Faten Mkacher - Optimization of Time Synchronization Techniques on Computer Networks

Organized by: 
Faten Mkacher
Faten Mkacher

Thesis defended in videoconference

Membres du jury :

Hervé Rivano, professeur, Université INSA de Lyon, rapporteur
Katia Jaffres-Runser, maître de conférences, Université de Toulouse, rapporteuse
Noël de Palma, professeur, Université Grenoble Alpes, examinateur
Andrzej Duda, professeur, Grenoble INP, directeur de thèse
Fabrice Guery, responsable innovation, Gorgy Timing, invité

Nowadays, as society has become more interconnected, secure and accurate time-keeping becomes more and more critical for many applications. Computing devices usually use crystal clocks
with low precision for local synchronization. These low-quality clocks cause a large drift between machines. The solution to provide precise time synchronization between them is to use a reference
clock having an accurate source of time and then disseminate time over a communication network to other devices. One of the protocols that provide time synchronization over packet-switched
networks is Network Time Protocol (NTP). Although NTP has operated well for a general purpose use for many years, both its security and accuracy are ill-suited for future challenges.
Many security mechanisms rely on time as part of their operation. For example, before using a digital certificate, it is necessary to confirm its time validity. A machine with an inaccurate clock
can accept an expired or revoked certificate.
This thesis first provides a background on time synchronization starting with the definition of some fundamental concepts such as the clock model, the problem of clock synchronization, and
some notions like accuracy, precision, and stability of clocks. We study the most common time synchronization protocols used in packet-switched networks, and among others NTP.
Then, we consider the security of time synchronization by presenting the possible security threats against time synchronization protocols and the security requirements of these protocols.
We zoom in on the security of the NTP protocol as described by the standard NTP and other related work that tried to enhance NTP security. We also discuss the importance of having a well-balanced
trade-off between security and performance.
In our first contribution, we propose to go further in the support of NTP security with Secure Time Synchronization protocol (STS), a new secure authenticated time synchronization protocol
suitable for widespread deployments. We describe the operation of STS and prove its design secure with a formal analysis using two security protocol verification tools: Proverif and Tamarin.
We present the implementation of STS based on the OpenNTPd project, and evaluate its performance by comparing the STS precision with unauthenticated NTP.
We point out the circular dependency between certificate validation and time synchronization. In fact, reliable time synchronization requires cryptographic materials that are valid only
over designated time intervals, but time intervals can be only enforced when participating hosts are reliably synchronized. We present a solution for bootstrapping time synchronization based on
the Bitcoin blockchain to break this circular dependency.
In our second contribution, we propose a method for improving the accuracy of the NTP protocol by taking into account asymmetric transmission delays due to different bandwidth or routing
on the forward and backward paths. In fact, asymmetry is quite prevalent in the Internet, which leads to low accuracy of NTP that relies on the symmetric delay assumption to compute the clock
offset. This method builds on using an NTP client synchronized with GPS to measure precisely the one-way transmission delay on the forward and backward path with his time server. In this way, it
is possible to calibrate NTP to take into account asymmetry.