Shulou(Shulou.com)06/01 Report--

This article is about how to use NTS to ensure the security of NTP. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

Many computers use the Network time Protocol Network Time Protocol (NTP) to synchronize system clocks over the Internet. NTP is one of the few insecure Internet protocols that are still in widespread use. If an attacker can observe the network traffic between the client and the server, he can provide false data to the client and force it to set the system clock to any time and date according to the implementation and configuration of the client. If the client's system clock is not accurate, some programs and services may not work. For example, if the certificate of the Web server appears to have expired based on the client's system clock, the Web browser will not work properly. Network time Security Network Time Security (NTS) can be used to ensure the security of NTP.

Fedora 33 [1] is the first version of Fedora that supports NTS. NTS is a new NTP authentication mechanism. It enables clients to verify that the packets they receive from the server have been modified during transmission. When NTS is enabled, the only thing an attacker can do is drop or delay packets. For more details on NTS, see RFC8915.

The use of symmetric keys can ensure the security of NTP. Unfortunately, the server must have a different key for each client, and the keys must be securely distributed. This may be useful for private servers on the local network, but it cannot be extended to public servers with millions of clients.

NTS includes a key establishment Key Establishment (NTS-KE) protocol that automatically creates encryption keys for use between the server and its clients. It uses Transport layer Security Transport Layer Security (TLS) on TCP port 4460. It is designed to scale to a very large number of clients with minimal impact on accuracy. The server does not need to save any client-specific state. It provides the customer with the cookie,cookie that is encrypted and contains the key required to authenticate the NTP packet. Privacy is one of the goals of NTS. The client gets a new cookie each time the server responds, so it doesn't have to reuse cookie. This prevents passive observers from tracking clients that migrate between networks.

The default NTP client in Fedora is Chrony. Chrony added NTS support in version 4.0, but did not change the default configuration. Chrony still uses the public server in the pool.ntp.org project, and NTS is not enabled by default.

Currently, there are very few public NTP servers that support NTS. The two main providers are Cloudflare and Netnod. Cloudflare servers are distributed in different places around the world. They use anycast anycast addresses, which should allow most customers to reach a close server. The Netnod server is located in Sweden. In the future, we may see more public NTP servers that support NTS.

For optimal reliability, the general recommendation for configuring NTP clients is to have at least three working servers. In order to achieve the best accuracy, it is recommended to choose a server with a short distance to reduce the network delay and the asymmetry caused by asymmetric network routing. If you don't care about fine-grained precision, you can ignore this suggestion and use any NTS server you trust, no matter where they are located.

If you really want high accuracy but don't have a close-up NTS server, you can mix a distant NTS server with a nearby non-NTS server. However, such a configuration is not as secure as one that uses only the NTS server. Attackers still cannot force the client to accept any time, but they do have more control over the client's clock and its estimation accuracy, which may be unacceptable in some circumstances.

Enable client NTS in the installer

When installing Fedora 33, you can enable NTS in the "Network Time" configuration of the "Time & Date" dialog box. Before clicking the "+" (add) button, enter the name of the server and check NTS support. You can add one or more servers or pools with NTS. To delete the default server pool (2.fedora.pool.ntp.org), uncheck the appropriate flag in the Use column.

Network time configuration in Fedora installer

Enable client NTS in the configuration file

If you upgrade from a previous version of Fedora, or if you do not enable NTS in the installer, you can enable NTS directly in / etc/chrony.conf. In addition to the recommended iburst option, you can also use the nts option for the specified server. For example:

Server time.cloudflare.com iburst ntsserver nts.sth2.ntp.se iburst ntsserver nts.sth3.ntp.se iburst nts

You should also allow the client to save the NTS key and cookie to disk so that it does not have to repeat the NTS-KE session each time it starts. Add the following line to the chrony.conf, if you haven't already:

Ntsdumpdir / var/lib/chrony

If you do not want the NTP server provided by DHCP to be mixed with the server you specified, delete or comment the following line in chrony.conf:

Sourcedir / run/chrony-dhcp

When you have finished editing chrony.conf, save your changes and restart the chronyd service:

Systemctl restart chronyd checks client status

Run the following command under the root user to check whether the NTS key establishment is successful:

# chronyc-N authdataName/IP address Mode KeyID Type KLen Last Atmp NAK Cook CLen====time.cloudflare.com NTS 1 15 256 33m 00 8 100nts.sth2.ntp.se NTS 1 15 256 33m 00 8 100nts.sth3.ntp.se NTS 1 15 256 33m 00 8 100

The KeyID, Type, and KLen columns should have nonzero values. If they are zero, check the Syslog for error messages from chronyd. One possible cause of the failure is that the firewall blocks the connection between the client and the server's TCP port (port 4460).

