Symmetricom Time Server Manual Do Utilizador
6000-100AppB.fm Rev. D
TimeVault™ User’s Manual
B-101
NTP Broadcast Mode with MD5 Authentication
Appendix B: MD5 Authentication and NTP Broadcast Mode
B.2
NTP Broadcast Mode with MD5 Authentication
An NTP broadcast timeserver with an NTP broadcast time client can be used for NTP
version 4 with authentication.
version 4 with authentication.
The MD5 authentication protocol is optionally available for NTP versions 3 and 4. When
a packet is received by NTP, it checks the key identification number in the packet against
the private key in the “ntp.keys” file, then calculates the MD5 digest number and
compares this number to the one sent in the packet. If the digest numbers do not agree,
then the packet is ignored. Thus, only servers with trusted MD5 keys may send time to a
client. The keys are known to both the NTP client and server through separate key files,
usually named “ntp.keys” in the “/etc” directory. The name of the file and its location are
determined by the “–k” option when the NTP program is invoked.
a packet is received by NTP, it checks the key identification number in the packet against
the private key in the “ntp.keys” file, then calculates the MD5 digest number and
compares this number to the one sent in the packet. If the digest numbers do not agree,
then the packet is ignored. Thus, only servers with trusted MD5 keys may send time to a
client. The keys are known to both the NTP client and server through separate key files,
usually named “ntp.keys” in the “/etc” directory. The name of the file and its location are
determined by the “–k” option when the NTP program is invoked.
In actual practice, for normal NTP client-to-server communications using explicit IP
addresses with multiple servers, it is not necessary to use MD5. That is because the NTP
client spends a great deal of time filtering out packets with incorrect time. Anyone
attempting to send false time to a NTP client would be discarded. However, when
broadcast time is used, then the client accepts the packet more readily and in this case can
be fooled. The same is true if only one NTP server is used to synchronize an NTP client
and a network attacker substitutes a false NTP server for the good one. Under these
conditions, the NTP client has nothing to judge the time against and, if the false
information is persistent, then the client will be forced to eventually reset its time. In this
case it is worth the extra processing load to use MD5.
addresses with multiple servers, it is not necessary to use MD5. That is because the NTP
client spends a great deal of time filtering out packets with incorrect time. Anyone
attempting to send false time to a NTP client would be discarded. However, when
broadcast time is used, then the client accepts the packet more readily and in this case can
be fooled. The same is true if only one NTP server is used to synchronize an NTP client
and a network attacker substitutes a false NTP server for the good one. Under these
conditions, the NTP client has nothing to judge the time against and, if the false
information is persistent, then the client will be forced to eventually reset its time. In this
case it is worth the extra processing load to use MD5.
Setting up an NTP broadcast server and NTP client using MD5 authentication requires
modifications to the “ntp.keys” file.
modifications to the “ntp.keys” file.
Editing MD5 keys is covered in Chapter 4 (see the sections starting on page 4-70). The
following discussion covers the use of an NTP broadcast timeserver with an NTP
broadcast time client for NTP version 4 without authentication.
following discussion covers the use of an NTP broadcast timeserver with an NTP
broadcast time client for NTP version 4 without authentication.