NTP Security by Delay-based Detection in Intelligent Defense Systems

Nowadays, computer equipment has hardware or software clocks to which they refer to time stamp files, transactions and emails. The design of a quartz oscillator, such as clocks drift functions like ordinary watches that do not perfectly match. Therefore, it needs networked machines sharing common resources. For instance, UNIX makes command updates key files ensuring that files on which it depends exist and are up-to-date. Also, correlating log messages from several systems becomes very difficult if it does not occur at the same time. This paper focuses mainly on how to detect attacks, trying to predict attacks based on delays caused by this equipment. A server is configured using NTP protocol whose main target is to be implemented in UNIX system, to see how the NTP server is managed with the powerful package Chrony for Ubuntu. The examined results via Python reveal that clients neither will be nor able to make final decisions just after negotiating with servers in several attempts, before or after accepting their clock.