If time is money, then how important is it to ensure the integrity of the time itself? Many computing devices are usually synchronized through the network time protocol (NTP). This is not a security method, but there is another option.

In September 21st, Cloudflare announced that it was deploying a new authentication time service called Roughtime to ensure certain timing work. Publicly available services are based on the same name open source project launched by Google.

"NTP is a major protocol for time synchronization. Although the latest version provides the possibility of authentication, it is not used in practice," Google's Roughtime project page explains. "Most computers will trust the unauthenticated NTP reply to set up the system clock, which means that the MITM [middleman] attacker can control the victim's clock and may violate the security attributes of some of the protocols listed above."

Roughtime is a UDP based protocol that benefits from encryption protection, helps maintain integrity and limits the risk of MITM attacks. In addition, the Roughtime protocol also includes some measures to help prevent it from being used as an amplifier for distributed denial of service (DDoS) attacks. At least since 2014, attackers have been abusing NTP's insecurity to help reflect and amplify DDoS attacks.

Cloudflare intends to use its Roughtime services to help verify the correct expiration date of SSL / TLS certificates. If there is no ability to verify the time correctly, the attacker may deceive the user or the server to accept the expired certificate.

"Our Roughtime server takes time from the system clock of the Cloudflare server, and the consistency and accuracy of these servers are monitored," Nick Sullivan, head of Cloudflare cryptography, told eWEEK.

By publicly displaying Roughtime services, the goal of Cloudflare is to stimulate the interest and possible adoption of Roughtime protocols in meaningful situations. Although Roughtime can be used to help ensure timing on the Internet, for many reasons, it is not necessarily a direct substitute for NTP.

"The Roughtime protocol does not consider delays (such as NTP does), so they may be more than a second depending on the distance between the user and the Roughtime server," Sullivan said.

In addition, Sullivan said he did not think that Roughtime was a substitute for NTP because it did not provide all microsecond precision machines. He said that the main use case of Roughtime is to ensure that roughly the right time is obtained from a group of semi trusted servers in an auditable manner.

Sullivan said that work is also being carried out in the wider IT community to achieve Cloudflare active monitoring of NTP security variants.

Deploying Roughtime

CloudFlare's Roughtime service is free of charge for roughtime.cloudflare.com on 2002 ports of people who are willing to use it. For those who want to deploy their own Roughtime services, Sullivan says that from the point of view of resource consumption, deployment is very simple and the cost is not high.

"Each timestamp requires an elliptic curve signature, which can be effectively computed even on older hardware," Sullivan said. "That is to say, the main benefit of Roughtime comes from using multiple servers run by independent organizations."

Sullivan added that running Roughtime services locally can help defend against attackers on the path, but can not protect you from the harm of the time server itself.

Cryptography week

The launch of Roughtime services is the last in a series of announcements issued by Cloudflare this week, which the company calls Crypto Week.

In September 17th, Cloudflare released an interplanetary file system (IPFS) gateway, enabling users to benefit from the IPFS peer to peer file system and achieve distributed content delivery. In September 18th, the company announced new tools to make DNSSEC (DNS security extension) easier to use and deploy. In September 19th, with the efforts of RPKI (resource public key infrastructure) to help protect BGP (border gateway protocol), the news came. Then in September 20th, the company announced the Cloudflare onion service to help users who want to maintain anonymity with the Tor network.

"The mission of Cloudflare is to help build a better Internet, so there are more than a dozen ongoing projects at any particular time focused on different areas that need improvement," Sullivan said. "This year we have several encryption technology plans that can be launched at the same time, so we decided to pack them together and declare them a prelude to the Cloudflare birthday week announcement."

Cloudflare will celebrate its eight th birthday in September 24th. During the week of Cloudflare 2017 birthday, the company issued a number of announcements, including new security and streaming services.