Requirements for Secure Clock Synchronization
Abstract
This paper establishes a fundamental theory of secure clock synchronization. Accurate clock synchronization is the backbone of systems managing power distribution, financial transactions, telecommunication operations, database services, etc. Some clock synchronization (time transfer) systems, such as the Global Navigation Satellite Systems (GNSS), are based on oneway communication from a master to a slave clock. Others, such as the Network Transport Protocol (NTP), and the IEEE 1588 Precision Time Protocol (PTP), involve twoway communication between the master and slave. This paper shows that all oneway time transfer protocols are vulnerable to replay attacks that can potentially compromise timing information. A set of conditions for secure twoway clock synchronization is proposed and proved to be necessary and sufficient. It is shown that IEEE 1588 PTP, although a twoway synchronization protocol, is not compliant with these conditions, and is therefore insecure. Requirements for secure IEEE 1588 PTP are proposed, and a second example protocol is offered to illustrate the range of compliant systems.
I Introduction
Secure clock synchronization is critical to a host of technologies and infrastructure today. The phasor measurement units (PMUs) that enable monitoring and control in power grids need timing information to synchronize measurements across a wide geographical area [1]. Wireless communication networks synchronize their base stations to enable call handoff [2]. Financial networks transfer time across the globe to ensure a common time for pricing and transaction timestamping [3]. Cloud database services such as Google’s Cloud Spanner similarly require precise synchronization between the data centers to maintain consistency [4]. These clock synchronization applications have submillisecond accuracy and stringent security requirements.
Clock synchronization is performed either by overthewire packetbased communication (NTP, PTP, etc.), or by overtheair radio signals (GNSS [2], cellular signals, LORAN [5], DCF77 [6], etc.); both wired and wireless clock synchronization are used extensively. Synchronization by GNSS is the method of choice in systems with the most stringent accuracy requirements. Equipped with atomic clocks synchronized to the most accurate time standards available, GNSS satellites can synchronize any number of stations on Earth to within a few tens of nanoseconds [7]. NTP is usually only accurate to a few milliseconds, but essentially comes for free whenever the host device is connected to a network.
Oneway clock synchronization protocols are based on unidirectional communication from the time master station, A, to the slave station, B. In such protocols, A acts as a broadcast station and may send out timing signals either continuously or periodically. The principal drawback of oneway wireless clock synchronization protocols is their vulnerability to delay attacks in which a maninthemiddle (MITM) adversary nefariously delays or repeats a valid transmission from one station to another. Cryptographic and other measures can improve the security of oneway protocols against delay and other signal and datalevel spoofing attacks [8, 9, 10], but, as will be shown, such protocols remain fundamentally insecure because of their inability to measure round trip time. They can be secured against unsophisticated attacks, but remain vulnerable to more powerful adversaries.
Twoway clock synchronization protocols involve bidirectional communication between stations A and B. Such protocols enable measurement of the round trip time of the timing signal, which is shown to be necessary for detecting MITM delay attacks. This measurement, however, is not by itself sufficient for provable security against such attacks.
This paper establishes a fundamental theory of secure clock synchronization. In contrast to the current literature on timing security [11, 12, 13, 14, 15, 16, 17], the problem is formalized with definitions, explicit assumptions, and proofs. The major contributions of this work are as follows:

Oneway synchronization protocols are shown to be insecure against a MITM delay attack. Adversarial delay is shown to be indistinguishable from clock bias, and hence is unobservable without further assumptions.

The proposed necessary conditions, with stricter upper bounds, are shown to be sufficient for secure synchronization in presence of a probabilistic polynomial time (PPT) adversary. Provable security for clock synchronization has not previously been explored in the literature.

The twoway synchronization scheme of IEEE 1588 PTP is shown to violate a necessary condition for security. This is a known vulnerability of PTP for which a fix has been proposed [11]. Having established a theory for security, this paper is able to show that the proposed fix is sufficient but is not the minimal necessary modification. A more parsimonious security requirement for PTP is presented that is both necessary and sufficient for secure synchronization.

