[ntp:hackers] A stop-gap authenticated time service
phk at phk.freebsd.dk
Tue Nov 10 10:19:41 UTC 2015
In message <20151110100916.GS11550 at localhost>, Miroslav Lichvar writes:
>On Tue, Nov 10, 2015 at 07:58:05AM +0000, Poul-Henning Kamp wrote:
>> The only variable left for the attacker to tamper with is the RTT
>> which I can reliably measure and thus detect said tampering.
>I don't think delay added in a MITM attack can be realiably detected.
>The attacker can increase the delay by a small amount and slowly, so
>it looks like the network is getting congested or the HTTPS server is
>overloaded and it needs more time to respond.
Right, and how much can he shift my time that way ? He can shift it
at most the increased RTT.
So far I have yet to see a HTTPS server that didn't respond in at
most one second on an already established connection, and that was
a pretty pathological choice of HTTPS server, seen from Denmark.
So at best, he can shift my time a second or maybe two.
That's good enough for a LOT of purposes.
>Sure, the admin could set a very tight limit on the delay, but then it
>will drop measurements when the network really is congested or the
>server is overloaded.
Unlikely, see above.
>I think that depends on what error is acceptable.
Of course it does!
But there is a very big difference between "Drive-by attacker can
shift your clock *anywhere he wants* and "determined attack can
shift it a second or two before you notice".
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the hackers