What are the concerns they raise about the new monitoring system? Everything described is about the old system. In some regards the systems are the same, but mostly the new system should be more resilient.
So Kwon23 claims that " the new monitoring system currently being tested with 13 monitoring servers) is vulnerable to attack" . However, when push comes to shove, section 7.3 shows that if an attacker control multiple monitoring servers (apparenlty some are run by volunteers?, says the paper), it can evict some legitimate NTP servers from the pool by tampering with the scores. (seems plausible but a bit far fetched IMO).
Section 8 covers mitigations – pretty much adding stratum1 servers to sync clocks of monitoring servers and evaluting the RTTs. Section 8.2 proposes a new socring algorithm, which I think you folks did, by having medians which are good in exclujding outliers. Another thing is 8.3 where they suggest that ‘Adding unpredictability in monitoring’ would help.
In short: your new system with median scores seems to deal better with those scores.
The monitoring server IPs in the new system aren’t explicitly published, but a motivated attacker could easily figure out what they are.
Indeed, one of the two papers stated that the first NTP packets you receive if you add a new server from the pools i from the monitoring servers.
I didn’t read these specific two papers in detail yet, but there have been many over the years. I’m happy to take suggestions for improvements (or after a discussion pull requests on GitHub), but most of the past research along these lines seems like an academic write up of the XKCD (except I am in California and there are a handful of you helping out week to week and a few thousand people running servers).
Thanks for the openess, and I understand your position: you folks have been doing a great and free service to the Internet community for over twenty years, get virtually zero credit, and, just like a goalkeeper in soccer, are mostly remember when things allegedly don’ t go well – sometimes from academics that have incentives to finding issues instead of fixing them.
That’s how internet infrastructure generally works, isn’t it? I’d love to learn from other low-budget, volunteer run global internet infrastructure how they do things differently.
The NTP pool deserves far more credit that what it gets. As a user (and working for an operator who contributes to the pool), thank you for you folks time and service.
I didn’t know how crucial you folks were. The NTP pool is wikipedia-like timekeeper of the Internet. Like, one of our NTP servers received 7.2 billion queries from 158M clients and 52k ASes in 24 hours – one single server listed in the pool. And there are 4k+ serves. Thanks for doing this in you folks free time.
One of the concerns brought up in one of the recent papers (I think one of the ones you linked, @giovane) is around a few NTP servers getting disproportionately many of the requests in some countries. Improving on that is one of the next projects on my list now that the new monitoring system is in place.
That was on another (unpublished) paper, and that would definitely help.
thanks