Empirical Use of Network Time Protocol in Internet of Things Devices: Vulnerabilities and Security Measures

RÉSUMÉ : Network Time Protocol (NTP) est un protocole responsable de la synchronisation du temps dans les environnements de réseautique. Il est utilisé depuis plus de trente ans afin d’aider les appareils connectés à acquérir l’heure correcte depuis le réseau. Ce protocole sert entre autre à garantir les informations d’horodatage et la cryptographie des fichiers journaux. Il a également fait l’objet de nombreuses études visant à rendre ce pilier des réseaux et télécommunications plus sûr et plus robuste. Ceci dit, la synchronisation du temps est l’un des composants essentiels au bon fonctionnement des réseaux d’objets connectés (IoT) aussi. Il est primordial pour la planification des tâches, la tenue des journaux, la surveillance des différents comportements et la mise à jour du temps lors de l’utilisation de protocoles de chiffrement ou de mise en file d’attente dans ces réseaux. L’importance de ces facteurs clés peut être ressentie lorsqu’ils sont rendu non valides à cause de la composante temps, par exemple si l’heure est décalée ou est incorrecte lors de l’utilisation de dispositifs précis dépendant du temps. Cela entraîne un retard ou une négligence totale de la tâche, ce qui peut être dangereux si ces appareils sont utilisés dans une chaîne d’action au service de la vie humaine (soins de santé ou circulation de véhicules).----------ABSTRACT : Network Time Protocol (NTP) is a protocol responsible for time synchronization in networking environments. It has been used for over three decades in order to help connected devices acquire the correct time over the network.It is implemented to ensure log file time stamp information and cryptography. It has also been the topic of many studies aiming at making this pillar of networking and telecommunications more secure and robust. Time synchronization is one of the essential ingredients needed for Internet of Things (IoT) networks to function correctly. It is important for scheduling tasks, keeping logs, monitoring different behaviors and for keeping the time concept up to date when using encryption or queuing protocols in these networks. These key factors can be noticed when they are tampered with such as if the time is incorrectly shifted during the use of accurate time dependent devices. This leads to the task being delayed or overlooked completely which can be dangerous if these devices are used in life-dependent chains of action (healthcare or traffic for example)

FLUTE - File Delivery over Unidirectional Transport

Internet Engineering Task Force (IETF) Request for Comments: 6726This document defines File Delivery over Unidirectional Transport (FLUTE), a protocol for the unidirectional delivery of files over the Internet, which is particularly suited to multicast networks. The specification builds on Asynchronous Layered Coding, the base protocol designed for massively scalable multicast distribution. This document obsoletes RFC 3926

