PTPsec: Securing the Precision Time Protocol Against Time Delay Attacks Using Cyclic Path Asymmetry Analysis

TL;DR

This work tackles the vulnerability of the Precision Time Protocol (PTP) to time delay attacks by introducing cyclic path asymmetry analysis that leverages redundant, edge-disjoint network paths to detect unidirectional delays. It presents PTPsec, a secure protocol extension to IEEE 1588-2019 that integrates new Meas measurement messages with the synchronization flow to compute path asymmetries $\alpha_{P_0}$ from RTT differences $\mathrm{RTT}_{P_0,P_i} - \mathrm{RTT}_{P_i,P_0}$, and uses a rectified offset for mitigation. Theoretical results show that at least one symmetric redundant path is required to identify the target path asymmetry, and practical algorithms (Ford-Fulkerson) enable finding such paths; hardware experiments validate rapid detection (within a few cycles) and effective mitigation under static and incremental delay attacks, with microsecond accuracy. The approach provides a scalable security mechanism for critical infrastructure (Smart Grids, TSN, 5G) by coupling attack detection to the synchronization process and exploiting existing redundancy in modern networks. Overall, PTPsec offers a concrete, validated path to robust time synchronization in adversarial environments while acknowledging the overhead introduced by additional measurement traffic.

Abstract

High-precision time synchronization is a vital prerequisite for many modern applications and technologies, including Smart Grids, Time-Sensitive Networking (TSN), and 5G networks. Although the Precision Time Protocol (PTP) can accomplish this requirement in trusted environments, it becomes unreliable in the presence of specific cyber attacks. Mainly, time delay attacks pose the highest threat to the protocol, enabling attackers to diverge targeted clocks undetected. With the increasing danger of cyber attacks, especially against critical infrastructure, there is a great demand for effective countermeasures to secure both time synchronization and the applications that depend on it. However, current solutions are not sufficiently capable of mitigating sophisticated delay attacks. For example, they lack proper integration into the PTP protocol, scalability, or sound evaluation with the required microsecond-level accuracy. This work proposes an approach to detect and counteract delay attacks against PTP based on cyclic path asymmetry measurements over redundant paths. For that, we provide a method to find redundant paths in arbitrary networks and show how this redundancy can be exploited to reveal and mitigate undesirable asymmetries on the synchronization path that cause the malicious clock divergence. Furthermore, we propose PTPsec, a secure PTP protocol and its implementation based on the latest IEEE 1588-2019 standard. With PTPsec, we advance the conventional PTP to support reliable delay attack detection and mitigation. We validate our approach on a hardware testbed, which includes an attacker capable of performing static and incremental delay attacks at a microsecond precision. Our experimental results show that all attack scenarios can be reliably detected and mitigated with minimal detection time.

Figures (11)

• Figure 1: The path asymmetry analysis concept to detect time delay attacks within our proposed PTPsec protocol. The PTP Sync message, sent via the attacked path $P_0$ (1), is followed by our newly introduced Meas message over the genuine path $P_1$ to complete the first round trip (2). Similarly, the exchange of the Delay_Req (3) and another Meas message (4) leads to a second circulation. This allows for cyclic RTT measurements from which we derive the current path asymmetry $\alpha_{P_0}$ to reveal and mitigate ongoing delay attacks.
• Figure 2: a) PTP message flow with timestamping to minimize the clock offset $\theta$. b) When attackers can delay PTP event messages (Sync or Delay_Req), they create path asymmetries that impair the clock synchronization.
• Figure 3: Cyclic path asymmetry analysis illustrated with two nodes. While there is no efficient method to calculate the asymmetry with only one link (a), a second link enables a cyclic structure for further analysis (b). Two RTT measurements in opposing directions can be smartly combined to determine the link asymmetry $\alpha_{e_0}$ of the attacked link $e_0$.
• Figure 4: Redundant path principle in multi-node networks. To efficiently estimate the path asymmetry $\alpha_{P_0}$, we require other edge-disjoint paths $P_i$ to enable cyclic rtt measurements.
• Figure 5: Proposed PTPsec message flow to protect against time delay attacks. After the reception of PTP event messages (Sync and Delay_Req), dedicated (Meas) messages are returned to the originator via a redundant network path, here indicated with the additional TC, to enable cyclic path asymmetry measurements. The Meas_Fup messages convey the captured timestamps $t_{m_1}$ and $t_{m_3}$, respectively, when PTP operates in two-step mode.