A Devil of a Time: How Vulnerable is NTP to Malicious Timeservers?

Yarin Perry, Neta Rozen Schiff, Michael Schapira

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


The Network Time Protocol (NTP) synchronizes time across computer systems over the Internet and plays a crucial role in guaranteeing the correctness and security of many Internet applications. Unfortunately, NTP is vulnerable to so called time shifting attacks. This has motivated proposals and standardization efforts for authenticating NTP communications and for securing NTP textit{clients}. We observe, however, that, even with such solutions in place, NTP remains highly exposed to attacks by malicious textit{timeservers}. We explore the implications for time computation of two attack strategies: (1) compromising textit{existing} NTP timeservers, and (2) injecting textit{new} timeservers into the NTP timeserver pool. We first show that by gaining control over fairly few existing timeservers, an textit{opportunistic} attacker can shift time at state-level or even continent-level scale. We then demonstrate that injecting new timeservers with disproportionate influence into the NTP timeserver pool is alarmingly simple, and can be leveraged for launching both large-scale textit{opportunistic} attacks, and strategic, textit{targeted} attacks. We discuss a promising approach for mitigating such attacks.
Original languageEnglish
Title of host publicationNetwork and Distributed Systems Security (NDSS) Symposium 2021
ISBN (Electronic)1-891562-66-5
StatePublished - 2021
EventNetwork and Distributed System Security (NDSS) Symposium 2021 - Virtual
Duration: 21 Feb 202125 Feb 2021


ConferenceNetwork and Distributed System Security (NDSS) Symposium 2021
Abbreviated titleNDSS 2021
Internet address


Dive into the research topics of 'A Devil of a Time: How Vulnerable is NTP to Malicious Timeservers?'. Together they form a unique fingerprint.

Cite this