NTPsec, an improved implementation of NTP

ntpsec

ntpsec logo

NTPsec is an open source project which focuses on the development of a secure and improved implementation of the Network Time Protocol (NTP), which is widely used to synchronize the clocks of computer systems on a network, ensuring accurate and consistent measurement of time.

This type of components, are usually the ones that most users ignore (and I include myself because until a few months ago I had not understood the importance of this small protocol), since being something that is behind our daily lives, it is something that goes unnoticed.

In my case I discovered the importance of NTP when I wanted to perform a "simple update" of my system (Arco Linux) that I left unopened for several months. To make a long story short, after all the updates were downloaded and in theory they should have been installed, they simply were not installed, because I had a problem with the OpenPGP keys in the packages and for obvious reasons of having left the system for months , this was going to generate a serious problem.

After doing 101 things and trying everything and even exorcising my computer, I simply couldn't solve my problem and the closest solution was to reinstall the system from scratch, which I didn't like.

Something that I noticed during the entire process of trying to solve the problem is that the time on my system was different from that of my location and doing a little research that small time change generated a problem when trying to import the new keys (as mentioned the blessed arch wiki). Upon reading this, a slap on my forehead was the first thing I generated and I proceeded to try to change the time and immediately proceeded to reboot to check if the BIOS date and time were correct, which they were. After that, I started the system again to prepare to make the change as if it were a common process in Windows or Android, and which was a serious mistake to have the habits before analyzing.

No matter how much I tried to solve the problem in one way or another, what was causing the problem on my system was the ntp package in my installation, for some reason that I could never resolve the package was simply causing me problems. This is where I found NTPsec which was my solution after several attempts to solve my problem.

NTPsec is an enhanced implementation of NTP that features many security improvements., since it has the implementation of the IETF Network Time Security standard for strong cryptographic authentication of the time service. Total, over 74% of the NTP Classic code base has been completely removed, and less than 5% new code has been added to the safety-critical core and there is also more consistent use of nanosecond precision.

Among the security improvements, removed obsolete modes and functions, adopted NTP Client Data Minimization RFC standard and network time security was incorporated. In addition, changes were made to time synchronization and improvements to client tools, with new utilities such as ntpmon and ntpviz for real-time monitoring and data visualization, respectively.

By explaining this a little, we can understand a little more the importance of this "small" component that, for a normal user, gave several headaches and in critical environments I don't want to imagine the disaster it can generate.

Given a "not so extensive" explanation of the importance of NTP, the reason for telling my little "adventure" is because The new version of NTPsec 1.2.3 was recently released:

Among the improvements in the new version are included:

  • Changed alignment of Mode 6 control protocol packets, which could affect support for classic NTP. Mode 6 is used to transmit information about the state of the server and change behavior in real time.
  • The AES encryption algorithm has been implemented by default in ntpq.
  • Using the Seccomp mechanism to block bad system call names.
  • Hourly restart statistics collection has been enabled, with additional logging for NTS, NTS-KE, and ms-sntp.
  • Inclusion of the "update" option in buildprep.
  • Improvements to the presentation of packet delay data in ntpdig JSON output.
  • Added support for the ecdhcurves list.
  • Fixed compilation on platforms that -fstack-protector depend on libssp, such as musl.
  • Fixed ntpdig crash when using 2.ntp.pool.org with a host without IPv6 support.

Finally if you are iInterested in learning more about it, you can check the details in the following link.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.