Abstract
We propose a new clock synchronization architecture for systems under time transfer attacks. Facilitated by a feedforward control with feedback trim--based clock adjustment, coupled with packet filtering and frequency shaping techniques, our proposed architecture bounds the clock errors in the presence of a powerful network attacker capable of attacking packets between a master and a client. A key advantage is consistent measurements, timely coordination, and synchronized actuation in distributed systems. In contrast, current time synchronization architectures behave poorly under attacks due to assumptions that the network is benign and delays are symmetric. The usage of feedback controllers aggravates poor performance. We provide an architecture that is indifferent to delays and eases the integration to traditional protocols. We implement a delay attack--resistant precision time protocol and validate the results on a hardware-supported testbed.
- 2009. Best Practices for IEEE 1588/ PTP Network Deployment. Retrieved from https://www.microsemi.com/document-portal/doc_view/133167-best-practices-for-ieee-1588-ptp-network-deployment.Google Scholar
- European Southern Observatory. 2017. Taking the first picture of a black hole (2017). https://www.eso.org/public/usa/outreach/first-picture-of-a-black-hole/blog/.Google Scholar
- Beaglebone Black. Retrieved from https://beagleboard.org/black.Google Scholar
- IEEE 1588 Compliant Moxa Switch. Retrieved from https://store.moxa.com/a/cat/industrial-ethernet/ethernet-switches/managed.Google Scholar
- IEEE Standard 1003.1, 2004. Retrieved from http://pubs.opengroup.org/onlinepubs/009695399/functions/clock.html.Google Scholar
- The Linux PTP Project. Retrieved from http://linuxptp.sourceforge.net.Google Scholar
- David W. Allan and Marc Abbott Weiss. 1980. Accurate time and frequency transfer during common-view of a GPS satellite. In Proceedings of the 34th Annual Symposium on Frequency Control. IEEE, 334--346.Google Scholar
- Robert Annessi, Joachim Fabini, and Tanja Zseby. 2017. It’s about time: Securing broadcast time synchronization with data origin authentication. In Proceedings of the 26th International Conference on Computer Communication and Networks (ICCCN’17). IEEE, 1--11.Google ScholarCross Ref
- Robert Annessi, Joachim Fabini, and Tanja Zseby. 2017. SecureTime: Secure multicast time synchronization. arXiv preprint arXiv:1705.10669 (2017).Google Scholar
- Fatima Anwar, Sandeep D’souza, Andrew Symington, Adwait Dongare, Ragunathan Rajkumar, Anthony Rowe, and Mani Srivastava. 2016. Timeline: An operating system abstraction for time-aware applications. In Proceedings of the Real-Time Systems Symposium (RTSS’16). IEEE, 191--202.Google ScholarCross Ref
- Fatima M. Anwar, Amr Alanwar, and Mani B. Srivastava. 2018. OpenClock: A testbed for clock synchronization research. In 2018 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control, and Communication (ISPCS). IEEE, 1--6.Google Scholar
- Gildas Avoine, Xavier Bultel, Sébastien Gambs, David Gerault, Pascal Lafourcade, Cristina Onete, and Jean-Marc Robert. 2017. A terrorist-fraud resistant and extractor-free anonymous distance-bounding protocol. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. ACM, 800--814.Google ScholarDigital Library
- Andrew Baumann, Marcus Peinado, and Galen Hunt. 2015. Shielding applications from an untrusted cloud with haven. ACM Trans. Comput. Syst. 33, 3 (2015), 8.Google ScholarDigital Library
- Timothy Broomhead, Julien Ridoux, and Darryl Veitch. 2009. Counter availability and characteristics for feed-forward based synchronization. In International Symposium on Precision Clock Synchronization for Measurement, Control and Communication (ISPCS’09). IEEE, 1--6.Google ScholarCross Ref
- Nirupama Bulusu, John Heidemann, and Deborah Estrin. 2000. GPS-less low-cost outdoor localization for very small devices. IEEE Pers. Commun. 7, 5 (2000), 28--34.Google ScholarCross Ref
- Chen Chen, Himanshu Raj, Stefan Saroiu, and Alec Wolman. 2014. cTPM: A cloud TPM for cross-device trusted applications. In Proceedings of the USENIX Symposium on Networked Systems Design and Implementation (NSDI’14). 187--201.Google Scholar
