Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity

    Cloudflare Secures Time With Roughtime Protocol Service

    By
    SEAN MICHAEL KERNER
    -
    September 21, 2018
    Share
    Facebook
    Twitter
    Linkedin
      Cloudflare Roughtime

      If time is money, then how important is it to secure the integrity of time itself? Time across many computing devices is often synchronized via the Network Time Protocol (NTP), which isn’t a secure approach, but there is another option.

      On Sept. 21, Cloudflare announced that it is deploying a new authenticated time service called Roughtime, in an effort to secure certain timekeeping efforts. The publicly available service is based on an open-source project of the same name that was started by Google.

      “NTP is the dominant protocol used for time synchronisation and, although recent versions provide for the possibility of authentication, in practice that‘s not used,” Google’s project page for Roughtime states. ” Most computers will trust an unauthenticated NTP reply to set the system clock meaning that a MITM [man-in-the-middle] attacker can control a victim’s clock and, probably, violate the security properties of some of the protocols listed above.”

      Roughtime is a UDP-based protocol that benefits from cryptographic protection to help maintain integrity and limit the risk of MITM attacks. In addition, the Roughtime protocol includes measures to help protect it from being used as an amplifier for distributed denial-of-service (DDoS) attacks. Since at least 2014, attackers have been abusing the insecurity of NTP to help reflect and amplify DDoS attacks.

      Cloudflare intends to use its Roughtime service to help validate the proper expiration date of SSL/TLS certificates. Without the ability to properly verify time, an attacker could to trick a user or server into accepting a certificate that has already expired.

      “Our Roughtime servers get their time from the system clock of Cloudflare’s servers, which are monitored for consistency and accuracy,” Nick Sullivan, head of cryptography at Cloudflare, told eWEEK.

      By publicly exposing the Roughtime service, Cloudflare’s goal is to spur interest and possible adoption of the Roughtime protocol where it makes sense. Although Roughtime can be used to help secure timekeeping on the internet, it is not necessarily a direct replacement for NTP for a number of reasons.

      “The Roughtime protocol does not take latency into account [like NTP does], so depending on how far the user is from the Roughtime server, they could differ by as much as a second,” Sullivan said.

      Additionally, Sullivan said he doesn’t see Roughtime as a replacement for NTP because it doesn’t have all the machinery to give microsecond-level precision. Roughtime’s main use case is making sure that roughly correct time can be obtained from a set of semi-trusted servers in an auditable way, he said. 

      Sullivan said there work is also being done in the broader IT community for secure variants of NTP that Cloudflare is actively monitoring.

      Deploying Roughtime

      Cloudflare’s Roughtime service is freely available at roughtime.cloudflare.com on port 2002 for anyone who wants to use it. For those who want to deploy their own own Roughtime services, Sullivan said it’s quite simple to deploy and not very costly from a resource consumption standpoint.

      “Each timestamp requires one elliptic curve signature, which can be computed efficiently even on older hardware,” Sullivan said. “That said, the main benefit of Roughtime comes from using multiple servers run by independent organizations.”

      Sullivan added that running a Roughtime service locally can help against on-path attackers, but doesn’t protect you from compromise of the time server itself.

      Cryptography Week

      The launch of the Roughtime service is the last in a series of announcements Cloudflare has made during the week, which the company has dubbed Crypto Week. 

      On Sept. 17, Cloudflare announced an InterPlanetary File System (IPFS) gateway that enables users to benefit from the IPFS peer-to-peer filesystem for distributed content delivery. On Sept. 18, the company announced new tools to make DNSSEC (DNS security extensions) easier to use and deploy. The news was followed on Sept. 19 with the RPKI (Resource Public Key Infrastructure) effort to help secure BGP (Border Gateway Protocol). Then on Sept. 20, the company announced the Cloudflare Onion Service to help users who want to stay anonymous with the Tor network.

      “Cloudflare’s mission is to help build a better internet, so at any given moment there are a dozen ongoing projects that are focused on different areas that need improvement,” Sullivan said. “This year we had several of these initiatives based on cryptography that were ready for launch around the same time, so we decided to package them up together and announce them as a prelude to Cloudflare’s birthday week announcements.”

      Cloudflare is set to celebrate its eighth birthday during the week of Sept. 24. During Cloudflare’s 2017 Birthday Week, the company made multiple announcements, including new security and streaming services.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×