A generic construction of a secure twoway clock synchronization protocol is presented to illustrate the general applicability of the proposed necessary and sufficient conditions to a range of underlying protocols.
This paper is a significant extension of [19], by the same authors: (1) the necessary conditions for security have been revamped to incorporate both continuous and packetbased clock synchronization systems, (2) a sufficiency proof for the security conditions has been formulated, and (3) protocolspecific countermeasures presented in the literature have been unified with the proposed conditions.
Wired clock synchronization is inherently more secure than its wireless counterpart because physical access to cables is easier controlled than access to radio channels. This paper primarily focuses on the more challenging task of clock synchronization over a wireless channel; nonetheless, the attacks and security protocols discussed herein also apply to wireline clock synchronization protocols in the case where the adversary gets access to the channel. For example, if an adversary is able to hijack a boundary clock in a wireline PTP network, then the resulting vulnerabilities are equivalent to that of wireless synchronization where the adversary has open access to the radio channel. In fact, an adversarial boundary clock is even more potent than a wireless adversary since it can completely block the authentic signal from reaching B.
The rest of this paper is organized as follows. Previous works on secure clock synchronization, and their relation to this paper, are summarized in Section II. Section III presents a generic model for clock synchronization and shows that all possible oneway synchronization protocols are insecure. Section IV presents the set of security conditions for a wireless clock synchronization protocol, proving these to be necessary by contradiction. Section V presents a proof of sufficiency for the same set of conditions with stricter upper bounds. A construction of an example secure protocol is presented in Section VI, along with the security requirements for IEEE 1588 PTP. Section VII presents a simulation study of a secure clock synchronization model operating over a simplistic channel model. Concluding remarks are made in Section VIII.
Ii Related Work
GNSS, NTP, and PTP are the most widely used protocols for clock synchronization. A number of research efforts have been made to assess and improve the security of these protocols. This section reviews some of the notable efforts in the literature.
The GNSS jamming and spoofing threat has been recognized in the literature for more than a decade. A survey of the current stateoftheart in spoofing and antispoofing techniques is presented in [8]. Recent works on GNSS antispoofing techniques have specifically focused on the case of timing security. Collaborative multireceiver [16] and direct time estimation [17] techniques have been proposed for robust GNSS clock synchronization.
The growing popularity of IEEE 1588 PTP for synchronization in critical infrastructure has brought about concerns regarding its security [11, 12, 13, 14, 15]. The threats to IEEE 1588 PTP can broadly be categorized into datalevel attacks (such as modification of time messages) and physical layer attacks (such as replay and delay attacks). While cryptographic protocols are able to foil datalevel attacks against realistic adversaries, some signallevel attacks, such as the delay attack, remain open vulnerabilities. Unfortunately, their execution is relatively simple. Signallevel attacks, such as the maninthemiddle attack, have been studied in the recent past. However, these studies only include a brief discussion on countermeasure techniques, and no proof or theoretical guarantee of the efficacy of the countermeasures has been provided.
Ullman et al. [11] propose measuring the propagation delays during initialization of clock synchronization and monitoring the propagation delays during the normal operation of the time synchronization protocol. However, [11] does not prove that such a defense would be sufficient to prevent the delay attacks.
In [13], it is remarked that the clock offset computed between multiple master clocks over a symmetric channel must be zero, and thus, if multiple master clocks are available, they can detect any malicious delay introduced by an adversary. However, this defense does not consider the possibility that the adversary may only delay the packets sent to the slave nodes.
The work presented in [18] is perhaps in closest relation to the current paper. Annessi et al. upper bound the clock drift between subsequent synchronization signals using a drift model, and perform twoway exchange of timestamps such that the master clock is able to verify the time at the slave. Furthermore, given the maximum clock drift rate and the maximum and minimum propagation delay of the timing signal, they derive an upper bound on the adversarial delay that can go unnoticed. However, with conservative bounds on the maximum clock drift rate and the variation in path delays, the accuracy guarantees derived in [18] may be insufficient for certain applications. Moreover, as will be shown in this paper, they fail to take account of one the necessary conditions for secure synchronization.
This paper abstracts the clock synchronization model and assesses its security in a generic setting. It is shown that specialization of the generic security conditions to the particular protocols assessed in the aforementioned efforts leads to solutions similar or identical to those previously advanced. Thus, establishing the fundamental theory of secure clock synchronization also serves to unify the prior work in the literature.
Iii System Model
A  Time master station 

