NTP and secure authentication with MD5

NtpServers are essential devices for computer network synchronisation. Ensuring a network coincides with UTC is vital in modern communications such as the Internet and is the primary function of the NTP TimeServer (or simply NtpServer).

NTP was originally created for time crucial processes synchronisation on the Internet. While still being in use, it is one of the oldest Internet protocols. Network Time Protocol is used by customers just the time to make sure time is synchronized across a network. This article discusses the security of the, appendicitis, Network Time Protocol functions and how they are implemented on different network devices. It describes how to configure MD5 authentication keys on NTP Linux machines and Cisco Network Devices.

Securing NTP with special keys

NtpServers receive a far more accurate and secure time signal. There are two methods of receiving the time using a server like this: either utilise the GPS NTP network or receiving long wave radio transmissions

The Network Time Protocol can be used to synchronize time-critical processes on distributed computers in a network. The NTP protocol is therefore a potential safety hazard. Hackers or malicious users might try to disrupt the system synchronization by trying to adapt or replicate NTP timestamps. Fortunately, NTP has a comprehensive security feature attempts to thwart manipulation system time synchronization. NTP can MD5 encrypted keys to authenticate time stamps received from a TimeServer. The time customer can use keys to ensure that a time stamp is actually received from a reliable source.

MD5 and TimeServer security implementations

NTP implements authentication by using an agreed set of keys between a TimeServer and client that are encoded in the timestamps. An NtpServer passes a time stamp to a client in one of a selection of encrypted keys and added to the message. If a time stamp is received by the customer, the security key is encrypted and un-checked against the list of stored keys secure. This allows the customer to ensure that the timestamp received from the expected accurate time source. The Network Time Protocol uses MD5 (Message Digest 5 Encryption) encrypted keys.

GPS NTP synchronization tools

A NtpServer is not only secure, it receives a UTC time signal directly from atomic clocks unlike Internet timing sources which are really TimeServers themselves. Our GPS NTP TimeServers and other time synchronization tools can synchronize entire networks, single PCs, routers and a whole host of other devices. Using either GPS or the North American WWVB signal, a dedicated NTP server from will ensure all your devices are running to within a fraction of UTC time.

Keys in secure files (ntp.keys)

MD5 is a popular secure encryption algorithm (along with Sha family), a 128-bit cryptographic hash function uses. The algorithm outputs a fingerprint of the wrench, which is added to the timestamp. NTP Unix and Linux systems store keys in a secure file called ntp.keys. Each line in the file provides a secure key in the format key number encryption code key. The key number is a reference to the key. The encryption code describes the encryption algorithm used, usually M for MD5 encryption.

Encryption algorithm and trusted keys

The field key is agreed that the key should be encrypted by the encryption algorithm. A subset of trusted keys may be specified in the NTP configuration file ntp.conf. This is a limited subset of keys used by the TimeServer. Allow compromised keys to be easily excluded from use. Trusted keys are specified using the familiar command-keys, followed by a space-separated list of key references. Many Cisco routers use MD5 authentication securely installed in the implementation of NTP.

NTP on Cisco routers with MD5 encryption

For a Cisco router-MD5 authentication you must follow certain steps to perform. First, NTP authentication must be enabled using the command ntp authenticate. Second, a set NTP authentication using the key "ntp authentication-key" command. A unique number identifies each NTP key. The key reference is supplied as the first parameter to the ntp authentication-key command. Third, the use ntp trusted-key command to the router to tell which keys are valid.

Auth keys on Windows

Some claim, that the command of the key reference in the previous step, Windows 2000 NTP, Windows 2003 Server or XP operating systems take a SNTP application for time synchronization. The execution is not used by Microsoft authentication keys. Being secure key authentication is a method used to erradicate the possibility of tapping timestamps for malicous purposes. Network time clients can be sure timestamps that fact from the expected time reference and not intercepted for malicious purposes.