A Detection Model Against Precision Time Protocol Attacks

Abstract

The IEEE 1588 Precision Time Protocol (PTP) is a widely used mechanism to provide time synchronization of computer clocks down to microsecond accuracy as required by many financial and industrial applications (IEEE Standard for a Precision Clock Synchronization Protocol for Networked Measurement and Control Systems, 2008). However, PTP is vulnerable to infrastructure cyber-attacks that reduce the desired accuracy. IEEE 1588 defined an experimental security extension (Annex K) in order to protect a PTP network, but various drawbacks have been discovered, resulting in further improvements including the use of public-key encryption ( Itkin & Wool, 2020 ) and reduce the three-way handshake mechanism to one way authentication ( Onal & Kirrmann, 2012 ). Today Annex K is deprecated in favor of L2 / L3 security mechanisms. Further on, in 2020 a backwards compatible IEEE 1588 version (v2.1) will be introduced, that contains a new security extension called Annex S. Annex S consists of four prongs as follows (IEEE Draft Standard for a Precision Clock Synchronization Protocol for Networked Measurement and Control Systems, 2019): • Prong (A) PTP Integrated Security Mechanism describes an authentication type-length-value (TLV) that is aligned with and integrated into the PTP message. • Prong (B) PTP External Transport Security Mechanisms describes the current external security mechanisms that can be used to provide protection to PTP message i.e., IPsec and MACsec. • Prong (C) Architecture Guidance describes a redundant time system, redundant grandmaster, and redundant paths. • Prong D (Monitoring and Management Guidance) suggests monitoring the slaves’ synchronization process.