Sharon Goldberg remembers the cold February day when her Boston University PhD candidate Aanchal Malhotra was studying routing security, in particular, attacks against the resource public key infrastructure (RPKI)βand kept hitting a dead end because of a cache-flushing issue.
The resourceful Malhotra decided to roll back the time on her computer as a last-ditch effort, and it worked.
βShe was able to do the attack and I asked her what she did,β said Goldberg, an associate professor in the BU computer science department. βShe said she changed the time with NTP and it worked. We were both saying βWhoa.’β
Inadvertently, Malhotra had stumbled across serious security vulnerabilities in the network time protocol used to synchronize computer clocks, that could allow an attacker on a networkβsay in a man-in-the-middle positionβto, at scale if they so wished, roll back time on computers and affect cryptographic calculations, carry out denial of service attacks, or impact the effectiveness of security implementations such as DNSSEC.
βWe are extremely surprised no one thought of this as an attack vector,β Goldberg said. βWe realized this is a powerful tool to do attacks against other systems that are impacted by time. Most cryptography uses timestamps; theyβre there for a reason. If theyβre not accurate, itβs a problem.β
Goldberg, Malhotra and fellow BU students Isaac E. Cohen and Erik Brakke published a paper this week called βAttacking the Network Time Protocolβ that describes a handful of attacks against NTP that are successful because of insufficient authentication and cryptographic shortcomings that allow an attacker to roll back time and cause various levels of havoc on the Internet.
The vulnerabilities uncovered by the BU researchers can be exploited with various levels of sophistication on the attackersβ part, Goldberg said.
The easiest involves the use of a so-called Kiss-of-Death packet to exploit a rate-limiter built into NTP. The attacker can exploit this situation from anywhereβan off-path attackβby spoofing a single Kiss of Death packet and can stop a client from querying a server for years if the attacker so chooses, and no longer update its clock.
βBecause the attacker need only send a few Kiss-oβ-Death packets per victim client, standard network scanning tools (nmap, zmap) can be adapted to very quickly launch this attack, in bulk, on most of the ntpd clients in the Internet,β Goldberg et al wrote on the projectβs portal. The page also includes extensive mitigation advice for patching NTPΒ servers and clients.
Goldberg said that such an attack can be done at scale by scanning the IPv4 address space and listening for responses from vulnerable servers. The patch rolled out this week from the keepers of NTP makes it much more difficult to construct a Kiss of Death packet, Goldberg said.
Goldberg said most of the previous work around attacking NTP involves man-in-the-middle attacks, including a paper done for Black Hat last summer by Jose Selvi using NTP to bypass HSTS protections. Goldberg and the students used one of Selviβs tools, Delorean, in their research.
βWhatβs been happening the last couple of years is that thereβs been more work on off-path attacks. Off-path attacks donβt intercept traffic, itβs just someone with a computer sending packets,β Goldberg said. βItβs a much scarier threat model.β
The researchers also describe in their paper a denial of service attack where even if the Kiss-of-Death packet vulnerability is patched, an attacker could still use the packet to disable NTP on the victimβs client.
βHere, the attackerΒ elicitsΒ a valid KoD packet from the clientβs preconfigured servers by βpriming the pumpβ, i.e., sending the servers a high volume of queries that are spoofed to look like they come from the client,β they wrote. βThe servers then start rate-limiting the client, responding to each of its subsequent queries with a valid KoD packet. Upon receipt of the KoD, the client stops querying its servers, and can no longer update its local clock.β
A third attack requires an attacker be in man-in-the-middle position and able to hijack traffic to an NTP server using BGP or DNS hijacks. The attack rolls back time on the serverβs clients that circumvents a 16-minute panic threshold built into NTP and allows an attacker to manipulate the clientβs cache and cause, for example, a cryptographic object to expire, they wrote.
The final attack is carried out by an off-path attacker and also rolls back time on the client side by exploiting problems in IPv4 packet fragmentation, the researchers wrote.
Source:Β threatpost.com
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.
