1. Manuals
  2. Brands
  3. Meinberg Manuals
  4. Server
  5. LANTIME/GPS
  6. Operating instructions manual

Ntp Autokey - Meinberg LANTIME/GPS Operating Instructions Manual

Etx 1he
Hide thumbs
Table of Contents

Advertisement

NTP AUTOKEY

NTP Version 4 supports symmetric keys and additionally provides the so-called
AUTOKEY feature. The authentic of received time at the NTP clients is sufficiently
ensured by the symmetric key technique. In order to achieve a higher security, e.g.
against so-called replay attacks, it is important to change the used crypto keys from
time to time.
In networks with a lot of clients, this can lead to a logistic problem, because the
server key has to be changed on every single client. To help the administrator to
reduce this work (or even eliminate it completely), the NTP developers invented the
AUTOKEY feature, which works with a combination of group keys and public keys.
All NTP clients are able to verify the authentic of the time they received from the
NTP servers of their own AUTOKEY group by using this AUTOKEY technique.
The AUTOKEY features works by creating so-called secure groups, in which NTP
servers and clients are combined. There are three different kinds of members in such a
group:
a) Trusted Host
One or more trusted NTP servers. In order to become a "trusted" server, a NTP
server must own a self-signed certificate marked as "trusted". It is good practice to
operate the trusted hosts of a secure group at the lowest stratum level (of this group).
b) Host
One ore more NTP servers, which do not own a „trusted" certificate, but only a
self-signed certificate without this "trusted" mark.
c) Client
One ore more NTP client systems, which in contrast to the above mentioned
servers do not provide accurate time to other systems in the secure group. They only
receive time.
All members of this group (trusted hosts, hosts and clients) have to have the same
group key. This group key is generated by a so-called trusted authority (TA) and has
to be deployed manually to all members of the group by secure means (e.g. with the
UNIX SCP command). The role of a TA can be fulfilled by one of the trusted hosts of
the group, but an external TA can be used, too.
The used public keys can be periodically re-created (there are menu functions for this
available in the web interface and also in the CLI setup program, see "Generate new
NTP public key" in section "NTP Autokey" of the "Security Management" page) and
then distributed automatically to all members of the secure group. The group key
remains unchanged, therefore the manual update process for crypto keys for the
secure group is eliminated.
59
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Meinberg LANTIME/GPS

Related Content for Meinberg LANTIME/GPS

Table of Contents