网络时间同步及其安全性研究
|
摘要
时钟同步问题是分布式操作系统中的一个经典问题,是分布式计算中的核心技术之一。随着计算机技术和网络通信技术的迅猛发展,异步网络环境中各节点的时钟同步问题变得越来越重要,同时,时钟同步问题也被赋予了新的内涵。时钟同步的安全性就是其一。客户端需要通过对服务器的认证来确认其是否可信,以避免有意或无意的恶意攻击。
本论文主要分为三个部分:第一部分介绍了时钟同步的相关内容,包括物理时钟、逻辑时钟、世界协调时间和原子秒等概念。
第二部分介绍了时钟同步系统的同步源、同步方法、同步模型,及其工作模式。接着对时间同步协议(Network Time Protocol)的工作原理、实现方式进行分析,同时在此基础上开发基于Java语言的时间同步客户端软件,并对客户端核心代码进行了分析。
第三部分是对时间同步安全性进行讨论。除了介绍时间同步协议具有的抵抗机制、可能遭遇的恶意攻击及需要满足的假设条件,还对数字证书用于时间同步的可行性作出了分析。最后,对自动钥的特征及认证能力作了介绍。
Time synchronization is not only a classical issue in the distributed operation system, but also one of the kernel techniques of the distributed applications. As the swift and violent development of computer and network communication technology, the clock synchronization between network nodes in an asynchronous environment becomes more and more important. Meanwhile, the new content and broad range are added in this research area of clock synchronization. Time synchronization security is the one. In order to avoiding evil or devil malicious attack,it is necessary for client to authenticate server proventic or not.
This paper mainly consists of three parts: the first part introduces the related content of clock synchronization,including the concepts of physical clock, logical clock,universal time coordinated and atomic second.
The second part introduces synchronization sources, synchronization method and synchronization model of time clock synchronization system, and its working mode. Then the working principle and implementation method of network time protocol is analyzed. At the same time,client software based on Java language is developed and its core code is analyzed.
The third part is the discussion about clock synchronization security. Apart from introducing resistance mechanism, possible encountering malicious attack and presumed required limitation of network time protocol, the feasibility about digital certificate applied to time synchronization is analyzed. Lastly,the characteristic and authentication ability of autokey is mentioned.
本论文主要分为三个部分:第一部分介绍了时钟同步的相关内容,包括物理时钟、逻辑时钟、世界协调时间和原子秒等概念。
第二部分介绍了时钟同步系统的同步源、同步方法、同步模型,及其工作模式。接着对时间同步协议(Network Time Protocol)的工作原理、实现方式进行分析,同时在此基础上开发基于Java语言的时间同步客户端软件,并对客户端核心代码进行了分析。
第三部分是对时间同步安全性进行讨论。除了介绍时间同步协议具有的抵抗机制、可能遭遇的恶意攻击及需要满足的假设条件,还对数字证书用于时间同步的可行性作出了分析。最后,对自动钥的特征及认证能力作了介绍。
Time synchronization is not only a classical issue in the distributed operation system, but also one of the kernel techniques of the distributed applications. As the swift and violent development of computer and network communication technology, the clock synchronization between network nodes in an asynchronous environment becomes more and more important. Meanwhile, the new content and broad range are added in this research area of clock synchronization. Time synchronization security is the one. In order to avoiding evil or devil malicious attack,it is necessary for client to authenticate server proventic or not.
This paper mainly consists of three parts: the first part introduces the related content of clock synchronization,including the concepts of physical clock, logical clock,universal time coordinated and atomic second.
The second part introduces synchronization sources, synchronization method and synchronization model of time clock synchronization system, and its working mode. Then the working principle and implementation method of network time protocol is analyzed. At the same time,client software based on Java language is developed and its core code is analyzed.
The third part is the discussion about clock synchronization security. Apart from introducing resistance mechanism, possible encountering malicious attack and presumed required limitation of network time protocol, the feasibility about digital certificate applied to time synchronization is analyzed. Lastly,the characteristic and authentication ability of autokey is mentioned.
