Biblio

The PTPv2.1 standard provides new protection mechanisms to ensure the authenticity and integrity of PTP messages. However, the distribution of the necessary security parameters is not part of the specification. This paper proposes a simple and practical approach for the automated distribution of these parameters by using a key management system that enables the Immediate Security Processing in PTP. It is based on the Network Time Security protocol and offers functions for group management, parameter updating and monitoring mechanisms. A Proof-of-Concept implementation provides initial results of the resources required for the key management system and its use.

The Precision Time Protocol is essential for many time-sensitive and time-aware applications. However, it was never designed for security, and despite various approaches to harden this protocol against manipulation, it is still prone to cyber-attacks. Here Advanced Persistent Threats (APT) are of particular concern, as they may stealthily and over extended periods of time manipulate computer clocks that rely on the accurate functioning of this protocol. Simulating such attacks is difficult, as it requires firmware manipulation of network and PTP infrastructure components. Therefore, this paper proposes and demonstrates a programmable Man-in-the-Middle (pMitM) and a programmable injector (pInj) device that allow the implementation of a variety of attacks, enabling security researchers to quantify the impact of APTs on time synchronisation.