Another possible cause of failure is that the certificate cannot be verified due to a clock error on the client. This is the question of whether the chicken or the egg comes first in NTS. You may need to manually correct the date or temporarily disable NTS to make NTS work properly. If your computer has a real-time clock, almost all computers have it, and have a good battery for backup, it should only take one time.

If the computer does not have a real-time clock or battery, like some common small ARM computers (such as raspberry pie), you can add the-s option to / etc/sysconfig/chronyd to restore the time saved the last time it was shut down or rebooted. The clock will lag behind the real time, but if the computer is not shut down too long and the server's certificate is not updated too close to the expiration time, it should be enough for the time check to succeed. As a last resort, you can disable time checking with the nocerttimecheck command. See the chrony.conf (5) man page for more information.

Run the following command to confirm that the client is doing NTP measurement:

# chronyc-N sourcesMS Name/IP address Stratum Poll Reach LastRx Last sample==== ^ * time.cloudflare.com 3 6 377 45 + 355us [+ 375us] + /-11ms ^ + nts.sth2.ntp.se 1 6377 44 + 237us [+ 237us] + /-23ms ^ + nts.sth3.ntp.se 1 6377 44-170us [- 170us] + /-22ms

The Reach column should have a non-zero value, preferably 377. The value 377 shown in the figure above is an octal number that indicates that the last eight requests have valid responses. If NTS is enabled, the verification check will include NTS authentication. If the value has been very little or never reached 377, the NTP request or response has been lost on the network. As we all know, some major network operators have intermediate devices, which can prevent or limit the rate of large NTP packets in order to alleviate amplification attacks using ntpd monitoring protocol. Unfortunately, this affects NTS-protected NTP packets, although they do not cause any amplification. The NTP working group is considering providing an alternative port for NTP as a solution to this problem.

Enable NTS on the server

If you have your own NTP server running chronyd, you can enable the server's NTS support to keep its clients securely synchronized. If the server is a client of another server, it should be synchronized with it using NTS or a symmetric key. The client assumes that the synchronization chain is secure between all servers and the primary time server.

Enabling server NTS is similar to enabling HTTPS on a Web server. All you need is a private key and certificate. For example, a certificate can be signed by a Let's Encrypt authority using the certbot tool. When you have the key and certificate file (including intermediate certificates), specify them in chrony.conf with the following directive:

Ntsserverkey / etc/pki/tls/private/foo.example.net.keyntsservercert / etc/pki/tls/certs/foo.example.net.crt

Make sure that the ntsdumpdir directive mentioned earlier in the client configuration exists in chrony.conf. It allows the server to save its key to disk so that the server's client does not have to obtain a new key and cookie when restarting the server.

Restart the chronyd service:

Systemctl restart chronyd

If there is no error message from chronyd in the system log, it should be acceptable for client connections, and if the server has a firewall, you need to allow both NTP and NTS-KE services on both UDP 123 and TCP 4460 ports.

You can do a quick test on the client machine with the following command:

$chronyd-Q-t 3 'server foo.example.net iburst nts maxsamples 1 October 2020-10-13T12:00:52Z chronyd version 4.0starting (+ CMDMON + NTP + REFCLOCK + RTC + PRIVDROP + SCFILTER + SIGND + ASYNCDNS + NTS + SECHASH + IPV6 + DEBUG) 2020-10-13T12:00:52Z Disabled control of system clock2020-10-13T12:00:55Z System clock wrong by-0.001032 seconds (ignored) 2020-10-13T12:00:55Z chronyd exiting

If you see a "System clock wrong" message, it works correctly.

On the server, you can use the following command to check how many NTS-KE connections and authenticated NTP packets it has processed:

# chronyc serverstatsNTP packets received: 2143106240NTP packets dropped: 117180834Command packets received: 16819527Command packets dropped: 0Client log records dropped: 574257223NTS-KE connections accepted: 104NTS-KE connections dropped: 0Authenticated NTP packets: 52139

If you see non-zero "NTS-KE connections accepted" and "Authenticated NTP packets", this means that at least some clients can connect to the NTS-KE port and send an authenticated NTP request.

The Fedora 33 Beta installer contains an older pre-release version of Chrony that does not work with the current NTS server because the NTS-KE port has changed. Therefore, in the network time configuration in the installer, the server always appears to be not working. After installation, the chrony package needs to be updated to work with the current server.

Thank you for reading! This is the end of this article on "how to use NTS to ensure the security of NTP". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.