Secure time synchronization for network functions virtualization (NFV)
Network Functions Virtualization (NFV) is a new trend in communication networks, originated from the telecommunication industry. NFV propagates the transformation of network functionalities, such as firewalls, deep packet inspection and routing, which are currently running on dedicated and often proprietary hardware appliances, towards virtualized network functionalities, running on standard hardware components. But this new technology comes along with new challenges, especially in terms of security. In the field of NFV security, the European Telecommunication Standards Institute (ETSI) identified several security issues which must be mitigated for deploying secure NFV environments. One aspect is the requirement for an Authenticated Time Service (ATS), which will provide secure time synchronization. An Authenticated Time Service has been designed, implemented and evaluated in this thesis for mitigating the authenticated time problem in NFV. The existing time synchronization solutions such as the Network Time Protocol (NTP) as well as extensions for securing NTP are analyzed. The secure time synchronization protocols which were analyzed are the AutoKey protocol, the Authenticated Network Time Protocol (ANTP) and the Network Time Security (NTS) protocol. The evaluation of ATS shows, that the security requirements for time synchronization protocols, as specified in RFC 7384, are fulfilled. The verification of the certificates used and the check of the revocation status via the Online Certificate Status Protocol (OCSP) introduce additional overhead for establishing a time synchronization association between client and server. Nevertheless, ATS meets not only the functional requirements for an authenticated time service in NFV, but also the requirements for secure time synchronization protocols in general.
Darmstadt, TU, Master Thesis, 2016