1. AndrewMcGarry
Daniel Lopresti
LehighinIreland2014
August9, 2014
Demonstrating a Security Flaw in Authenticated NTP
Abstract:
Thisreportdetailsa projectwhose central goal wasto explore anddemonstrate asecurityflaw
inAuthenticatedNetworkTime Protocol. The particularexploitwhichthisprojectfocusedoninvolvesa
Man-in-the-Middle (MitM) attackwhere the attackermasqueradesasa legitimate NTPserverafter
brute forcinga 32-bit cookie generatedduringthe initialauthenticationprocess.Once the correct
cookie hasbeenguessed,the attackercanthenconductan AddressResolutionProtocol (ARP)poisoning
attack to directNTP trafficdestined forthe legitimate NTPservertoa target of hisor herchoice (usually
the attacker’sownmachine).Thisthenallowsthe attackertofeedthe NTPclientfalse timing
information,leadingtoa numberof adverse effectswhichrange frommisrepresentationof the current
time to systemfailure.Control systems,suchasthose whichwouldbe usedtomonitorpowerusage ina
smart grid,can be made blindif enoughmeasuringdevicesare deprivedof apropersense of time,
potentiallyleadingtocatastrophicfailures. Todemonstrate thisexploit,ourgroupdecidedtosetupa
small virtual computernetworkandthenconductthisattackon an AuthenticatedNTPsession
establishedbetweentwoof the machines.
Introduction:
Duringthe 1980’s, as control andmeasurementapplicationsbecameincreasinglycomplex and
computationallydemanding,theregrewaneedfora technologycapable of synchronizingtime between
disparate computingdevices.Several solutionstothisproblem weredeveloped,includingGPStime
synchronization,reference broadcastsynchronization,andNetworkTime Protocol.AlthoughGPSand
reference broadcastsynchronizationare excellentsourcesof time,NetworkTime Protocol (NTP) isby
far the most broadlyapplicablesince itcanoperate overthe wired andwirelessinternetprotocol
networkscommonlyincorporatedintobuildings.Radiowavesdonotpropagate well throughdense
materials,makingGPSandreference broadcastsynchronizationproblematicinbuildings andurban
environments.
As a resultof thisshortcoming, NTPhasbeenanextremely commonmeansof synchronizing
time across computernetworksformore thana decade,anditsapplicationscontinue toevolve.The
recentpushtowardssmart gridtechnology,forexample,will see the introductionof NTPintoa new
domain:critical infrastructure.Smartgridtechnology promisestoimprove the efficiencyandreliability
of the UnitedStatespowergridthroughthe additionof internet-enabledsensors.Ensuringthatthe
varioussensorsandcontrol systemsall keepthe same time opensupawhole new range of capabilities
for powergridengineers,andbecause manyof these deviceswill be internet-enabled,usingNTPto
synchronize time acrossthe gridisan attractive option.
It isnot however,asafe option.NTPinitsbase formhas no authenticationschemetoverify
clientsorlegitimate serversandhasbeenusedasthe basisforseveral distributeddenial of service
2. (DDoS) attacks overthe yearsbecause of it.The additionof Autokey,anauthenticationmechanism,lead
to the adventof AuthenticatedNTP.The factthatNTP can now be setup withan authentication
mechanismmakesita bettercandidate foruse incritical infrastructure,yeteventhismeasure hasnot
made NTP invulnerabletoexploitation.Recentscholarshiphasuncoveredseveral attackvectors,or
meansof exploitation,relatingtoAuthenticatedNTP.These discoverieshave kickedoff awave of
investigationintosecurityimprovementsforAuthenticatedNTPwiththe ultimate goal of preparingit
for use incritical infrastructure.
ProjectGoals:
The main goal of thisprojectwasto explore anddemonstrateasecurityflaw associatedwith
AuthenticatedNTP.
Withregards to exploration,mypartnerandI setout tolearnabout NetworkTime Protocol,its
importance andhowit functions.Inaddition,we wishedtolearnhow toutilize toolscommonlyusedin
computerscience researchwhilealsointroducingourselvestocomputernetworkingandnetwork
security.
