Abstract: | The IEEE 1588 standard defines the Precision Time Protocol (PTP), an emerging technology for high precision timing and clock distribution networks. We present experimental results from a PTP test bed that demonstrate several new types of covert channel communications, which allow PTP protocol to be used for data exfiltration and other unauthorized network communication. We then expand upon this work to demonstrate three new code injection zero-day vulnerabilities in the PTP protocol, and develop proof-of-concept exploits for these attacks. In one attack, we demonstrate the ability to induce temporal vortex errors at will for arbitrary periods of time. In a second attack, we demonstrate a novel man-in-the-middle (MITM) packet injection exploit against the PTP network that produces large, incorrect timing offsets at PTP timeReceiver nodes. In a third attack, we demonstrate the use of specific meta-data payloads to generate large timeTransmitter (i.e. master clock) offsets, and to manipulate not just the clock offset but the actual clock frequency itself. We also discuss proposed mitigation techniques and directions for further research. |
Published in: |
Proceedings of the 55th Annual Precise Time and Time Interval Systems and Applications Meeting January 22 - 25, 2024 Hyatt Regency Long Beach Long Beach, California |
Pages: | 77 - 86 |
Cite this article: | McPadden, Lillian, Herrera, Elizabeth, Jacobs, Luke, DeCusatis, Casimer, Wojciak, Paul, Kaiser, Clay, Guendert, Steve, "Covert Channels and Data Injection Vulnerabilities for IEEE 1588 Precision Time Protocol Using PTP4L," Proceedings of the 55th Annual Precise Time and Time Interval Systems and Applications Meeting, Long Beach, California, January 2024, pp. 77-86. https://doi.org/10.33012/2024.19588 |
Full Paper: |
ION Members/Non-Members: 1 Download Credit
Sign In |