research-article

A Case for Feedforward Control with Feedback Trim to Mitigate Time Transfer Attacks

Authors:
Fatima M. Anwar

University of Massachusetts Amherst, Holdsworth Way, Amherst, MA

University of Massachusetts Amherst, Holdsworth Way, Amherst, MA

0000-0001-7119-7232
View Profile

,
Mani Srivastava

University of California Los Angeles, Los Angeles, California

University of California Los Angeles, Los Angeles, California
View Profile

Authors Info & Claims

ACM Transactions on Privacy and Security Volume 23 Issue 2Article No.: 11pp 1–25https://doi.org/10.1145/3382503

Published:18 May 2020Publication History

ACM Transactions on Privacy and Security

Abstract

We propose a new clock synchronization architecture for systems under time transfer attacks. Facilitated by a feedforward control with feedback trim--based clock adjustment, coupled with packet filtering and frequency shaping techniques, our proposed architecture bounds the clock errors in the presence of a powerful network attacker capable of attacking packets between a master and a client. A key advantage is consistent measurements, timely coordination, and synchronized actuation in distributed systems. In contrast, current time synchronization architectures behave poorly under attacks due to assumptions that the network is benign and delays are symmetric. The usage of feedback controllers aggravates poor performance. We provide an architecture that is indifferent to delays and eases the integration to traditional protocols. We implement a delay attack--resistant precision time protocol and validate the results on a hardware-supported testbed.