B  Time seeker station 
Transmit time, according to m, of its th signal feature  
Receipt time, according to n, of the th signal feature transmitted by m  
Delay, in true time, experienced by the th feature in propagating from m to n  
Component of introduced by the maninthemiddle adversary  
Component of due to natural factors, including processing, transmission, and propagation delay  
Modeled or a priori estimate of  
Delay, in true time, between the receipt of sync and transmission of response at B  
Delay, according to B, between the receipt of sync and transmission of response at B  
Clock offset between A and B at the time of receipt of the th feature at B  
B’s best estimate of  
Measurement noise associated with the measured timeofarrival of the th signal feature from m at n  
Round trip time, in true time, involving the th and th signal features of A and B, respectively  
Modeled or a priori estimate of  
A noisy measurement of 
A general system model for clock synchronization is shown in Fig. 1. The time seeker station, B, wishes to synchronize its clock to that of the time master station, A. For wireless synchronization applications, stations A and B are assumed to have known locations, and , respectively. Due to clock imperfections, the time at station B, , continuously drifts with respect to , the time at station A. Station B seeks to track the relative drift of its clock by an exchange of signals between A and B. Without loss of generality, this paper assumes is equivalent to true time (relative to some reference epoch), a close proxy for which is GPS system time.
It is assumed that A and B are able to exchange cryptographic keys securely, if required. This exchange may occur over a public channel via a protocol such as the DiffieHellman key exchange [20] or via quantum key exchange techniques [21, 22]. Alternatively, symmetric keys for neighboring stations may be loaded at the time of installation.
Station A sends out a sync signal, , having distinct features which can be disambiguated from one another by observing a window of the signal containing the feature. The transition in marking the beginning of a data packet is an example of such a signal feature. Furthermore, the system at A is designed such that the th feature is transmitted at time . B either knows by prior arrangement, or a digital representation of is encoded in (e.g., a timestamp). In any case, B knows when the th feature was sent, according to A’s clock. This sets up a bijection
(1) 
where represents a window of containing the th feature.
Station B’s received sync signal, denoted , is a delayed and noisy replica of . Let denote the delay (in true time) experienced by the th feature of as it travels from A to B. For lineofsight (LOS) wireless communication, is the sum of the freespace propagation delay over the distance and additional delays due to interaction of the timing signal with the intervening channel.
Iiia OneWay Clock Synchronization Model
In oneway clock synchronization, the exchange of signals between A and B terminates with reception of the sync signal at B. Let denote the time according to B at which the th feature of is received at B. The window captured by B containing the th feature of , denoted , enables B to measure to within a small error caused by measurement noise. This error, , is modeled as zeromean with variance . The measurement itself, denoted , is modeled as
(2) 
where
(3) 
is the unknown time offset B wishes to estimate. As the bijection in (1) is known to B, B can obtain for the th detected feature. If a prior estimate of the delay is available to B, then the desired time offset can be estimated as
(4) 
As a concrete example, consider the case of clock synchronization via GNSS in which B is a GNSS receiver in a known fixed location , and A is a GNSS satellite whose location is known to vary with time as . On detection of the th feature in a window of captured data, B determines using (1) and also makes the measurement
where is the sum of excess ionospheric and neutralatmospheric delays (in distance units) and is the speed of light.
The known receiver and satellite positions can be invoked to model the signal’s propagation delay as
where is a model of the excess delay at the time of receipt of the th feature at B. The modeled excess delay is based on atmospheric models possibly refined by dualfrequency measurements [23]. An estimate of the time offset, , can then be made using , , and in (4).
It must be noted that, for oneway clock synchronization, any errors in the estimate of the distance between A and B, and in the estimate of the excess channel delay, will appear as an error in the estimate of the time offset.
IiiB TwoWay Clock Synchronization Model
As discussed above, if an estimate of is available, then clock synchronization is complete after B receives the sync signal . The response signal from B in a twoway protocol is typically used to either determine, or refine, the estimate of with a measurement of the round trip time (RTT). The ability to measure RTT obviates the requirement that be known a priori. In IEEE 1588 PTP, for example, RTT is measured to initially obtain, and periodically refine, the value of used in deriving from (4).
In the system model considered in this paper, station B transmits a response that is designed such that (1) there is a onetoone mapping between the th feature in and the th feature in , and (2) the th feature’s index can be inferred by observation of a window containing it. Symbolically, if is a window of containing the th feature of the response signal, then
(5) 
On receipt of the th feature in , at time by B’s clock, but at as measured by B, B transmits the th feature in after a short delay, (in true time), hereon referred to as the layover time.
The layover time is introduced as a practical consideration. On receipt of A’s th feature, B is physically unable to transmit its own th feature with zero delay. Thus, B is allowed to specify a short layover time, , after which it intends to launch its th feature. It is important to note that the actual layover time, , will not be the same as the intended layover time due to (1) nonzero measurement noise and (2) nonzero frequency offset of the clock at B with respect to true time. However, if the layover time is sufficiently short and the measurement noise is benign, the difference can be made negligible compared to the time synchronization requirement, with the actual value depending on the quality of B’s clock.
Station A receives the response signal as a delayed and noisy replica of , denoted . The delay experienced by the th feature as it travels from B to A, in true time, is denoted . Station A captures a window of that enables A to identify the th feature in according to (5), and to infer that the received feature is in response to the th feature transmitted by A. Furthermore, A makes a noisecorrupted measurement of the timeofarrival of the th feature in , according to A’s clock. The noise, denoted , is again modeled as zeromean with variance . The full measurement model is given by
Since is exactly known at A, a direct noisy measurement of the round trip time can be made as
(6) 
Note that the noise and in is embedded within and , respectively. Under the assumption of symmetric delays, i.e., , and with knowledge of , the measured RTT in (6) can be exploited to improve the modeled propagation delay for future exchanges between A and B:
where and .
The twoway exchange of sync and response messages is summarized visually in Fig. 2.
Since RTT will play a central role in the discussion on secure synchronization later on, various definitions and assumptions concerning RTT are stated here for clarity:

RTT for the th feature in and the corresponding th feature in is defined as

Measured RTT includes, in addition to RTT, measurement noise at A; it is modeled as

Modeled RTT, also called the prior estimate of RTT, is defined as
(7) For example, in the case of wireless clock synchronization with LOS electromagnetic signals, a prior estimate of RTT is based on the distance between A and B and on models of channel delays in excess of freespace propagation between these.

