| Internet-Draft | PTP AUTH | May 2025 |
| Varigonda & Sige | Expires 14 November 2025 | [Page] |
Precision Time Protocol (PTP), as defined in IEEE 1588-2019, lacks cryptographic security mechanisms, exposing deployments to message spoofing, delay attacks, and timestamp manipulation. This document defines an optional Authentication TLV (AUTH_TLV) using modern Authenticated Encryption with Associated Data (AEAD) algorithms to ensure message integrity,authenticity, and replay protection. It also provides example configurations, implementation approaches, and test strategies.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 14 November 2025.¶
Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.¶
The PTP protocol is widely used for time synchronization in telecom, industrial automation, and financial systems. However, the protocol lacks built-in security. This draft proposes a lightweight extension for cryptographic message authentication and integrity without impacting compatibility.¶
PTP messages are susceptible to:¶
These vulnerabilities can compromise distributed systems relying on synchronized time for control, logs, or access control.¶
A new TLV is introduced as follows:¶
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type = 0xFE00 (TEMP) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | AEAD Algorithm ID | Tag Length (bytes) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Nonce (96 bits) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Authentication Tag (variable) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+¶
The nonce is derived from the message sequence ID and clock ID.¶
Supported AEAD algorithms:¶
The AUTH TLV uses AEAD for combined encryption and authentication, though only authentication is used in this extension. The message body is used as AAD, and only the tag is appended in the TLV.¶
Keys may be provisioned using:¶
As per IEEE 1588 TLV rules, unknown TLVs are ignored by legacy systems. Authentication failures are not enforced unless explicitly configured.¶
Modify ptp4l to:¶
Use the following filter:¶
ptp.messageType && frame contains 0xfe00¶
Custom dissector patches can be developed to interpret the AUTH_TLV fields.¶
- Nonce reuse must be avoided; use a deterministic counter with a unique base per node. - Replay attacks are mitigated by validating sequence IDs and time windows. - Integrity is ensured only for messages using AUTH TLV.¶
Request registration of:¶
[global] auth_tlv_enable 1 auth_algorithm 2 auth_key 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff auth_nonce_base 112233445566778899aabb auth_tag_len 16 auth_debug 1¶
TLV Type: 0xFE00 Length: 32 AEAD ID: 0x0002 Tag Len: 16 Nonce: 00 11 22 33 44 55 66 77 88 99 aa bb Tag: c0 ff ee 12 34 56 78 90 de ad be ef 12 34 56 78¶
draft-kumarvarigonda-ospf-precomputed-frr-00¶
- Initial version including use case, diagram, and examples.¶