[ntp:questions] using IFF, GQ, MV keys for authentication at the same time

ardi peter.knezel at gmail.com
Thu Jan 23 07:25:56 UTC 2014


On Thursday, January 23, 2014 5:13:42 AM UTC+1, Steve Kostecke wrote:
> On 2014-01-22, ardi <peter.knezel at gmail.com> wrote:
> 
> 
> 
> > Is it possible to generate and use all types of authentication keys
> 
> > (IFF,GQ,MV) at the same time on ntp server and client ? Will usage of
> 
> > all these keys give more secure protection than usage of only one type
> 
> > of them?
> 
> 
> 
> tl,dr: no.
> 
> 
> 
> Autokey is an NTP authentication system which allows an ntpd to verify
> 
> the identify of the ntpd answering its polls. To put it another way,
> 
> Autokey authenticates the server to the client.
> 
> 
> 
> From http://www.eecis.udel.edu/~mills/autokey.html
> 
> 
> 
> "The Autokey security model is based on multiple overlapping security
> 
> compartments or groups. Each group is assigned a group key by a trusted
> 
> authority and is then deployed to all group members by secure means.
> 
> Autokey uses conventional IPSEC certificate trails to provide secure
> 
> host authentication, but this does not provide protection against
> 
> masquerade, unless the host identity is verified by other means. Autokey
> 
> includes a suite of identity verification schemes based in part on
> 
> zero-knowledge proofs. There are five schemes now implemented to prove
> 
> identity: (1) private certificates (PC), (2) trusted certificates (TC),
> 
> (3) a modified Schnorr algorithm (IFF aka Identify Friendly or Foe), (4)
> 
> a modified Guillou-Quisquater algorithm (GQ), and (5) a modified
> 
> Mu-Varadharajan algorithm (MV). These are described on the Identity
> 
> Schemes page."
> 
> 
> 
> From http://www.eecis.udel.edu/~mills/ident.html
> 
> 
> 
> "Each of the five schemes is intended for specific use."
> 
> 
> 
> "The PC scheme is intended for one-way broadcast configurations where
> 
> clients cannot run a duplex protocol."
> 
> 
> 
> "The IFF scheme is intended for servers operated by national
> 
> laboratories."
> 
> 
> 
> "The GQ scheme is intended for exceptionally hostile scenarios where it
> 
> is necessary to change the client key at relatively frequent intervals."
> 
> 
> 
> "The MV scheme is intended for the most challenging scenarios where it
> 
> is neccesary to protect against both server and client masquerade."
> 
> 
> 
> More at the above URLs and:
> 
> 
> 
> http://www.eecis.udel.edu/~mills/database/reports/stime/stime.pdf
> 
> 
> 
> -- 
> 
> Steve Kostecke <kostecke at ntp.org>
> 
> NTP Public Services Project - http://support.ntp.org/

Thanks for the replies to all of you.
I am going to post questions for the most similar cases first to understand
the behaviour of ntp server-client.
Peter



More information about the questions mailing list