使用网络和精确时间协议进行网络时间同步的物理层身份认证机制

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-07-05 DOI:10.1016/j.cose.2025.104590

Ting He

{"title":"使用网络和精确时间协议进行网络时间同步的物理层身份认证机制","authors":"Ting He","doi":"10.1016/j.cose.2025.104590","DOIUrl":null,"url":null,"abstract":"<div><div>Time-spoofing attacks, especially those using time-source spoofing, pose a serious threat to network time synchronisation. Such attacks can be suppressed by authenticating received time-synchronisation messages at the receiving terminal. Current identity-authentication mechanisms under the network time protocol (NTP) and precision time protocol (PTP) are based on cryptography and network-security technologies and have inherent limitations. This study proposes a novel physical-layer identity-authentication mechanism based on a general physical-layer security-architecture for network time synchronisation and a special system-infrastructure model. In this approach, legitimate messages and transmission paths are endowed with unique characteristics, thus the legitimate time source is uniquely identified. The receiving terminal can determine whether the received signal characteristics and transmission path are consistent with the preset conditions, and thus whether the signal comes from a legitimate time source. Simulation results show that under zero-false-alarm conditions, the proposed physical-layer identity-authentication mechanism successfully suppresses all illegitimate messages in channels containing additive white Gaussian noise and in Rayleigh fading channels. Moreover, this mechanism covers all operational modes of NTP/PTP, achieving a reasonable trade-off between security performance and computational complexity. It can thus significantly improve NTP/PTP resistance to time-source spoofing.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104590"},"PeriodicalIF":5.4000,"publicationDate":"2025-07-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Physical-layer identity-authentication mechanism for network time synchronisation using network and precision time protocols\",\"authors\":\"Ting He\",\"doi\":\"10.1016/j.cose.2025.104590\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Time-spoofing attacks, especially those using time-source spoofing, pose a serious threat to network time synchronisation. Such attacks can be suppressed by authenticating received time-synchronisation messages at the receiving terminal. Current identity-authentication mechanisms under the network time protocol (NTP) and precision time protocol (PTP) are based on cryptography and network-security technologies and have inherent limitations. This study proposes a novel physical-layer identity-authentication mechanism based on a general physical-layer security-architecture for network time synchronisation and a special system-infrastructure model. In this approach, legitimate messages and transmission paths are endowed with unique characteristics, thus the legitimate time source is uniquely identified. The receiving terminal can determine whether the received signal characteristics and transmission path are consistent with the preset conditions, and thus whether the signal comes from a legitimate time source. Simulation results show that under zero-false-alarm conditions, the proposed physical-layer identity-authentication mechanism successfully suppresses all illegitimate messages in channels containing additive white Gaussian noise and in Rayleigh fading channels. Moreover, this mechanism covers all operational modes of NTP/PTP, achieving a reasonable trade-off between security performance and computational complexity. It can thus significantly improve NTP/PTP resistance to time-source spoofing.</div></div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":\"157 \",\"pages\":\"Article 104590\"},\"PeriodicalIF\":5.4000,\"publicationDate\":\"2025-07-05\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167404825002792\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825002792","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

时间欺骗攻击，特别是时间源欺骗攻击，对网络时间同步造成严重威胁。这种攻击可以通过在接收终端对接收到的时间同步消息进行身份验证来抑制。当前网络时间协议（NTP）和精确时间协议（PTP）下的身份认证机制基于密码学和网络安全技术，存在固有的局限性。本研究提出了一种新的物理层身份认证机制，该机制基于网络时间同步的一般物理层安全架构和特殊的系统基础架构模型。在这种方法中，合法的消息和传输路径被赋予了唯一的特征，从而唯一地标识合法的时间源。接收端可以判断接收到的信号特征和传输路径是否符合预设条件，从而判断该信号是否来自合法的时间源。仿真结果表明，在零虚警条件下，提出的物理层身份认证机制能够有效抑制加性高斯白噪声信道和瑞利衰落信道中的所有非法报文。此外，该机制涵盖了NTP/PTP的所有操作模式，在安全性能和计算复杂度之间实现了合理的权衡。因此，它可以显著提高NTP/PTP对时间源欺骗的抵抗力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Physical-layer identity-authentication mechanism for network time synchronisation using network and precision time protocols

Time-spoofing attacks, especially those using time-source spoofing, pose a serious threat to network time synchronisation. Such attacks can be suppressed by authenticating received time-synchronisation messages at the receiving terminal. Current identity-authentication mechanisms under the network time protocol (NTP) and precision time protocol (PTP) are based on cryptography and network-security technologies and have inherent limitations. This study proposes a novel physical-layer identity-authentication mechanism based on a general physical-layer security-architecture for network time synchronisation and a special system-infrastructure model. In this approach, legitimate messages and transmission paths are endowed with unique characteristics, thus the legitimate time source is uniquely identified. The receiving terminal can determine whether the received signal characteristics and transmission path are consistent with the preset conditions, and thus whether the signal comes from a legitimate time source. Simulation results show that under zero-false-alarm conditions, the proposed physical-layer identity-authentication mechanism successfully suppresses all illegitimate messages in channels containing additive white Gaussian noise and in Rayleigh fading channels. Moreover, this mechanism covers all operational modes of NTP/PTP, achieving a reasonable trade-off between security performance and computational complexity. It can thus significantly improve NTP/PTP resistance to time-source spoofing.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.