- Guoqiang Jerry Chen, Janet L. Wiener, Shridhar Iyer, Anshul Jaiswal, Ran Lei, Nikhil Simha, Wei Wang, Kevin Wilfong, Tim Williamson, and Serhat Yilmaz. 2016. Realtime data processing at facebook. In Proceedings of the 2016 International Conference on Management of Data. ACM, 1087--1098.Google ScholarDigital Library
- Sanchuan Chen, Xiaokuan Zhang, Michael K. Reiter, and Yinqian Zhang. 2017. Detecting privileged side-channel attacks in shielded execution with Déjá Vu. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. ACM, 7--18.Google ScholarDigital Library
- Omer Deutsch, Neta Rozen Schiff, Danny Dolev, and Michael Schapira. 2018. Preventing (network) time travel with chronos. In Proceedings of the Network and Distributed Systems Security Symposium (NDSS’18).Google ScholarCross Ref
- John C. Eidson and John Tengdin. 2003. IEEE 1588 standard for a precision clock synchronization protocol for networked measurement and control systems and applications to the power industry. In Proceedings of the Distributech Conference. 4--6.Google Scholar
- Yilong Geng, Shiyu Liu, Zi Yin, Ashish Naik, Balaji Prabhakar, Mendel Rosenblum, and Amin Vahdat. 2018. Exploiting a natural network effect for scalable, fine-grained clock synchronization. In Proceedings of the 15th USENIX Symposium on Networked Systems Design and Implementation (NSDI’18). USENIX Association.Google Scholar
- Gerhard P. Hancke and Markus G. Kuhn. 2008. Attacks on time-of-flight distance bounding channels. In Proceedings of the 1st ACM Conference on Wireless Network Security. ACM, 194--202.Google Scholar
- Mohammad Kamrul Hasan, Rashid Abdelhaleem Saeed, Aisha-Hassan Abdalla, Shayla Islam, Omer Mahmoud, Othman Khalifah, Shihab A. Hameed, and Ahmad Fadzil Ismail. 2011. An investigation of femtocell network synchronization. In Proceedings of the IEEE Conference on Open Systems (ICOS’11). IEEE, 196--201.Google ScholarCross Ref
- intel sgx. 2016. Intel(R) Software Guard Extensions Software Developer Manual. Retieved from https://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-vol-3d-part-4-manual.pdf.Google Scholar
- Eyal Itkin and Avishai Wool. 2017. A security analysis and revised security extension for the precision time protocol. IEEE Trans. Depend. Secure Comput. 17, 1 (2017), 22--34.Google ScholarCross Ref
- Anantha K. Karthik and Rick S. Blum. 2018. Estimation theory-based robust phase offset determination in presence of possible path asymmetries. IEEE Trans. Commun. 66, 4 (2018), 1624--1635.Google ScholarCross Ref
- Andrew J. Kerns, Daniel P. Shepard, Jahshan A. Bhatti, and Todd E. Humphreys. 2014. Unmanned aircraft capture and control via GPS spoofing. J. Field Robot. 31, 4 (2014), 617--636.Google ScholarDigital Library
- J. Eidson and K. Lee. 2002. IEEE standard for a precision clock synchronization protocol for networked measurement and control systems. In 2nd ISA/IEEE Sensors for Industry Conference. IEEE, 98--105.Google Scholar
- Yang Li, Rui Tan, and David K. Y. Yau. 2017. Natural timestamping using powerline electromagnetic radiation. In Proceedings of the 16th ACM/IEEE International Conference on Information Processing in Sensor Networks. ACM, 55--66.Google Scholar
- Martin Lukac, Paul Davis, Robert Clayton, and Deborah Estrin. 2009. Recovering temporal integrity with data driven time synchronization. In Proceedings of the 2009 International Conference on Information Processing in Sensor Networks. IEEE Computer Society, 61--72.Google ScholarDigital Library
- Aanchal Malhotra, Matthew Van Gundy, Mayank Varia, Haydn Kennedy, Jonathan Gardner, and Sharon Goldberg. 2017. The security of NTP's datagram protocol. In Proceedings of the International Conference on Financial Cryptography and Data Security. Springer, 405--423.Google ScholarCross Ref
- David L. Mills. 1991. Internet time synchronization: The network time protocol. IEEE Trans. Commun. 39, 10 (1991).Google ScholarCross Ref
- Tal Mizrahi. 2012. Slave diversity: Using multiple paths to improve the accuracy of clock synchronization protocols. In Proceedings of the International IEEE Symposium on Precision Clock Synchronization for Measurement Control and Communication (ISPCS’12). IEEE, 1--6.Google ScholarCross Ref