引文
[1]Liskov B.Practical uses of synchronized clocks in distributed systems[J].Distributed
Computing,1993,6:211-219
[2]David L.Mills,Network Time Protocol(version 3)Specification,Implementation and Analysis,Network Working Group,1992
[3]Lamport,L.,Concurrent Reading and Writing of Clocks,ACM Trans.On Computer System,1990,vol.8,pp.305-3100
[4]Frank Kardel,Rainer Pruy.NTP synchronization net statistics[EB/OL].Email message,archived on NTP web pages,1994
[5]GOYER P,MOMTAHAN P,SELIC B.A synchronization service for locally distributed applications[C].//IFIP Conference on Distributed Processing.Amsterdam:Elsevier Science Publishers B.V.,1987:56-70
[6]孙娜,熊伟,丁于征-,时钟同步的研究与应用,计算机工程与应用[J],2003,23,pp.177-185
[7]赵英,张莹莹,史莉.时钟同步状态图[J].大连理工大学学报,2005,Vol.45:269-271
[8]Defense Advanced Research Projects Agency.Intemet Control Message Protocol[R].DARPA Network Working Group Report RFC-792,USC Information Sciences Institute,1981
[9]Postel J.Time protocol,Darpa Network Working Group Report RFC-868[Z].USC Information Science Institute,1983
[10]Postel J.Daytime protocol,Darpa Network Working Group Report RFC-867[Z].USC Information Science Institute,1983
[11]David L.Mills,Computer Network Time Synchronization Executive Summary,http://www.eecis.udel.edu/%7emills/exec.html,2003.3.20/2004.2.5*
[12]赵英,黄九梅,异步环境中基于时钟精度差的时间同步问题研究[J],计算机应用,2002,22(11):pp:37-39
[13]ZHOU Shu-min,ZHAO Ming,SUN Ya-min.Clock Synchronization Algorithm Based on Local Clock Adjusting[J].Journal of System Simulation,2006,Vol.18 Suppl.2:358-360
[14]Lamport,L.,Time,Clock and the Ordering of Events in a Distributed System,Commun of the ACM,July 1978,vol.6,pp.558-564
[15]David.L.Mills,Improved Algorithms for Synchronizing Computer Network Clocks[J].IEEE Transaction On Networks,1995,7:245-254
[16]FLAVIU CRISTAIN,CHRISTOF FETZER.Fault-Tolerant External Closk Synchronization[J].IEEE Proceedings of the International Conference on distributed Computing Systems(ICDCS 95'),1995,70-77
[17]MANFRED J,DOUGLAS M.,BLOUGHT.A New and Improved Algorithm for Fault-Tolerant Clock Synchronization[J].Journal Of Parallel And Distributed Computing,1995,27:1-14
[18]Mills,D.L,Algorithms for synchronizing network clocks,DARPA Network Working Group Report RFC-956,M/A-COM Linkabit,1985
[19]李明国,宋海娜.计算机时钟同步技术研究[J].系统仿真学报,2002,14(4):477-480
[20]华宇,刘志英.互联网上的时间基准[J].计算机工程与应用,2002,38(24):169-171
[21]李明国,等.基于概率同步算法的计算机外时钟同步系统[J].计算机仿真,2002,19(3):95-100
[22]贺鹏,李著,吴海涛,网络时间同步算法研究和实现[J].计算机应用,2003,23(2):15-17
[23]任丰原,董思颖,何滔,林闯.基于锁相环的时间同步机制与算法[J].软件学报,2007,Vol.18,No.2:372-380
[24]Lundelius-Welch,Lynch,A New Fault-Tolerant Algorithm for Clock Synchronization,Information and Computation,1988,vol.77,pp.1-360
[25]Srikanth,Toueg,Optimal Clock Synchronization,Journal of the ACM,1987,vol.34,pp.626-645
[26]Defense Advanced Research Projects Agency,Intemet Protocol.DARPA Network Working Group Report RFC-791,USC Information Sciences Institute,1981
[27]Cristian,F,Probabilistic Clock Synchronization,Distributed Computing,1989,vol3,pp.146-158
[28]Su,Z,A specification of the Interact protocol(IP)timestamp option,DARPA Network Working Group Report RFC-781,SRI International,1981
[29]Lindsay,Kantak,Network synchronization of random signals,IEEE Trans.Communications COM-28,8,1980,pp.1260-1266
[30]Lamport,Melliar-Smith,Synchronizing clocks in the presence of faults,ACM 32,1985,vol.1,pp.52-78
[31]宋妍,朱爽.基于NTP的网络时间服务系统的研究[J].计算机工程与应用,2003,Vol.36:147-150
[32]DAVID L.MILLS.A brief history of NTP time:memoris of an Internet timekeeper[J].ACM SIGCOMM Computer Communication Review,2003,Vol.33:9-21
[33]朱辉生.VC中基于SOCKET的网络编程[J].计算机应用与软件,2004,21:118-119
[34]Kun Sun,Peng Ning,and Cliff Wang.Secure and Resilient Clock Synchronization in Wireless Sensor Networks,Proceedings of the 13th ACM Conference on Computer and Communications Security,pp.264-277,2006
[35]Sun Kun,Peng Ning,Cliff Wang.Fault-tolerant cluster-wise clock synchronization for wireless sensor networks[J].IEEE Transactions on Dependable and Secure Computing,2004,3(3):258-271
[36] David L.Mills,The Auotokey Security Architecture, Protocol and Algorithms. , Network Working Group, 2006
