{"title":"IEEE 1588附录K的安全性改进:认证码的实现和比较","authors":"Cagri Onal, Hubert Kirrmann","doi":"10.1109/ISPCS.2012.6336632","DOIUrl":null,"url":null,"abstract":"IEEE 1588 Annex K describes a security mechanism for clock synchronization based on authentication of the PTP messages through HMAC. Since the standard was published, several new improved authentication algorithms were implemented and tested, in particular GMAC, XCBCMAC and CMAC, which provide the same level of security. Simulations and measurements show that contrarily to popular belief, these algorithms allow to authenticate on-the-fly the one-step Sync or Pdelay_Resp messages even at 1 Gbit/s. Faster algorithms would improve throughput only marginally. It was also found that the present security association and key management could be improved. These results should be considered for a next revision of Annex K. Such changes should first be coordinated with other protocols, in particular IEC 62351 and IEC 62439-3, to achieve a unified, hardware-implemented security for all Layer 2 protocols.","PeriodicalId":153925,"journal":{"name":"2012 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control and Communication Proceedings","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"29","resultStr":"{\"title\":\"Security improvements for IEEE 1588 Annex K: Implementation and comparison of authentication codes\",\"authors\":\"Cagri Onal, Hubert Kirrmann\",\"doi\":\"10.1109/ISPCS.2012.6336632\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"IEEE 1588 Annex K describes a security mechanism for clock synchronization based on authentication of the PTP messages through HMAC. Since the standard was published, several new improved authentication algorithms were implemented and tested, in particular GMAC, XCBCMAC and CMAC, which provide the same level of security. Simulations and measurements show that contrarily to popular belief, these algorithms allow to authenticate on-the-fly the one-step Sync or Pdelay_Resp messages even at 1 Gbit/s. Faster algorithms would improve throughput only marginally. It was also found that the present security association and key management could be improved. These results should be considered for a next revision of Annex K. Such changes should first be coordinated with other protocols, in particular IEC 62351 and IEC 62439-3, to achieve a unified, hardware-implemented security for all Layer 2 protocols.\",\"PeriodicalId\":153925,\"journal\":{\"name\":\"2012 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control and Communication Proceedings\",\"volume\":\"2 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-10-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"29\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control and Communication Proceedings\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISPCS.2012.6336632\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control and Communication Proceedings","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISPCS.2012.6336632","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Security improvements for IEEE 1588 Annex K: Implementation and comparison of authentication codes
IEEE 1588 Annex K describes a security mechanism for clock synchronization based on authentication of the PTP messages through HMAC. Since the standard was published, several new improved authentication algorithms were implemented and tested, in particular GMAC, XCBCMAC and CMAC, which provide the same level of security. Simulations and measurements show that contrarily to popular belief, these algorithms allow to authenticate on-the-fly the one-step Sync or Pdelay_Resp messages even at 1 Gbit/s. Faster algorithms would improve throughput only marginally. It was also found that the present security association and key management could be improved. These results should be considered for a next revision of Annex K. Such changes should first be coordinated with other protocols, in particular IEC 62351 and IEC 62439-3, to achieve a unified, hardware-implemented security for all Layer 2 protocols.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
