Research And Development Of Trusted Internet Time Service System

With the rapid development of computer technology and internet applications,more and more network-based distributed systems have appeared.In a distributed network system,different applications between various hosts rely on a high standard of time synchronization to complete tasks effectively and cooperatively.The widespread application of network time synchronization technology in distributed systems brings security threats to the system that cannot be ignored.Attacks against network time synchronization can cause severe consequences such as service interruption and system crashes.However,the existing network time synchronization security technology has defects and cannot meet the requirements of secure and reliable time synchronization.Therefore,how to achieve secure and reliable time synchronization between hosts is a key issue that needs to be solved urgently.In this paper,the network time protocol and Autokey security mechanism are analyzed in depth.Vulnerability analysis is performed for the security flaws and corresponding attack schemes is designed.A secure identity authentication scheme is designed based on security requirements.Finally,a trusted internet time service system is designed and implemented based on the above content.In this paper,in-depth research is made on the Autokey security mechanism.The Autokey security mechanism has serious security flaws in many aspects such as random value generation,encryption algorithm application,client identity authentication and identity authentication challenge-response.In this paper,the brute force attack,man-in-the-middle attack,and the construction of special values to bypass authentication and other attack methods are designed for the above defects.Next,the security requirements in the network synchronization process is analyzed.The security technology of network time synchronization not only needs high-intensity security,but also needs the efficiency of time synchronization,and at the same time,it must also take into account the impact of time factors.Based on the security requirements,an identity authentication scheme based on the certificate with national cryptographic algorithms,which mainly includes two stages: security negotiation and time message process,is designed in this paper.The security negotiation phase includes three processes: parameter negotiation,certificate authentication,and cookie exchange.The identity is verified by certificate,the validity of the certificate is guaranteed by the online certificate query mechanism,and the private cookie is protected by the domestic elliptic curve crypto algorithm.In the time message processing stage,the integrity and credibility of the time message are guaranteed by the domestic hash algorithm and the message authentication code,and the trusted time synchronization function is completed.Based on the security scheme and user requirements,the design of architecture and module for the time service system are performed in this paper.The system mainly includes a Webbased background management module and an NTP-based trusted time synchronization module.The time service system is based on the security-enhanced Linux platform.The configuration management of the system is implemented based on the Web,including network settings,user management,access control settings,security settings,statistics and log management and system settings.The time synchronization module is based on the NTP protocol and the Autokey mechanism.It is mainly responsible for processing the users time synchronization request.It provides the high-density identity authentication service based on the certificate previously designed,and it is also compatible with time synchronization without authentication,and time synchronization through IFF and GQ authentication.Finally,according to the typical application scenario of network time synchronization,a test environment is set up to test the system functions.The test results show that:(1)according to the actual application environment of the trusted internet time service system the administrator can configure functions through the system web interface,and monitor the system operation status and statistical information of the time synchronization process in real time;(2)the user use the time synchronization client to synchronize time with the time server through the NTP protocol.If an identity authentication scheme based on the national cryptographic certificate is used,the communication process conforms to the design of scheme and has high strength security.If IFF or GQ identity authentication schemes is adopted,which complies with the Autokey protocol specifications,it will have good compatibility with the original time synchronization service.