NTP the Importance of External Time Reference

Network Time Protocol (NTP) is one of the Internet's oldest protocols and is still the standard for time synchronisation. The success of NTP stems from its constant development (version 4 is currently in progress) and the accuracy that an NTP time server can boast in the synchronisation of networks.

Whilst an accuracy of 1/5000th of a second can be obtained on a network under the right conditions, this accuracy is solely reliant on whatever time reference NTP uses to synchronise with. This source could of course be unreliable, like a workstation clock as real time chips in most computers are prone to drift and are far less accurate than the average digital watch.

The alternative is to use a reliable UTC (Coordinated Universal Time) source. UTC is the standard for time synchronization. It was started in 1972 after the development of atomic clocks and allows the entire globe to synchronise to the same absolute time. This has not only made technologies such as the Internet, GPS and communication satellites possible, but also has allowed industries such as airlines and the stock market to trade globally.

The simplest way to synchronise a network to UTC has always been to use an Internet time reference. There are hundreds available such as nist.gov and most Windows software has a built in utility, Windows Time (win32.exe) to synchronise the system clock to a reference clock over the Internet.

However, Microsoft and others warn against using an Internet source as a time reference as authentication is not possible from these sources.

Authentication is the security measure that NTP uses to ensure that a time reference is trusted. Without authentication systems are vulnerable to malicious attacks such as hackers who could adjust a timestamp to commit fraud or a DDoS attack (Distributed Denial of Service usually caused by malicious software inundating the system).

Not only are Internet times sources unauthenticated but also a survey by Nelson Minar of MIT on over 900 Internet time references, discovered nearly half were offset by over ten seconds (one by a staggering 6 years - but there were fortunately not many peers) and less that a third where described as being useful.

The report also discovered that many Internet time reference hosts were too far away from their peers to allow accurate time synchronisation.

There are however, several ways of ensuring a NTP server is synchronised to a reliable and stable UTC time source that is both accurate and authenticated.

There are two systems available and both use relatively low cost equipment. The first option and often the easiest, is to connect to a GPS antenna and dedicated GPS time server to the network. This uses the UTC time code transmitted by the GPS satellites, as long as the antenna has a good view of the sky.

Alternatively specialist broadcast signals transmit a timestamp in several countries. In Britain it is referred to as MSF and broadcast from Cumbria by the National Physics Laboratory at 60 kHz but can be picked up as far away as 1000 km, although similar systems operate in Germany, France and the US. These radio referenced NTP servers are vulnerable to interference but traditionally were of a lower cost than GPS receivers however, advances in technology mean the difference is now minimal.

The integrity of a time source used by a NTP time server is therefore highly important and whist system administrators are all too willing to invest in expensive firewalls and anti-viral software to protect their networks many neglect their time server's security which after all, may not be telling them the right time anyway!