References

2009. Best Practices for IEEE 1588/ PTP Network Deployment. Retrieved from https://www.microsemi.com/document-portal/doc_view/133167-best-practices-for-ieee-1588-ptp-network-deployment.Google Scholar
European Southern Observatory. 2017. Taking the first picture of a black hole (2017). https://www.eso.org/public/usa/outreach/first-picture-of-a-black-hole/blog/.Google Scholar
Beaglebone Black. Retrieved from https://beagleboard.org/black.Google Scholar
IEEE 1588 Compliant Moxa Switch. Retrieved from https://store.moxa.com/a/cat/industrial-ethernet/ethernet-switches/managed.Google Scholar
IEEE Standard 1003.1, 2004. Retrieved from http://pubs.opengroup.org/onlinepubs/009695399/functions/clock.html.Google Scholar
The Linux PTP Project. Retrieved from http://linuxptp.sourceforge.net.Google Scholar
David W. Allan and Marc Abbott Weiss. 1980. Accurate time and frequency transfer during common-view of a GPS satellite. In Proceedings of the 34th Annual Symposium on Frequency Control. IEEE, 334--346.Google Scholar
Robert Annessi, Joachim Fabini, and Tanja Zseby. 2017. It’s about time: Securing broadcast time synchronization with data origin authentication. In Proceedings of the 26th International Conference on Computer Communication and Networks (ICCCN’17). IEEE, 1--11.Google ScholarCross Ref
Robert Annessi, Joachim Fabini, and Tanja Zseby. 2017. SecureTime: Secure multicast time synchronization. arXiv preprint arXiv:1705.10669 (2017).Google Scholar
Fatima Anwar, Sandeep D’souza, Andrew Symington, Adwait Dongare, Ragunathan Rajkumar, Anthony Rowe, and Mani Srivastava. 2016. Timeline: An operating system abstraction for time-aware applications. In Proceedings of the Real-Time Systems Symposium (RTSS’16). IEEE, 191--202.Google ScholarCross Ref
Fatima M. Anwar, Amr Alanwar, and Mani B. Srivastava. 2018. OpenClock: A testbed for clock synchronization research. In 2018 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control, and Communication (ISPCS). IEEE, 1--6.Google Scholar
Gildas Avoine, Xavier Bultel, Sébastien Gambs, David Gerault, Pascal Lafourcade, Cristina Onete, and Jean-Marc Robert. 2017. A terrorist-fraud resistant and extractor-free anonymous distance-bounding protocol. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. ACM, 800--814.Google ScholarDigital Library
Andrew Baumann, Marcus Peinado, and Galen Hunt. 2015. Shielding applications from an untrusted cloud with haven. ACM Trans. Comput. Syst. 33, 3 (2015), 8.Google ScholarDigital Library
Timothy Broomhead, Julien Ridoux, and Darryl Veitch. 2009. Counter availability and characteristics for feed-forward based synchronization. In International Symposium on Precision Clock Synchronization for Measurement, Control and Communication (ISPCS’09). IEEE, 1--6.Google ScholarCross Ref
Nirupama Bulusu, John Heidemann, and Deborah Estrin. 2000. GPS-less low-cost outdoor localization for very small devices. IEEE Pers. Commun. 7, 5 (2000), 28--34.Google ScholarCross Ref
Chen Chen, Himanshu Raj, Stefan Saroiu, and Alec Wolman. 2014. cTPM: A cloud TPM for cross-device trusted applications. In Proceedings of the USENIX Symposium on Networked Systems Design and Implementation (NSDI’14). 187--201.Google Scholar
Guoqiang Jerry Chen, Janet L. Wiener, Shridhar Iyer, Anshul Jaiswal, Ran Lei, Nikhil Simha, Wei Wang, Kevin Wilfong, Tim Williamson, and Serhat Yilmaz. 2016. Realtime data processing at facebook. In Proceedings of the 2016 International Conference on Management of Data. ACM, 1087--1098.Google ScholarDigital Library
Sanchuan Chen, Xiaokuan Zhang, Michael K. Reiter, and Yinqian Zhang. 2017. Detecting privileged side-channel attacks in shielded execution with Déjá Vu. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. ACM, 7--18.Google ScholarDigital Library
Omer Deutsch, Neta Rozen Schiff, Danny Dolev, and Michael Schapira. 2018. Preventing (network) time travel with chronos. In Proceedings of the Network and Distributed Systems Security Symposium (NDSS’18).Google ScholarCross Ref
John C. Eidson and John Tengdin. 2003. IEEE 1588 standard for a precision clock synchronization protocol for networked measurement and control systems and applications to the power industry. In Proceedings of the Distributech Conference. 4--6.Google Scholar
Yilong Geng, Shiyu Liu, Zi Yin, Ashish Naik, Balaji Prabhakar, Mendel Rosenblum, and Amin Vahdat. 2018. Exploiting a natural network effect for scalable, fine-grained clock synchronization. In Proceedings of the 15th USENIX Symposium on Networked Systems Design and Implementation (NSDI’18). USENIX Association.Google Scholar
Gerhard P. Hancke and Markus G. Kuhn. 2008. Attacks on time-of-flight distance bounding channels. In Proceedings of the 1st ACM Conference on Wireless Network Security. ACM, 194--202.Google Scholar
Mohammad Kamrul Hasan, Rashid Abdelhaleem Saeed, Aisha-Hassan Abdalla, Shayla Islam, Omer Mahmoud, Othman Khalifah, Shihab A. Hameed, and Ahmad Fadzil Ismail. 2011. An investigation of femtocell network synchronization. In Proceedings of the IEEE Conference on Open Systems (ICOS’11). IEEE, 196--201.Google ScholarCross Ref
intel sgx. 2016. Intel(R) Software Guard Extensions Software Developer Manual. Retieved from https://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-vol-3d-part-4-manual.pdf.Google Scholar
Eyal Itkin and Avishai Wool. 2017. A security analysis and revised security extension for the precision time protocol. IEEE Trans. Depend. Secure Comput. 17, 1 (2017), 22--34.Google ScholarCross Ref
Anantha K. Karthik and Rick S. Blum. 2018. Estimation theory-based robust phase offset determination in presence of possible path asymmetries. IEEE Trans. Commun. 66, 4 (2018), 1624--1635.Google ScholarCross Ref
Andrew J. Kerns, Daniel P. Shepard, Jahshan A. Bhatti, and Todd E. Humphreys. 2014. Unmanned aircraft capture and control via GPS spoofing. J. Field Robot. 31, 4 (2014), 617--636.Google ScholarDigital Library
J. Eidson and K. Lee. 2002. IEEE standard for a precision clock synchronization protocol for networked measurement and control systems. In 2nd ISA/IEEE Sensors for Industry Conference. IEEE, 98--105.Google Scholar
Yang Li, Rui Tan, and David K. Y. Yau. 2017. Natural timestamping using powerline electromagnetic radiation. In Proceedings of the 16th ACM/IEEE International Conference on Information Processing in Sensor Networks. ACM, 55--66.Google Scholar
Martin Lukac, Paul Davis, Robert Clayton, and Deborah Estrin. 2009. Recovering temporal integrity with data driven time synchronization. In Proceedings of the 2009 International Conference on Information Processing in Sensor Networks. IEEE Computer Society, 61--72.Google ScholarDigital Library
Aanchal Malhotra, Matthew Van Gundy, Mayank Varia, Haydn Kennedy, Jonathan Gardner, and Sharon Goldberg. 2017. The security of NTP's datagram protocol. In Proceedings of the International Conference on Financial Cryptography and Data Security. Springer, 405--423.Google ScholarCross Ref
David L. Mills. 1991. Internet time synchronization: The network time protocol. IEEE Trans. Commun. 39, 10 (1991).Google ScholarCross Ref
Tal Mizrahi. 2012. Slave diversity: Using multiple paths to improve the accuracy of clock synchronization protocols. In Proceedings of the International IEEE Symposium on Precision Clock Synchronization for Measurement Control and Communication (ISPCS’12). IEEE, 1--6.Google ScholarCross Ref
Tal Mizrahi. 2014. Security Requirements of Time Protocols in Packet Switched Networks. Technical Report.Google Scholar
Bassam Moussa, Mourad Debbabi, and Chadi Assi. 2016. A detection and mitigation model for PTP delay attack in an IEC 61850 substation. IEEE Transactions on Smart Grid 9, 5 (2016), 3954--3965.Google ScholarCross Ref
Lakshay Narula and Todd Humphreys. 2018. Requirements for secure clock synchronization. IEEE J. Select. Top. Signal Process. 12, 4 (2018), 749--762.Google ScholarCross Ref
Mark L. Psiaki and Todd E. Humphreys. 2016. GNSS spoofing and detection. Proc. IEEE 104, 6 (2016), 1258--1270.Google ScholarCross Ref
Dima Rabadi, Rui Tan, David K. Y. Yau, and Sreejaya Viswanathan. 2017. Taming asymmetric network delays for clock synchronization using power grid voltage. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. ACM, 874--886.Google ScholarDigital Library
Himanshu Raj, Stefan Saroiu, Alec Wolman, Ronald Aigner, Jeremiah Cox, Paul England, Chris Fenner, Kinshuman Kinshumann, Jork Loeser, Dennis Mattoon, et al. 2016. fTPM: A software-only implementation of a TPM chip. In Proceedings of the USENIX Security Symposium. 841--856.Google Scholar
Julien Ridoux, Darryl Veitch, and Timothy Broomhead. 2012. The case for feed-forward clock synchronization. IEEE/ACM Trans. Netw. 20, 1 (2012), 231--242.Google ScholarDigital Library
Daniel P. Shepard, Jahshan A. Bhatti, Todd E. Humphreys, and Aaron A. Fansler. 2012. Evaluation of smart grid and civilian UAV vulnerability to GPS spoofing attacks. In Proceedings of the ION GNSS Meeting, Vol. 3. 3591--3605.Google Scholar
Dave Singelee and Bart Preneel. 2005. Location verification using secure distance bounding protocols. In Proceedings of the IEEE International Conference on Mobile Adhoc and Sensor Systems Conference, 2005. IEEE, 7--pp.Google ScholarCross Ref
Kun Sun, Peng Ning, and Cliff Wang. 2006. TinySeRSync: Secure and resilient time synchronization in wireless sensor networks. In Proceedings of the 13th ACM Conference on Computer and Communications Security. ACM, 264--277.Google ScholarDigital Library
Adrian Tang, Simha Sethumadhavan, and Salvatore Stolfo. 2017. CLKSCREW: Exposing the perils of security-oblivious energy management. In Proceedings of the 26th USENIX Security Symposium.Google Scholar
Markus Ullmann and Matthias Vögeler. 2009. Delay attacks—Implication on NTP and PTP time synchronization. In Proceedings of the International Symposium on Precision Clock Synchronization for Measurement, Control and Communication (ISPCS’09). IEEE, 1--6.Google ScholarCross Ref
Peter Volgyesi, Abhishek Dubey, Timothy Krentz, Istvan Madari, Mary Metelko, and Gabor Karsai. 2017. Time synchronization services for low-cost fog computing applications. In Proceedings of the 28th International Symposium on Rapid System Prototyping: Shortening the Path from Specification to Prototype. ACM, 57--63.Google ScholarDigital Library
Qingyu Yang, Dou An, and Wei Yu. 2013. On time desynchronization attack against IEEE 1588 protocol in power grid systems. In Proceedings of the IEEE Energytech 2013. IEEE, 1--5.Google Scholar

