Advertisement

Experimental Evaluation of Attacks on TESLA-Secured Time Synchronization Protocols

  • Kristof TeichelEmail author
  • Gregor Hildermeier
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11322)

Abstract

There is an increasingly relevant class of protocols that employ TESLA stream authentication to provide authenticity for one-way time synchronization. For such protocols, an interdependency between synchronization and security has been found to theoretically enable attackers to render the security measures useless. We evaluate to what extent this attack works in practice. To this end, we use a tailor-made configurable testbed implementation to simulate behaviors of TESLA-protected one-way synchronization protocols in hostile networks. In particular, this lets us confirm vulnerabilities to the attack for two published protocols, TinySeRSync and ASTS. Our analysis also yields a set of countermeasures, with which in-development and future specifications can potentially use TESLA to successfully secure one-way time synchronization.

Keywords

(One-way) time synchronization protocols TESLA Authentication Experimental attack analysis ASTS TinySeRSync 

Notes

Acknowledgment

We would like to express our thanks to Dieter Sibold, for supervising large parts of the work and for valuable input in the creation of this paper.

References

  1. 1.
    Standard for a precision clock synchronization protocol for networked measurement and control systems. https://standards.ieee.org/develop/project/1588.html
  2. 2.
    Annessi, R., Fabini, J., Zseby, T.: It’s about time: securing broadcast time synchronization with data origin authentication. In: 2017 26th International Conference on Computer Communication and Networks (ICCCN), pp. 1–11, July 2017.  https://doi.org/10.1109/ICCCN.2017.8038418
  3. 3.
    Annessi, R., Fabini, J., Zseby, T.: SecureTime: secure multicast time synchronization. ArXiv e-prints, May 2017Google Scholar
  4. 4.
    Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)MathSciNetCrossRefGoogle Scholar
  5. 5.
    Fernandez-Hernandez, I., Rijmen, V., Seco-Granados, G., Sim’on, J., Rodríguez, I., David Calle, J.: A navigation message authentication proposal for the Galileo open service. Navig. J. Inst. Navig. 63, 85–102 (2016)CrossRefGoogle Scholar
  6. 6.
    Hildermeier, G.: Attacking tesla-secured time synchronisation protocols. Master’s thesis, September 2017Google Scholar
  7. 7.
    Hildermeier, G.: Testbed implementation for simunlating attacks on tesla-secured time synchronisation protocols, September 2017. https://gitlab1.ptb.de/teiche04/Hildermeier-TESLA-Protected-One-Way-Synchronization.git
  8. 8.
    Levine, J.: A review of time and frequency transfer methods. Metrologia 45(6), S162–S174 (2008).  https://doi.org/10.1088/0026-1394/45/6/S22. \(<\)GotoISI\(>\)://WOS:000262502900023. http://iopscience.iop.org/0026-1394/45/6/S22/pdf/0026-1394456S22.pdfCrossRefGoogle Scholar
  9. 9.
    Mills, D.L.: Internet time synchronization: the network time protocol. IEEE Trans. Commun. 39(10), 1482–1493 (1991)CrossRefGoogle Scholar
  10. 10.
    Perrig, A., Canetti, R., Tygar, J.D., Song, D.: Efficient authentication and signing of multicast streams over lossy channels. In: Proceedings of the 2000 IEEE Symposium on Security and Privacy, S&P 2000, pp. 56–73. IEEE (2000)Google Scholar
  11. 11.
    Perrig, A., Canetti, R., Tygar, J.D., Song, D.: The TESLA broadcast authentication protocol. In: RSA Cryptobytes, vol. 5 (2005)Google Scholar
  12. 12.
    Perrig, A., Szewczyk, R., Tygar, J.D., Wen, V., Culler, D.E.: SPINS: security protocols for sensor networks. Wirel. Netw. 8(5), 521–534 (2002)CrossRefGoogle Scholar
  13. 13.
    Sibold, D., Roettger, S., Teichel, K.: Network Time Security. Internet Draft draft-ietf-ntp-network-time-security-15. Internet Engineering Task Force, September 2016, work in progress. https://datatracker.ietf.org/doc/html/draft-ietf-ntp-network-time-security-15
  14. 14.
    Sibold, D., Roettger, S., Teichel, K.: Using the Network Time Security Specification to Secure the Network Time Protocol. Internet Draft draft-ietf-ntp-using-nts-for-ntp-06. Internet Engineering Task Force, September 2016, work in Progress. https://datatracker.ietf.org/doc/html/draft-ietf-ntp-using-nts-for-ntp-06
  15. 15.
    Sun, K., Ning, P., Wang, C.: TinySeRSync: secure and resilient time synchronization in wireless sensor networks. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 264–277. ACM (2006)Google Scholar
  16. 16.
    Teichel, K., Sibold, D., Milius, S.: An attack possibility on time synchronization protocols secured with TESLA-like mechanisms. In: Ray, I., Gaur, M.S., Conti, M., Sanghi, D., Kamakoti, V. (eds.) ICISS 2016. LNCS, vol. 10063, pp. 3–22. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-49806-5_1CrossRefGoogle Scholar
  17. 17.
    Yin, X., Qi, W., Fu, F.: ASTS: an agile secure time synchronization protocol for wireless sensor networks. In: 2007 International Conference on Wireless Communications, Networking and Mobile Computing, WiCom 2007, pp. 2808–2811. IEEE (2007)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Physikalisch-Technische BundesanstaltBraunschweigGermany
  2. 2.Technische Universität BraunschweigBraunschweigGermany

Personalised recommendations