Hello!
I am installing an NTP server, but requires authentication for that
clients can be synchronized with the server, and also that
authentication should be with public and private keys. Let me know if
I can work with certificates issued by any authority or can only use
the certificates generated by the ntp-keygen.

Thank you very much!
I hope you can answer.

PS: I'm working with ntp v4

Yessica <yessimar15@gmail.com> wrote:
> Hello!
> I am installing an NTP server, but requires authentication for that
> clients can be synchronized with the server, and also that
> authentication should be with public and private keys. Let me know if
> I can work with certificates issued by any authority or can only use
> the certificates generated by the ntp-keygen.
> 
> Thank you very much!
> I hope you can answer.
> 
> PS: I'm working with ntp v4

When I see questions like this my first response is "Why all the bother?".

There is nothing secret or proprietary about the time of day.

Since all NTP servers provide UTC, the service reveals nothing about the
machine other than the fact that the clock is correct.

If you don't want your resources utilized by outsiders, you just block
access to the NTP port for everyone but your own clients as a blocked
port uses less resources than denying an unsucessful authorization does.

Am I missing something??


-- 
Jim Pennino

Remove .spam.sux to reply.

In article <ghps58-1a.ln1@mail.specsol.com>,
 jimp@specsol.spam.sux.com writes:

>When I see questions like this my first response is "Why all the bother?".
>
>There is nothing secret or proprietary about the time of day.
>
>Since all NTP servers provide UTC, the service reveals nothing about the
>machine other than the fact that the clock is correct.
>
>If you don't want your resources utilized by outsiders, you just block
>access to the NTP port for everyone but your own clients as a blocked
>port uses less resources than denying an unsucessful authorization does.
>
>Am I missing something??

Yes.  The encryption also verifies that you are talking to the
server you think you are talking to rather than an imposter.

-- 
These are my opinions, not necessarily my employer's.  I hate spam.

Hal Murray <hal-usenet@ip-64-139-1-69.sjc.megapath.net> wrote:
> In article <ghps58-1a.ln1@mail.specsol.com>,
> jimp@specsol.spam.sux.com writes:
> 
>>When I see questions like this my first response is "Why all the bother?".
>>
>>There is nothing secret or proprietary about the time of day.
>>
>>Since all NTP servers provide UTC, the service reveals nothing about the
>>machine other than the fact that the clock is correct.
>>
>>If you don't want your resources utilized by outsiders, you just block
>>access to the NTP port for everyone but your own clients as a blocked
>>port uses less resources than denying an unsucessful authorization does.
>>
>>Am I missing something??
> 
> Yes.  The encryption also verifies that you are talking to the
> server you think you are talking to rather than an imposter.

If you specify the server by IP address, how does that happen and who
would bother to do it?

IP hijacking will disrupt a lot more than just NTP.

If your server and its clients are on a corporate network, which is the
usual case for having one's own server, how does this happen?
 

-- 
Jim Pennino

Remove .spam.sux to reply.

On Thu, Mar 24, 2011 at 2:26 PM,  <jimp@specsol.spam.sux.com> wrote:


> When I see questions like this my first response is "Why all the bother?".
>
> There is nothing secret or proprietary about the time of day.


Security is so that you know you are not being spoofed.  Or if you are
providing the time so that you can prove to your users that you are
who you claim to be and are not spoofing them.

There is the chance that someone might "impersonate" one of your
servers or a server you use. and then make a computer's clock be set
to the wrong time.   Again "who cares" if you only use your computer
to serf the web and read emails but what if you were a bank processing
ATM or visa card transactions or worse a computer routing trans or
airplanes or controlling stop lights.

If I were smart enough to remotely control a computer's time, then I
could maybe make stock trades with an effective trade date of four
hours ago.  I could make a fortune.



-- 
=====
Chris Albertson
Redondo Beach, California

On 2011-03-24, Hal Murray <hal-usenet@ip-64-139-1-69.sjc.megapath.net> wrote:
> In article <ghps58-1a.ln1@mail.specsol.com>,
>  jimp@specsol.spam.sux.com writes:
>
>>When I see questions like this my first response is "Why all the bother?".
>>
>>There is nothing secret or proprietary about the time of day.

[snip]

>>Am I missing something??
>
> Yes.  The encryption also verifies that you are talking to the
> server you think you are talking to rather than an imposter.

NTP Authentication adds signatures to the packets. There is no
encryption.

-- 
Steve Kostecke <kostecke@ntp.org>
NTP Public Services Project - http://support.ntp.org/

Chris Albertson <albertson.chris@gmail.com> wrote:
> On Thu, Mar 24, 2011 at 2:26 PM,  <jimp@specsol.spam.sux.com> wrote:
> 
> 
>> When I see questions like this my first response is "Why all the bother?".
>>
>> There is nothing secret or proprietary about the time of day.
> 
> 
> Security is so that you know you are not being spoofed.  Or if you are
> providing the time so that you can prove to your users that you are
> who you claim to be and are not spoofing them.

The question was about clients authenticating to the server.

See below.

