检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:张旭博[1] 黄河 廖章梁 ZHANG Xu-bo;HUANG He;LIAO Zhang-liang(No.30 Institute of CETC,Chengdu Sichuan 610041;Unit 61660 of PLA,Beijing 100089;Department of Data Information,Hunan Military Region,Hunan Changsha 410011,China)
机构地区:[1]中国电子科技集团公司第三十研究所,四川成都610041 [2]中国人民解放军61660部队,北京100089 [3]湖南省军区数据信息室,湖南长沙410011
出 处:《通信技术》2020年第11期2806-2810,共5页Communications Technology
摘 要:NTP是互联网上进行时间同步的应用底层协议,NTP客户端通过不断向服务器发送同步请求,做到自动和持续调节时钟,已成为国防、通信、金融、电力互联网等领域广泛使用的时间同步工具。通过对NTP协议、通信过程分析,发现NTP在缓冲区溢出、时间同步系统、消息摘要和自动分发等加密认证过程、客户端服务器间的安全认证机制等方面存在漏洞,容易受到攻击。通过对NTP进行梳理和初步的实验验证,实验证明,NTP的协议和使用漏洞可致时延变长、客户端同步于伪造服务的虚假时间或无法与合法服务器同步等效果,最后给出了安全建议。NTP is an application underlying protocol for time synchronization on the Internet.The NTP client can automatically and continuously adjust the clock by continuously sending synchronization requests to the server.The NTP protocol has become a time synchronization tool widely used in the fields of national defense,communications,finance,and power Internet.Based on analysis of the NTP protocol and communication process,it is found that NTP has loopholes in the encryption authentication process such as buffer overflow,time synchronization system,message digest and automatic distribution,and the security authentication mechanism between client and server,and thus is vulnerable to attacks.Careful combing and preliminary experiments indicate that the NTP protocol and usage vulnerabilities can cause the delay to increase,the client synchronizes with the fake time of the forged service,or fails to synchronize with the legitimate server,etc.Finally,safety recommendations are given.
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.171
