Network Time Security (NTS)
E815704
Network Time Security (NTS) is a modern security protocol framework that provides authentication and integrity protection for Network Time Protocol (NTP) to defend against spoofing and man-in-the-middle attacks.
All labels observed (1)
| Label | Occurrences |
|---|---|
| Network Time Security (NTS) canonical | 1 |
Statements (46)
| Predicate | Object |
|---|---|
| instanceOf |
network security protocol
ⓘ
security protocol framework ⓘ |
| abbreviation | NTS NERFINISHED ⓘ |
| abbreviationOf | TLS NERFINISHED ⓘ |
| abbreviationOfProtectedProtocol | NTP NERFINISHED ⓘ |
| appliesTo | client-server NTP communication ⓘ |
| component |
NTS-KE
NERFINISHED
ⓘ
NTS-protected NTP ⓘ |
| definedIn | RFC 8915 NERFINISHED ⓘ |
| designGoal | secure time synchronization over untrusted networks ⓘ |
| doesNotSupport |
broadcast NTP
ⓘ
manycast NTP ⓘ multicast NTP ⓘ |
| enables | secure time distribution over the Internet ⓘ |
| intendedFor |
enterprise NTP deployments
ⓘ
public NTP servers ⓘ |
| layer | application layer ⓘ |
| mitigates |
man-in-the-middle attacks
ⓘ
spoofing attacks ⓘ |
| NTS-KE | Network Time Security Key Establishment NERFINISHED ⓘ |
| NTS-KEUses | TLS NERFINISHED ⓘ |
| protectsProtocol | Network Time Protocol NERFINISHED ⓘ |
| provides |
authentication
ⓘ
integrity protection ⓘ replay protection ⓘ |
| publicationYear | 2020 ⓘ |
| relatedTo | NTPv4 NERFINISHED ⓘ |
| replaces | autokey security mechanism for NTP ⓘ |
| requires | unique client identifiers per association ⓘ |
| securityProperty |
prevents off-path time injection
ⓘ
prevents on-path time modification without detection ⓘ |
| separates | key establishment from time synchronization ⓘ |
| standardizedBy |
Internet Engineering Task Force
ⓘ
surface form:
IETF
|
| status | Proposed Standard ⓘ |
| supports |
IPv4
ⓘ
IPv6 ⓘ multiple NTP servers per key establishment ⓘ stateless server operation ⓘ unicast NTP ⓘ |
| threatModel |
active network attacker
ⓘ
passive network attacker ⓘ |
| uses |
AEAD algorithms
ⓘ
Transport Layer Security NERFINISHED ⓘ cookies for server state ⓘ public key cryptography ⓘ |
| workingGroup | NTP Working Group NERFINISHED ⓘ |
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.