, not even secure ntp will ensure your time is correct. What does it matter that you really know that you are syncing against the only server available, if you can not check if that ntp server is giving the correct time by comparison with other servers? On the other hand, where does that ntp server gets its time reference from, if there is no connection to internet? - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkvJ2icACgkQtTMYHG2NR9VleQCdFlZNdHR0wgW5S0/dtJyleF2L Dd0AmQGmxnYiMJZjulqdq9IHBmLwbJma =lJic -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hans Witvliet wrote:
perhaps a simple question, but it kept me awake all night and google didn't help either..
Most services have a ssl/tls equivalent, like http, imap, ldap. But how about an ssl/tls version of ntp?
How can i know for certain that a time server is who he claims to be?
ntp has an authentication scheme for just that sort of thing. -- Per Jessen, Zürich (5.7°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (5)
-
Carlos E. R.
-
Hans Witvliet
-
Marcus Meissner
-
Patrick Shanahan
-
Per Jessen