- Tal Mizrahi. 2014. Security Requirements of Time Protocols in Packet Switched Networks. Technical Report.Google Scholar
- Bassam Moussa, Mourad Debbabi, and Chadi Assi. 2016. A detection and mitigation model for PTP delay attack in an IEC 61850 substation. IEEE Transactions on Smart Grid 9, 5 (2016), 3954--3965.Google ScholarCross Ref
- Lakshay Narula and Todd Humphreys. 2018. Requirements for secure clock synchronization. IEEE J. Select. Top. Signal Process. 12, 4 (2018), 749--762.Google ScholarCross Ref
- Mark L. Psiaki and Todd E. Humphreys. 2016. GNSS spoofing and detection. Proc. IEEE 104, 6 (2016), 1258--1270.Google ScholarCross Ref
- Dima Rabadi, Rui Tan, David K. Y. Yau, and Sreejaya Viswanathan. 2017. Taming asymmetric network delays for clock synchronization using power grid voltage. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. ACM, 874--886.Google ScholarDigital Library
- Himanshu Raj, Stefan Saroiu, Alec Wolman, Ronald Aigner, Jeremiah Cox, Paul England, Chris Fenner, Kinshuman Kinshumann, Jork Loeser, Dennis Mattoon, et al. 2016. fTPM: A software-only implementation of a TPM chip. In Proceedings of the USENIX Security Symposium. 841--856.Google Scholar
- Julien Ridoux, Darryl Veitch, and Timothy Broomhead. 2012. The case for feed-forward clock synchronization. IEEE/ACM Trans. Netw. 20, 1 (2012), 231--242.Google ScholarDigital Library
- Daniel P. Shepard, Jahshan A. Bhatti, Todd E. Humphreys, and Aaron A. Fansler. 2012. Evaluation of smart grid and civilian UAV vulnerability to GPS spoofing attacks. In Proceedings of the ION GNSS Meeting, Vol. 3. 3591--3605.Google Scholar
- Dave Singelee and Bart Preneel. 2005. Location verification using secure distance bounding protocols. In Proceedings of the IEEE International Conference on Mobile Adhoc and Sensor Systems Conference, 2005. IEEE, 7--pp.Google ScholarCross Ref
- Kun Sun, Peng Ning, and Cliff Wang. 2006. TinySeRSync: Secure and resilient time synchronization in wireless sensor networks. In Proceedings of the 13th ACM Conference on Computer and Communications Security. ACM, 264--277.Google ScholarDigital Library
- Adrian Tang, Simha Sethumadhavan, and Salvatore Stolfo. 2017. CLKSCREW: Exposing the perils of security-oblivious energy management. In Proceedings of the 26th USENIX Security Symposium.Google Scholar
- Markus Ullmann and Matthias Vögeler. 2009. Delay attacks—Implication on NTP and PTP time synchronization. In Proceedings of the International Symposium on Precision Clock Synchronization for Measurement, Control and Communication (ISPCS’09). IEEE, 1--6.Google ScholarCross Ref
- Peter Volgyesi, Abhishek Dubey, Timothy Krentz, Istvan Madari, Mary Metelko, and Gabor Karsai. 2017. Time synchronization services for low-cost fog computing applications. In Proceedings of the 28th International Symposium on Rapid System Prototyping: Shortening the Path from Specification to Prototype. ACM, 57--63.Google ScholarDigital Library
- Qingyu Yang, Dou An, and Wei Yu. 2013. On time desynchronization attack against IEEE 1588 protocol in power grid systems. In Proceedings of the IEEE Energytech 2013. IEEE, 1--5.Google Scholar
Index Terms
- A Case for Feedforward Control with Feedback Trim to Mitigate Time Transfer Attacks
Recommendations
Experimental evaluation of the jitter generated in timing transfer
Modern telecommunications networks maintain synchronization and distribute accurate timing information using approaches with strict requirements on clock quality and jitter and wander at interfaces. In the future, packet networks may be used for timing ...
A framework to mitigate ARP sniffing attacks by cache poisoning
Today in the digital era of computing, most of the network attacks are caused by sniffing the sensitive data over the network. Among various types of sniffing attacks, ARP sniffing causes most of the LAN attacks wired and wireless LAN coexist. ARP ...
Attacking a Feedback Controller
We consider the problem of generating sensor spoofing attacks on feedback controllers. The attacker has the option of remaining in a stealth mode - wherein it spoofs some sensor but only by an amount that is indistinguishable from noise. Later, the ...
Comments