The Precision Time Protocol (PTP) aims to provide highly accurate and synchronized clocks. Its defining standard, IEEE 1588, has a security section (“Annex K”) which relies on symmetric-key cryptography. In this paper we present a detailed threat analysis of the PTP standard, in which we highlight the security properties that should be addressed by any security extension. During this analysis we identify a sequence of new attacks and suggest non-cryptographic network-based defenses that mitigate them. We then suggest to replace Annex K's symmetric cryptography by an efficient elliptic-curve Public-Key signatures. We implemented all our attacks to demonstrate their effectiveness, and also implemented and evaluated both the network and cryptographic defenses. Our results show that the proposed schemes are extremely practical, and much more secure than previous suggestions.

中文翻译：

---

精确时间协议的安全分析和修订安全扩展

精确时间协议 (PTP) 旨在提供高度准确和同步的时钟。其定义标准 IEEE 1588 有一个依赖于对称密钥加密的安全部分（“附件 K”）。在本文中，我们对 PTP 标准进行了详细的威胁分析，其中我们强调了任何安全扩展都应该解决的安全属性。在此分析过程中，我们确定了一系列新攻击，并建议采用基于非加密网络的防御措施来缓解这些攻击。然后我们建议用高效的椭圆曲线公钥签名代替附件 K 的对称加密。我们实施了所有攻击以证明其有效性，还实施和评估了网络和加密防御。我们的结果表明，所提出的方案非常实用，