Computing,1993,6:211-219
[2]David L.Mills,Network Time Protocol(version 3)Specification,Implementation and Analysis,Network Working Group,1992
[3]Lamport,L.,Concurrent Reading and Writing of Clocks,ACM Trans.On Computer System,1990,vol.8,pp.305-3100
[4]Frank Kardel,Rainer Pruy.NTP synchronization net statistics[EB/OL].Email message,archived on NTP web pages,1994
[5]GOYER P,MOMTAHAN P,SELIC B.A synchronization service for locally distributed applications[C].//IFIP Conference on Distributed Processing.Amsterdam:Elsevier Science Publishers B.V.,1987:56-70
[6]孙娜,熊伟,丁于征-,时钟同步的研究与应用,计算机工程与应用[J],2003,23,pp.177-185
[7]赵英,张莹莹,史莉.时钟同步状态图[J].大连理工大学学报,2005,Vol.45:269-271
[8]Defense Advanced Research Projects Agency.Intemet Control Message Protocol[R].DARPA Network Working Group Report RFC-792,USC Information Sciences Institute,1981
[9]Postel J.Time protocol,Darpa Network Working Group Report RFC-868[Z].USC Information Science Institute,1983
[10]Postel J.Daytime protocol,Darpa Network Working Group Report RFC-867[Z].USC Information Science Institute,1983
[11]David L.Mills,Computer Network Time Synchronization Executive Summary,http://www.eecis.udel.edu/%7emills/exec.html,2003.3.20/2004.2.5*
[12]赵英,黄九梅,异步环境中基于时钟精度差的时间同步问题研究[J],计算机应用,2002,22(11):pp:37-39
[13]ZHOU Shu-min,ZHAO Ming,SUN Ya-min.Clock Synchronization Algorithm Based on Local Clock Adjusting[J].Journal of System Simulation,2006,Vol.18 Suppl.2:358-360
[14]Lamport,L.,Time,Clock and the Ordering of Events in a Distributed System,Commun of the ACM,July 1978,vol.6,pp.558-564
[15]David.L.Mills,Improved Algorithms for Synchronizing Computer Network Clocks[J].IEEE Transaction On Networks,1995,7:245-254
[16]FLAVIU CRISTAIN,CHRISTOF FETZER.Fault-Tolerant External Closk Synchronization[J].IEEE Proceedings of the International Conference on distributed Computing Systems(ICDCS 95'),1995,70-77
[17]MANFRED J,DOUGLAS M.,BLOUGHT.A New and Improved Algorithm for Fault-Tolerant Clock Synchronization[J].Journal Of Parallel And Distributed Computing,1995,27:1-14
[18]Mills,D.L,Algorithms for synchronizing network clocks,DARPA Network Working Group Report RFC-956,M/A-COM Linkabit,1985
[19]李明国,宋海娜.计算机时钟同步技术研究[J].系统仿真学报,2002,14(4):477-480
[20]华宇,刘志英.互联网上的时间基准[J].计算机工程与应用,2002,38(24):169-171
[21]李明国,等.基于概率同步算法的计算机外时钟同步系统[J].计算机仿真,2002,19(3):95-100
[22]贺鹏,李著,吴海涛,网络时间同步算法研究和实现[J].计算机应用,2003,23(2):15-17
[23]任丰原,董思颖,何滔,林闯.基于锁相环的时间同步机制与算法[J].软件学报,2007,Vol.18,No.2:372-380
[24]Lundelius-Welch,Lynch,A New Fault-Tolerant Algorithm for Clock Synchronization,Information and Computation,1988,vol.77,pp.1-360
[25]Srikanth,Toueg,Optimal Clock Synchronization,Journal of the ACM,1987,vol.34,pp.626-645
[26]Defense Advanced Research Projects Agency,Intemet Protocol.DARPA Network Working Group Report RFC-791,USC Information Sciences Institute,1981
[27]Cristian,F,Probabilistic Clock Synchronization,Distributed Computing,1989,vol3,pp.146-158
[28]Su,Z,A specification of the Interact protocol(IP)timestamp option,DARPA Network Working Group Report RFC-781,SRI International,1981
[29]Lindsay,Kantak,Network synchronization of random signals,IEEE Trans.Communications COM-28,8,1980,pp.1260-1266
[30]Lamport,Melliar-Smith,Synchronizing clocks in the presence of faults,ACM 32,1985,vol.1,pp.52-78
[31]宋妍,朱爽.基于NTP的网络时间服务系统的研究[J].计算机工程与应用,2003,Vol.36:147-150
[32]DAVID L.MILLS.A brief history of NTP time:memoris of an Internet timekeeper[J].ACM SIGCOMM Computer Communication Review,2003,Vol.33:9-21
[33]朱辉生.VC中基于SOCKET的网络编程[J].计算机应用与软件,2004,21:118-119
[34]Kun Sun,Peng Ning,and Cliff Wang.Secure and Resilient Clock Synchronization in Wireless Sensor Networks,Proceedings of the 13th ACM Conference on Computer and Communications Security,pp.264-277,2006
[35]Sun Kun,Peng Ning,Cliff Wang.Fault-tolerant cluster-wise clock synchronization for wireless sensor networks[J].IEEE Transactions on Dependable and Secure Computing,2004,3(3):258-271
[36] David L.Mills,The Auotokey Security Architecture, Protocol and Algorithms. , Network Working Group, 2006