NTS is an essential development of NTP, adding a much needed layer of security to a protocol that is more than 30 years old and vulnerable to Man-in-the-Middle (MITM) attacks. With many of today’s most important security processes dependent on accurate time, the consequences of receiving time from a malicious source are serious. Everything from establishing encrypted sessions and using DNSSEC to time-stamping financial transactions and preventing online fraud depends on accurate and secure time.
“As a leading player in providing services at the core of the Internet, Netnod is proud to be at the forefront of NTS,” said Lars Michael Jogbäck, Netnod CEO. “Developing services such as NTS is part of Netnod’s commitment to ensuring that the Internet is as secure and robust as possible for everyone.”
Netnod’s NTP service, funded by the Swedish Post and Telecom Authority (PTS), uses a distributed timescale on autonomous nodes throughout Sweden to provide a time service available over IPv4 or IPv6 and traceable to within 250 nanoseconds of official Swedish time UTC(SP). Each site has redundant servers, 2 caesium clocks, and 2 FPGA boards providing an extremely fast hardware implementation of NTP.
Netnod’s NTS-enabled NTP service is freely available to anyone. You can point your NTS-enabled NTP client (using port 4443*) to one of the following servers:
nts.ntp.se (for users anywhere in the world)
nts.sth1.ntp.se (for users close to Stockholm)
nts.sth2.ntp.se (for users close to Stockholm)
* Note that the NTS protocol is still a so-called Internet-draft within the IETF. Once It is ratified and becomes an RFC, the port number used could change.
Current NTP clients supporting NTS (two of which were written by Netnod staff) include:
https://gitlab.com/NTPsec/ntpsec (one of the first established NTP implementations to add official support for NTS)
https://github.com/Netnod/nts-poc-python (a Python implementation written by Christer Weinigel, Netnod)
https://gitlab.com/hacklunch/ntsclient (a Go implementation written by Michael Cardell Widerkrantz - Netnod, Daniel Lublin - lublin.se, and Martin Samuelsson)
For more details on Netnod’s work on developing NTS, and how the protocol works, see this recent post on the Netnod blog.
Netnod provides critical infrastructure support ranging from interconnection services and Internet Exchanges to DNS services, root server operations and activities for the good of the Internet. As innovators at the core of the Internet with a worldwide reputation for our services and the expertise of our staff, we ensure a stable and secure Internet for the Nordics and beyond. Netnod’s range of activities include: running interconnection services and the largest Internet Exchange in the Nordics (länka till, https://www.netnod.se/ix) providing secondary DNS services to partners, enterprises and some of the largest TLDs in the world (länka till, https://www.netnod.se/dns) operating I-root, one of the world’s 13 root name servers (länka till, https://www.netnod.se/i-root) providing Time and Frequency (NTP, NTS and PTP) services for Sweden (Länka till https://www.netnod.se/time-and-frequency) Established in 1996 as a neutral and independent Internet infrastructure organisation, Netnod is based in Sweden and fully owned by the non-profit foundation TU-stiftelsen (Stiftelsen för Telematikens utveckling).