> There is the chance that someone might "impersonate" one of your
> servers or a server you use. and then make a computer's clock be set
> to the wrong time.   Again "who cares" if you only use your computer
> to serf the web and read emails but what if you were a bank processing
> ATM or visa card transactions or worse a computer routing trans or
> airplanes or controlling stop lights.
> 
> If I were smart enough to remotely control a computer's time, then I
> could maybe make stock trades with an effective trade date of four
> hours ago.  I could make a fortune.

If the time on a client is that important, you run multiple local servers
with backup like a GPS NTP box and you don't depend on getting the time
across the Internet.

If the time on a client is only "kind of" important, you still run multiple
servers, which means a majority of your servers would have to be spoofed
in sync before it would have any effect on the clients.

If your clients and server are on your local network, it is not very likely
your servers are going to be spoofed, and if it is you have bigger issues
than the time of day.




-- 
Jim Pennino

Remove .spam.sux to reply.

On Thu, Mar 24, 2011 at 4:18 PM,  <jimp@specsol.spam.sux.com> wrote:
> Hal Murray <hal-usenet@ip-64-139-1-69.sjc.megapath.net> wrote:
>> In article <ghps58-1a.ln1@mail.specsol.com>,
>> jimp@specsol.spam.sux.com writes:
>>
>>>When I see questions like this my first response is "Why all the bother?=
".
>>>
>>>There is nothing secret or proprietary about the time of day.
>>>
>>>Since all NTP servers provide UTC, the service reveals nothing about the
>>>machine other than the fact that the clock is correct.
>>>
>>>If you don't want your resources utilized by outsiders, you just block
>>>access to the NTP port for everyone but your own clients as a blocked
>>>port uses less resources than denying an unsucessful authorization does.
>>>
>>>Am I missing something??
>>
>> Yes. =A0The encryption also verifies that you are talking to the
>> server you think you are talking to rather than an imposter.
>
> If you specify the server by IP address, how does that happen and who
> would bother to do it?

The most obvious and easy way is that I cut the wire that goes from
your house to your ISP and place a computer (and modems)  at the cut
point.  It can change any bit in any packet.  I would not bother with
your house but a bank, maybe.

If I could make transactions that were backdated I could make a lot of
money even if only slightly back dated by 10 seconds.

>
> IP hijacking will disrupt a lot more than just NTP.

It can but,  that is up to the hijacker.   A "man in the middle"
attack can filter network packets and change only the bits he wants
changed
>
> If your server and its clients are on a corporate network, which is the
> usual case for having one's own server, how does this happen?

Outsider has taken control of a computer that lives inside your network

In general your arguments follows a common mistake.  It is equivalent
to  "I can't figure it out so therefor it can't happen".   It is never
valid to argue "it's imposable because I can't figure any way to....".
   To claim something is imposable you need something that is very
much like a mathematical proof.


-- =

=3D=3D=3D=3D=3D
Chris Albertson
Redondo Beach, California

On 2011-03-25, jimp@specsol.spam.sux.com <jimp@specsol.spam.sux.com>
wrote:

> Chris Albertson <albertson.chris@gmail.com> wrote:
>
>> On Thu, Mar 24, 2011 at 2:26 PM, <jimp@specsol.spam.sux.com> wrote:
>>
>>
>>> When I see questions like this my first response is "Why all the
>>> bother?".
>>>
>>> There is nothing secret or proprietary about the time of day.
>>
>> Security is so that you know you are not being spoofed. Or if you are
>> providing the time so that you can prove to your users that you are
>> who you claim to be and are not spoofing them.
>
> The question was about clients authenticating to the server.

NTP Authentication authenticates the server to the clients. It is not a
client access control mechanism.

-- 
Steve Kostecke <kostecke@ntp.org>
NTP Public Services Project - http://support.ntp.org/

> NTP Authentication adds signatures to the packets. There is no
> encryption.

What are "signatures"?    How are they generated?

Signatures are typically encrypted hashes of the message.  They are
typically used when you don't really care to hide the content of the
message but you do want to verify the sender of the message.
Signatures depend on cryptography



-- 
=====
Chris Albertson
Redondo Beach, California

Chris Albertson <albertson.chris@gmail.com> wrote:
> On Thu, Mar 24, 2011 at 4:18 PM,  <jimp@specsol.spam.sux.com> wrote:
>> Hal Murray <hal-usenet@ip-64-139-1-69.sjc.megapath.net> wrote:
>>> In article <ghps58-1a.ln1@mail.specsol.com>,
>>> jimp@specsol.spam.sux.com writes:
>>>
>>>>When I see questions like this my first response is "Why all the bother?".
>>>>
>>>>There is nothing secret or proprietary about the time of day.
>>>>
>>>>Since all NTP servers provide UTC, the service reveals nothing about the
>>>>machine other than the fact that the clock is correct.
>>>>
>>>>If you don't want your resources utilized by outsiders, you just block
>>>>access to the NTP port for everyone but your own clients as a blocked
>>>>port uses less resources than denying an unsucessful authorization does.
>>>>
>>>>Am I missing something??
>>>
>>> Yes.  The encryption also verifies that you are talking to the
>>> server you think you are talking to rather than an imposter.
>>
>> If you specify the server by IP address, how does that happen and who
>> would bother to do it?
> 
> The most obvious and easy way is that I cut the wire that goes from
> your house to your ISP and place a computer (and modems)  at the cut
> point.  It can change any bit in any packet.  I would not bother with
> your house but a bank, maybe.

