Complex Paths and Derelict Sentinels - Software Engineering Underpinnings of NTP Vulnerabilities

Explore the software engineering underpinnings of recent Network Time Protocol (NTP) vulnerabilities in this IEEE conference talk. Delve into the complex paths and derelict sentinels that have led to security issues in the de facto standard for synchronizing computer clocks on the Internet. Examine how specific software engineering choices may have caused or obscured these vulnerabilities. Review several recent cases where attackers could arbitrarily control remote system clocks using NTP. Cover NTP basics, packet consistency checks, ephemeral associations, and spoofing. Gain insights into improving the security of time synchronization protocols and implementations.