NTP Authentication versus UDP Packet Checksums

NTP authentication is used to make sure that the protocol data (e.g. the time stamps in the payload of the network packet) have not been modified on the way from the client to the server, or from the server to the client, so the client can be sure it has received a packet that really originates from the server.

The checksum of an UDP packet is a completely different thing. It can only be used to make sure that the bits of the received packet have not (eventually unintentionally) been changed during the transport over the wire, e.g. due to electric distortions.

The UDP checksum is normally generated by the network stack of the transmitter, and can be checked by the network stack of the receiver. However, it knows nothing about the contents of the packet. So even if a man in the middle picks up a packet from an NTP server, modifies some timestamps in the packet, and forwards the modified packet to the client, the UDP packet sent by the man in the middle will again have a valid UDP checksum. There is no secret key involved in this kind of stuff.

Authentication at the protocol level, however, requires a secret key that has to be exchanged in some secure way between the server and the client. The secret key is used to add a cryptographic signature to the packet, and if a man in the middle modifies e.g. the time stamps in a packet then the signature becomes invalid, and the man in the middle is unable to create a new, valid signature for the modified packet unless he knows the secret key. On the other hand, the client can check and verify the cryptographic signature to see if the contents of the packet (the payload) has been modified, or not.

Please note that UDP checksums are usually generated in any case. Some network interface chips can do this at the hardware level, and only if the NIC chip is unable to do this by hardware then this is done by the software of the protocol stack, which is less efficient than the hardware solution.

So if you use a packet sniffer like Wireshark or tcpdump on the same system that sends the packets then the UDP checksum of an outgoing packet may not be valid at the point where the packet is captured by the sniffer, if the checksum is created by the NIC hardware. The packet checksum may be created only immediately before the packet goes out on the wire, after the sniffer has already seen it.

But of course all incoming packets already have a valid UDP checksum, so the sniffers can verify it.


Martin Burnicki martin.burnicki@meinberg.de 2019-04-04