The demonstrationportionof ourprojectinvolvedatwo-stage approach.Stage 1 wasto consistof a
computernetworkfeaturinganNTPclient/serverrelationshipandthe capabilitytomonitornetwork
traffic.InStage 2, we wouldconducta Man-in-the-Middle(MitM) attackwithin thisnetworkwiththe
goal of spoofinganNTPclientintoacceptingthe attackeras a legitimate NTPserver.
NetworkTime Protocol:
NetworkTime Protocol (NTP) isanapplication-layerprotocol which allowscomputingdevicesto
synchronize theirclockstoreliabletime sourcesoveranetworkconnection. NTPoperatesasahierarchy
of levels,knownasstratum.The lowestlevel,Statum0,referstonational time sourcestowhichStratum
1 servers are directlyconnectedviasatellite,radio,ortelephone modem.Stratum2servers receive their
timinginformationfromStratum1 servers,Stratum3 serversfromStratum2 servers,andso on.
The goal of NTP isto synchronize all participatingcomputingdevicestowithinafew
millisecondsof the CoordinatedUniversal Time (UTC) timescale,atimingstandardobservedbymany
national laboratories.Itdoesnothowever,inherentlyaccountforregional timedifferences,so
differencesintime zonesmustbe accountedforona per-userbasis.Leapsecondsare accounted for
and occur approximatelyevery18months.
As forthe architecture of the protocol,NTPreliesonpacketexchangesbetweenclientsand
serversusingitsownsetof on-wire protocols. A dual setof poll andpeerprocessesgovernswhensuch
packetsare sentandwhat happenswhentheyare received.The poll processsendsNTPpacketsata
rate of one every8 secondsto 36 hoursin orderto maximize accuracyandminimize networkload.If the
packetpassesa sanitycheck,the peerprocessrunsthe on-wire protocol whichreliesonfour
timestamps.
The timestampsare:
T1 : The time of departure of the requestpacketfromthe client
T2 : The time of arrival of the requestpacketatthe server
T3 : The time of departure of the replypacketfromthe server
3. T4 : The time of arrival of the replypacketatthe client
NTP calculatesseveral values toassessthe accuracyof the time itexports basedonthese
timestamps:offset,delay,jitter, frequencyerror,andstability. Perhapsthe mostimportof these four
statistical valuesisthe offset,whichmeasuresthe asymmetryof the roundtriptime.If the offsetistoo
high,NTPpreventsthe clientfromsynchronizingwiththe targetserver.
In orderto continue toreceive timinginformationfromanNTPserver,an NTP clientmustfirst
synchronize withthe server.The synchronizationprocessisaseriesof five request/receive exchanges.In
each exchange,the clientfirstqueriesthe serverforthe currenttime bysendingouta UDP/IP packet
containingatimestampdenotingthe time of departure(T1).Assoonasthe packetis received,the server
marks downthe time at whichthe packetwasreceivedinatimestamp(T2) andadds itto the packet.
The serverthenaddsan NTPtimestampcontainingthe time atwhichthe replypacketwillbe sent(T3) to
the packet,and finally,the clientthenrecordsthe time atwhichthe replypacketarrives(T4) ina final
timestamp.Once the clienthasreceivedandgeneratedall fourtimestamps,itcanthenperforma sanity
checkon the exchange.If the testispassed,anotherexchange isallowedtooccur.Afterfive successful
exchangesandsanitychecks,synchronizationisachievedandanyfurthertimestampsreceivedfromthe
NTP serverare usedto setthe client’sclock.
Normal operationforNTPisverysimilartothe synchronizationprocess.NTPusesUDP/IP
packetsexclusivelyforinformationtransferandhasdesignatedport123 as the official NTPport. The
clientandserveruse the same request/receive formatasdetailedabove,withboththe clientandserver
addingNTPtimestampstothe packetuntil theyare all finallycollectedbythe client.After
synchronizationthough,the offsetvalue calculatedusingthe timestampsisrunthroughanalgorithm
and thenusedtoadjustthe systemclockandfrequency of the client.The onlyotherimportant
difference betweensynchronizationandnormal operationisthatinnormal operation,the frequencyof
exchangesdecreaseswitheachsuccessfulexchange untileventually,exchangesoccuronlyonce every
36 hours.
