-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Friday, July 30, 2010 7:18 AM To: [email protected] Subject: TICTOC Digest, Vol 44, Issue 98 Hi!
Have seen many back-and-forth messages on whether PTP packets should be encrypted or not. One quick question, if PTP is not protected (like by encryption), is there an efficient way not involving encryption to protect a PTP slave from receiving malicious SYNC and Delay_Rep from a rouge host. In current unprotected format, it seems to be quite easy to Wireshark a PTP stream to learn all the details of a PTP session, GMC's IP address, client's IP address, PTP domain number, PTP message type, timestamps, etc. It is very easy for a rouge host to generate some fake SYNC/Delay_Rep with some random timestamps to screw up the slave's algorithm. The main concern is an easy attack like this can bring down many cellular base stations relying on PTP for synchronization instead of GPS. Of course, one can always argue most Tier 1 carriers have their backhaul network sort of secluded. However, as hacker getting more and more sophisticated, this kind of PTP-oriented attack is of some serious concern. David ---------------------------------------------------------------------- Message: 1 Date: Fri, 30 Jul 2010 14:18:16 +0200 From: "Stefano Ruffini" <[email protected]> Subject: Re: [TICTOC] Encrypting timing packets To: "Mikael Abrahamsson" <[email protected]>, <[email protected]> Message-ID: <7d33ca0905ce1443bada4bd279acfc60084ff...@eitrmmw021.eemea.ericsson.se> Content-Type: text/plain; charset="iso-8859-1" Hi, This was one of the point that have been highlighted at last tictoc meeting (see http://www.ietf.org/proceedings/78/slides/tictoc-2.ppt). A possible approach could be to mark in some way the IPSEC tunnel to inform PTP packets are carried (e.g. RES bits), and rather than modify the correction field, implement some sort of control of the delays (this woudl also avoid layer vialoation issues). A related discussion was held at last Q13-Q4-Q2 joint meeting in Geneva. Best Regards Stefano -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Mikael Abrahamsson Sent: venerd? 30 luglio 2010 12.10 To: [email protected] Subject: Re: [TICTOC] Encrypting timing packets On Fri, 30 Jul 2010, [email protected] wrote: > Yaakov, Valid point. > > I was also thinking about the complexity if timing is part of a > traffic flow that needs to be encrypted although hadn't really given > it too much thought. Now think this through I really don't see how > some form of hop by hop PTP will work in this case without issues. I believe time can be signed (and encrypted), the per-hop adjustment information probably cannot. -- Mikael Abrahamsson email: [email protected] _______________________________________________ TICTOC mailing list [email protected] https://www.ietf.org/mailman/listinfo/tictoc ------------------------------ _______________________________________________ TICTOC mailing list [email protected] https://www.ietf.org/mailman/listinfo/tictoc End of TICTOC Digest, Vol 44, Issue 98 ************************************** _______________________________________________ TICTOC mailing list [email protected] https://www.ietf.org/mailman/listinfo/tictoc
