A security risk of depending on synchronized clocks

1 January 1992

journal article
Published by Association for Computing Machinery (ACM) in ACM SIGOPS Operating Systems Review

Vol. 26 (1), 49-53
https://doi.org/10.1145/130704.130709

Abstract

Many algorithms or protocols, in particular cryptographic protocols such as authentication protocols, use synchronized clocks and depend on them for correctness. This note describes a scenario where a clock synchronization failure renders a protocol vulnerable to an attack even after the faulty clock has been resynchronized. The attack exploits a postdated message by first suppressing it and replaying it later.

Keywords

This publication has 12 references indexed in Scilit:

On replay detection in distributed systems
Published by Institute of Electrical and Electronics Engineers (IEEE) ,2002
Inside risks: the clock grows at midnight
Communications of the ACM, 1991
Practical uses of synchronized clocks in distributed systems
Published by Association for Computing Machinery (ACM) ,1991
Limitations of the Kerberos authentication system
ACM SIGCOMM Computer Communication Review, 1990
Reducing risks from poorly chosen keys
ACM SIGOPS Operating Systems Review, 1989
Network Time Protocol (version 2) specification and implementation
1989
Synchronizing clocks in the presence of faults
Journal of the ACM, 1985
Timestamps in key distribution protocols
Communications of the ACM, 1981
Using encryption for authentication in large networks of computers
Communications of the ACM, 1978
Time, clocks, and the ordering of events in a distributed system
Communications of the ACM, 1978

Cited by 97 articles