Childish fantasy that shows zero understanding of how such things work.

> If I could make transactions that were backdated I could make a lot of
> money even if only slightly back dated by 10 seconds.

Yeah, if you could do that, but you can't.

>> IP hijacking will disrupt a lot more than just NTP.
> 
> It can but,  that is up to the hijacker.   A "man in the middle"
> attack can filter network packets and change only the bits he wants
> changed

Yeah, right, like the time in NTP packets.

>> If your server and its clients are on a corporate network, which is the
>> usual case for having one's own server, how does this happen?
> 
> Outsider has taken control of a computer that lives inside your network

If that happens you have a lot more to worry about then the time on some
client machines, like your total lack of competence.

> In general your arguments follows a common mistake.  It is equivalent
> to  "I can't figure it out so therefor it can't happen".   It is never
> valid to argue "it's imposable because I can't figure any way to....".
>   To claim something is imposable you need something that is very
> much like a mathematical proof.

I never claimed it is "impossible" to disrupt an NTP server.
 
My arguement is that if the correct time is important it is trival
to ensure that with a proper setup and without jumping through hoops.
 

-- 
Jim Pennino

Remove .spam.sux to reply.

Steve Kostecke <kostecke@ntp.org> wrote:
> On 2011-03-25, jimp@specsol.spam.sux.com <jimp@specsol.spam.sux.com>
> wrote:
> 
>> Chris Albertson <albertson.chris@gmail.com> wrote:
>>
>>> On Thu, Mar 24, 2011 at 2:26 PM, <jimp@specsol.spam.sux.com> wrote:
>>>
>>>
>>>> When I see questions like this my first response is "Why all the
>>>> bother?".
>>>>
>>>> There is nothing secret or proprietary about the time of day.
>>>
>>> Security is so that you know you are not being spoofed. Or if you are
>>> providing the time so that you can prove to your users that you are
>>> who you claim to be and are not spoofing them.
>>
>> The question was about clients authenticating to the server.
> 
> NTP Authentication authenticates the server to the clients. It is not a
> client access control mechanism.

Yeah, I know, I should not have put "to" between the words "authenticating"
and "server".

It would be impossible to spoof a proper NTP setup where time is critical.

If time is critical, a proper setup would have multiple servers as well as
multiple independent, local sources like GPS and CDMA.
 

-- 
Jim Pennino

Remove .spam.sux to reply.

On Thu, Mar 24, 2011 at 05:01:07PM -0700, Chris Albertson wrote:
> Security is so that you know you are not being spoofed.  Or if you are
> providing the time so that you can prove to your users that you are
> who you claim to be and are not spoofing them.
> 
> There is the chance that someone might "impersonate" one of your
> servers or a server you use. and then make a computer's clock be set
> to the wrong time.   Again "who cares" if you only use your computer
> to serf the web and read emails but what if you were a bank processing
> ATM or visa card transactions or worse a computer routing trans or
> airplanes or controlling stop lights.

There is one important thing I haven't seen mentioned here. A MITM
doesn't need to modify the NTP packets to seriously degrade your
timekeeping. He can exploit the PLL instability when undersampled and
by dropping and delaying the packets (up to maxdist, 1.5s by default)
he can fairly quickly throw your clock off and let you drift away.

In addition to the authentication, it's important to monitor
reachability of the peers.

-- 
Miroslav Lichvar

jimp@specsol.spam.sux.com wrote:

> If you specify the server by IP address, how does that happen and who
> would bother to do it?

The $something trading solutions that require exact timematch
( remember the recent rush of ntp users
   requiring u-second global time match )
over a set of widely distributed hosts allow fraud in
various ways if you can manipulate the time for some select host.
> 
> IP hijacking will disrupt a lot more than just NTP.

Elegance and not being caught out is everything.

uwe

Uwe Klein <uwe_klein_habertwedt@t-online.de> wrote:
> jimp@specsol.spam.sux.com wrote:
> 
>> If you specify the server by IP address, how does that happen and who
>> would bother to do it?
> 
> The $something trading solutions that require exact timematch
> ( remember the recent rush of ntp users
>   requiring u-second global time match )
> over a set of widely distributed hosts allow fraud in
> various ways if you can manipulate the time for some select host.

One more time, if time is critical to your operation you do NOT have one
and only one NTP server.

You have serveral servers with local GPS and CDMA NTP boxes.

Let's see you spoof the Internet, GPS, and CDMA all at the same time.


-- 
Jim Pennino

Remove .spam.sux to reply.

Miroslav Lichvar <mlichvar@redhat.com> wrote:
> On Thu, Mar 24, 2011 at 05:01:07PM -0700, Chris Albertson wrote:
>> Security is so that you know you are not being spoofed.  Or if you are
>> providing the time so that you can prove to your users that you are
>> who you claim to be and are not spoofing them.
>> 
>> There is the chance that someone might "impersonate" one of your
>> servers or a server you use. and then make a computer's clock be set
>> to the wrong time.   Again "who cares" if you only use your computer
>> to serf the web and read emails but what if you were a bank processing
>> ATM or visa card transactions or worse a computer routing trans or
>> airplanes or controlling stop lights.
> 
> There is one important thing I haven't seen mentioned here. A MITM
> doesn't need to modify the NTP packets to seriously degrade your
> timekeeping. He can exploit the PLL instability when undersampled and
> by dropping and delaying the packets (up to maxdist, 1.5s by default)
> he can fairly quickly throw your clock off and let you drift away.
> 
> In addition to the authentication, it's important to monitor
> reachability of the peers.

