Attacking and Securing Network Time Protocol

Attacking and Securing Network Time Protocol

Boston University OpenBU http://open.bu.edu Theses & Dissertations Boston University Theses & Dissertations 2019 Attacking and securing network time protocol https://hdl.handle.net/2144/39584 Boston University BOSTON UNIVERSITY GRADUATE SCHOOL OF ARTS AND SCIENCES Dissertation ATTACKING AND SECURING NETWORK TIME PROTOCOL by AANCHAL MALHOTRA M.S., Boston University, 2015 Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy 2019 c 2019 by AANCHAL MALHOTRA All rights reserved Approved by First Reader Sharon Goldberg, PhD Associate Professor of Computer Science Second Reader Ran Canetti, PhD Professor of Computer Science Third Reader Leonid Reyzin, PhD Professor of Computer Science Acknowledgements First and foremost I want to thank my advisor Prof. Sharon Goldberg for being a tremendous mentor. Since the beginning of my graduate school, Sharon believed in me like nobody else and gave me unwavering support throughout. The joy and enthusiasm she brings to research is contagious and has been a great motivation, particularly during tough times in my Ph.D. pursuit. I am also grateful for the excellent example she has set as a strong woman, a successful professor and a wonderful mother. I'd like to give a big shout out to Prof. Leonid Reyzin and Mayank Varia for being my \second" mentors. I am grateful to Leo for providing indespensable advise in almost every aspect of my research and personal life. I thank Mayank who taught me how to think like an applied cyptographer and for introducing me to the technical tools needed to do my research. Mayank's ability to offer an extremely clear exposition of almost any topic simply amazes me. I especially thank Prof. Steve Homer for always looking out for me and helping me navigate the processes of Ph.D. program efficiently. I would not have achieved this milestone without my extremely competent and awesome co-authors. I have thoroughly enjoyed the process of coming up with hard questions and brainstorming solutions together, which incented me to widen my re- search from various perspectives. I am also grateful to my industry collaborators and IETF pals. I spent a fantastic summer as a security research intern at NLnet Labs, Amsterdam where my mentors Willem Toorop and Benno Overeinder went above and beyond to teach me the ins and outs of DNS protocol. I was also fortunate to have spent three months as cryptography engineer at Cloudflare, San Francisco. I am extremely thankful to my mentor Nick Sullivan there for making the seemingly hard task of taking an idea from inception to the running code in production, a smooth and enjoyable experience. I am also iv grateful to Nick for being a part of my Ph.D. committee and providing insightful comments on my thesis. I have benefited substantially also from my conversations with several experts at IETF including Allison Mankin, Daniel Franke, Harlan Stenn, Jared Mauch, Karen O'Donoghue, Miroslav Lichvar, Rich Salz, Suresh Krishnan, Tal Mizrahi and others on various aspects of Internet protocols and security and the complexities involved in standardization processes. My time at Boston University would not have been as much fun and worthy with- out my friends Ethan Heilman, Nabeel Akhtar, Oxana Poburinnaya, Sarah Scheffler, Tommy Unger, and William Koch, Yilei Chen. I cannot but express my deep gratitude to my partner Abhishek Sharma for always being my critic and for holding up with me during my lows. You are my biggest inspiration and the sole reason that I started my journey as a researcher in the first place. Last but not the least I'd like to thank my parents Poonam and Harish and my brother Parul for believing in me and supporting me throughout this long and eventful journey. I have thoroughly enjoyed my Ph.D. student life mainly because of all the amazing people around me. v ATTACKING AND SECURING NETWORK TIME PROTOCOL AANCHAL MALHOTRA Boston University, Graduate School of Arts and Sciences, 2019 Major Professor: Sharon Goldberg, Associate Professor of Computer Science ABSTRACT Network Time Protocol (NTP) is used to synchronize time between computer systems communicating over unreliable, variable-latency, and untrusted network paths. Time is critical for many applications; in particular it is heavily utilized by cryptographic protocols. Despite its importance, the community still lacks visibility into the robust- ness of the NTP ecosystem itself, the integrity of the timing information transmitted by NTP, and the impact that any error in NTP might have upon the security of other protocols that rely on timing information. In this thesis, we seek to accomplish the following broad goals: 1. Demonstrate that the current design presents a security risk, by showing that network attackers can exploit NTP and then use it to attack other core Internet protocols that rely on time. 2. Improve NTP to make it more robust, and rigorously analyze the security of the improved protocol. 