Please create an account to participate in the Slashdot moderation system


Forgot your password?
The Internet Networking Privacy Security

Network Time Protocol Hardened To Protect Users From Spying, Increase Privacy ( 51

AmiMoJo quotes the Register: The Internet Engineering Task Force has taken another small step in protecting everybody's privacy... As the draft proposal explains, the RFCs that define NTP have what amounts to a convenience feature: packets going from client to server have the same set of fields as packets sent from servers to clients... "Populating these fields with accurate information is harmful to privacy of clients because it allows a passive observer to fingerprint clients and track them as they move across networks".

The header fields in question are Stratum, Root Delay, Root Dispersion, Reference ID, Reference Timestamp, Origin Timestamp, and Receive Timestamp. The Origin Timestamp and Receive Timestamp offer a handy example or a "particularly severe information leak". Under NTP's spec (RFC 5905), clients copy the server's most recent timestamp into their next request to a server – and that's a boon to a snoop-level watcher.

The proposal "proposes backward-compatible updates to the Network Time Protocol to strip unnecessary identifying information from client requests and to improve resilience against blind spoofing of unauthenticated server responses." Specifically, client developers should set those fields to zero.
This discussion has been archived. No new comments can be posted.

Network Time Protocol Hardened To Protect Users From Spying, Increase Privacy

Comments Filter:
  • set those fields to zero.
  • by Anonymous Coward []

    Stratum1 FTW!

    • by AK Marc ( 707885 )
      If you are going to trust the government for your time, you have no trust in your time. You might as well manually synchronize with an atomic clock once every month as your internal time source won't lose +- 5 min in a month (unless there's a serious problem with the system clock), and drift isn't a "real" problem if everyone in the same security domain is drifting together.
      • by Anonymous Coward

        I assume you mean because GPS is run by government? Meh. as long as governments (mulitple) are using the same time source I actually trust it quite a bit. Besides, atomic clocks essentially mean trusting government too... they are ALL either directly or indirectly funded by governments, even one you buy yourself for personal use.

        • by AK Marc ( 707885 )
          The government could turn off the NIST atomic clock, but couldn't turn off the ones in universities or the like. GPS is explicitly run by the US government, and has been tweaked to reduce its efficiency.
    • Wowsers that's a lot of money. You can get PPS out of neo8m

    • Nice, but pretty pricey. Not quite in the league of a Symmetricom privewise, but getting close. I'm running more or less the same thing but without the OLED display at 1/10th the price. Unfortunately the guy who made them on Tindie seems to have gone away, so I can't provide a link.
  • by RevDisk ( 740008 ) on Saturday June 03, 2017 @07:38PM (#54543765) Journal
    I just use a GPS attachment. Well, GPS, GLONASS and Galileo. With a tiny bit of code to verify location checks out, math wise it'd be tricky to spoof. If my building moves by any significant amount, I'm fairly sure there's a problem of some sort that needs my attention. Spoofing the time and getting the locational data from all three providers to match would be kinda an impressive mathematical exercise. Plus, any domestic GPS spoofing will bring the anger of the FCC on someone and never underestimate interdepartment bureaucracy fury. It's kinda unlikely unless you're in a very high security environment.

    Very simple to code. Cost me $50, and pretty much only because I wanted one that could handle multiple constellations. Or buy one off the shelf. More expensive, less work.
  • Fill the fields with plausible garbage. If the data has no legitimate usage, poison it.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      But if everyone's garbage is different it's unique, and thus identifying, information.

      • by Archfeld ( 6757 )

        Fill the fields with random garbage each time a request is made. That way you create more and more seemingly unique entities to track. If you can't beat/avoid the DB, fill it with garbage.

        Slippery Jim DiGriz []

  • Anytime anybody says they are doing something "to protect you from spying" or to "increase your privacy" You would do well to watch very closely and try to read between the lines. Sometimes your just a paranoid nutcase. Sometimes.

  • Time related issues are easy to solve. The real problem is that no one wants to pay a few bucks for accurate time since probably 99% or more of all systems synchronizing time probably don't need better than the correct second... forget milliseconds or better.

    So here's the thing. Replace NTP as the wide spread time protocol with one that uses a round trip timer over HTTPS for get time requests and changes are the precision is good enough.

    Most enterprise and industrial environments don't need precision time,
    • "Of course, synchronizing against a server is stupid since time on Windows and Linux is generally REALLY bad because they're running on general purpose operating systems without real-time extensions, so clock drift is a reality."

      Linux doesn't need "real time extensions". Linux has had soft realtime support in the mainline kernel for a frigging decade. Furthermore, clock drift is "a thing" everywhere. If it were not then there would be no need for NTP.

      "Now, the Cisco solution is nice because you can stick a

    • by Dog-Cow ( 21281 )

      It's amusing that you think being real-time has anything to do with keeping time.

Take your work seriously but never take yourself seriously; and do not take what happens either to yourself or your work seriously. -- Booth Tarkington