In orderto make use of NTP,all that isrequiredforclientsisthattheydownloadthe currentNTP
distribution.The distributioninstallsseveral programs,the mostimportantof whichare ntpd (NTP
daemon), ntpq (NTPquery),and ntpdate. ntpd isanoperatingsystemdaemonwhichdealswiththe
regularoperationof NTP,namelysynchronizationandnormal operationpollingintervals.Itiscapable of
settingthe systemclockandfrequencyafterithassuccessfullysynchronizedwithan NTPserver. ntpq is
a utilityprogramusedmainlytocheckthe status of an NTP connectionanddiagnose connectionissues.
Finally, ntpdateisusedtoretrieve the date fromanNTP serverandsetthe systemclockwithouthaving
to go throughthe synchronizationprocess.Onlyone query/replyexchange isrunby ntpdate,andthe
resultof the queryisautomaticallyusedtosetthe systemclock. ntpdate,like ntpq,ismainlyusedfor
debuggingpurposes.
AuthenticatedNTP:
AuthenticatedNTPwasintroducedin ordertoensure the securityof timinginformationacross
computernetworks.Manycontrol systemshave verysmall toleranceswhenitcomestotime
synchronization,soevensmall discrepanciesbetweenthe variousdevices’timescancause catastrophic
failure.Since the onlyformof securitywhichthe base formof NTPoffersisprotectionfrompacketloss
4. and replays,AuthenticatedNTPwasaddedasan additiontoNTP inorderto provide some measure of
security.
The main advantage of usingAuthenticatedNTP isthe incorporationof anAutokeypublickey
algorithm. The Autokeyauthenticationschemeinvolvesthe use of digital certificatestoverifyachainof
verifiedNTPserversandapublickeycryptographyscheme.Atthe start of everyAuthenticatedNTP
session,clientsrequestaseriesof digital certificates.The chainof certificatesstartswithaTrustedHost
(TH),usuallyaStratum 1 server.The TH’scertificate isself-signed,andsorepresentsthe startof the
certificate chain. AnyStratum2 servers connectedtoa TH in turnreceive acertificate signedbythe TH.
Stratum3 serversreceive certificatessignedbythe Stratum2 serverstheyare connectedto,and so on.
NTP clientsreceive acopyof each certificate inthe chainleadingbacktothe TH fromwhichthe timing
informationisderived.
Once the certificate chainhasbeenresolved,NTPclientsrequestacookie fromthe server.
Cookiesare 32 bitsequencesgeneratedusingaclient’spublickeyanda server’sprivate key andare
usedto authenticate packetssentfrom the client.Inadditiontousingitsownprivate keytogenerate
the cookie,serversuse asequence calledthe serverseedinthe formationof the cookie.The serverseed
isnot sharedwiththe publicandso representsasecretknown onlytothe server. Thisfact is important
because itmeansthe serverseed isthe onlypiece of information usedtoauthenticatepackets which
cannot be gatheredsimplybymonitoringnetworktrafficbetweenanNTPclientandanNTP server.
The Autokey authenticationprocessisdetailedinthe figure below:
5. As previouslymentioned,the cookieisa32 bitsequence generatedusingthe clientpublickey,
the serverprivate key,andthe serverseed.Ithasthe followingformat:
Cookie = MSBs32 (H (Client-IP||Server-IP|| 0 || ServerSeed)),e.g.
Cookie = EClient(MSBs32 (H (Client-IP||Server-IP|| 0 || ServerSeed)))
Remark:|| = Concatenation,H= hashfunction(MD5 or SHA1)
Remark:The serverisstatelessandhastorecalculate cookie wheneveraclientcontacts it
Remark:The ServerSeedis32 bitlong.It issharedfor all clientcookiesandchangedevery24 hrs.
Duringnormal NTP operation,the cookie isincorporatedinto the NTPpacketinorderto
authenticate the source:
NTP Packet = NTP-Payload|| KeyId || MAC
Remark:the NTP payloadisnotencryptedandis easilyreadable
Message AuthenticationCode (MAC) = H (Autokey|| NTP-Payload)
KeyIdis128 bitslongand pickedbythe clientat the start of everyNTPsession.