Index Terms

A Case for Feedforward Control with Feedback Trim to Mitigate Time Transfer Attacks
1. Computer systems organization
  1. Embedded and cyber-physical systems
2. Security and privacy
  1. Network security

Recommendations

Experimental evaluation of the jitter generated in timing transfer

Modern telecommunications networks maintain synchronization and distribute accurate timing information using approaches with strict requirements on clock quality and jitter and wander at interfaces. In the future, packet networks may be used for timing ...
Read More
A framework to mitigate ARP sniffing attacks by cache poisoning

Today in the digital era of computing, most of the network attacks are caused by sniffing the sensitive data over the network. Among various types of sniffing attacks, ARP sniffing causes most of the LAN attacks wired and wireless LAN coexist. ARP ...
Read More
Attacking a Feedback Controller

We consider the problem of generating sensor spoofing attacks on feedback controllers. The attacker has the option of remaining in a stealth mode - wherein it spoofs some sensor but only by an amount that is indistinguishable from noise. Later, the ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Transactions on Privacy and Security Volume 23, Issue 2
May 2020
149 pages
ISSN:2471-2566
EISSN:2471-2574
DOI:10.1145/3394723
Editor:
David Basin
ETH Zurich, Switzerland
Issue’s Table of Contents
Copyright © 2020 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 18 May 2020
- Online AM: 7 May 2020
- Accepted: 1 February 2020
- Revised: 1 October 2019
- Received: 1 January 2019
Published in tops Volume 23, Issue 2

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Feedback control
precision time protocol
two-way time transfer
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 1
  Total Citations
  View Citations
- 216
  Total Downloads
- Downloads (Last 12 months)26
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format .

View HTML Format

A Case for Feedforward Control with Feedback Trim to Mitigate Time Transfer Attacks

ACM Transactions on Privacy and Security

Abstract

References

Cited By

Index Terms

Recommendations

Experimental evaluation of the jitter generated in timing transfer

A framework to mitigate ARP sniffing attacks by cache poisoning

Attacking a Feedback Controller