One more time, if time is critical to your operation you have several
sources to include local GPS and CDMA NTP boxes.

 

-- 
Jim Pennino

Remove .spam.sux to reply.

jimp@specsol.spam.sux.com wrote:
> One more time, if time is critical to your operation you do NOT have one
> and only one NTP server.

One more time, the times of well designed protocolls
and infrastructure software are gone ;-)
Today the PHB and his idiot savant minions rule.
> 
> You have serveral servers with local GPS and CDMA NTP boxes.
> 
> Let's see you spoof the Internet, GPS, and CDMA all at the same time.
> 
> 
Pfft. you don't have to.

The GFC is not only witness to the haphazard portfolio of  products traded
but also the (lack of) basic understanding brought to financial infrastructure.

IMHO, It is not well designed with an eye on faulttolerance, congestion, ...

uwe

<jimp@specsol.spam.sux.com> wrote in message
news:5lpu58-278.ln1@mail.specsol.com...
> Uwe Klein <uwe_klein_habertwedt@t-online.de> wrote:
[...]
>> The $something trading solutions that require exact timematch
>> ( remember the recent rush of ntp users
>>   requiring u-second global time match )
>> over a set of widely distributed hosts allow fraud in
>> various ways if you can manipulate the time for some select host.
>
> One more time, if time is critical to your operation you do NOT have
> one and only one NTP server.
>
> You have serveral servers with local GPS and CDMA NTP boxes.
>
> Let's see you spoof the Internet, GPS, and CDMA all at the same time.

I'll solve (the subproblems of) the big problems just like the little
problems. One at a time.

That there are other lines of defence is no reason to neglect any one
of them. Every single one is there in case the other ones fail. Any and
all of the other ones.

You do not improve security by stacking the lemon meringue walls higher,
or thicker.

Groetjes,
Maarten Wiltink

On 2011-03-25, jimp@specsol.spam.sux.com <jimp@specsol.spam.sux.com> wrote:
> Miroslav Lichvar <mlichvar@redhat.com> wrote:
>> On Thu, Mar 24, 2011 at 05:01:07PM -0700, Chris Albertson wrote:
>>> Security is so that you know you are not being spoofed.  Or if you are
>>> providing the time so that you can prove to your users that you are
>>> who you claim to be and are not spoofing them.
>>> 
>>> There is the chance that someone might "impersonate" one of your
>>> servers or a server you use. and then make a computer's clock be set
>>> to the wrong time.   Again "who cares" if you only use your computer
>>> to serf the web and read emails but what if you were a bank processing
>>> ATM or visa card transactions or worse a computer routing trans or
>>> airplanes or controlling stop lights.
>> 
>> There is one important thing I haven't seen mentioned here. A MITM
>> doesn't need to modify the NTP packets to seriously degrade your
>> timekeeping. He can exploit the PLL instability when undersampled and
>> by dropping and delaying the packets (up to maxdist, 1.5s by default)
>> he can fairly quickly throw your clock off and let you drift away.
>> 
>> In addition to the authentication, it's important to monitor
>> reachability of the peers.
>
> One more time, if time is critical to your operation you have several
> sources to include local GPS and CDMA NTP boxes.

I do not understand. If you do not want to use the authentication, don't.
Noone is forcing you to. We really do not care if you have thought
through your security or not. But at this point it sounds like you are
on a crusade against having the authentication in ntpd, and that
is bizarre. If you think it adds nothing, do not use it. Or if it
offends you to have something in a program you do not use, then rewrite
ntpd to remove the sections that are offensive to you and use that. 
And learn once again that you may not completely understand everyone
else in the world. 

On 2011-03-25, Chris Albertson <albertson.chris@gmail.com> wrote:
>> NTP Authentication adds signatures to the packets. There is no
>> encryption.
>
> What are "signatures"?

Message Authenticator Code (MAC)

> How are they generated?

Search for 'hash' in:

http://www.ece.udel.edu/~mills/database/reports/stime1/stime.pdf

> Signatures are typically encrypted hashes of the message.

See section 4 (which starts on page 10).

"NTPv3 and NTPv4 symmetric key cryptography uses keyed-MD5 message
digests with a 128- bit private key and 32-bit key ID. In order to
retain backward compatibility with NTPv3, the NTPv4 key ID space is
partitioned in two subspaces at a pivot point of 65536. Symmetric key
IDs have values less than the pivot and indefinite lifetime. Autokey key
IDs have pseudo-random values equal to or greater than the pivot and
are expunged immediately after use. Both symmetric key and public key
cryptography authenticate as shown in Figure 1. The server looks up the
key associated with the key ID and calculates the message digest from
the NTP header and extension fields together with the key value. The key
ID and digest form the message authentication code (MAC) included with
the message. The client does the same computation using its local copy
of the key and compares the result with the digest in the MAC. If the
values agree, the message is assumed authentic."