The modeled RTT, , can be refined with measurements of RTT in a twoway protocol. Alternatively, as will be discussed later, if an accurate modeled RTT is available, it and the measured RTT can be used to detect delay attacks.

Unambiguous measurement of RTT requires that there exist a onetoone mapping between the signal features in and , as mathematically represented in (5). On detection of the th feature in , A must be able to deduce that this feature was transmitted approximately after B received the th feature in . This requirement is appropriately a part of the RTT definition since it enables A to unambiguously measure RTT.
IiiC Attack Model
The attack model in this paper considers a MITM adversary . The available computational resources allow to execute probabilistic polynomial time (PPT) algorithms. can receive, detect, and replay signals from A and B with arbitrarily precise directional antennas. Additionally, has precise knowledge of and , and can take up any position around or between the two stations. It has unrestricted access to the signals that A and B exchange over the air, and has complete knowledge of their synchronization protocol save for the cryptographic keys.
Let denote the alert limit, defined as the error in time synchronization not to be exceeded without issuing an alert.
Definition III.1.
Clock synchronization is defined to be compromised if .
Note that, in the absence of an adversary, clock synchronization is not compromised so long as
However, in the presence of a MITM adversary, the sync signal is delayed or advanced such that
(8) 
where is the natural or physical delay (equal to in the absence of an adversary) and is the adversarial delay. In this case, if
(9) 
then clock synchronization is compromised.
IiiD Vulnerability of OneWay Clock Synchronization
Oneway clock synchronization is fundamentally vulnerable to a delay attack because it provides no mechanism to measure RTT. The adversary can compromise any oneway wireless clock synchronization protocol by retransmitting the authentic sync signal from A such that the retransmitted signal, , overpowers or otherwise supersedes the authentic signal . In the absence of additional assumptions beyond those underpinning the oneway protocol described earlier, can introduce an arbitrary delay in its retransmission, thereby compromising the synchronization process.
Note that whereas counterfeit signal attacks can be prevented by authentication and cryptographic methods [24], these techniques do not prevent delay attacks because the delayed or repeated signal has the same cryptographic characteristics as that of the genuine signal, the only difference being that it is received with a (possibly small) additional delay.
The delay introduced by is added to the natural delay, , of the signal between A and B. As a result, an error of is introduced in the estimated time offset at B. From (4), it follows that
(10) 
where it is assumed that the error due to inaccurately modeled delay is negligible and that . In the absence of an RTT measurement, and without further assumptions on the nature of the protocol or the clock drift model considered, the adversarial delay is indistinguishable from a clock offset of the same magnitude.
To be sure, measures can be taken to make a MITM delay attack harder to execute without detection. But, importantly, these measures cannot guarantee that the synchronization will remain uncompromised. Various measures proposed in the literature, and their shortcomings, are discussed below.
Received Signal Strength Monitoring
The adversary might attempt to overpower the authentic signal in order to spoof the sync message, leading to an increase in the total signal power received at B. Station B could monitor the received signal strength (RSS) to detect such an attack [25]. However, a potent adversary could transmit, in addition to its delayed signal, an amplitudematched, phaseinverted nulling signal that annihilates the authentic sync signal as received at B, thus preventing an unusual increase in received power at B. If is positioned along the straightline path between A and B, nulling of can be effected without prior knowledge of . A laboratory demonstration of such nulling is reported in [26].
Selective Rejection of False Signal
If B receives both the authentic and false (delayed) sync signals, it may be able to apply angleofarrival or signal processing techniques to selectively reject the delayed signal [8, 9, 27, 28]. However, discrimination based on angleofarrival fails if is positioned along the line from A to B, and, as conceded in [9], signalprocessingbased techniques for selective rejection of false signals can be thwarted by an adversary transmitting an additional nulling signal, as described above.
Collaborative Verification
Multiple time seekers may attempt to synchronize to the same time master. In this scenario, the time seekers can potentially detect malicious activity by crosschecking the received signals [16]. In the simplest implementation, all time seekers can collaborate to verify that they are synchronized amongst each other. In case of an uncoordinated attack against a subset of time seekers, this verification would expose the attack since the time offset computed at the attacked subset would be different from that computed at the other stations. In principle, however, it is possible for an adversary to execute a coordinated attack against all the time seekers, thus concealing its presence.
Iv Necessary Conditions for Secure Synchronization
This section presents a set of conditions for secure twoway clock synchronization and proves these to be necessary by contradiction. In other words, it is shown that if a twoway clock synchronization protocol does not satisfy any one of these proposed conditions, there exists an attack that can compromise clock synchronization without detection.
It is important to note that the ability to measure RTT in a twoway protocol is necessary, but not sufficient, for provably secure synchronization. As an example, IEEE 1588 PTP is a twoway protocol that has been proposed as an alternative to GNSS for submicrosecond clock synchronization in critical infrastructure such as the PMU network. But, despite the bidirectional exchange between stations, and hence the ability to measure RTT, recent work has shown that PTP is vulnerable to delay attacks in which a MITM introduces asymmetric delay between A and B. Asymmetric delay breaks the assumption that and leads to an erroneous prior for and for future exchanges. This vulnerability is documented in both the literature [11, 13, 18] and the IEEE 15882008 standard. Thus, a secure twoway clock synchronization protocol must satisfy additional security requirements beyond the ability to measure RTT.
The conditions introduced below are not tied to any specific protocol, unlike some measures proposed in the current literature [11, 12, 13, 14, 15, 16, 17]. They are generally applicable to any twoway protocol (e.g., PTP) for which the foregoing twoway synchronization model applies.
Assuming the time master A initiates the twoway communication, the necessary conditions for secure clock synchronization are as follows:

Both A and B must transmit unpredictable waveforms to prevent the adversary from generating counterfeit signals that pass authentication. In practice, this implies the use of a cryptographic construct such as a message authentication code (MAC) or a digital signature.

The propagation time of the signal must be irreducible to within the alert limit along both signal paths. For wireless clock synchronization, this condition implies synchronization via LOS electromagnetic signals as .

The RTT between A and B must be known to A and measurable by A to within the alert limit . The RTT must include the delays internal to both A and B, in addition to the propagation delay. Station A must know of any intentional delay introduced by B, such as the layover time introduced earlier.
Iva Proof of Necessity of Conditions
IvA1 Stations A and B must transmit unpredictable signals
To prove this condition is necessary, two scenarios are considered: a) station A transmits a signal waveform that is predictable, and, b) station B transmits a signal waveform that is predictable.
is predictable
can compromise synchronization without detection as follows:

takes up a position between A and B along the line joining the antennas at the two stations.

initially transmits a replica of such that B receives identical signals from both A and . Subsequently, increases its signal power or otherwise supersedes (e.g., via signal nulling, as discussed earlier) such that B tracks , the signal transmitted by . (Hereafter, whenever signals from compete with those from A or B, it will be assumed that those from exert control.)

Exploiting the predictability of , advances its replica with respect to by , where . B tracks the advanced signal, resulting in an error of in the computed as shown in (10).

B transmits the unpredictable response compliant with the prearranged layover time . intercepts this signal from B, and replays it to A with a delay of , causing A to track the delayed signal. As a result, the RTT is as A expects. In summary:
Thus, undoes the effect of its sync advance, preventing A from detecting the attack.
is predictable
can compromise synchronization without detection by replicating B’s behavior:

takes up a position between A and B along the line joining the antennas at the two stations.

receives the sync signal and generates a valid response with a delay
(11) such that the RTT is , as A expects.

records the unpredictable signal from A and replays it to B with an arbitrary delay . This results in an error of approximately in the computed at B, as shown in (10).
IvA2 Propagation time must be irreducible to within
If there exists a channel that reduces the propagation time from A to B or from B to A by more than as compared to the channel used by A and B, then can compromise synchronization without detection. The following attack assumes the propagation time from A to B is reducible by more than ; a similar attack exploits the situation in which the propagation time from B to A is reducible by more than .

records the sync signal going from A to B.

makes the recorded signal reach B advanced by compared to , where . An error of is introduced in the time offset value computed at B as shown in (10).

records the response signal , which has the expected prearranged layover time . replays this signal to A with a delay of such that the RTT is consistent with what A expects.
IvA3 RTT known to and measurable by A to within
Synchronization can be compromised without detection if with nonnegligible probability even in the absence of an adversary. This condition can be met if a) the prior estimates , , or are not accurate to the corresponding true values to within , or b) the magnitude of the measurement error sum is larger than . Note that the condition compromises synchronization even absent an adversary. An adversary can exploit the condition as follows:

initially transmits a replica of such that B receives identical signals from both A and . Subsequently, introduces a delay in the replayed signal . As assumed earlier, exerts control and introduces an error of approximately in the computed at B, as shown in (10).

Station B transmits the response signal with the prearranged layover time with respect to the delayed signal.

In the received signal , A identifies the expected feature . The RTT, if measurable, includes the delay introduced by .

However, A is unable to definitively declare an attack, since the errors in the modeled RTT and/or the measurement of RTT are possibly larger than . In other words, it is not possible to claim that only in the presence of adversarial delay.
V Proof of Sufficiency
This section presents a sufficiency proof for the set of security conditions proposed in the previous section. A sufficiency proof guarantees secure synchronization under the considered system and attack models. This paper draws inspiration from the literature on modern cryptography and formalizes the problem of secure clock synchronization with explicit definitions, assumptions, and proofs.
Va Assumptions
This proof assumes that the system under consideration strictly complies with the set of necessary security conditions. Specifically,

Both A and B use an authenticated encryption scheme to generate unpredictable and verifiably authentic signals in the presence of a probabilistic polynomial time (PPT) adversary.

The difference between the RTT along the communication channel between A and B and the shortest possible RTT is negligible as compared to .

The difference between the modeled delays and and the true delays and , respectively, is negligible as compared to .
(12) and
(13) Furthermore, A and B agree upon a fixed layover time , and the difference between this and the true layover time is negligible: .

