Ntp Authentication - Meinberg LANTIME/GPS Operating Instructions Manual

NTP Authentication

NTP version 2 and version 3 support an authentication method using symmetric
keys. If a packet is sent by the NTPD while using this authentication mode, every
packet is provided with a 32 bit key ID and a cryptographic 64/128 bit checksum of
the packet. This checksum is built with MD5 or DES, both algorithms offer a
sufficient protection against manipulation of data.
Please note that the distribution of DES in the United States of America and Canada
is subject to restrictions, while MD5 is not affected by that. With any of these
algorithms the receiving NTP clients validate the checksum. Both parties (server and
client) need to have the same crypto key with the same key ID.
In the authentication mode a party is marked "untrusted" and not suitable for
synchronisation, whenever unauthorised packets or authorised packets with a wrong
key are used. Please note that a server may recognise a lot of keys but uses only a few
of them. This allows a timeserver to serve a client, who is demanding an
authenticated time information, without "trusting" the client.
Some additional parameters are used to specify the key IDs used for validating the
authentic of each partner. The configuration file /etc/ntp.conf of a server using this
authentication mode may look like this:
# peer configuration for 128.100.100.7
# (expected to operate at stratum 2)
# fully authenticated this time
peer 128.100.49.105 key 22 # suzuki.ccie.utoronto.ca
peer 128.8.10.1 key 4
peer 192.35.82.50 key 6
keys /mnt/flash/ntp.keys
trustedkey 1 2 14 15
requestkey 15
controlkey 15
The "keys" parameter indicates the location of the file, in which all symmetric keys
are stored. The "trustedkey" line identifies all key IDs, which have to be considered
"trusted" or "uncompromised". All other keys defined in the keyfile are considered
"compromised". This allows to re-use already owned keys by just adding their
respective key ID to the "trustedkey" parameter. If a key needs to be "switched off", it
can be removed from this line without actually removing it from the system. This
ensures an easy way to re-activate it later without actually transferring the key again.
The line „requestkey 15" declares the key ID for mode-6 control messages (as
described in RFC-1305), which are used by the ntpq utility for example. The
"controlkey" parameter is specifying the key used for mode-7 private control
messages, for example used by the ntpdc utility. These keys protect the ntpd variables
against unauthorised modification.
# umd1.umd.edu
# lilben.tn.cornell.edu
# path for key file
# define trusted keys
# key (mode 6) for accessing server variables
# key (mode 7) for accessing server variables
57