
Time Is Running Out for NTP - mistertrotsky
http://www.infoworld.com/article/3144546/security/time-is-running-out-for-ntp.html
======
mmagin
Article doesn't bother to mention that there are completely different projects
which implement NTP servers with varying levels of functionality (openntpd,
chrony, ntpsec, ntimed). And while the pool.ntp.org system is a nice scheme,
it's hardly a global necessity. You can fairly easily get a stratum 1 server
going on your own infrastructure. IMHO, too much of NTP relies on GPS, but
that's a separate matter.

~~~
privong
> IMHO, too much of NTP relies on GPS, but that's a separate matter.

I'm curious to know more. Can you please elaborate or point to some articles
discussing this?

~~~
toomuchtodo
[https://ntpserver.wordpress.com/2008/09/10/ntp-server-
stratu...](https://ntpserver.wordpress.com/2008/09/10/ntp-server-stratum-
levels-explained/)

[http://www.ntp.org/ntpfaq/NTP-s-refclk.htm](http://www.ntp.org/ntpfaq/NTP-s-
refclk.htm)

TL;DR Most NTP networks are relying on GPS versus a high precision on-site
time keeping device. Break GPS, and you break timekeeping for a wide swath of
the worldwide NTP pool. But thems the breaks when you can get access to atomic
clocks in space (each GPS satellite carries an atomic clock on board) just by
sticking an antenna out the window.

If you require precision time for critical business operations (financial
transactions, global database operations), you should be running a precision
time source locally at your datacenter; for under $20 an attacker could deny
you GPS timing.

~~~
jevinskie
If anyone is wondering: yes, _you_ can own your very own atomic clock for a
"reasonable" price! I encourage everyone to read [0] where a father takes his
kids and a few atomic clocks up a mountain and back down. By looking at the
clock drift due to changes in gravity, he was able to observe relativity!

[0]: [http://leapsecond.com/great2005/](http://leapsecond.com/great2005/)

~~~
privong
> If anyone is wondering: yes, you can own your very own atomic clock for a
> "reasonable" price!

Just to clarify, the clocks used to demonstrate gravitational time dilation
were on the order of $10,000 (or more, e.g., [0]). But one can find rubidium
standards online for a few hundred dollars.

[0] [http://www.ebay.com/itm/HP-5061B-Cesium-Beam-Frequency-
Stand...](http://www.ebay.com/itm/HP-5061B-Cesium-Beam-Frequency-Standard-
Fully-Tested-and-Guaranteed-Working-/321564435988)

------
kijeda
I thought NTP was a protocol, not a piece of software. Is the article
conflating them, or is there only one single implementation of it that
everyone relies upon?

~~~
jerdfelt
There is NTP the protocol[1], and there is NTP the implementation[2].

While the implementation is popular, there are alternatives. There is also
OpenNTPd, chrony and ntimed for instance.

There are also alternatives to the NTP protocol too, such as PTP and SNTP.

[1][https://www.ietf.org/rfc/rfc5905.txt](https://www.ietf.org/rfc/rfc5905.txt)
[2][http://www.ntp.org/](http://www.ntp.org/)

~~~
tatersolid
Don't forget the billion-plus machines out there running Windows Time Service
(which strangely has had zero security issues I can remember, even when
running in server mode).

~~~
JdeBP
W32Time has different kinds of issues, in my experience. With it, one's
problems tend to be that, by design until _very_ recently, it doesn't provide
to-the-second accuracy.

* [https://blogs.technet.microsoft.com/askds/2007/10/23/high-ac...](https://blogs.technet.microsoft.com/askds/2007/10/23/high-accuracy-w32time-requirements/)

* [https://greyware.com/software/domaintime/v5/overview/w32time...](https://greyware.com/software/domaintime/v5/overview/w32time.asp)

* [https://technet.microsoft.com/en-gb/windows-server-docs/iden...](https://technet.microsoft.com/en-gb/windows-server-docs/identity/ad-ds/get-started/windows-time-service/windows-2016-accurate-time)

------
contingencies
If you care that much about accuracy you should take a look at
[https://en.wikipedia.org/wiki/Precision_Time_Protocol](https://en.wikipedia.org/wiki/Precision_Time_Protocol)
... "IEEE 1588 is designed for local systems requiring accuracies beyond those
attainable using NTP".

------
hannob
Surprised that the whole piece didn't mention roughtime, a timesetting
protocol developed by Adam Langley with much better security properties (NTP
basically has no security):
[https://www.imperialviolet.org/2016/09/19/roughtime.html](https://www.imperialviolet.org/2016/09/19/roughtime.html)

------
notaplumber
> NTP is buried so deeply in the infrastructure that practically everyone
> reaps the project’s benefits for free.

The most common embedded NTP implementation is probably busybox, being used on
Linux routers/modems/etc.. is actually based on OpenNTPD.

[https://git.busybox.net/busybox/tree/networking/ntpd.c](https://git.busybox.net/busybox/tree/networking/ntpd.c)

------
AznHisoka
why dont dns servers provide this capability? seems like they are the most
centralized of all the online services.

~~~
PeterWhittaker
The problem isn't the service being provided, that's well handled. The problem
is that the development team is woefully underfunded, incapable of keeping up
with maintenance, security fixes, new design, documentation, testing, etc.

------
informatimago
The alternatives are most certainly as much underfounded as the mentioned
project.

------
hga
Classic NTP is hardly the only game in town. For example, see the NTPsec work
in progress: [https://www.ntpsec.org/](https://www.ntpsec.org/) which I'll
probably transition to someday, maybe even get an el-cheapo GPS receiver now
that I'm not effectively living in a basement.

And I've personally be using chrony for a while, although my needs are
significantly less than whatever level of accuracy it provides. There are some
other clients out there as well, such as OpenBSD's OpenNTPD, although I have a
vague memory of it having issues of precision, congruent with the
distribution's focus on security.

~~~
throwbsidbdk
My biggest issue with NTP is little control over who runs the servers. Unlike
the CA system that has checks in place against bad actors, practically anyone
can run an NTP pool.

It was discovered a while ago for example that some part of the Linux default
NTP servers are run by shodan. So when your machine gets the time it lets
shodan know you've got a server running so they can port scan you.

It would be stupid not to run a bunch of NTP servers if you wanted a to run a
bot net. A free list of every running Linux server and countless IoT devices!
Without having to actively scan IP space at all

~~~
lgas
NTP is more analogous to an SMTP server, HTTP server or any of the other
myriad servers anyone can run on the internet with absolutely no vetting. The
CA system is something different entirely. If you're confident that an NTP
server is safe, don't use it. The same you would do with a potentially
malicious website.