High precision timing in passive measurements of data networks

Understanding, predicting, and improving network behaviour under a wide range of conditions requires accurate models of protocols, network devices, and link properties. Accurate models of the component parts comprising complex networks allows the plausible simulation of networks in other configurations, or under different loads. These models must be constructed on a solid foundation of reliable and accurate data taken from measurements of relevant facets of actual network behaviour. As network link speeds increase, it is argued that traditional network measurement techniques based primarily on software time-stamping and capture of packets will not scale to the required performance levels. Problems examined include the difficulty of gaining access to high speed network media to perform measurements, the insufficient resolution of time-stamping clocks for capturing fine detail in packet arrival times, the lack of synchronisation of clocks to global standards, the high and variable latency between packet arrival and time-stamping, and the occurrence of packet loss within the measurement system. A set of design requirements are developed to address these issues, especially in high-speed network measurement systems. A group at the University of Waikato including myself has developed a series of hardware based passive network measurement systems called ‘Dags’. Dags use re-programmable hardware and embedded processors to provide globally synchronised, low latency, reliable time-stamping of all packet arrivals on high-speed network links with sub-hundred nanosecond resolution. Packet loss within the measurement system is minimised by providing sufficient bandwidth throughout for worst case loads and buffering to allow for contention over shared resources. Any occurrence of packet loss despite these measures is reported, allowing the invalidation of portions of the dataset if necessary. I was responsible for writing both the interactive monitor and network measurement code executed by the Dag’s embedded processor, developing a Linux device driver including the software part of the ‘DUCK’ clock synchronisation system, and other ancillary software. It is shown that the accuracy and reliability of the Dag measurement system allows confidence that rare, unusual or unexpected features found in its measurements are genuine and do not simply reflect artifacts of the measurement equipment. With the use of a global clock reference such as the Global Positioning System, synchronised multi-point passive measurements can be made over large geographical distances. Both of these features are exploited to perform calibration measurements of RIPE NCC’s Test Traffic Measurement System for One-way-Delay over the Internet between New Zealand and the Netherlands. Accurate single point passive measurement is used to determine error distributions in Round Trip Times as measured by NLANR’s AMP project. The high resolution afforded by the Dag measurement system also allows the examination of the forwarding behaviour of individual network devices such as routers and firewalls at fine time-scales. The effects of load, queueing parameters, and pauses in packet forwarding can be measured, along with the impact on the network traffic itself. This facility is demonstrated by instrumenting routing equipment and a firewall which provide Internet connectivity to the University of Auckland, providing passive measurements of forwarding delay through the equipment.both the interactive monitor and network measurement code executed by the Dag’s embedded processor, developing a Linux device driver including the software part of the ‘DUCK’ clock synchronisation system, and other ancillary software. It is shown that the accuracy and reliability of the Dag measurement system allows confidence that rare, unusual or unexpected features found in its measurements are genuine and do not simply reflect artifacts of the measurement equipment. With the use of a global clock reference such as the Global Positioning System, synchronised multi-point passive measurements can be made over large geographical distances. Both of these features are exploited to perform calibration measurements of RIPE NCC’s Test Traffic Measurement System for One-way-Delay over the Internet between New Zealand and the Netherlands. Accurate single point passive measurement is used to determine error distributions in Round Trip Times as measured by NLANR’s AMP project. The high resolution afforded by the Dag measurement system also allows the examination of the forwarding behaviour of individual network devices such as routers and firewalls at fine time-scales. The effects of load, queueing parameters, and pauses in packet forwarding can be measured, along with the impact on the network traffic itself. This facility is demonstrated by instrumenting routing equipment and a firewall which provide Internet connectivity to the University of Auckland, providing passive measurements of forwarding delay through the equipment

Junos Pulse Secure Access Service Administration Guide

This guide describes basic configuration procedures for Juniper Networks Secure Access Secure Access Service. This document was formerly titled Secure Access Administration Guide. This document is now part of the Junos Pulse documentation set. This guide is designed for network administrators who are configuring and maintaining a Juniper Networks Secure Access Service device. To use this guide, you need a broad understanding of networks in general and the Internet in particular, networking principles, and network configuration. Any detailed discussion of these concepts is beyond the scope of this guide.The Juniper Networks Secure Access Service enable you to give employees, partners, and customers secure and controlled access to your corporate data and applications including file servers, Web servers, native messaging and e-mail clients, hosted servers, and more from outside your trusted network using just a Web browser. Secure Access Service provide robust security by intermediating the data that flows between external users and your company’s internal resources. Users gain authenticated access to authorized resources through an extranet session hosted by the appliance. During intermediation, Secure Access Service receives secure requests from the external, authenticated users and then makes requests to the internal resources on behalf of those users. By intermediating content in this way, Secure Access Service eliminates the need to deploy extranet toolkits in a traditional DMZ or provision a remote access VPN for employees. To access the intuitive Secure Access Service home page, your employees, partners, and customers need only a Web browser that supports SSL and an Internet connection. This page provides the window from which your users can securely browse Web or file servers, use HTML-enabled enterprise applications, start the client/server application proxy, begin a Windows, Citrix, or Telnet/SSH terminal session, access corporate e-mail servers, start a secured layer 3 tunnel, or schedule or attend a secure online meeting

Recent Advances in Small-Angle Neutron Scattering

Over the decades, small-angle neutron scattering has became a definitive method for structural investigation on the mesoscale between a few Angstrom up to a few 100 nm. This makes it an indispensable tool for non-destructive material investigations in fields ranging from chemistry and biology, over material sciences to solid state physics, especially taking into account the fundamental nature of neutrons, which makes it possible to probe different isotopes and, therefore, enhance contrast by choosing an appropriate isotope distribution or to probe the spin state of the investigated materials. This Special Issue is dedicated to elucidate the advances made with SANS over the last few years, which includes new instrumentation, sample environment and experimental control, as well as novel approaches and experimental techniques. The ideas and approaches collected here will serve both the experienced experimenter as well as the novice to appraise whether their specific experimental setup is feasible with new ideas