Cited By
View all- Al-Mhiqani MAlsboui TAl-Shehari TAbdulkareem KAhmad RMohammed M(2024)Insider threat detection in cyber-physical systemsComputers and Electrical Engineering10.1016/j.compeleceng.2024.109489119:PAOnline publication date: 1-Oct-2024
MS-PTP: Protecting Network Timing from Byzantine Attacks
Authors: 
Shanghao Shi, Yang Xiao, Changlai Du, Md Hasan Shahriar, Ao Li, Ning Zhang, Y. Thomas Hou, Wenjing LouAuthors Info & Claims
Shanghao Shi, Yang Xiao, Changlai Du, Md Hasan Shahriar, Ao Li, Ning Zhang, Y. Thomas Hou, Wenjing LouAuthors Info & ClaimsPages 61 - 71
Abstract
Time-sensitive applications, such as 5G and IoT, are imposing increasingly stringent security and reliability requirements on network time synchronization. Precision time protocol (PTP) is a de facto solution to achieve high precision time synchronization. It is widely adopted by many industries. Existing efforts in securing the PTP focus on the protection of communication channels, but little attention has been given to the threat of malicious insiders. In this paper, we first present the security vulnerabilities of PTP and discuss why the current defense mechanisms are unable to counter Byzantine insiders. We demonstrate how a malicious insider can spoof a time source to arbitrarily shift the system time of a victim node on an IoT testbed. We further demonstrate the harmful consequence of the attack on a real Turtlebot3 robotic platform as the robot fails to locate itself and follows a false trajectory. As a countermeasure, we propose multi-source PTP, in short, MS-PTP, a Byzantine-resilient network time synchronization mechanism that relies on time crowdsourcing. MS-PTP changes the current PTP's single source hierarchy to a multi-source client-server architecture, in which PTP clients take responses from multiple time servers and apply a novel secure aggregation scheme to eliminate the effect of malicious responses from unreliable sources. MS-PTP is able to counter f Byzantine failures when the total number of time sources n used by a client satisfies n>=3f+1. We provide rigorous proof for its non-parametric accuracy guarantee---achieving bounded error regardless of the Byzantine population. We implemented a prototype of MS-PTP on our IoT testbed and the results show its resilience against Byzantine insiders while maintaining high synchronization accuracy.
References
[1]
3GPP. 2019. Study on enhancement of Ultra-Reliable Low-Latency Communication (URLLC) support in the 5G Core network (5GC). Technical Report. 3GPP TR23.725 V16.2.0 (Release16).
[2]
, Waleed Alghamdi and Michael Schukat. 2020. Cyber Attacks on Precision Time Protocol Networks-A Case Study. Electronics, Vol. 9, 9 (2020), 1398.
[3]
, Waleed Alghamdi and Michael Schukat. 2021. Precision time protocol attack strategies and their resistance to existing security extensions. Cybersecurity, Vol. 4, 1 (2021), 1--17.
[4]
AWS Robotics. https://aws.amazon.com/robomaker/. Accessed: 2022-05--1.
[5]
Manos Antonakakis, Tim April, Michael Bailey, et al. 2017. Understanding the mirai botnet. In 26th $$USENIX$$ security symposium ($$USENIX$$ Security 17). 1093--1110.
[6]
Peva Blanchard, El Mahdi El Mhamdi, Rachid Guerraoui, and Julien Stainer. 2017. Machine Learning with Adversaries: Byzantine Tolerant Gradient Descent. In Advances in Neural Information Processing Systems, I. Guyon, U. V. Luxburg, S. Bengio, H. Wallach, R. Fergus, S. Vishwanathan, and R. Garnett (Eds.), Vol. 30. Curran Associates, Inc. https://proceedings.neurips.cc/paper/2017/file/f4b9ec30ad9f68f89b29639786cb62ef-Paper.pdf
[7]
Ethan Buchman. 2016. Tendermint: Byzantine fault tolerance in the age of blockchains. Ph.,D. Dissertation. University of Guelph.
