Title :
Security improvements for IEEE 1588 Annex K: Implementation and comparison of authentication codes
Author :
Önal, Cagri ; Kirrmann, Hubert
Author_Institution :
ABB Switzerland Ltd., Baden, Switzerland
Abstract :
IEEE 1588 Annex K describes a security mechanism for clock synchronization based on authentication of the PTP messages through HMAC. Since the standard was published, several new improved authentication algorithms were implemented and tested, in particular GMAC, XCBCMAC and CMAC, which provide the same level of security. Simulations and measurements show that contrarily to popular belief, these algorithms allow to authenticate on-the-fly the one-step Sync or Pdelay_Resp messages even at 1 Gbit/s. Faster algorithms would improve throughput only marginally. It was also found that the present security association and key management could be improved. These results should be considered for a next revision of Annex K. Such changes should first be coordinated with other protocols, in particular IEC 62351 and IEC 62439-3, to achieve a unified, hardware-implemented security for all Layer 2 protocols.
Keywords :
IEEE standards; computer network security; protocols; synchronisation; GMAC; HMAC; IEC 62351; IEC 62439-3; IEEE 1588 Annex K; Layer 2 protocols; PTP messages; XCBCMAC; authentication codes; clock synchronization; security improvements; Authentication; IEC standards; Protocols; Radiation detectors; Synchronization; CMAC; GMAC; HMAC; IEC 62351; IEC 62439-3; IEEE 1588; PTP; XCBCMAC; authentication;
Conference_Titel :
Precision Clock Synchronization for Measurement Control and Communication (ISPCS), 2012 International IEEE Symposium on
Conference_Location :
San Francisco, CA
Print_ISBN :
978-1-4577-1714-7
DOI :
10.1109/ISPCS.2012.6336632
