NIAP TD0321: Protection of NTP communications

Lachlan TurnerCertifications, Common Criteria

Update 2018-Oct-03: This post has been updated within new information from NDcPP v2.1.

NIAP has issued Technical Decision TD0321 against the Network Device Collaborative Protection Profile (NDcPPv2.0e) mandating the use of a trusted channel (IPsec, SSH, TLS, DTLS, HTTPS) for NTP (or non-NTP external entity used to set time).  This will impact any in-flight and future NDcPP evaluations that are destined for the NIAP PCL.

2018-Oct-03: With the new release of NDcPP v2.1, vendors now have the option of using HMAC integrity protections built into NTPv3 or NTPv4 or using a trusted channel as described below. The easier solution is to use HMAC integrity, though it remains to be seen whether NIAP will endorse the NTP claims in NDcPP v2.1.

If your Security Target already allows the administrator to manually set time in FPT_STM_EXT.1, no action is required. Otherwise, the options to address this TD are:

  1. Set the time manually rather than via NTP  – assuming product support, this is a simple Security Target update.
  2. Implement a trusted channel for NTP – the protocol used will be subject to the related documentation and test requirements for trusted channels.

Work is underway within the NTP subgroup of the Network international Technical Community (iTC) to specify requirements for securing NTP in future versions of the NDcPP. Interested stakeholders can participate in this subgroup via the Common Criteria Users Forum.

Lachlan has 20+ years of extensive product security certification experience, including roles as a government certifier, lab evaluator and vendor consultant. As the Director of Cyber Labs, Lachlan has overall responsibility for our Canadian and US Common Criteria laboratories.