Autokeyis128 bitlongand calculatedasfollows:
Autokey= H (Sender-IP||Receiver-IP||KeyID || Cookie)
The Autokeyauthenticationschemeisnotinvulnerable.One particularexploitwhichwas
discoveredbycomputerscience academicsrecentlytakesadvantage of the factthatthe cookie,which
containsthe onlybitof informationwhichcan’tbe collectedbyobservingnormal NTPtraffic,isonly32
bitslong.Anattacker whoattemptsto brute force thissequence bybombardingthe serverwithbogus
requestscansuccessfullyguessthe cookie inabout10 minutes. Demonstratingthisparticularexploit
was the subjectof our projectsoI will describe how suchanattack isconducted.
In thisattack, we assume thatan NTP connectionhasbeenestablishedbetweenaclientanda
server,thatthe Autokeyauthenticationsequence hasalreadyoccurred,andthatthe clientisalready
synchronizedtothe server.WhenaMitM entersthe scene andbeginstosniff the packets being
exchangedbetweenthe clientandserver,three piecesof informationare readilyavailable tohim.By
justsniffingthe UDPpacketsexchangedbythe clientandserver,the MitMcan determinethe client’sIP
address,the server’sIPaddress,andthe keyID. Since the ultimate goal of the MitMis to convince the
clientthatit isthe legitimate NTPserversothat itcan feedthe clientfalse timinginformation,the only
piece of informationthe MitMneedsatthispointinorder to masquerade asthe serveristhe cookie.
The cookie isnot easilyreadable bythe MitMbecause itis runthrougha hashfunctiontocreate the
Autokeysequence andthenthroughanotherhashfunctiontocreate the MAC. Since hashfunctionsare
one-directioncalculations,itwouldtake atremendousamountof efforttodetermine the cookiefrom
the MAC.
However,the cookie isonly32 bitslong.Knowingthis,the MitMcan use the informationhe’s
alreadygatheredthroughsniffingnetworktraffictoforge NTPclientrequestsforthe currenttime.The
MitM’s goal at thispointisto keepsendingforgedclientrequestsuntil he brute forces,orguesses
6. correctlythroughtrial and error,the cookie sequence. Itwasestimatedbymyadvisorthatthe process
of brute forcingthe cookie wouldonlytake about10 minutes.
Once the attacker managesto determinethe correctcookie sequence,the onlythinglefttodo
isto performan ARPpoisoningattacksothat all requestsaimedatthe legitimate NTPserverare instead
directedatthe attacker’smachine.There are manyapplicationsreadilyavailable onthe webtoperform
ARPpoisoningattacks,sothisisnot a particularlydifficultfeat.However,once the ARPpoisoningattack
iscomplete,the MitMisfree to feedthe NTPclientwhatevertiminginformationhe wantstoand
therebywrecksystemswhichrelyonaccurate time synchronization.
A diagramof thiskindof attack isgiven below:
Stage 1:
Duringthe initial planningstagesof thisproject,ourgroupdecidedthat the projectwouldbe
brokenupintotwo distinctstages,Stage 1 andStage 2. The objective of Stage 1was to setup a testing
environmentinwhichwe couldlaterexecuteaMitMattack whichdemonstratedthe securityflaw in
AuthenticatedNTPdetailedpreviously.
7. I was responsible
for planningoutand
completingStage 1.My
initial planforStage 1
involvedestablishingan
NTP connectionbetween
twovirtual machinesand
thenmonitoringthe NTP
trafficpassingbetween
themusingWireshark,a
packetsniffingprogram,
installed onthe hostOS
(see diagramat right).
My decisionto
use virtual machinesforStage 1 was influencedbythree factors.First,Ihave hada greatdeal of
experience settingupandusingvirtual machinesinmypreviousinternships,soIwasconfidentinmy
abilitytosetStage 1 up quickly.Second,Iwantedtocontainthe projectentirelywithinmylaptopso
that my partnerand I couldworkon the projectwithouthavingtoworryaboutwhenthe labswere
open.Third,I knewfrompreviousexperience thatvirtual machinesare veryeasytomanipulate andthe
abilitytocreate snapshotsof theircurrentstate wouldallow ustorecoveraftererrors far more quickly
than if we had usedseparate computersforeachof the elementsinStage 1.
