Internet services and applications depend critically on the availability and acc uracy of network time. The Network Time Protocol (NTP) is one of the oldest core network protocols and remains the de facto mechanism for clock synchronization across the Internet today. While multiple NTP infrastructures exist, one, the "NTP Pool," presents an attractive attack target for two basic reasons, it is: 1) administratively distributed and based on volunteer servers; and 2) heavily utilized, including by IoT and infrastructure devices worldwide. We %develop measurements to gather the first direct, non-inferential, and comprehensive data on the NTP pool, including: longitudinal server and account membership, server configurations, time quality, aliases, and global query traffic load. We gather complete and granular data over a nine month period to discover over 15k servers (both active and inactive) and shed new light into the NTP Pool's use, dynamics, and robustness. By analyzing address aliases, accounts, and network connectivity, we find that only 19.7% of the pool's active servers are fully independent. Finally, we show that an adversary informed with our data can better and more precisely mount "monopoly attacks" to capture the preponderance of NTP pool traffic in 90% of all countries with only 10 or fewer malicious NTP servers. Our results suggest multiple avenues by which the robustness of the pool can be improved.
翻译:互联网服务与应用严重依赖于网络时间的可用性与准确性。网络时间协议(NTP)作为最古老的核心网络协议之一,至今仍是互联网时钟同步的事实标准机制。尽管存在多种NTP基础设施,其中"NTP池"因其两个基本特点成为极具吸引力的攻击目标:1)采用分布式管理架构并依赖志愿者服务器;2)被广泛使用,包括全球物联网及基础设施设备。我们开发了测量方法,首次直接、非推断性地全面采集NTP池数据,涵盖:纵向服务器与账户成员关系、服务器配置、时间质量、地址别名及全球查询流量负载。通过为期九个月的完整细粒度数据采集,我们发现了超过1.5万台服务器(包括活跃与非活跃状态),从而对NTP池的使用模式、动态特征与鲁棒性提出新见解。通过分析地址别名、账户及网络连通性,我们发现仅有19.7%的活跃服务器具备完全独立性。最后,我们证明攻击者利用本研究数据能以更优精度实施"垄断攻击":仅需10台或更少的恶意NTP服务器即可在90%的国家中捕获NTP池的主要流量。研究结果为提升NTP池鲁棒性提供了多种改进路径。