-- 
Steve Kostecke <kostecke@ntp.org>
NTP Public Services Project - http://support.ntp.org/

On Fri, Mar 25, 2011 at 8:40 AM,  <jimp@specsol.spam.sux.com> wrote:

> Let's see you spoof the Internet, GPS, and CDMA all at the same time.

Summary of above argument:
"You can't spoof my system, therefor other systems can't be spoofed."


So far all the arguments seem to be equivalent to either
(1)  "I don't need this therefor others should not need it." or,
(2) "I cannot see how X could happen, therefore X cannot happen."

The trouble with universal statements like "X can't happen" or "no one
would,..." is that they can be shown to be false with only one counter
example.   Of course some universal statements are in fact true.  One
way you can show a universal to be true is to assume it is false and
then show that some law of mathematics or physics would be violated.
But any number of examples or statistics will never work.


-- 
=====
Chris Albertson
Redondo Beach, California

On 3/25/2011 11:40 AM, jimp@specsol.spam.sux.com wrote:
> Uwe Klein<uwe_klein_habertwedt@t-online.de>  wrote:
>> jimp@specsol.spam.sux.com wrote:
>>
>>> If you specify the server by IP address, how does that happen and who
>>> would bother to do it?
>>
>> The $something trading solutions that require exact timematch
>> ( remember the recent rush of ntp users
>>    requiring u-second global time match )
>> over a set of widely distributed hosts allow fraud in
>> various ways if you can manipulate the time for some select host.
>
> One more time, if time is critical to your operation you do NOT have one
> and only one NTP server.
>
> You have serveral servers with local GPS and CDMA NTP boxes.
>
> Let's see you spoof the Internet, GPS, and CDMA all at the same time.
>
>

Any two would be sufficient!

Richard B. Gilbert wrote:
> jimp@specsol.spam.sux.com wrote:
>> Let's see you spoof the Internet, GPS, and CDMA all at the same time.
>
> Any two would be sufficient!

GPS Jamming could take out the GPS and CDMA.

-- 
E-Mail Sent to this address <BlackList@Anitech-Systems.com>
  will be added to the BlackLists.

jimp@specsol.spam.sux.com wrote:

> One more time, if time is critical to your operation you have several
> sources to include local GPS and CDMA NTP boxes.

You missed an important point, your CEO must also have a current science 
background.  Most UK CEOs, at least, have an arts background, and are 
quite likely to lead to solutions with no local time receivers, because 
they require capital expenditure.

E-Mail Sent to this address will be added to the BlackLists wrote:
> Richard B. Gilbert wrote:
>> jimp@specsol.spam.sux.com wrote:
>>> Let's see you spoof the Internet, GPS, and CDMA all at the same time.
>> Any two would be sufficient!
> 
> GPS Jamming could take out the GPS and CDMA.

And the coarse/acquisition code that I presume is used by normal 
commercial GPS clocks is public knowledge, so can be spoofed.
> 

In article <slrnionrs2.teh.kostecke@stasis.kostecke.net>,
 Steve Kostecke <kostecke@ntp.org> writes:
>On 2011-03-24, Hal Murray <hal-usenet@ip-64-139-1-69.sjc.megapath.net> wrote:

>> Yes.  The encryption also verifies that you are talking to the
>> server you think you are talking to rather than an imposter.
>
>NTP Authentication adds signatures to the packets. There is no
>encryption.

Thanks for the correction.

-- 
These are my opinions, not necessarily my employer's.  I hate spam.

Uwe Klein <uwe_klein_habertwedt@t-online.de> wrote:
> jimp@specsol.spam.sux.com wrote:
>> One more time, if time is critical to your operation you do NOT have one
>> and only one NTP server.
> 
> One more time, the times of well designed protocolls
> and infrastructure software are gone ;-)
> Today the PHB and his idiot savant minions rule.
>> 
>> You have serveral servers with local GPS and CDMA NTP boxes.
>> 
>> Let's see you spoof the Internet, GPS, and CDMA all at the same time.
>> 
>> 
> Pfft. you don't have to.
> 
> The GFC is not only witness to the haphazard portfolio of  products traded
> but also the (lack of) basic understanding brought to financial infrastructure.
> 
> IMHO, It is not well designed with an eye on faulttolerance, congestion, ...
> 
> uwe

Non sequitur.

-- 
Jim Pennino

Remove .spam.sux to reply.

Maarten Wiltink <maarten@kittensandcats.net> wrote:
> <jimp@specsol.spam.sux.com> wrote in message
> news:5lpu58-278.ln1@mail.specsol.com...
>> Uwe Klein <uwe_klein_habertwedt@t-online.de> wrote:
> [...]
>>> The $something trading solutions that require exact timematch
>>> ( remember the recent rush of ntp users
>>>   requiring u-second global time match )
>>> over a set of widely distributed hosts allow fraud in
>>> various ways if you can manipulate the time for some select host.
>>
>> One more time, if time is critical to your operation you do NOT have
>> one and only one NTP server.
>>
>> You have serveral servers with local GPS and CDMA NTP boxes.
>>
>> Let's see you spoof the Internet, GPS, and CDMA all at the same time.
> 
> I'll solve (the subproblems of) the big problems just like the little
> problems. One at a time.
> 
> That there are other lines of defence is no reason to neglect any one
> of them. Every single one is there in case the other ones fail. Any and
> all of the other ones.
> 
> You do not improve security by stacking the lemon meringue walls higher,
> or thicker.
> 
> Groetjes,
> Maarten Wiltink
 
You do not improve secuity by worrying about, and spending time on, imaginary
threats.
 

