Authenticable time servers now also available in Switzerland


There have been three public, secure time servers in Switzerland since the turn of the year. Time servers ensure that an exact time is transmitted to all connected computers and devices in the network and that they are synchronized with it.

So-called NTP servers (Network Time Protocol) for time synchronization were already public. But in recent years it has become increasingly important, for example for two-factor authentication or certificate handling, not just any, but a reliably correct time specification. What could not be guaranteed with the previously used NTP protocol.

NTP was developed in the mid-1980s when the Internet was still a small, collaborative, friendly digital space. As a result, hardly anyone thought of how to prevent bad guys from manipulating the time that computer users obtain and use from their network servers.

The public NTP servers previously used for this are no longer considered to be absolutely trustworthy, as experience has shown that they enable cybercriminals to attack time synchronization or manipulate the time. However, the use of the correct time and its synchronization is one of the essential basics of processing and transmission of data. Correct time specifications are important for cryptographic applications, for example. NTP manipulations could therefore make data encryption vulnerable and cause damage.

A relatively new method called NTS (Network Time Security) is intended to prevent such time server sabotage. NTS was published in October 2020 and is a specification of the standardization body Internet Engineering Task Force (IETF) with the participation of the German PTB (Physikalisch-Technische Bundesanstalt), which sets and disseminates the legally binding time in Germany.

NTS is a kind of protocol extension for authentication for the NTP services, which have hardly been secured up to now, analogous to the switch from HTTP to HTTPS. It supplements the client-server mode of NTP with two NTS subprotocols. On the one hand, eight cryptographic one-time cookies are initially made available to the client via a (secured) TLS connection (Transport Layer Security), on the other hand, the cookie store is replenished with each successful NTP query. Of course, NTS servers can also be used like normal NTP services, but then without additional security.

Time servers or NTP services are offered worldwide, whether by companies or government institutions such as universities. The community project “NTP Pool” www.ntppool.org, a collection of thousands of active time servers, is also available globally. So far, the company Cloudflare has made public NTS servers available worldwide at time.cloudflare.com and the PTB for Germany. The latter can be accessed at ptbtime1.ptb.de to ptbtime3.ptb.de with a suitable NTS client. Since the beginning of the year there have also been three servers for Switzerland that speak the secure time synchronization protocol.

A secure time comparison can now be obtained from ntp.zeitgitter.net, ntp.trifence.ch and ntp.3eck.net. Both in Switzerland and internationally there is still a lot of catching up to do when it comes to the NTS infrastructure, an operator told heise online. He hopes that these examples will also encourage other communities and public and private NTP operators to upgrade to NTS.


(axk)

To home page



Source link -64