[8]
Miguel Castro, Barbara Liskov, et al. 1999. Practical byzantine fault tolerance. In OsDI, Vol. 99. 173--186.
[9]
Casimer DeCusatis, Robert M Lynch, William Kluge, John Houston, Paul A Wojciak, and Steve Guendert. 2019. Impact of cyberattacks on precision time protocol. IEEE Transactions on Instrumentation and Measurement, Vol. 69, 5 (2019), 2172--2181.
[10]
Omer Deutsch, Neta Rozen Schiff, Danny Dolev, and Michael Schapira. 2018. Preventing (Network) Time Travel with Chronos. In NDSS.
[11]
VP Business Development. 2019. Accurate timing in financial trading. https://www.calnexsol.com/en/timing-and-sync-blog-article-display/1386-accurate-timing-in-financial-trading
[12]
Benjamin Dowling, Douglas Stebila, and Greg Zaverucha. 2016. Authenticated network time synchronization. In 25th $$USENIX$$ Security Symposium ($$USENIX$$ Security 16). 823--840.
[13]
John C Eidson. 2006. IEEE 1588: an Update on the Standard and Its Application. In Proceedings of the 38th Annual Precise Time and Time Interval Systems and Applications Meeting. 193--211.
[14]
John C Eidson, Mike Fischer, and Joe White. 2002. IEEE-1588? Standard for a precision clock synchronization protocol for networked measurement and control systems. In Proceedings of the 34th Annual Precise Time and Time Interval Systems and Applications Meeting. 243--254.
[15]
El Mahdi El Mhamdi, Rachid Guerraoui, and Sébastien Louis Alexandre Rouault. 2021. Distributed momentum for byzantine-resilient stochastic gradient descent. In 9th International Conference on Learning Representations (ICLR).
[16]
Giada Giorgi and Claudio Narduzzi. 2011. Performance analysis of Kalman-filter-based clock synchronization in IEEE 1588 networks. IEEE transactions on instrumentation and measurement, Vol. 60, 8 (2011), 2902--2909.
[17]
Rachid Guerraoui, Sébastien Rouault, et al. 2018. The hidden vulnerability of distributed learning in byzantium. In International Conference on Machine Learning. PMLR, 3521--3530.
[18]
B Haberman, D Mills, and U Delaware. 2010. Network time protocol version 4: Autokey specification. In RFC 5906.
[19]
IBM. 2019. PTPD Daemon Version 7.2. https://www.ibm.com/docs/en/aix/7.1?topic=p-ptpd-daemon
[20]
Eyal Itkin and Avishai Wool. 2017. A security analysis and revised security extension for the precision time protocol. IEEE Transactions on Dependable and Secure Computing, Vol. 17, 1 (2017), 22--34.
[21]
M. Langer and R. Bermbach. 2022. NTS4PTP - Key Management System for the Precision Time Protocol Based on the Network Time Security Protocol. https://www.ietf.org/id/draft-langer-ntp-nts-for-ptp-04.html
[22]
Linux. 2011. An implementation of the Precision Time Protocol (PTP) according to IEEE standard 1588 for Linux. https://linuxptp.sourceforge.net/
[23]
Aanchal Malhotra, Isaac E Cohen, Erik Brakke, and Sharon Goldberg. 2015. Attacking the network time protocol. Cryptology ePrint Archive (2015).
[24]
Aanchal Malhotra, Matthew Van Gundy, Mayank Varia, Haydn Kennedy, Jonathan Gardner, and Sharon Goldberg. 2017. The security of ntp's datagram protocol. In International Conference on Financial Cryptography and Data Security. Springer, 405--423.
[25]
Miklós Maróti, Branislav Kusy, Gyula Simon, and Akos Lédeczi. 2004. The flooding time synchronization protocol. In Proceedings of the 2nd international conference on Embedded networked sensor systems. 39--49.
