ABSTRACT
This chapter describes the identity schemes implemented in Network Time Protocol (NTP) Version 4 (NTPv4), and discusses how a combination of these schemes, called a cryptotype, can be integrated in a functioning NTP secure group. It also describes five identity schemes implemented in NTPv4: private certificate, trusted certificate, a modified Schnorr algorithm, a modified Guillou-Quisquater (GQ) algorithm, and a modified Mu-Varadharajan algorithm. While in the identify friendly or foe identity scheme the parameters and keys persist for the life of the scheme and are difficult to change in a large NTP subnet, the GQ identity scheme obscures the group key each time a new certificate is generated. The NTP security model is specifically crafted to provide a smorgasbord of authentication schemes, digest/signature schemes, and identity schemes. On completion of the parameter exchange, both parties know the digest/signature scheme and available identity schemes of the other party.
