NTS4PTP — A comprehensive key management solution for PTP networks

Abstract

In many areas, such as electrical power distribution, industry or the financial sector, time synchronization of devices in their local network is important. The high requirements for synchronization accuracy are often met by the widely used Precision Time Protocol (PTP), which up to now communicates in an unsecured manner. Attacks on the time protocol can lead to high economic damages, for which reason security is becoming more and more important. The current PTP standard IEEE Std 1588-2019 therefore defines initial security mechanisms to potentially enable checking of the authenticity and integrity of PTP messages. However, distribution and application of these security parameters are not part of the specification, and thus no viable protection exists in PTP so far. In this article, we describe our emerging NTS4PTP protocol, which is under development in cooperation with the IEEE Security Subcommittee to address this problem. It is a practical solution for an automated distribution of these security parameters using a key management system that follows the principle of the immediate security processing in PTP. NTS4PTP bases on the recently released Network Time Security (NTS) protocol and provides basic features for PTP such as group management and parameters updating. In addition, our protocol supports all common PTP modes (e.g., multicast, unicast, 802.3) and can be used in combination with the NTS-secured Network Time Protocol (NTP). Here, we step into the most important details of our protocol, describe the advantages and disadvantages and discuss the security requirements and challenges. The work on NTS4PTP is also available with the Internet Engineering Task Force (IETF) as an Internet draft and a proof-of-concept implementation is already under development.