Commitment of the Faculty of Electrical Engineering leads to new Internet standard for safe time transmission
In the course of the increasing networking of computer systems in the private and industrial sector, the security requirements in these areas are also growing. In this context, time information is also worth protecting, which as a resource in many computer systems is of great importance for correct functionality and interoperability and which is often transmitted unsecured up to now. The Network Time Protocol (NTP), one of the oldest network protocols in the world, is an important representative for the dissemination of time data via the Internet.
Previous protection mechanisms of NTP turned out to be impractical or unsafe during an analysis. As a consequence, the new protocol Network Time Security (NTS) was developed, which solves the known security problems without significantly decreasing the synchronization accuracy compared to an unsecured transmission.
The Embedded System Group (ESG) in the Faculty of Electrical Engineering of Ostfalia University in cooperation with the Physikalisch-Technische Bundesanstalt (PTB) was involved in the development of NTS very early and worked intensively in the working group of the IETF (Internet Engineering Task Force) to develop a new standard. In particular, the ESG member Martin Langer created the world's first realization of an NTS draft as early as 2016, which led to the validation of the basic functionality, but also to the identification of previously existing weaknesses.
After the redesign of NTS, in which ESG was once again involved, the first implementation (NTP-O) was developed again by Martin Langer. In 2018, Ostfalia was therefore able to provide the first NTP time server secured with the Network Time Security Protocol over the Internet (nts3-e.ostfalia.de:4460). Above all, this helped others in the project to check their realizations against the Ostfalia implementation NTP-O, which significantly contributed to the variety of realizations of NTS. In addition, the interoperability tests enabled the detection of last protocol errors and their subsequent elimination. Ostfalia's own implementation as well as many of the other implementations are freely available to everyone as so-called open source solutions, so that a rapid distribution of NTS is guaranteed.
Further information about the Network-Time-Security-Protocol NTS can be found in the following blog articles by Martin Langer:
- Network Time Security – New NTP Authentication Mechanism. Blog Post Webernetz.net. 10.2019.
- Network Time Security – Strengths & Weaknesses. Blog Post Webernetz.net. 11.2019.
- Setting up NTS-Secured NTP with NTPsec. Blog Post Webernetz.net. 12.2019.
- NTS published as Standard. Blog Post Webernetz.net. 10.2020.
The protocol Network Time Security NTS was published on October 1, 2020 after intensive examination as a new standard by the Internet Engineering Task Force (IETF) under the name "Network Time Security for the Network Time Protocol" as a so-called RFC with the number 8915. The Embedded System Group and the Faculty of Electrical Engineering are very proud to have enabled a secure time transmission on the Internet through their contribution work.