ATIRP Proposal Jan 1998 - Dec 1999 (Proposed) Computer Network Protocol Vulnerability Analysis Introduction Recent experience with Internet breakins and breakdowns reinforces the opinion long held in the research community that the Internet protocol suite has serious security vulnerabilities. Some of these vulnerabilities are due to careless implementation in the ubiquitous Unix systems now running in the Internet; however, some are due to intrinsic loopholes in the various protocols of the suite. The recent vulnerability analysis of the Network Time Protocol, funded in part by the ARL, demonstrates that unexpected vulnerabilities can exist in surprising places, including the protocol support software, operating system and machine hardware. As the result of this analysis, a revised security model and authentication scheme has been designed for NTP. The model provides automatic key generation and verification in peer-peer, client-server and multicast modes, while at the same time provides reliable key lifetime enforcement. The requirement to reliably synchronize the clock and at the same time to authenticate the source with lifetime-enforced keys introduces considerable complexity in the design of the protocol and interactions with other network infrastructure services. The new NTP security model and authentication scheme, which is documented in technical report TR-96-10-3 (URL www.eecis.udel.edu/~mills/reports.html), must interact with other Internet infrastructure services not yet in place, including secure directory services for retrieval of certificated public values. It also requires supporting application libraries in NTP servers and clients. Activities are now going on in the IETF task forces to develop secure infrastructure services and application libraries. For the above reasons the NTP requirements will stretch the model assumed in these activities. For instance, keys may have to be generated and certificates signed with specified lifetimes that are temporarily unenforceable. We propose to verify the developing Internet model and infrastructure design and its applicability to NTP and other time-sensitive, ubiquitous protocols, such as the Session Directory multicast tool. One component of this work will be to implement the NTP security model and authentication scheme for the existing NTP software for Unix and Windows. Another component will be to integrate this model with versions of the IETF infrastructure tools and libraries as they become available. The goal is to produce a prototype system which demonstrates the NTP and supporting infrastructure scales efficiently to the order of a million or more servers and clients. Approach The NTP software for Unix and Windows is a mature product now deployed in well over 100,000 servers and clients in the Internet. It includes an authentication scheme using DES in CBC mode to cryptographically sign each message. However, this requires that secret keys be distributed using separate means external to the protocol. The new security model and authentication scheme provides for automatic generation and distribution of keys using public-key cryptography, but does not use public-key cryptography in the messages themselves, since this would require significant resources and seriously compromise the time accuracy. In addition, the new method avoids non-scalable resource demands in servers with a large client population. These requirements are characteristic of many other network infrastructure protocols, including directory services, multicast information services and routing protocols. Since NTP already has much of the cryptographic infrastructure already in place, implementation of the new security model and authentication scheme can proceed quickly and efficiently. However, there is still need to develop and integrate interfaces to other infrastructure services such as directory servers and certificate servers. In general, the NTP requirements in the protocol interactions with these services is similar to other ubiquitous, distributed services. However, the requirement that name resolution, public values signing and verifying and key generation must work on a tentative basis when lifetimes cannot be enforced places significant demands on the protocol and interface designs. An important agenda in the proposed work is close interaction with the IPSEC and Secure DNS communities in the IETF and consultation in the design process for the infrastructure services and application libraries. The results of this work will guide not only the NTP prototype development library, but also feed back to the other task forces as practical experience accumulates. Research Plan We propose a three-phase plan to implement the proposed security model and authentication scheme in the existing NTP software for Unix and Windows. In phase one, the design described in TR 96-10-3 will be implemented and integrated in the current software. This involves modifying certain interface structures, incorporating RSA routines in the NTP library and building various routines to handle packet headers and related data structures. This work will be done by Prof. Mills and students. The second phase consists of the design and implementation of a supporting infrastructure library, including protocol means to retrieve public values such as keys and certificates from secure directory services, which are expected to be online shortly. An integral part of this effort is interacting with cognizant IETF task forces at regular IETF meetings. This will provide good direction both in the development of the NTP tools, but also feed back to the task forces the problems and resolutions involved with the requirement peculiar to NTP. The third phase consists of a deployment of NTP servers with the new authentication features at suitable sites in the Internet. A particularly attractive set of these sites are those maintained by NIST and USNO, since these have a very large client population. Clients of these sites have expressed considerable interest in cryptographic authentication. The NIST and USNO site maintainers are expected to quickly adopt the means proposed. The lessons learned from the deployment and operation of the new system should have considerable impact on the design of similar distributed infrastructure services. Schedule and Milestones Months 1-12 Implement TR-96-10-3 in the NTP software for Unix and Windows. Months 6-24 Interact with IETF task forces on infrastructure services and application libraries. Implement or modify libraries to reflect requirements peculiar to NTP. Months 18-24 Deploy and test in Internet servers and clients, first on selected LANs and WANs such as DARTnet/CAIRN, then on public servers such as those operated by NIST and USNO.