Article Summary
- Citation and Link
Alghamdi, W., & Schukat, M. (2020, July 24). Cyber Attacks on Precision Time Protocol Networks—A Case Study. mdpi.com. Retrieved February 28, 2022, from https://www.mdpi.com/2079-9292/9/9/1398
Link to the article- https://fhsu.userservices.exlibrisgroup.com/view/action/uresolver.do?operation=resolveService&package_service_id=18831849820001141&institutionId=1141&customerId=1130
- Abstract
The IEEE 1588 precision time protocol (PTP) is used by many time-sensitive applications and systems, as it achieves sub-microsecond time synchronization between computer clocks. However, a PTP network is vulnerable to cyber-attacks that can reduce the protocol accuracy to unacceptable levels for some or all clocks in a network with potentially devastating consequences. Of particular concern are advanced persistent threats (APT), where an actor infiltrates a network and operates stealthily and over extended periods of time before being discovered. This paper investigates the impact of the most important APT strategies on a PTP network, i.e., the delay attack, packet modification or transparent clock attack, and time reference attack, using a fully programable and customizable man in the middle device, thereby considering the two most popular PTP slave daemons PTPd and PTP4l. In doing so, it determines suitable attack patterns and parameters to compromise the time synchronization covertly.
- Experimental or non-experimental
The study is experimental in nature, but may not be considered a true experiment. There are multiple variables tested, but there does not appear to be a control group.
- Qualitative or Quantitative?
The results are quantitative. The results are measured in milliseconds, which are measurable, numeric, and not a qualitative value.
- Population
You could say the population includes all servers that use PTP (Precision Time Protocol). This includes the servers used in critical networking infrastructure such as bank services, communication services, and the services that manage important resources such as water and electricity.
- Sample
There was not a randomized sample used, but rather a test setup, the purpose being to emulate a working client/server environment.
- Method of measurement
The results of each trial run are measured in milliseconds. The tests measure the difference in timestamps between different servers. These differences are created artificially and are used in hacking attempts to cause denial of services or conduct other malicious activity.
- Method of analysis
The exact timestamp of each server can be measured in intervals over the course of the study. The differences increase over time as the would-be attacker causes an increased delay every second or two until the difference is large enough to cause disruption of services.
- Conclusion
The purpose of the study was to demonstrate the ways that services can be disrupted by a cyber-attack, specifically relating to time services. The article recommends creating a Trusted Supervisor Node (TSN) that can detect such attacks to help alleviate the effects of an attack through early detection.
- Why this study?
I feel that cyber-attacks are very quickly becoming relevant on a massive scale. They can create all sorts of havoc just because of how much society relies on network services. As an example, in Russia there are many cyber-attacks happening right now coming from outside sources such as “Anonymous.” They are doing everything from shutting down electric car chargers to preventing user access to Russian news sites.
- What next?
The next step, in my opinion, would be to demonstrate similar attacks and study their effects on larger sets of servers. This might give enough information to predict the consequences of a real attack on a critical infrastructure or institution.
Hi DJ
Cool topic. I am also planning to do my research on cybersecurity, although I haven’t nailed down exactly what to talk about yet. It is a growing field and once you have experience, I understand you can pretty much go anywhere and make a comfortable salary doing it. I agree disrupting the security breach as quickly as possible is key to any cyber attack. Are you just analyzing data on interval attacks and measuring how long it takes to discover them or any security breach? I think stating what the acronym stands for would make this information easier to understand. Great job on the assignment.
Heath
Hi Daniel!
I find your article topic very interesting. I was looking to do that for my research project. Not all sure what I will be talking about yet but working on it. You did a great job capturing what Dr. Loggins wanted.
Nice topic Daniel! At first I was also going to do my research over cybersecurity, but changed my mind and now I am doing artificial intelligence. Cyber-attacks like you said are becoming more and more likely as time continues. As long as technology improves cyber-attacks will become more prevalent than they are today.
I am a networking major and through my studies I have learned just how crazy cyber attacks can be. It can be really easy for individuals to plug themselves into a network and access all sorts of information. Luckily, technology security continues to grow and best practices can be incorporated to help reduce these issues. This is a good study and making cyber security more of a public interest will do nothing but benefit security systems and practices to come.
Hello dj
I took a cybersecurity class back in 2019 and Cyberattacks use malicious code to alter computer code, logic or data, resulting in disruptive consequences that can compromise data and lead to cybercrimes, such as information and identity theft. If you would like to learn more about this topic from cyber security oriented platforms offering webinars and blogs (I’ve recently explored Cyberbit’s) check it out please.