To create the virtual machinesandthe virtual networkwhichwouldbindStage 1together,I
useda piece of software calledVMWare.VMWare allowsuserstocreate virtual machines(VMs)from
diskimagesandmanage themwithvarioustoolsandfeatures.The mostimportantmanagementtool
for our purposeswasthe snapshottool,whichallowedustosave the currentstate of the virtual
machine andrecoverback to previousonesif anerrorarose.VMWare alsoprovidesthe capabilitytoset
up virtual networks.Three defaultvirtual networksare createdbyVMWare uponinstallation:ahost-
onlynetwork,aNATnetwork,anda bridgednetwork.WhenaVMis created,the usercan choose which
virtual networktoconnectthe VMto. VMWare will automaticallycreate avirtual networkadapter
connectingthe VMtothe desiredvirtual network once the installationprocessiscomplete. VMWare
alsocreatesa virtual DHCP serverforeach of the three networkstoassignIPaddressestoall machines
participatingineachnetwork.
In the VMWare documentation,itsaysthatwheneveraVMisconnectedtoone of the three
defaultvirtual networks,the VMisautomaticallyconnectedtothe virtual switchassignedtothat
network.However,IfiguredoutearlyonthroughresearchingVMWare thatthe virtual switchthe
documentationsaysitconnectsVMsto inrealityoperateslike avirtual hub.Thisisbecause like ahub,
thisvirtual switchautomaticallycopiesall incomingpacketsandsendsacopyout to all of the machines
connectedtoit.This isimportantto note since itplaysa keyrole inthe operationof Stage 1.
I chose to set upStage 1 on the defaultNATnetworksince itwasthe onlydefaultnetwork
whichwouldallowVM’stohave access tothe external networkandtothe host OS.In the default
bridgednetwork,the hostOSisnot givenavirtual networkadapter,andsocannot be accessedbythe
VMs participatinginthe network.The host-onlyvirtualnetworkisalsolimitedinthatitcuts off VMs
8. fromthe external network. Since NTPserversmustreceivetiminginformationthroughaserverchain
leadingbackto a Stratum1 server,the NTPserverwhichIwouldsetup had to have accessto the
external network.Bridgednetworkingwasrejectedbecause Ididnotwantto have to create more VM’s
than necessary,sothe defaultvirtual NATnetworkwasthe onlyoptionleft.
Once it wasset up,Stage 1 wouldconsistof twovirtual machinesandthe hostoperating
system.One of the virtual machineswouldrunthe NTPserverapplicationandreceive timing
informationfromanestablishedNTPserveratNational Universityof IrelandGalway(NUIGalway) by
accessingthe external networkthroughthe NATdevice.The secondVMwouldbe setupas an NTP
client,andreceive timinginformationfromthe otherVM.Wiresharkwouldthenbe installedonthe host
OS and would monitorall networktrafficonthe virtual network.The reasonthatWiresharkwouldbe
able to see all trafficonthe virtual networkisbecause the virtual hubatthe centerof the network
wouldcopyeverypacketroutedthroughitto the host OS,effectivelyallowingWirehsharkto“see”the
trafficbetweenthe NTPclientandthe NTPserver.
Thissetupwouldserve asa jumpingoff pointforStage 2 since,if Wiresharkcouldindeedseeall
of the networktrafficonthe virtual network,thenwe couldeventuallyreplace WiresharkwithaMitM-
style attacker.The exploitdescribedearlieronlyrequiresthatthe attackerbe able to sniff the NTP
packetstravellingbetweenthe clientandserverandbe able toinjectpacketsintothe network.If
Wiresharkcouldsee the packetsanattacker wouldwantto sniff,thenwe couldeventuallyreplace
Wiresharkwiththe attacker.
Stage 2:
In Stage 2, our group wouldmodifyStage 1and demonstrate the AuthenticatedNTPexploit
detailedinthe “AuthenticatedNTP”section.Thoughwe didnotultimatelycompleteStage 2,I
researchedhowitcouldbe achieved.
My planwasto downloadapiece of software calledScapyontothe hostOS. Scapyis a program
capable of packetsniffingaswell ascustompacketcreationandinjection. UsersinteractwithScapy
throughPython code,allowingthe usertofine tune itsfunctions.A pythonscriptcouldtheoreticallybe
writtentoperformall of the functionsof the attacker,such as sniffingthe NTPtrafficbetweenthe client
and serverto pick upeasilyavailableinformationandcraftingbogusrequestsinordertobrute force the
cookie.Toperformthe ARPpoisoningattackfollowingthe determinationof the cookie,anotherpieceof
opensource software,Ettercap,couldbe used.Ettercapis a network security tool withawide range of
featuresforconductingMitMattacks onlocal area networks.One suchfeature allowsuserstoquickly
performARPpoisoningattacksandtherebyredirectnetworktrafficdestinedforone machine to
another.