The standard deviation of the noise corrupting the measurements and is negligible compared to the alert limit:
(14)
Notice that the above assumptions are the same as the necessary conditions in Section IV, but with stricter upper bounds on the conditions.
If symmetric keys are exchanged prior to synchronization, then privatekey cryptographic schemes such as EncryptthenMAC [29] can be used for authenticated encryption. Alternatively, if the keys must be exchanged over a public channel, then digital signatures [30] can be used to authenticate the encrypted messages. Cryptographic authentication schemes like MAC and digital signatures generate a tag associated with a message. Qualitatively, a MAC or digital signature scheme is secure if a PPT adversary, even when given access to multiple valid messagetag pairs of its own choice (as many as possible in polynomial time), cannot generate a valid tag for a new message with nonnegligible probability. Irrespective of the cryptographic scheme used, this proof assumes that the probability of generating a new valid sync or response signal is a negligible function of the key length :
(15) 
To detect an attack before the synchronization error exceeds , A must select a threshold lower than beyond which an attack is declared. Consider the modeled RTT, , as defined in (7), and the measurement as defined in (6). A threshold less than , say with , is set by station A such that if , then an attack is declared.
VB Definitions
Definition V.1.
A PPT adversary succeeds if clock synchronization is compromised (Definition III.1) and
Definition V.2.
Fasterthanlight (superluminal) propagation is defined to be hard if cannot propagate a signal at a speed higher than the speed of light with nonnegligible probability. Under hardness of superluminal propagation
Definition V.3.
A clock synchronization protocol is defined to be secure if, under the hardness of superluminal propagation assumption,
where for is defined in Definition V.1.
VC Proof
In the presence of an adversary , the measurement is modeled as
(16) 
Let and denote the error in the modeled signal delay due to natural/physical phenomenon. Also, let be the difference between the intended layover time and the actual layover time . Note that these might be positive or negative.
(17)  
(18)  
(19) 
From (7), (16), (17), (18), and (19) it follows that
Following the assumptions in (12) and (13), the residual delays are negligible in comparison to :
(20)  
(21) 
This assumption is reasonable since otherwise the system could not confidently meet the accuracy requirements even in the absence of an adversary. Also, if is a short time interval and the measurement noise is benign, it is reasonable to assume that
(22) 
Note that can advance the signal by (a) forging a valid message/tag pair, or (b) propagating the signal fasterthanlight. The assumptions of secure MAC and hardness of superluminal propagation enforce that
In order to stay undetected, the adversary must ensure
(23) 
At the same time, in order to compromise time transfer, from (9), must ensure
(24) 
The probability of success for is evaluated as
(25) 
In the case where , (24) simplifies to
Substituting the least possible value of into (23), it follows that
Notice that from the assumptions made in (14), (20), (21), and (22), all terms except and on the lefthand side of the inequality are negligible compared to ; thus,
Since both and are defined to be positive, the above inequality simplifies to
where . Thus, for to succeed in the case where , we must have that . As a result
Thus, from (25)
Qualitatively, the proof presented here argues that for the adversary to succeed, it needs to either advance the sync signal (), or advance the response signal (). With the use of a secure MAC (or digital signature) and the hardness of superluminal propagation, the adversary can only succeed with a negligible probability.
Vi Secure Constructions
This section specializes the necessary and sufficient conditions for secure clock synchronization to IEEE 1588 PTP. In addition, it presents an alternative to PTP for wireless synchronization—a compliant synchronization system with GNSSlike signals.
Via Secure IEEE 1588 PTP
The necessary and sufficient conditions for secure synchronization, as adapted to IEEE 1588 PTP, are as follows:

Stations A and B must use an authenticated encryption scheme to prevent from generating valid message/tag pairs.

The difference between the path delays between A and B and the shortest possible path delays must be negligible as compared to . For wireless PTP [31, 32], this implies communicating over the LOS channel as . For traditional wireline PTP, A and B must attempt to communicate over the (nearly) shortest possible path.

