Time synchronization is used for various applications. Securing the time protocol is a must for securing the applications that use it. Various network nodes, especially cellular network nodes, have a very critical dependency on accurate time synchronization to provide the required services. Some of these network nodes are entirely dependent on the timing over packet service for their synchronization accuracy and are in the meantime connected to the larger network over an insecure public network.
In 3GPP TS 33.320 (“Security of Home Node B (HNB)/Home evolved Node B (HeNB)”, Section 6.3.1 “Clock Synchronization Security Mechanisms for H(e)NB, it says: “The H(e)NB requires time synchronization with a time server. The H(e)NB shall support receiving time synchronization messages over the secure transport link between H(e)NB and the SeGW.”
The security requirement in 3GPP TS 33.320 is due to the fact that most of the H(e)NB are connected to SeGW via public transport and it is important to secure the synchronization messages. This can also apply to the small cell where the importance of securing Timing over Packet (ToP) messages cannot be underestimated as many LTE-Advanced features such as Carrier Aggregation (CA), Coordinated Multipoint (CoMP) transmission/scheduling in DL and reception in UL, and eICIC (enhanced Inter-Cell Interference Coordination) all require very tight synchronization to work properly.
Hardware timestamping based ToP protocols such as IEEE 1588-2008 Precision Timing Protocol (PTP), IEEE 802.1AS-2011 are the operators' preferred solutions that can meet LTE/LTE-A frequency/phase/time-sync requirements. However, it is challenging to secure ToP messages when it involves a large number of nodes that can spans across a large geographic area or multiple transport service provider domains. Also, different transports may have varying transport latencies at different times.
The inherently insecure public network usage for transport connectivity and lack of security in the current standards for ToP protocols (e.g., 1588 PTP, 802.1AS) may degrade various network services or make these vulnerable to different types of security threats.
In general, the security threat on Timing over Packets can be classified into two main categories, namely, attacks on ToP messages and attacks on a ToP network architecture. The attacks may take various forms such as maliciously modifying packets or delaying/dropping packets to impact the timing accuracy significantly.
Regarding attacks on ToP messages, to attack ToP timing carrying messages (e.g., event messages such as PTP Sync, Delay_Req, Delay_Resp, etc.) intended to impact a ToP node's recovered time accuracy or the ability to recover the timing, actions for example such as altering the timestamps/correction fields within relevant messages (e.g. Sync, Delay_resp, etc.) belongs to this group of threats, and so will physically altering their propagation time within the network.
Regarding attacks on a ToP network architecture, this kind of attack can impact the ToP network on a broader scale, for example by manipulating the synchronization topology. A rouge master clock can send out announce messages causing it to be chosen as network best grandmaster to take control over the synchronization within the network. A rogue Boundary Clock (BC) can alter the synchronization of a subset of nodes within the network. A possibly valid change of the residence time within a TC (Transparent Clock) may incur uncertainty larger than that specified for time and therefore an attacker controlling a TC may change this value without detection.
To address accurate time synchronization issues, various solutions were previously created.
While a GPS based timing synchronization may provide a better accuracy, it is not a viable option for various deployment and cost considerations, especially indoors, underground, and/or deep urban canyon.
US20090190613 discusses a method of applying an ‘edge’ timestamp at the PHY layer along with a packet ID which is then forwarded to a sync recognition layer (post firewall) where it is used to calculate the internal delay associated with decryption and other internal processing steps.
Marvell IETF Draft “Security Requirements of Time Protocols in Packet Switched Networks” (found on the World Wide Web at tools.ietforg/html/draft-ietf-tictoc-security-requirements-11) focuses on a broad set of requirements.
Huawei IETF Draft (found on the World Wide Web at tools.ietf.org/id/draft-xu-tictoc-ipsec-security-for-synchronization-02.txt; expired on Mar. 19, 2012) proposed a new extension to IPsec for carrying 1588v2 related traffic.
IEEE 1588-2008 “IEEE Standard for a Precision Clock Synchronization Protocol for Networked Measurement and Control Systems” Annex K (found on the World Wide Web at standards.ieee.org/findstds/interps/1588-2008.html) defines an experimental security extension to PTP and the security protocol is composed of two basic mechanisms: (1) an integrity protection mechanism through HMAC (Hash-based Message Authentication Code), which uses the Message Authentication Code (MAC) to verify that a received message was transmitted by an authenticated source, was not modified in transit, and it is fresh (i.e., not a message replay); and (2) a challenge-response mechanism, which is used to affirm the authenticity of new sources and to maintain the freshness of the trust relations.
In contrast, our subject matter, disclosed herein below, teaches solutions not envisioned by these references.
This section is intended to provide a background or context to the invention disclosed below. The description herein may include concepts that could be pursued, but are not necessarily ones that have been previously conceived, implemented, or described. Therefore, unless otherwise explicitly indicated herein, what is described in this section is not prior art to the description in this application and is not admitted to be prior art by inclusion in this section.
The following abbreviations that may be found in the specification and/or the drawing figures are defined as follows:
3GPP: third generation partnership project;
AP: Access Point;
BC: Boundary Clock;
BMC: Best Master Clock;
CA: Carrier Aggregation;
CoMP: Coordinated Multipoint;
DPI: Deep Packet Inspection;
DNS: Domain Name Server;
eICIC: enhanced Inter-Cell Interference Coordination;
eNB or eNodeB: base station, evolved Node B;
LTE: long term evolution;
LTE-A: long term evolution-advanced;
FZ: FlexiZone;
FZAP: FlexiZone Access Point;
FZC: FlexiZone Controller;
GMC: Grand Master Clock;
GW: Gateway;
HMAC: Hash-based Message Authentication Code;
HNB: Home Node B;
HeNB: Home Evolved Node B;
IKE: Internet Key Exchange;
MAC: Message Authentication Code;
PTP: Precision Time Protocol;
O&M: Operation and Management;
SA: Security Association;
SAD: Security Association Database;
SPD: Security Policy Database;
SoC: Software on a chip;
SPI: Security Parameter Index;
TC: Transparent Clock;
ToP or TOP: Timing over Packet;
TSU: Time Stamp Unit;
UE: user equipment; and
v1, v2, etc.: Version 1, version 2, etc.