摘要
目前,以网络时间协议(NTP)为主要的时间协议应用于有线网络中的时间同步,其在广域网中可以实现十几毫秒、局域网中实现几毫秒的同步精度.然而,由于协议的开放性,其在无安全防护的情况下极易受到网络攻击,这给需要高安全的客户带来潜在的风险.NTP可以增加安全策略来应对可能的安全风险,将消息摘要(MD)中的MD5和安全散列算法(SHA)中的SHA-1引入NTP算法,有效地验证了数据完整性,防止数据包被篡改,以保证时间同步的安全性.进一步,针对这两类算法提出对NTP包关键数据帧Hash加密,在保持良好同步精度的同时可进一步提高时间同步的安全性.通过实验对比了MD5和SHA-1算法加入所带来同步效果的影响.结果表明:在MD5和SHA-1算法加入后,NTP依然能保持毫秒级的同步性能,这对于实现NTP安全时间同步方法具有重要意义.
At present,the network time protocol(NTP)is the main time protocol used for time synchronization in wired networks.It can achieve a synchronization accuracy of more than ten milliseconds in wide area networks and a few milliseconds in local area networks.However,due to the openness of the protocol,there is no security protection.Under the circumstances,it is extremely vulnerable to network attacks,which brings potential risks to customers who need high security.The NTP protocol can increase security strategies to deal with possible security risks.The message digest algorithm 5(MD5)and the secure hash algorithm(SHA-1)message digest algorithm is introduced into the NTP protocol algorithm,which is effective to verify data integrity and prevent data packets from being tampered with to ensure the security of time synchronization.Further,for these two types of algorithms,Hash encryption of key data frames of NTP packets is proposed,which can further improve the security of time synchronization while maintaining good synchronization accuracy.Experiments have compared the influence of the synchronization effect brought by the addition of the algorithm.The results show that after the message digest algorithm is added,NTP can still maintain millisecond-level synchronization performance,which is of great significance to the realization of the NTP secure time synchronization method.
作者
陈曦
臧文驰
马明
龚航
孙广富
CHEN Xi;ZANG Wenchi;MA Ming;GONG Hang;SUN Guangfu(College of Electronic Science and Technology,National University of Defense Technology,Changsha 410073,China)
出处
《全球定位系统》
CSCD
2021年第5期84-91,共8页
Gnss World of China
基金
国家部委资助项目(2019-JCJQ-JJ-190)。
