Search:

Implementing NTP Time Server Authentication

The Network Time Protocol was originally developed to ensure the synchronisation of time-critical process across the Internet. It is one of the oldest Internet protocols still in use today. NTP is used by network time clients to ensure synchronised time is distributed throughout a network. This article discusses the Network Time Protocol's security features and how they are implemented on various network devices. It describes how to configure MD5 authentication keys on Linux machines and CISCO network devices.

The Network Time Protocol may be used to synchronise many time critical processes on distributed computers across a network. The NTP protocol is therefore a potential security risk. Hackers or malicious users could attempt to disrupt system synchronisation by attempting to modify or replicate NTP time stamps.

Luckily, NTP has an integral security feature to thwart attempts to tamper with system time synchronisation. NTP can use MD5 encrypted keys to authenticate time stamps received from a time server. Network time clients and devices can utilise secure keys to authenticate time stamps and ensure their source of origin.

NTP implements authentication by utilising an agreed set of keys between a server and client that are encrypted in time stamps. A NTP time server passes a timestamp to a client with one of a selection of keys encrypted and appended to the message. On receipt of the timestamp the client un-encrypts the key to ensure it matches one of the agreed keys. In this manner the client can ensure that the received timestamp originated from the expected time source.

The Network Time Protocol utilises MD5 (Message Digest Encryption 5) encrypted keys. MD5 is a widely used secure encryption algorithm that utilises a 128-bit cryptographic hash function. The algorithm outputs a fingerprint of the supplied key, which is appended to the timestamp.

UNIX and LINUX NTP installations store secure keys in a file named 'ntp.keys'. Every line in the file provides a secure key in the format: 'key-number' 'encryption-code' 'key'. The 'key-number' is a reference to the key. The 'encryption code' describes the encryption algorithm in use, usually 'M' for MD5 encryption. The 'key' field is the agreed key that is to be encrypted by the encryption algorithm. A subset of 'trusted keys' may be specified in the NTP configuration file 'ntp.conf'. This allows a reduced subset of keys to be utilised by the server. Allowing compromised keys to be easily excluded from use. Trusted keys are specified using the 'trusted-keys' command followed by a space-delimited list of key references.

Many CISCO routers utilise secure MD5 authentication in the installed implementation of NTP. To enable a Cisco router to perform MD5 authentication you must follow a number of steps. Firstly, NTP authentication needs to be enabled using the 'ntp authenticate' command. Secondly, define an NTP authentication key using the 'ntp authentication-key' command. A unique reference number identifies each NTP key. The key reference number is supplied as the first paramater to the 'ntp authentication-key' command. Thirdly, use the 'ntp trusted-key' command to tell the router which keys are valid. The command's only argument is the reference number of the key defined in the previous step

The Windows 2000\2003\XP operating systems adopt a SNTP (Simple Network Time Protocol) application for time synchronisation. The implementation used by Microsoft does not include authentication keys.

To summarise, MD5 key authentication can be utilised to overcome potential security risks when implementing the NTP protocol. Network time clients can be sure that timestamps have indeed emanated from the expected time reference and have not been intercepted for malicious purposes.

By: David Evans

Article Source: http://www.myaddirectory.com

Dave Evans has provided authoring services to a number of leading companies in the field of computer network timing solutions. Dave specialises in the implementation and configuration of NTP systems and network time synchronisation. Click here for more information on time servers. www.timetools.co.uk/ntp-servers/ntp-s5500.htm

If You want to use this article on your website then select COPY THIS ARTICLE in the Menu on the right side!

Please Rate this Article

Not yet Rated

Click the XML Icon Above to Receive Networks Articles Via RSS!

Additional Articles From - Home | Computer | Networks

Network Time Synchronization through GPS Time Servers - By : Magdalena Sperber
Network storage - By : Dean Barnard
Windows Server 2008 is the hope of the new producers - By : Anne Tide
Windows Server 2008 an important innovation worth considering - By : Anne Tide
How To Set Up An Authoritative Time Server In A Windows 2003 Server based Active Directory Network - By : David Evans
The Importance of a precise Time Server - By : Magdalena Sperber
How to Build a Low-Cost GPS NTP Server - By : David Evans
Server-Based Computinng: In a Nutshell - By : Jimi St Pierre
NTP Server and Protocol Terminology - By : David Evans
Syncing Windows and Linux Time Servers to GPS Time - By : David Evans

Free Bookmarking Tool
Bookmark Your site into 50 Popular Bookmarking Services. A new way of social bookmarking that's going to increase your traffic AND revenue simultaneously
Click here to generate Your HTML-Code

Spread the Word

	Print This Article
	Post Comment
	Add To Favorites
	Email to Friends
	Ezine Ready

Submit Articles
Member Login
Top Authors
Most Popular Articles
Submission Guidelines
Ezine Notifications
Article RSS Feeds

Article Marketing Blog
Article Directory List
Webmaster Resources
Keyword Research Tool
Partners & Friends
Recommended Partners
Partner & Resources
Free Dating Article Directory
Free Travel Article Directory

New Stuff
About Us
Link to Us
Contact Us
Privacy Policy
Terms of Service
Administration

Vote For MyAdDirectory - Free Article Directory
at Top Article Directory List
Top Sites Lists

Vote For My Ad Directory - Free Article Directory
at Best Directory
TopLists