The path delay, which is usually estimated from the RTT measurements, must be accurately known a priori for secure synchronization. The RTT measurements must be verified against the expected RTT. This implies that the layover time must also be known to A.
Note that in the usual PTP formulation, the path delay is measured and used by the time seeker B. To this end, in the usual formulation A sends the transmit time of the sync message and the receipt time of the delay_req message (in PTP parlance). Similar conventions may be accommodated in the system model presented in this paper, wherein A sends the values of , , and to B, and the following calculations may be performed and used at B. However, this would only be a cosmetic change and does not affect the arguments in this paper.
The first security condition has already been proposed in the IEEE 15882008 standard. The second condition, however, has not been considered in any of the earlier works in the literature. Following the depiction of sync and response signal exchange in Fig. 2 and the attack strategy outlined in Section IVA2, Fig. 3 illustrates an example attack against a PTP implementation that does not satisfy the second necessary condition. Notice that the existence of a shorter time path enables to advance the sync signal relative to the authentic message from A. Subsequently, is able to undo the effect of the advance on the RTT by delaying the response signal from B to A. Station A does not measure any abnormality in the RTT, and thus cannot raise an alarm. Meanwhile, synchronization has been compromised at B.
The third condition is similar to the proposal in [11] of measuring the path delays during initialization and monitoring the delays during normal operation. However, [11] requires that B respond to A with zero delay during initialization to enable measurement of the reference delays. This condition is sufficient, but not necessary for secure synchronization. The system is in fact secure even if B is allowed a fixed layover time. Fig. 4 illustrates an example attack against a PTP implementation in violation of the third necessary condition. Note that the uncertainty of the a priori estimate of the RTT () is larger than the alert limit, violating the third necessary condition which requires that the expected RTT be known to within the alert limit (and with much higher accuracy for provable sufficiency). Even though the measured RTT in this case is inconsistent with the expected RTT, it cannot be definitively flagged as an attack since benign variations in the RTT may also have led to the observed RTT.
Interestingly, at first sight, the third security condition in this paper does not resemble the proposed defense in [18] that enforces an upper bound on the synchronization error accumulated between sync messages and recommends that B send its timestamps to A periodically for verification. As explained next, this condition is in fact equivalent to the condition of known and measurable RTT, when adapted according to the system model considered in [18].
Note that the requirement of a zero delay in [11], or a short layover time in this paper, enables A to measure the RTT since the transmit time of the th feature in , that is , can be approximately traced back to A’s clock to within the alert limit as . Enforcing the synchronization error to within and transmitting B’s timestamp to A achieves the same objective for the defense in [18], since the transmit time from B can be traced back to A’s clock with the assumed approximate synchronization. Therefore, the proposed countermeasures in [11] and [18] are two different incarnations of the third security condition proposed in this paper. Of course, the failure of both [11] and [18] to address the second necessary condition makes their proposed defenses vulnerable to an adversary that can communicate along a shorter time path between A and B.
ViB Alternative Compliant System
This section describes an alternative wireless clock synchronization protocol that satisfies the set of necessary and sufficient conditions presented in Section IV. The proposed protocol involves bidirectional exchange of GNSSlike pseudorandom codes for continuous clock synchronization, in contrast to discrete packetbased synchronization techniques such as NTP and PTP. It is offered here to illustrate the general applicability of the proposed necessary and sufficient conditions to a range of underlying protocols. Such a protocol can potentially be applied in twoway satellite time transfer and terrestrial wireless clock synchronization systems for continuous clock synchronization, in contrast to the packetbased discrete synchronization in NTP/PTP.
The time master A and the time seeker B communicate wirelessly over the LOS channel between the nodes. To simplify the analysis, it is assumed that A and B securely share long sequences of pseudorandom bits prior to synchronization. These sequences of bits will later enable generation of unpredictable signals. The pseudorandom sequence for A has the form
The pseudorandom code for A is then generated as
where denotes the time according to A at which the start of the th bit in A’s signal is transmitted. The pseudorandom nature of ensures that has good crosscorrelation properties, which enables an accurate measurement of the timeofarrival of A’s signal at B, that is, . Station A modulates a carrier with the code and transmits a signal whose complex baseband representation is given as
This signal is received at B as
where all symbols have their usual meanings as detailed in Section III. Station B captures a window of and correlates it with a local replica of . The result of the correlation enables B to detect the start of the th bit of in the window, and provides a measurement
of the timeofarrival of the th bit at B. Furthermore, the relationship between the start of the th bit and enables B to infer the latter.
If a prior estimate of is available, then B estimates the clock offset as in (4).
Similar to the pseudorandom sequence and code construction for A, B generates its unpredictable code . A and B agree on a onetoone mapping between and such that B responds with the th bit of on reception of the start of the th bit of . Furthermore, A and B agree that the start of the th bit of will have a codephase offset of with respect to the start of the th bit of . Station B transmits the response signal as
such that
according to the time at B. In true time, the epoch corresponds to
Station A receives the response as
and captures a window of the signal . A correlates with a local replica of to detect the start of the th bit of . This enables A to measure the timeofarrival
Moreover, the detection of the th bit indicates that it was transmitted in response to the receipt of the start of the th bit of . Since A knows the start time of the th bit as , it measures the RTT as described in (6).
Note that the exchange of onetime pad sequences enables the proposed system to satisfy the first security condition. Wireless LOS communication satisfies the second security condition, and the knowledge of the codephase layover offset enables A to make an accurate prior estimate of the RTT within the alert limit, thereby satisfying the third security condition. Thus, the proposed system complies with all three necessary and sufficient conditions for secure clock synchronization.
