Encryption is Futile: Delay Attacks on High-Precision Clock Synchronization

Clock synchronization has become essential to modern societies since many critical infrastructures depend on a precise notion of time. This paper analyzes security aspects of high-precision clock synchronization protocols, particularly their alleged protection against delay attacks when clock synchronization traffic is encrypted using standard network security protocols such as IPsec, MACsec, or TLS. We use the Precision Time Protocol (PTP), the most widely used protocol for high-precision clock synchronization, to demonstrate that statistical traffic analysis can identify properties that support selective message delay attacks even for encrypted traffic. We furthermore identify a fundamental conflict in secure clock synchronization between the need of deterministic traffic to improve precision and the need to obfuscate traffic in order to mitigate delay attacks. A theoretical analysis of clock synchronization protocols isolates the characteristics that make these protocols vulnerable to delay attacks and argues that such attacks cannot be prevented entirely but only be mitigated. Knowledge of the underlying communication network in terms of one-way delays and knowledge on physical constraints of these networks can help to compute guaranteed maximum bounds for slave clock offsets. These bounds are essential for detecting delay attacks and minimizing their impact. In the general case, however, the precision that can be guaranteed in adversarial settings is orders of magnitude lower than required for high-precision clock synchronization in critical infrastructures, which, therefore, must not rely on a precise notion of time when using untrusted networks.