ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
A security risk of depending on synchronized clocks
Full text PdfPdf (415 KB)
Source ACM SIGOPS Operating Systems Review archive
Volume 26 ,  Issue 1  (January 1992) table of contents
Pages: 49 - 53  
Year of Publication: 1992
ISSN:0163-5980
Author
Li Gong
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 5,   Downloads (12 Months): 63,   Citation Count: 18
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/130704.130709
What is a DOI?

ABSTRACT

Many algorithms or protocols, in particular cryptographic protocols such as authentication protocols, use synchronized clocks and depend on them for correctness. This note describes a scenario where a clock synchronization failure renders a protocol vulnerable to an attack even after the faulty clock has been resynchronized. The attack exploits a postdated message by first suppressing it and replaying it later.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

1
S. M. Bellovin , M. Merritt, Limitations of the Kerberos authentication system, ACM SIGCOMM Computer Communication Review, v.20 n.5, p.119-132, Oct 1 1990  [doi>10.1145/381906.381946]
2
Dorothy E. Denning , Giovanni Maria Sacco, Timestamps in key distribution protocols, Communications of the ACM, v.24 n.8, p.533-536, Aug. 1981  [doi>10.1145/358722.358740]
 
3
S. T. Kent , J. Linn, Privacy enhancement for Internet electronic mail: Part II - certificate-based key management, RFC Editor, 1989
 
4
J. Kohl , C. Neuman, The Kerberos Network Authentication Service (V5), RFC Editor, 1993
5
Leslie Lamport, Time, clocks, and the ordering of events in a distributed system, Communications of the ACM, v.21 n.7, p.558-565, July 1978  [doi>10.1145/359545.359563]
6
Leslie Lamport , P. M. Melliar-Smith, Synchronizing clocks in the presence of faults, Journal of the ACM (JACM), v.32 n.1, p.52-78, Jan. 1985  [doi>10.1145/2455.2457]
7
Barbara Liskov, Practical uses of synchronized clocks in distributed systems, Proceedings of the tenth annual ACM symposium on Principles of distributed computing, p.1-9, August 19-21, 1991, Montreal, Quebec, Canada  [doi>10.1145/112600.112601]
8
T. Lomas , L. Gong , J. Saltzer , R. Needhamn, Reducing risks from poorly chosen keys, ACM SIGOPS Operating Systems Review, v.23 n.5, p.14-18, Dec. 3–6, 1989
 
9
[9] S.W. Luan and V.D Gligor, "On Replay Detection in Distributed Systems", in Proceedings of the 10th International Conference on Distributed Computing Systems, Paris, May, 1990, pp. 188-195.
 
10
D. L. Mills, Network Time Protocol (version 2) specification and implementation, RFC Editor, 1989
11
Roger M. Needham , Michael D. Schroeder, Using encryption for authentication in large networks of computers, Communications of the ACM, v.21 n.12, p.993-999, Dec. 1978  [doi>10.1145/359657.359659]
12
Peter G. Neumann, Inside risks: the clock grows at midnight, Communications of the ACM, v.34 n.1, p.170, Jan. 1991  [doi>10.1145/99977.100000]
 
13
[13] "Flawed computer chip sold for years", in RISKS-FORUM Digest, edited by P.G. Neumann, Vol. 10, No. 54, October 18, 1990.
14
M. Satyanarayanan, Integrating security in a large distributed system, ACM Transactions on Computer Systems (TOCS), v.7 n.3, p.247-280, Aug. 1989  [doi>10.1145/65000.65002]
15
Victor L. Voydock , Stephen T. Kent, Security Mechanisms in High-Level Network Protocols, ACM Computing Surveys (CSUR), v.15 n.2, p.135-171, June 1983  [doi>10.1145/356909.356913]

CITED BY  18
Li Gong, Lower bounds on messages and rounds for network authentication protocols, Proceedings of the 1st ACM conference on Computer and communications security, p.26-37, November 03-05, 1993, Fairfax, Virginia, United States
Geng-Sheng Kuo , Jing-Pei Lin, New design concepts for an intelligent Internet, Communications of the ACM, v.41 n.11, p.93-98, Nov. 1998
Michael K. Reiter , Kenneth P. Birman , Robbert van Renesse, A security architecture for fault-tolerant systems, ACM Transactions on Computer Systems (TOCS), v.12 n.4, p.340-371, Nov. 1994
Miguel Castro , Barbara Liskov, Practical byzantine fault tolerance and proactive recovery, ACM Transactions on Computer Systems (TOCS), v.20 n.4, p.398-461, November 2002
Raphael Yahalom, Optimality of multi-domain protocols, Proceedings of the 1st ACM conference on Computer and communications security, p.38-48, November 03-05, 1993, Fairfax, Virginia, United States
Hyun-Sung Kim , Sung-Woon Lee , Kee-Young Yoo, ID-based password authentication scheme using smart cards and fingerprints, ACM SIGOPS Operating Systems Review, v.37 n.4, p.32-41, October 2003
Martín Abadi , Roger Needham, Prudent Engineering Practice for Cryptographic Protocols, IEEE Transactions on Software Engineering, v.22 n.1, p.6-15, January 1996
Li Gong, Efficient network authentication protocols: lower bounds and optimal implementations, Distributed Computing, v.9 n.3, p.131-145, December 1995
B. Clifford Neuman , Stuart G. Stubblebine, A note on the use of timestamps as nonces, ACM SIGOPS Operating Systems Review, v.27 n.2, p.10-14, April 1993
Qingfeng Chen , Chengqi Zhang , Shichao Zhang, ENDL: A Logical Framework for Verifying Secure Transaction Protocols, Knowledge and Information Systems, v.7 n.1, p.84-109, January 2005
Arne Helme , Tage Stabell-Kulø, Offline delegation, Proceedings of the 8th conference on USENIX Security Symposium, p.3-3, August 23-26, 1999, Washington, D.C.
Miguel Castro , Barbara Liskov, Proactive recovery in a Byzantine-fault-tolerant system, Proceedings of the 4th conference on Symposium on Operating System Design & Implementation, p.19-19, October 22-25, 2000, San Diego, California
Peter Gutmann, Lessons Learned in Implementing and Deploying Crypto Software, Proceedings of the 11th USENIX Security Symposium, p.315-325, August 05-09, 2002
Don Davis , Daniel E. Geer, Kerberos security with clocks adrift, Proceedings of the 5th conference on USENIX UNIX Security Symposium, p.4-4, June 05-07, 1995, Salt Lake City, Utah
A. Kehne , J. Schönwälder , H. Langendörfer, A nonce-based protocol for multiple authentications, ACM SIGOPS Operating Systems Review, v.26 n.4, p.84-89, Oct. 1992
I.-Lung Kao , Randy Chow, An efficient and secure authentication protocol using uncertified keys, ACM SIGOPS Operating Systems Review, v.29 n.3, p.14-21, July 1995
Armin Liebl, Authentication in distributed systems: a bibliography, ACM SIGOPS Operating Systems Review, v.27 n.4, p.31-41, Oct. 1993
Al-Sakib Khan Pathan , Choong Seon Hong, A Security Enhanced Timestamp-Based Password Authentication Scheme Using Smart Cards, IEICE - Transactions on Information and Systems, v.E90-D n.11, p.1885-1888, November 2007

INDEX TERMS

Primary Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.1 Process Management
          Subjects: Synchronization

Additional Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS

  D. Software
  D.4 OPERATING SYSTEMS
      D.4.7 Organization and Design
          Subjects: Distributed systems


General Terms:
Design, Security, Standardization

Collaborative Colleagues:
Li Gong: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player