Roughtime: Securing time for IoT devices

 
Roughtime:
Securing time for IoT
devices
 
Christer Weinigel, Netnod
 
Accurate time is important
 
Many security critical protocols need accurate time
DNSSEC and TLS
The application itself might need time
 
Keeping time
 
All devices can keep time
When powered on
But not when powered off
IoT devices may not have a Real Time Clock (RTC)
Raspberry Pi - has RTC hardware, but no battery
backup by default
"Shipping mode"
Even with a battery the clock will not run before
first power on because the battery is not
connected
 
Getting time over the network
 
NTP (Network Time Protocol)
Lacks security
NTS (Network Time Security)
Adds security
Bootstrapping problem
NTS depends on TLS
Which depend on having accurate time
Heavyweight, not suited for resource constrained devices
 
Possible solution: Roughtime
 
Protocol is an IETF Draft
Started out as a way to solve the bootstrapping problem
Secure
Was not intended to replace NTP
Only 10 second accuracy
Fairly low CPU usage and small memory footprint
 
Roughtime: evolution
 
It is now a decent generic time protocol
With better accuracy than 10 seconds
Microsecond resolution
Which is secure
Which can run on resource constrained client
Which still solves the bootstrapping problem
 
Next steps
 
Roughtime development has stalled
RIPE community funded project to revive it!
Going forward
Kickstart work on protocol
Collect requirements
What do we need to secure time on IoT devices?
Getting community involvement and feedback.
Update draft based on requirements
Add missing features, maybe drop unnecessary features
Update implementations
Hackathon
Submit Roughtime to IETF RFC Editors
 
Resources
 
Roughtime Draft
https://datatracker.ietf.org/doc/html/draft-ietf-ntp-roughtime
Working client implementation of draft version 4, 5 and 7
https://vadarklockan.readthedocs.io
Roughtime servers
Netnod: sth1.roughtime.netnod.se, sth2.roughtime.netnod.se (v7)
Marcus Dansarie: roughtime.se (v7)
Mailing list: "proto-roughtime"
Blog posts with background about Roughtime
https://blog.cloudflare.com/roughtime/
Longer talk in the IoT WG later
Contact me: wingel@netnod.se
Slide Note
Embed
Share

Accurate time is crucial for security protocols like DNSSEC and TLS in IoT devices. Roughtime protocol, with improved accuracy and security features, provides a solution for securing time in resource-constrained environments. The protocol addresses the bootstrapping problem and allows for microsecond resolution, ensuring reliable timekeeping for IoT devices. Community involvement and further development are essential for advancing the Roughtime protocol.


Uploaded on May 11, 2024 | 1 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. Roughtime: Securing time for IoT devices Christer Weinigel, Netnod

  2. Accurate time is important Many security critical protocols need accurate time DNSSEC and TLS The application itself might need time

  3. Keeping time All devices can keep time When powered on But not when powered off IoT devices may not have a Real Time Clock (RTC) Raspberry Pi -has RTC hardware, but no battery backup by default "Shipping mode" Even with a battery the clock will not run before first power on because the battery is not connected

  4. Getting time over the network NTP (Network Time Protocol) Lacks security NTS (Network Time Security) Adds security Bootstrapping problem NTS depends on TLS Which depend on having accurate time Heavyweight, not suited for resource constrained devices

  5. Possible solution: Roughtime Protocol is an IETF Draft Started out as a way to solve the bootstrapping problem Secure Was not intended to replace NTP Only 10 second accuracy Fairly low CPU usage and small memory footprint

  6. Roughtime: evolution It is now a decent generic time protocol With better accuracy than 10 seconds Microsecond resolution Which is secure Which can run on resource constrained client Which still solves the bootstrapping problem

  7. Next steps Roughtime development has stalled RIPE community funded project to revive it! Going forward Kickstart work on protocol Collect requirements What do we need to secure time on IoT devices? Getting community involvement and feedback. Update draft based on requirements Add missing features, maybe drop unnecessary features Update implementations Hackathon Submit Roughtime to IETF RFC Editors

  8. Resources Roughtime Draft https://datatracker.ietf.org/doc/html/draft-ietf-ntp-roughtime Working client implementation of draft version 4, 5 and 7 https://vadarklockan.readthedocs.io Roughtime servers Netnod: sth1.roughtime.netnod.se, sth2.roughtime.netnod.se (v7) Marcus Dansarie: roughtime.se (v7) Mailing list: "proto-roughtime" Blog posts with background about Roughtime https://blog.cloudflare.com/roughtime/ Longer talk in the IoT WG later Contact me: wingel@netnod.se

Related


More Related Content

giItT1WQy@!-/#giItT1WQy@!-/#