Masters of Time: An Overview of the NTP Ecosystem
Teemu Rytilahti, Dennis Tatang, Janosch Köpper, Thorsten Holz
IEEE European Symposium on Security and Privacy (Euro S&P), London, United Kingdom, April 2018
The Network Time Protocol (NTP) is currently the most commonly used approach to keeping the clocks of computing devices accurate. It operates in the background of many systems; however, it is often important because if NTP fails in providing the correct time, multiple applications such as security protocols like TLS can fail. Despite its crucial practical role, only a limited number of measurement studies have focused on the NTP ecosystem.
In this paper, we report the results of an in-depth longitu- dinal study of the services provided by the NTP Pool Project, which enables volunteers to offer their NTP services to other Internet users in a straightforward manner. We supplement these observations with an analysis of other readily available NTP servers, such as those offered by OS vendors or those that can be freely found on the Internet. The analysis indicates a reliance on a small set of servers that are (at least indirectly) responsible for providing the time for the Internet. Further- more, this paper considers the impact of several incidents that the authors observed between December 2016 and April 2017.
To complement this study, we also perform an analysis of multiple geographical regions from the operator’s perspective, spanning a period of 5 months. A coarse-grained categorization of client requests allows us to categorize 95 percent of our incoming traffic as NTP- and SNTP-like traffic (the latter being a simpler, but more error-prone, form of NTP); we observe that up to 75 percent of all requests originated from SNTP- like clients. With this in mind, we consider what kind of harm a rogue server administrator could cause to users.[GitHub] [PDF]