[cryptography] Authenticated Time Synchronization

Stephen Röttger stephen.roettger at gmail.com
Tue Sep 3 05:15:48 EDT 2013

> If the server isn't trusted enough to be allowed to know how many
> devices there are behind one proxy/IP address, then cookies should
> never be reused, otherwise it might be able to tell that there's
> simultaneously maybe 5 or so different cookies being used when sending
> time requests from the same IP. In that case it should only be used as
> a single-round protocol. Or you set up a local time server for all
> local computers to use, but I'm not sure that would work everywhere
> (such as for hotspots, can't always get the client to use your local
> timeserver).

That's a good point. The idea behind the cookies is exactly that the
server can recognize clients that he talked to earlier. Otherwise, the
server would have to create an asymmetric signature for every response
to a time request, which requires too much computation and would
negatively influence the synchronization precision/accuracy.

I don't see a solution for this, except for having a local time server
in this case that will act as a proxy.

> Exactly how untrusted is the server assumed to be?
We don't make assumptions if the server is trusted or not. The protocol
itself is just meant to verify its identity so that a man-in-the-middle
attack will not be possible. The client has to decide if he trusts the
server and will probably connect to multiple servers and verify that
they tell him roughly the same time.

More information about the cryptography mailing list