Network Time Security

NTS
This page gives a brief introduction to Network Time Security (NTS), its benefits, and how to set it up on your devices. Netnod’s NTP service is one of the first NTS-enabled time services in the world.

What is NTS?

A lot of the Internet’s most important security tools are dependent on accurate time. But until recently there was no way to ensure that the time you were getting came from a trusted source. The new Network Time Security (NTS) standard has been designed to fix that.

NTS is an essential development of the Network Time Protocol (NTP). It has been developed within the Internet Engineering Task Force (IETF) and adds a much needed layer of security to a protocol that is more than 30 years old and is vulnerable to certain types of attack.
 

NTS consists of two protocols: a key exchange protocol and NTP with security extensions. This ensures that clients can validate that the time that they receive has been sent from the correct server. More detailed information about how NTS works is available here.

How to use NTS

NTS is a free service available to anyone, anywhere in the world. The only thing you need is an NTS-enabled NTP client. For more information about how to set this up, see here.

Netnod currently provides the following NTS servers:

  • nts.netnod.se (for users anywhere in the world)

Göteborg:

  • gbg1.nts.netnod.se
  • gbg2.nts.netnod.se

Luleå:

  • lul1.nts.netnod.se
  • lul2.nts.netnod.se

Malmö:

  • mmo1.nts.netnod.se
  • mmo2.nts.netnod.se

Stockholm:

  • sth1.nts.netnod.se
  • sth2.nts.netnod.se

Sundsvall:

  • svl1.nts.netnod.se
  • svl2.nts.netnod.se
     

Note that the official port number for NTS is now 4460.  Earlier versions of NTS at Netnod used different ports (3443 and 4443) in line with the NTS Internet-draft within the IETF. Once NTS was ratified as an RFC, the port number changed to 4460. Ports 3443 and 4443 are still supported by Netnod's NTS servers for backwards compatibility.

For full details on how to connect to Netnod’s NTS servers, see here.

 

What are the benefits of using NTS?

NTP is vulnerable to Man-in-the-Middle (MITM) attacks. This is where a malicious actor sits between you and the NTP server,  listens in on the conversation, forges messages and lies to you about time.

With many of today’s most important security processes dependent on accurate time, the consequences of receiving time from a malicious source are serious. Everything from establishing encrypted TLS sessions and using DNSSEC to time-stamping financial transactions and preventing online fraud depends on accurate and secure time. By using NTS, you can be sure your devices are receiving accurate time from a reliable source.

More information 

Blog post: Implementing Network Time Security at the Hardware Level
Netnod’s press release announcing NTS service
How to set up an NTS-enabled NTP client 

Tags
Netnod white paper on world’s first hardware implementation of NTS
No
Netnod Time
This white paper gives an overview of NTS and a detailed description of the authentication process that ensures you receive time information from a trusted source. This includes the step-by-step details of the key establishment and time stamping process. We also provide a summary of the elements that enable NTS to scale and to secure NTP against a range of attack vectors.
Netnod Time
Netnod provides a Network Time Security (NTS) service. This page explains how you can start using NTS. It explains how to set up an NTS client and how to connect to Netnod’s NTS servers.
Blog
What is Network Time Security and why is it important?
What is Network Time Security and why is it important?
Michael Cardell Widerkrantz, MC
A lot of the Internet’s most important security tools are dependent on accurate time. In this blogpost, MC Widerkrantz explains why the time you are getting might not be as secure as you think and how recent developments in Network Time Security can help.