Vii System Simulation
This section presents a simulation study of a secure clock synchronization model operating over a simplistic channel model. Unlike the abstract treatment of delays in the security derivations presented earlier, the simulation is carried out with models of delays experienced by the synchronization messages over a real channel. This study also expounds the interplay between slave clock stability, security requirements, attack models, and attack detection thresholds that must be determined in a practical synchronization system. The channel and attack models developed in this simulation are not comprehensive. Rather, relatively simple models are considered to clearly demonstrate the underlying principles. More sophisticated channel and attack models can similarly be analyzed by following the outline of this simulation.
Viia Channel Model
The simulated system resembles a traditional local area network, and is schematically depicted in Fig. 5. As before, A and B are the time master and seeker stations, respectively. The messages between these stations pass through a series of routers. Each router is under network traffic loading generated by the nodes labeled T. The routers perform simple packet forwarding, i.e., no cryptographic operations or complex payload modifications are performed. Each router transmits the queued packets at a service rate of 1 Gbps. Each network packet is assumed to have a size of 1542 bytes. The MITM adversary maliciously inserts itself along the communication path between A and B.
The sync and response packets from A and B experience processing and queueing delay at each router, and propagation/link delay between routers. Queueing delay is the duration for which the packet is buffered in the router before it can be transmitted. Processing delay is the time taken by the router to process the packet header, for example, to determine the packet’s destination. Since the routers in this simulation perform simple packet forwarding, the processing delay is negligible as compared to the queueing delay [33]. The propagation/link delay is also insignificant for local networks because the propagation speed is a comparable fraction of the speed of light. Thus, only the queueing delay significantly contributes to the overall channel delay variations.
Let the network idle probability for a particular router, denoted by , be defined as the probability of the router queue being empty at a randomly chosen time instant. Since the synchronization packets are delaysensitive, the routers in this simulation implement nonpreemptive priority scheduling for synchronization packets when the queue is not empty. This means that on arrival of a sync or response packet, the router is allowed to complete the transmission of the data packet currently being serviced, if any, but is required to service the delaysensitive packet before the other network data in the queue. Since the time period between consecutive syncresponse pairs is quite large as compared to the RTT for a given pair, it is assumed that a router never has more than one delaysensitive packet in its queue. Under such scheduling, the delay experienced by the timing messages is best modeled as follows: with probability , the total router delay is zero, and with probability () the total router delay is uniformly distributed between zero and the maximum time to service a packet of length 1542 bytes ( microseconds for a Gigabit router).
Given the above channel specifications and values for and , it is possible to perform a Monte Carlo simulation to obtain the anticipated RTT , which is taken to be the empirical mean of the RTT measurements in the simulation, and the associated standard deviation . As shown in Fig. 6, in case of a single syncresponse pair measurement, the RTT has an empirical mean of microseconds and an empirical standard deviation of microseconds with and . Observe that even for a relatively small , the empirical distribution approaches the Gaussian shape, but has slightly heavier tail on the higher end of the delay. The distribution for mean of batches of observations has a smaller empirical standard deviation of microseconds.
ViiB System and Security Requirements
The clock at the time seeker B drifts with respect to the true time clock at A unless corrected by a sync message from A. As before, let denote the alert limit for the system. Let denote a time duration over which a perfectly synchronized clock at B at the beginning of the duration, absent an adversary, drifts more than for some with a probability smaller than an acceptably small bound .
In the system under simulation, the clock offset for B is estimated and corrected for every seconds. By definition of , it holds that if the clocks at A and B are perfectly synchronized after every seconds, then the natural drift envelope of B’s clock does not exceed with an unacceptably high probability. Define
Observe that if an adversary is able to introduce a synchronization error larger than , then the system is compromised since the natural drift of the clock at B could potentially lead to a clock offset greater than before the next synchronization interval, with a probability greater than . Thus, A must flag any adversarial delay greater than with probability higher than a desired detection probability, denoted by . It is worth noting that this practical complication of the magnitude of was abstracted in the sufficiency proof, where the threshold was set to for .
In general, A makes multiple measurements of the RTT between A and B over the time period . As shown in Fig. 6, the mean of multiple observations over has a distribution with a smaller standard deviation as compared to that of a single observation. In the simulated system, if no attack is detected, A updates every seconds based on the empirical mean of the RTT measurements made over that period. Note that even though is updated based on the measurements, no updates are applied to and , which are predetermined by simulation or measurements under a secure calibration campaign.
The empirical mean of the measured RTT is taken as the test statistic to detect an attack. For the attack model detailed next, it can be shown that this test statistic becomes optimal for large values of [34].
ViiC Attack Model
The synchronization system considered in this simulation complies with the necessary security conditions presented in this paper. Consequently, the adversary is unable to advance the sync or response messages, and can only increase the RTT measured by A relative to the authentic RTT. This simulation considers a simple adversary model that introduces a fixed delay in the measured RTT. In order to conceal its presence while compromising synchronization with appreciable probability, introduces a delay of seconds for some small .
Let denote the null hypothesis (no attack), and denote the alternative hypothesis. Under , the measured RTT at A is drawn from the distribution that was used to calibrate/simulate the channel delay distribution, while under , the measured RTT is drawn from a distribution that is shifted from the calibration distribution by . This is visually depicted in Fig. 7. Given a detection threshold , the darkshaded region in Fig. 7 denotes the probability of false alarm, , while the lightshaded region denotes the probability of missed detection (