3. Establish formal and precise security requirements that should be satisfied by a network time-synchronization protocol, and prove that these are sufficient for the security of other protocols that rely on time. vi We take the following approach to achieve our goals incrementally. 1. We begin by (a) scrutinizing NTP's core protocol (RFC 5905) and (b) stati- cally analyzing code of its reference implementation to identify vulnerabilities in protocol design, ambiguities in specifications, and flaws in reference imple- mentations. We then leverage these observations to show several off- and on- path denial-of-service and time-shifting attacks on NTP clients. We then show cache-flushing and cache-sticking attacks on DNSSEC that leverage NTP. We quantify the attack surface using Internet measurements, and suggest simple countermeasures that can improve the security of NTP and DNS(SEC). 2. Next we move beyond identifying attacks and leverage ideas from Universal Composability (UC) security framework to develop a cryptographic model for attacks on NTP's datagram protocol. We use this model to prove the security of a new backwards-compatible protocol that correctly synchronizes time in the face of both off- and on-path network attackers. 3. Next, we propose general security notions for network time-synchronization pro- tocols within the UC framework and formulate ideal functionalities that capture a number of prevalent forms of time measurement within existing systems. We show how they can be realized by real-world protocols (including but not limited to NTP), and how they can be used to assert security of time-reliant applica- tions | specifically, cryptographic certificates with revocation and expiration times. Our security framework allows for a clear and modular treatment of the use of time in security-sensitive systems. Our work makes the core NTP protocol and its implementations more robust and secure, thus improving the security of applications and protocols that rely on time. vii Contents 1 Introduction 1 1.1 Time Synchronization & Network Time Protocol (NTP) . .1 1.2 Motivation to Secure NTP . .2 1.3 Our Novel Research Approach Towards Network Protocol Security . .3 1.4 NTP Security: History & Current-State-of-Art . .5 1.5 Our Goals . .8 1.6 Our Contributions . .9 1.6.1 Attacking and fixing different modes of NTP (unauthenticated and authenticated) Chapters 2, 3, 5 . .9 1.6.2 Leveraging NTP to attack DNS (Chapter 4) . 14 1.6.3 New provably-secure NTP (Chapter 5) . 16 1.6.4 A Universally-Composable Treatment of Network Time (Chap- ter 6) . 18 2 Attacking the Network Time Protocol 21 2.1 Introduction . 21 2.2 Why time matters: Implications of attacks on NTP . 24 2.3 The NTP Ecosystem . 28 2.3.1 Background: The NTP Protocol. 29 2.3.2 Measuring the NTP ecosystem. 32 2.4 How to step time with NTP . 36 2.4.1 Time skimming . 36 viii 2.4.2 Exploiting reboot. 37 2.4.3 Recommendation: Careful with -g ............... 40 2.5 Kiss-o'-Death: Off-path Denial-of-Service Attacks . 41 2.5.1 Why are off-path attacks hard? . 41 2.5.2 Exploiting the Kiss-O'-Death Packet. 42 2.5.3 Low-rate off-path denial-of-service attack on NTP clients. 45 2.5.4 Pinning to a bad timekeeper. (Part 1: The attack) . 47 2.5.5 Detour: NTP's clock discipline algorithms. 48 2.5.6 Pinning to a bad timekeeper. (Part 2: Attack surface) . 50 2.5.7 Recommendation: Kiss-o'-Death considered harmful. 52 2.6 Off-Path NTP Fragmentation Attack . 54 2.6.1 Why are off-path attacks hard? . 54 2.6.2 IPv4 packet fragmentation. 55 2.6.3 Exploiting overlapping IPv4 fragments. 59 2.6.4 Planting spoofed fragments in the fragment buffer. 61 2.6.5 Conditions required for our attack. 64 2.6.6 Proof-of-concept implementation of our attack. 65 2.6.7 Measuring the attack surface: Servers. 68 2.6.8 Measuring the attack surface: Clients. 70 2.6.9 Recommendations: Fragmentation still considered harmful. 72 2.7 Related work . 73 2.8 Conclusion . 74 3 Attacking NTP's Authenticated Broadcast Mode 78 3.1 Introduction . 78 3.2 NTP's broadcast mode . 79 3.3 Timeshifting Attacks . 82 ix 3.4 Denial of Service Attacks . 84 3.5 Measurement Results . 86 3.6 Recommendations . 88 3.7 Conclusion . 89 4 The Impact of Time on DNS Security 91 4.1 Introduction . 91 4.2 Time and the DNS ecosystem . 94 4.2.1 Absolute time vs Relative time . 94 4.2.2 The Domain Name System (DNS) . 97 4.2.3 Time in DNS . 98 4.3 Using Time to Attack the DNS Cache . 100 4.3.1 Cache Expiration Attack . 101 4.3.2 Implications of the Cache Expiration Attack .

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    280 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us