Once the cookie wasdeterminedusingScapyandan ARPpoisoningattackconductedusing
Ettercap,we couldthenuse Scapyto feedthe NTPfalse timinginformation.Thiswouldbe achievedby
craftingNTP packetsusingthe publicinformationdeterminedearlier, the knownAutokeyhash
functions,the cookie,andwhateverNTPpayloadwe chose.The clientwouldthensetitsclockusingthe
falsifiedtiminginformation,markingthe successful completionof the MitMattack.
Progress:
9. Duringthe firstweekanda half of the project,DeclanandI performedagreat deal of research
and I attemptedtogetStage 1 up andrunning.Since Declanhadn’tbeenexposedtocomputer
networkingpreviously,Idevelopedalistof topicsincomputernetworkingwhichhe couldinvestigatein
orderto helphimunderstandourproject.While he workedonthatforthe firstweekanda half,Itook
charge of planninghowStage 1 wouldworkand plannedouthow Iwouldsetit up.I familiarizedmyself
withVMWare,especiallyhowthe virtual networksitcreateswork,anddidsome preliminaryresearch
intohowNTP worksto informmyplanning.
Once I had begunto setup Stage 1 however,Ibegantorun intothe bugsthat would plague me
for weeksafterwards.Manyof these issueswere resolvedbylearninghow toadd andmodifyrulesin
Fedora19’s kernel firewall,knownasiptables,andhow toaddexceptionstoWindowsFirewall.This
researchgot me to the pointwhere bothof the Fedora19 virtual machinesIhadsetup were able to
pingone another, andboth of the VMswere able to pingthe hostOS.
The real trouble beganwhenIattemptedtosetupan NTP serveronone of the VMs.As
previouslymentioned,NTPhasa hierarchical structure,meaningthatall NTPserversare connectedback
to a Stratum 1 serverthrougha chainof servers.My firstattemptsat synchronizingmyservertoan
establishedNUIGalwayNTPserverdidnotsucceed,forcingme todelve deeperintothe NTP
documentation.Ispentaweeklearninghow todiagnose NTPconnectionswiththe ntpq andntpdate
commands,butstill couldnotfigure outwhyI was unable tosynchronize myserverwiththe NUIGNTP
server.
At thispoint,IcalleduponMichael Schukatforadvice. He theorizedthatmyNTP serverwas
unable toreceive repliesfromthe NUIGalwayNTPserverbecause theirNTPserverexistedoutside the
universityfirewall.The replieswhichthe NUIGalwayNTPserversentbackto myserverwere being
interceptedbythe firewall.Tofix this,Michael broughtdownacellularrouterwhichwould allowmy
laptopto connectto the internetoverthe local cellularnetwork.Thisway,Icouldbypassthe university
firewall andcontactthe NUIG serverdirectly.
The use of the cellularrouterallowedmyservertosuccessfullysynchronize withthe NUIG
serverafterseveral daysof trial anderror. However,thiswasnota long-termsolutionsince Michael had
onlypurchasedone gigabyte of datafor the cellularrouterandI wasfast approachingthe limitduring
testing.HughMelvinsteppedinatthatpoint and setup an NTPserverwithinthe NUIGfirewall withthe
hopesthatI couldsynchronize withthatoverthe NUIG campuswifi withoutworryingaboutthe campus
firewall.
SynchronizationbetweenmyNTPserverandHugh’sNTPserverdidnotoccur overthe next
weekof testing.Michael wasawaythatweekandHugh Melvinhadpressingmatterstoattendto so I
was lefttotry to debugthe issue myself.Several daysof testingvariousNTPconfigurationfilesetups
and trawlingthe internetforanswersleadtoan importantdiscovery.Once Ihadbeguntoexplore the
variousoptionswhichcouldbe appendedontothe ntpq andntpdatecommands,IdiscoveredthatIwas
able to retrieve the date fromHugh’sNTPbyspecifyingthatthe requestbe sentoveranunrestricted
port. Anyportnumberabove 1024 isconsideredunrestrictedandanyportnumberbelow orincluding
1024 restricted.Since NTPnormallysendsrequestsfromport123, addingthe –u optionto the ntpdate
commandforcedthe requesttobe sentonan unrestricted portnumber,andforan unknownreason,
that allowedme toretrieve the date.AfterconsultingbothHughMelvinandProfessorChuahaboutthis,
I was leadtobelieve thatthe issue laysomewhere inVMWare’ssetupof the virtual network.