-- 
Jim Pennino

Remove .spam.sux to reply.

Chris Albertson <albertson.chris@gmail.com> wrote:
> On Fri, Mar 25, 2011 at 8:40 AM,  <jimp@specsol.spam.sux.com> wrote:
> 
>> Let's see you spoof the Internet, GPS, and CDMA all at the same time.
> 
> Summary of above argument:
> "You can't spoof my system, therefor other systems can't be spoofed."

Nope.

Try reading it again, this time for comprehension.



-- 
Jim Pennino

Remove .spam.sux to reply.

Richard B. Gilbert <rgilbert88@comcast.net> wrote:
> On 3/25/2011 11:40 AM, jimp@specsol.spam.sux.com wrote:
>> Uwe Klein<uwe_klein_habertwedt@t-online.de>  wrote:
>>> jimp@specsol.spam.sux.com wrote:
>>>
>>>> If you specify the server by IP address, how does that happen and who
>>>> would bother to do it?
>>>
>>> The $something trading solutions that require exact timematch
>>> ( remember the recent rush of ntp users
>>>    requiring u-second global time match )
>>> over a set of widely distributed hosts allow fraud in
>>> various ways if you can manipulate the time for some select host.
>>
>> One more time, if time is critical to your operation you do NOT have one
>> and only one NTP server.
>>
>> You have serveral servers with local GPS and CDMA NTP boxes.
>>
>> Let's see you spoof the Internet, GPS, and CDMA all at the same time.
>>
>>
> 
> Any two would be sufficient!

Nope, Assuming you had three independant sources of NTP information, you
would have to spoof two of them identically, which is virtually impossible
for anything less than a government, or two of the three would just appear
to be "failed".


-- 
Jim Pennino

Remove .spam.sux to reply.

E-Mail Sent to this address will be added to the BlackLists <Null@blacklist.anitech-systems.invalid> wrote:
> Richard B. Gilbert wrote:
>> jimp@specsol.spam.sux.com wrote:
>>> Let's see you spoof the Internet, GPS, and CDMA all at the same time.
>>
>> Any two would be sufficient!
> 
> GPS Jamming could take out the GPS and CDMA.

Granted, but that is not "spoofing" nor would it cause the time of anything
to become incorrect by some amount.

Also, jamming both GPS and CDMA would likely greatly arouse the ire of the
powers that be.

 

-- 
Jim Pennino

Remove .spam.sux to reply.

unruh <unruh@wormhole.physics.ubc.ca> wrote:
> On 2011-03-25, jimp@specsol.spam.sux.com <jimp@specsol.spam.sux.com> wrote:
>> Miroslav Lichvar <mlichvar@redhat.com> wrote:
>>> On Thu, Mar 24, 2011 at 05:01:07PM -0700, Chris Albertson wrote:
>>>> Security is so that you know you are not being spoofed.  Or if you are
>>>> providing the time so that you can prove to your users that you are
>>>> who you claim to be and are not spoofing them.
>>>> 
>>>> There is the chance that someone might "impersonate" one of your
>>>> servers or a server you use. and then make a computer's clock be set
>>>> to the wrong time.   Again "who cares" if you only use your computer
>>>> to serf the web and read emails but what if you were a bank processing
>>>> ATM or visa card transactions or worse a computer routing trans or
>>>> airplanes or controlling stop lights.
>>> 
>>> There is one important thing I haven't seen mentioned here. A MITM
>>> doesn't need to modify the NTP packets to seriously degrade your
>>> timekeeping. He can exploit the PLL instability when undersampled and
>>> by dropping and delaying the packets (up to maxdist, 1.5s by default)
>>> he can fairly quickly throw your clock off and let you drift away.
>>> 
>>> In addition to the authentication, it's important to monitor
>>> reachability of the peers.
>>
>> One more time, if time is critical to your operation you have several
>> sources to include local GPS and CDMA NTP boxes.
> 
> I do not understand. If you do not want to use the authentication, don't.
> Noone is forcing you to. We really do not care if you have thought
> through your security or not. But at this point it sounds like you are
> on a crusade against having the authentication in ntpd, and that
> is bizarre. If you think it adds nothing, do not use it. Or if it
> offends you to have something in a program you do not use, then rewrite
> ntpd to remove the sections that are offensive to you and use that. 
> And learn once again that you may not completely understand everyone
> else in the world. 

You must really have your panties in a bunch if asking what good is NTP
authentication becomes a "crusade" in your mind.

As far as I can see, given the way NTP works and the number of available
and independant sources, authentication may make you feel good about it,
but has no added value.
 

-- 
Jim Pennino

Remove .spam.sux to reply.

David Woolley <david@ex.djwhome.demon.invalid> wrote:
> jimp@specsol.spam.sux.com wrote:
> 
>> One more time, if time is critical to your operation you have several
>> sources to include local GPS and CDMA NTP boxes.
> 
> You missed an important point, your CEO must also have a current science 
> background.  Most UK CEOs, at least, have an arts background, and are 
> quite likely to lead to solutions with no local time receivers, because 
> they require capital expenditure.

