Open AccessTowards an Increased Detection Sensitivity of Time-Delay Attacks on Precision Time Protocol
Author(s) -
Lea Schonberger,
Mohammad Hamad,
Javier Velasquez Gomez,
Sebastian Steinhorst,
Selma Saidi
Publication year - 2021
Publication title -
ieee access
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.587
H-Index - 127
ISSN - 2169-3536
DOI - 10.1109/access.2021.3127852
Subject(s) - aerospace , bioengineering , communication, networking and broadcast technologies , components, circuits, devices and systems , computing and processing , engineered materials, dielectrics and plasmas , engineering profession , fields, waves and electromagnetics , general topics for engineers , geoscience , nuclear engineering , photonics and electrooptics , power, energy and industry applications , robotics and control systems , signal processing and analysis , transportation
Precision time protocol (PTP) is one of the most widely used protocols for clock synchronization in packet-switched networks, on which, among others, the transaction synchronization of the stock markets relies. PTP was not standardized with security as a core requirement and is therefore vulnerable and attractive to manifold kinds of malicious attacks, such as time-delay attacks (TDAs). TDAs, in short, corrupt the exchange of timestamped messages and thus cause an incorrect synchronization process. The annex P of the IEEE 1588-2019 standard has defined a number of security mechanisms for clock synchronization, but, however, none of these can protect a PTP-based system completely against TDAs. In this work, we enhance existing approaches by introducing a so-called observation task and analytically deriving attack parameters of an ongoing TDA. Following the recommendation of the annex P of the IEEE 1588-2019 standard, these attack parameters can serve as an additional input for intrusion detection systems and allow for a more reliable and sensitive detection of TDAs. In a comprehensive evaluation, we experimentally investigate the impact different attack parameter combinations can have on a system.