10. I studiedthe VMWare documentationandinternetforumsforseveraldaysbutcouldnotfindan
answer.Idid howeverlearnhowthe NATdevice whichallowedthe VM’stoconnectto the external
networkworked,andevenlearnedhowtoaddcustomrulesto the NAT device.Whenaddingcustom
rulesfailedtoproducedresults,Iresignedtothe factthat the VMWare documentationwasnotdetailed
enoughformy purposesandthatI wouldhave to rethinkhow Iwas goingto setup Stage 1.
My newplanforStage 1 involvedswitchingthe rolesof the VM’sand the hostOS. Insteadof
tryingto synchronize anNTPserverona VMto an NUIG NTPserver,I decidedinsteadtosetupan NTP
serveronmy hostOS and thenhave one of the VM’sreceive timinginformationfromthat.Ihad
discoveredthatwhile the VM’swere havingdifficultysynchronizingtothe NUIG NTPservers,myhost
OS wasable to synchronize withHugh’sserverwithnodifficultywhatsoever.Thisfindinginconjunction
combinedwiththe discoveryof apiece of opensource software whichwassupposedtofix time
synchronizationissuesacrossNATdevicesleadme tobelieve thatthissetupwouldwork.
The role of the attacker wouldtherefore be switchedovertothe secondVMsince itwouldbe
able to monitorall of the networktrafficbetweenthe NTPclientVMandthe hostOS justas easilyasthe
hostOS was able tomonitorthe trafficbetweenthe twoVM’s.A diagramof thissetupisincluded onthe
here:
Aftera twodays of tweakingandtroubleshooting,Imanagedtosynchronize the NTPclientVM
withmyhost OS,and runningWiresharkinside the secondVMprovedthatitcouldindeedsee the NTP
trafficpassingbetweenthe NTPclientVMandthe hostOS. Stage 1 was now complete.
The setupof Stage 1 tookuntil the 15th
of July,leavinguswithlessthanaweekto workon Stage
2. With the remainingtime,Iresearchedwhatpiecesof software wouldbe necessarytocomplete Stage
2 and howto create customnetworkpackets.Ididnot ultimatelyfinishStage 2,but I hada veryfirm
ideabythe endof howI wouldcomplete it.
11. As a final note onthe workthat I didthis summer,Ialsotookresponsibilityforplanningoutthe
final presentationwhichDeclanandIgave to Michael Schukatand Hugh Melvinandwrote tenof the
thirteenslidesinvolvedinthe PowerPoint,includingtwoexplanatorydiagrams.
Summary:
Duringthe sevenweeksspentworkingonthisproject,mypartnerandI put ina greatdeal of
efforttowardsachievingourprojectobjectives.Thoughwe didnotultimatelyrealizeourgoal of
demonstratingasecurityflawinAuthenticatedNTP,we made importantgainsinmanyareas.Both
Declanand I learnedagreat deal aboutNetworkTime Protocol,computernetworking,andvarious
software toolsduringthe course of the project.The longand arduoustroubleshootingprocessIwent
throughto complete Stage 1 leftme withanin-depthunderstandingof how the NTPprogramsworks,
howVMWare’svirtual networksare setup,and how to diagnose networkconnectionissues.Inaddition,
I was alsoexposedtothe innerworkingsof AuthenticatedNTPandplannedouthow ourgroupwouldgo
aboutperformingaMitM-style attack.
Thanksto all of the supportwe receivedfromMichael Shukat,HughMelvin,andProfessor
Chuah,Declanand I were able toshowcase a functional Stage 1at the endof the summerand
demonstrate afirmunderstandingof how the systemworked.We have alsoleftthe projectinsucha
waythat it can be continuedinthe future byNUIGalwaystudents.Futureworkonthe projectbysuch
studentswill mostlikelyinclude the completionof Stage 2, so thoughour time withthe projecthas
come to a close,the workthatwe have done will helptoeducate the computerscience students which
followbehindus.