Yeah, that is a possible scenario; total stupidity in charge.

But you don't need a science background to understand that if accurate
time keeping has an economic impact on your organization, you had better
keep it accurate.

-- 
Jim Pennino

Remove .spam.sux to reply.

On 3/27/2011 5:45 PM, jimp@specsol.spam.sux.com wrote:
> E-Mail Sent to this address will be added to the BlackLists<Null@blacklist.anitech-systems.invalid>  wrote:
>> Richard B. Gilbert wrote:
>>> jimp@specsol.spam.sux.com wrote:
>>>> Let's see you spoof the Internet, GPS, and CDMA all at the same time.
>>>
>>> Any two would be sufficient!
>>
>> GPS Jamming could take out the GPS and CDMA.
>
> Granted, but that is not "spoofing" nor would it cause the time of anything
> to become incorrect by some amount.
>
> Also, jamming both GPS and CDMA would likely greatly arouse the ire of the
> powers that be.
>
>
>

Didn't I just see an announcement that GPS was going to be jammed in 
order to test something or other?

Richard B. Gilbert <rgilbert88@comcast.net> wrote:
> On 3/27/2011 5:45 PM, jimp@specsol.spam.sux.com wrote:
>> E-Mail Sent to this address will be added to the BlackLists<Null@blacklist.anitech-systems.invalid>  wrote:
>>> Richard B. Gilbert wrote:
>>>> jimp@specsol.spam.sux.com wrote:
>>>>> Let's see you spoof the Internet, GPS, and CDMA all at the same time.
>>>>
>>>> Any two would be sufficient!
>>>
>>> GPS Jamming could take out the GPS and CDMA.
>>
>> Granted, but that is not "spoofing" nor would it cause the time of anything
>> to become incorrect by some amount.
>>
>> Also, jamming both GPS and CDMA would likely greatly arouse the ire of the
>> powers that be.
>>
>>
>>
> 
> Didn't I just see an announcement that GPS was going to be jammed in 
> order to test something or other?

Yeah, it happens quite often on a scheduled basis in limited areas.


-- 
Jim Pennino

Remove .spam.sux to reply.

On Sun, Mar 27, 2011 at 5:22 PM, Richard B. Gilbert
<rgilbert88@comcast.net> wrote:
>>
>> Also, jamming both GPS and CDMA would likely greatly arouse the ire of the
>> powers that be.

I agree that jamming is not spoofing although the most sophisticated
form of jamming to to spoof a signal.  So the receiver gets a false
signal and dose not know it i being jamed.  But the units being sold
out of China are just simple, low power noise makers  The available
cell phone jammers are very low power and only work within say one
room.   Same for GPS jammers.  They are very low power devices.
-- 
=====
Chris Albertson
Redondo Beach, California

jimp@specsol.spam.sux.com wrote:
> Richard B. Gilbert <rgilbert88@comcast.net> wrote:

>>Didn't I just see an announcement that GPS was going to be jammed in 
>>order to test something or other?
> 
> 
> Yeah, it happens quite often on a scheduled basis in limited areas.
> 
Hmm, it should not be all that difficult to set up a limited reach
GPS WAAS/EGNOS impostor.
> 
elsewher:
Bruce Schneier ( security guy ):
http://www.schneier.com/blog/archives/2008/09/gps_spoofing.html


uwe

Uwe Klein <uwe_klein_habertwedt@t-online.de> wrote:
> jimp@specsol.spam.sux.com wrote:
>> Richard B. Gilbert <rgilbert88@comcast.net> wrote:
> 
>>>Didn't I just see an announcement that GPS was going to be jammed in 
>>>order to test something or other?
>> 
>> 
>> Yeah, it happens quite often on a scheduled basis in limited areas.
>> 
> Hmm, it should not be all that difficult to set up a limited reach
> GPS WAAS/EGNOS impostor.
>> 
> elsewher:
> Bruce Schneier ( security guy ):
> http://www.schneier.com/blog/archives/2008/09/gps_spoofing.html
> 
> 
> uwe

OK, so the bad guy sets up the stuff for a GPS spoofer and parks it next
to the targeted building where high dollar value stuff goes on in hopes
of tweeking their system clocks and stealing a fortune.

First issue; a big bucks operation is likely in a multi-story building
with the GPS antenna on the roof and GPS antennas have low sensitivity
looking down.

Our bad guys just happen to know something about antenna patterns, so they
obtained some high power RF amplifiers to make sure their signal dominates.

So, after carefully syncing their spoofer to the real time, because if they
don't, the time jump will just be rejected, the bad guys start cranking up
the output power until their signal dominates.

At that point they start slowly changing the time to something else.

Meanwhile, inside the building where NTP was set up by someone with a clue
that bothered to read the documentation, the target client computers notice
that the GPS source is different than all the other sources and decide the
GPS source has failed and ignore the GPS data.

Drat that NTP voting alogorithm.



