Methods and systems disclosed herein relate generally to synchronizing data across a network and more generally to authenticating a Network Time Protocol (NTP). NTP is a User Datagram Protocol-based protocol used to synchronize time clocks among network devices. NTP is standards-based and defined in RFC 5905, Network Time Protocol Version 4, June 2010, http://tools.ietf.org/html/rfc5905 (RFC 5905). According to RFC 5905, “The [NTP] implementation model . . . is based on a threaded, multi-process architecture, although other architectures could be used as well. The on-wire protocol . . . is based on a returnable-time design that depends only on measured clock offsets, but does not require reliable message delivery. Reliable message delivery such as TCP can actually make the delivered NTP packet less reliable since retries would increase the delay value and other errors. The synchronization subnet is a self-organizing, hierarchical, master-slave network with synchronization paths determined by a shortest-path spanning tree and defined metric. While multiple masters (primary servers) may exist, there is no requirement for an election protocol.” (RFC 5905, p. 4) Since NTP is used to ensure accurate timestamp information, NTP can pose a security risk. If malicious users were able to falsify NTP information passed over the network, timestamp information could be falsified to the advantage of the malicious user. In order to deal with this vulnerability, NTP optionally implements an authentication mechanism. Authentication can be a digital signature that doesn't include data encryption. A data packet including the time plus a key can be used to build a non-reversible magic number that can be appended to the packet. The client that has the same key does the same computation done by the server to create the data packet, and then compares the result. If the results match, authentication succeeded. This type of authentication can protect the client from hackers and spoofers who set up servers that claim to be a recognized authority, such as the U.S. Naval Observatory or the National Institute of Standards and Technology, but instead are giving out a false representation of the time. The simplest method to provide authentication would be for the server to fully encrypt the packet responses with a private key. The client could then apply the server's public key to decrypt the packet; this could be achieved by many means including those currently used for financial transactions on the internet. Unfortunately it has been shown that such systems are not applicable to NTP because the time and CPU resources involved in encrypting and decrypting are large enough to distort the response and to increase the time transfer errors to an unacceptable level. Therefore encryption has been abandoned in favor of the simple authentication previously described.
What is needed is a system in which complex schemes for key transmission need not be applied in real-time, or even applied at all. What is further needed is a system similar to those currently used by the financial sector in which there is no need to sign or authenticate the initial packet sent by the server.