[26]
Bassam Moussa, Marthe Kassouf, Rachid Hadjidj, Mourad Debbabi, and Chadi Assi. 2019. An extension to the precision time protocol (PTP) to enable the detection of cyber attacks. IEEE Transactions on Industrial Informatics, Vol. 16, 1 (2019), 18--27.
[27]
Oleg Obleukhov and Ahmad Byagowi. 2022. How Precision Time Protocol is being deployed at Meta. https://engineering.fb.com/2022/11/21/production-engineering/precision-time-protocol-at-meta/
[28]
Adrian Perrig, Ran Canetti, J Doug Tygar, and Dawn Song. 2002. The TESLA broadcast authentication protocol. Rsa Cryptobytes, Vol. 5, 2 (2002), 2--13.
[29]
Relese:2.4.5.dev0. 2022. Scapy: Packet crafting for Python2 and Python3. https://scapy.readthedocs.io/en/latest/
[30]
Relese:4.2. 2022. Chronyd: a versatile implementation of the Network Time Protocol (NTP). https://chrony.tuxfamily.org/
[31]
Ruxandra Lupas Scheiterer, Chongning Na, Dragan Obradovic, and Günter Steindl. 2009. Synchronization performance of the precision time protocol in industrial automation networks. IEEE Transactions on Instrumentation and Measurement, Vol. 58, 6 (2009), 1849--1857.
[32]
Dieter Sibold, Stephen Roettger, and Kristof Teichel. 2016. Network time security. Work in Progress, draft-ietf-ntp-network-time-security-14 (2016).
[33]
Cong Xie, Oluwasanmi Koyejo, and Indranil Gupta. 2018. Phocas: dimensional byzantine-resilient stochastic gradient descent. arXiv preprint arXiv:1805.09682 (2018).
[34]
Dong Yin, Yudong Chen, Ramchandran Kannan, and Peter Bartlett. 2018. Byzantine-robust distributed learning: Towards optimal statistical rates. In International Conference on Machine Learning. PMLR, 5650--5659. io
Index Terms
- MS-PTP: Protecting Network Timing from Byzantine Attacks
Recommendations
Clock Synchronization in IoT Network Using Cloud Computing
The Internet of Things is a trending future technological revolution that emerging distributed computing and real-time based application and its development depends on dynamic technical innovation in a number of important fields from wireless sensors to ...
Protecting Enclaves from Intra-Core Side-Channel Attacks through Physical Isolation
CYSARM'20: Proceedings of the 2nd Workshop on Cyber-Security Arms RaceSystems that protect enclaves from privileged software must consider software-based side-channel attacks. Our system isolates enclaves on separate secure cores to stop attackers from running on the same core as the victim, which mitigates intra-core ...
Protecting Satellite Systems from Disassociation DoS Attacks
With the help of satellites, the entire surface of the world can be covered, which provides the high speedy communications all over the world. Consequently, security is becoming an important concern in the satellite multicast communications. However, ...
Comments
Information & Contributors
Information
Published In
May 2023
394 pages
ISBN:9781450398596
DOI:10.1145/3558482
- General Chairs:
- Ioana Boureanu,
- Steve Schneider,
- Program Chairs:
- Bradley Reaves,
- Nils Ole Tippenhauer
Copyright © 2023 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 28 June 2023
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- US National Science Foundation
- Office of Naval Research
Conference
WiSec '23: 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks
May 29 - June 1, 2023
Guildford, United Kingdom
Acceptance Rates
Overall Acceptance Rate 98 of 338 submissions, 29%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 487Total Downloads
- Downloads (Last 12 months)303
- Downloads (Last 6 weeks)54
Reflects downloads up to 01 Jan 2025
Other Metrics
Citations
Cited By
View all- Al-Mhiqani MAlsboui TAl-Shehari TAbdulkareem KAhmad RMohammed M(2024)Insider threat detection in cyber-physical systemsComputers and Electrical Engineering10.1016/j.compeleceng.2024.109489119:PAOnline publication date: 1-Oct-2024
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in