TY - GEN
T1 - MS-PTP
T2 - 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2023
AU - Shi, Shanghao
AU - Xiao, Yang
AU - Du, Changlai
AU - Shahriar, Md Hasan
AU - Li, Ao
AU - Zhang, Ning
AU - Hou, Y. Thomas
AU - Lou, Wenjing
N1 - Publisher Copyright:
© 2023 Owner/Author.
PY - 2023/5/29
Y1 - 2023/5/29
N2 - Time-sensitive applications, such as 5G and IoT, are imposing increasingly stringent security and reliability requirements on network time synchronization. Precision time protocol (PTP) is a de facto solution to achieve high precision time synchronization. It is widely adopted by many industries. Existing efforts in securing the PTP focus on the protection of communication channels, but little attention has been given to the threat of malicious insiders. In this paper, we first present the security vulnerabilities of PTP and discuss why the current defense mechanisms are unable to counter Byzantine insiders. We demonstrate how a malicious insider can spoof a time source to arbitrarily shift the system time of a victim node on an IoT testbed. We further demonstrate the harmful consequence of the attack on a real Turtlebot3 robotic platform as the robot fails to locate itself and follows a false trajectory. As a countermeasure, we propose multi-source PTP, in short, MS-PTP, a Byzantine-resilient network time synchronization mechanism that relies on time crowdsourcing. MS-PTP changes the current PTP's single source hierarchy to a multi-source client-server architecture, in which PTP clients take responses from multiple time servers and apply a novel secure aggregation scheme to eliminate the effect of malicious responses from unreliable sources. MS-PTP is able to counter f Byzantine failures when the total number of time sources n used by a client satisfies n>=3f+1. We provide rigorous proof for its non-parametric accuracy guarantee - -achieving bounded error regardless of the Byzantine population. We implemented a prototype of MS-PTP on our IoT testbed and the results show its resilience against Byzantine insiders while maintaining high synchronization accuracy.
AB - Time-sensitive applications, such as 5G and IoT, are imposing increasingly stringent security and reliability requirements on network time synchronization. Precision time protocol (PTP) is a de facto solution to achieve high precision time synchronization. It is widely adopted by many industries. Existing efforts in securing the PTP focus on the protection of communication channels, but little attention has been given to the threat of malicious insiders. In this paper, we first present the security vulnerabilities of PTP and discuss why the current defense mechanisms are unable to counter Byzantine insiders. We demonstrate how a malicious insider can spoof a time source to arbitrarily shift the system time of a victim node on an IoT testbed. We further demonstrate the harmful consequence of the attack on a real Turtlebot3 robotic platform as the robot fails to locate itself and follows a false trajectory. As a countermeasure, we propose multi-source PTP, in short, MS-PTP, a Byzantine-resilient network time synchronization mechanism that relies on time crowdsourcing. MS-PTP changes the current PTP's single source hierarchy to a multi-source client-server architecture, in which PTP clients take responses from multiple time servers and apply a novel secure aggregation scheme to eliminate the effect of malicious responses from unreliable sources. MS-PTP is able to counter f Byzantine failures when the total number of time sources n used by a client satisfies n>=3f+1. We provide rigorous proof for its non-parametric accuracy guarantee - -achieving bounded error regardless of the Byzantine population. We implemented a prototype of MS-PTP on our IoT testbed and the results show its resilience against Byzantine insiders while maintaining high synchronization accuracy.
KW - byzantine resilience
KW - network time synchronization
KW - precision time protocol (ptp)
KW - service security and reliability.
UR - https://www.scopus.com/pages/publications/85166223828
U2 - 10.1145/3558482.3590184
DO - 10.1145/3558482.3590184
M3 - Conference contribution
AN - SCOPUS:85166223828
T3 - WiSec 2023 - Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks
SP - 61
EP - 71
BT - WiSec 2023 - Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks
PB - Association for Computing Machinery, Inc
Y2 - 29 May 2023 through 1 June 2023
ER -