-- 
Jim Pennino

Remove .spam.sux to reply.

jimp@specsol.spam.sux.com wrote:
> At that point they start slowly changing the time to something else.
> 
> Meanwhile, inside the building where NTP was set up by someone with a clue
if you go by the questions placed here on occasion that assumption is not a given ;-)

> that bothered to read the documentation, the target client computers notice
> that the GPS source is different than all the other sources and decide the
> GPS source has failed and ignore the GPS data.
> 
> Drat that NTP voting alogorithm.

engineering is a management of negatives ( positives is for weenies )

If I had that clocker job (not likely)
I would disable all but one source and spoof the remaining in advance.
my guess is that even most high profile setups won't complain
about being reduced to a single source for time.

Manipulating trading systems probably is high risk, high gain so "some" expenditure
would be acceptable.

The thing that saves us here is the same that saves us from hideously effective
terrorist bombs. Criminal and ideological baddies tend to lack real engineering talent.

But I wouldn't bet on that in all cases.

uwe

Uwe Klein <uwe_klein_habertwedt@t-online.de> wrote:
> jimp@specsol.spam.sux.com wrote:
>> At that point they start slowly changing the time to something else.
>> 
>> Meanwhile, inside the building where NTP was set up by someone with a clue
> if you go by the questions placed here on occasion that assumption is not a given ;-)
> 
>> that bothered to read the documentation, the target client computers notice
>> that the GPS source is different than all the other sources and decide the
>> GPS source has failed and ignore the GPS data.
>> 
>> Drat that NTP voting alogorithm.
> 
> engineering is a management of negatives ( positives is for weenies )
> 
> If I had that clocker job (not likely)
> I would disable all but one source and spoof the remaining in advance.
> my guess is that even most high profile setups won't complain
> about being reduced to a single source for time.

You are talking about an inside job and neither NPT authentication nor
any other software based tool is able to do much about that.

If you are already inside, there are easier and more direct ways to steal
than messing with system clocks.

I deal with an organization where the correct time is modestly (in terms
of what NTP can do) important.

It is important to them that all systems are within about 0.25 seconds of
the real time.

The local division I support has three systems set up as NTP servers and a
stand alone GPS NTP box to provide time for all the division client
systems.

The three NTP servers get their time from the local GPS NTP box as well
as other GPS NTP boxes and CDMA NTP boxes located at other corporate sites
hundreds of miles away on the private corporate network and additionally
from several public NTP servers on the Internet.

Spoof that.



-- 
Jim Pennino

Remove .spam.sux to reply.

On Mon, Mar 28, 2011 at 8:56 AM,  <jimp@specsol.spam.sux.com> wrote:

>
> OK, so the bad guy sets up the stuff for a GPS spoofer and parks it next
> to the targeted building where high dollar value stuff goes on in hopes
> of tweeking their system clocks and stealing a fortune.

The best application of GPS signal spoofing would be at sea.  You
could ship your jammer/spoofer as cargo and have it steer the ship off
course.  After a day or two of being subtly off course the error could
add up to hundreds of miles.  then you meet it at some point and even
if the ship transmits an SOS the location will be far from the real
location and the authorities will respond to some place you are not.
However a competent ships captain would periodically check GPS using
some other method, maybe even celestial navigation.

For truck hijacking a simple jammer is used to disable any GPS
tracking.  A spoofed gps could never fool a driver into thinking he is
100 miles away and driving off road.  Even a totally confused and lost
truck driver knows he is on a road.

The obvious case where you'd like to spoof GPS is if you are being
targeted by GPS guided smart bombs or cruise missiles.   The trouble
is that the designers of said weapons have already figured that you
might be using a jammer and have planned for that.

-- 
=====
Chris Albertson
Redondo Beach, California

Chris Albertson <albertson.chris@gmail.com> wrote:
> On Mon, Mar 28, 2011 at 8:56 AM,  <jimp@specsol.spam.sux.com> wrote:
> 
>>
>> OK, so the bad guy sets up the stuff for a GPS spoofer and parks it next
>> to the targeted building where high dollar value stuff goes on in hopes
>> of tweeking their system clocks and stealing a fortune.
> 
> The best application of GPS signal spoofing would be at sea.  You
> could ship your jammer/spoofer as cargo and have it steer the ship off
> course.  After a day or two of being subtly off course the error could
> add up to hundreds of miles.  then you meet it at some point and even
> if the ship transmits an SOS the location will be far from the real
> location and the authorities will respond to some place you are not.
> However a competent ships captain would periodically check GPS using
> some other method, maybe even celestial navigation.

For this to work, your spoofer has to spoof 4 satellites as well as know
its actual position independant of GPS so the ship is steered to somewhere
that you can find it.

Most civilian ships these days have neither the people or equipment to do
celestial navigation.

And all of this is pointless as once the ship is any significant distance
at sea as all you have to do is attack the ship from a faster boat that
is well armed.

Google Somali pirates.

> For truck hijacking a simple jammer is used to disable any GPS
> tracking.  A spoofed gps could never fool a driver into thinking he is
> 100 miles away and driving off road.  Even a totally confused and lost
> truck driver knows he is on a road.

So GPS tracking is AFU.

All that means is the trucking compay is unable to say for sure the
driver didn't spend a couple of hours at the boobie bar.

It doesn't do much for you unless you intend to steal the entire truck
and keep it for long that the cops become involved.


-- 
Jim Pennino

Remove .spam.sux to reply.