NTP Header and Extension Fields

1. NTP Header and Extension Fields Message Authenticator Code (MAC) Compute Hash Key ID Message Digest Message Digest Compare Figure 1 Message Authentication

2. Source Address Dest Address Key ID Cookie Figure 2 NTPv4 Autokey

3. Source Address Dest Address Cookie Key ID Session Key ID List Final Index Final Key ID Compute Hash Compute Signature Index n Next Key ID Signature Index n + 1 Figure 3 Consgtructing the Key List

4. NTP Header and Extension Fields Session Key ID List Compute Hash Key ID Message Authenticator Code (MAC) Figure 4 Transmittinig Messages

5. Alice Brenda Denise Eileen Alice 1 Brenda 4 Denise 4 Eileen Eileen 4 Alice* Alice Carol Brenda Carol Alice 3 Alice 2 Carol 2 Alice Carol 2 Alice* Carol* Alice* Carol* Carol Carol 1 Brenda 1 Denise 1 Brenda Denise 2 Carol* Brenda Denise Alice Carol Alice 3 Alice 3 Alice 3 Eileen 1 Eileen Stratum 1 Stratum 2 Alice 3 Subject s s = step* = trusted Stratum 3 Issuer Group Key s Certificate Group Key Figure 5 NTP Secure Groups

6. A B Stratum 1 R 2 C S X 3 D Y Z 4 Figure 6 Hierarchical Overlapping Groups

7. Alice Brenda Denise Eileen Alice 1 Brenda 4 Denise 4 Eileen Eileen 4 Alice* Alice Carol Brenda Carol Alice 3 Alice 2 Carol 2 Alice Carol 2 Alice* Carol* Alice* Carol* Carol Carol 1 Brenda 1 Denise 1 Brenda Denise 2 s Carol* Brenda Denise Alice Carol Carol 3 Alice 3 Carol 3 Eileen 1 Eileen Stratum 1 Stratum 2 Alice Carol 3 Subject s s = step* = trusted Stratum 3 Issuer Group Key s Certificate Group Key Figure 7 Multiple Overlapping Groups

8. Client Server Challenge Request Compute nonce1and send Compute nonce2and response Challenge Response Verify responseand signature Send responseand signature Figure 8 Autokey Exchange

9. 0 16 24 28 31 Digest/Signature NID Client Ident Host Figure 9 Status Word

10. LI VN Mode Strat Poll Prec Root Delay Root Dispersion Reference Identifier Reference Timestamp (64) Originate Timestamp (64) Cryptosum Receive Timestamp (64) Transmit Timestamp (64) Extension Field 1 (optional) Extension Field 2… (optional) Key/Algorithm Identifier Authenticator (Optional) Message Digest (128) Figure 10 NTP Header Format

11. ER VN Code Length Association ID Timestamp Filestamp Value Length Value Signature Length Signature Padding (as needed) Value Fields (optional) Figure 11 Extension Field Format

12. Trusted Authority Secure Secure Certificate Certificate Certificate Server Client Figure 12 Private Certificate (PC) Identity Scheme

13. Trusted Host Host Host Subject Subject Subject … Issuer Issuer Subject Signature Signature Signature Figure 13 Trusted Certificate (TC) Identity Scheme

14. Trusted Authority Parameters Group Key Secure Insecure Client Key Challenge Parameters Parameters Group Key Client Key Response Server Client Figure 14 Schnorr (IFF) Identity Scheme

15. Trusted Authority Parameters Secure Secure Group Key Parameters Parameters Challenge Group Key Group Key Server Key Client Key Response Server Client Figure 15 Guillou-Quisquater (GQ) Identity Scheme

16. Trusted Authority Parameters Group Key Server Key Secure Secure Client Key Challenge Parameters Parameters Server Key Client Key Response Server Client Figure 16 Mu-Varadharajan (MV) Identity Scheme

17. NTP Header and Extension Fields Message Authenticator Code (MAC) Compute Hash Key ID Message Digest Message Digest Compare

18. Client Address Server Address Key ID (0) Private Value Cookie Compute Hash Compute Signature Cookie Signature and Timestamp

19. Source Address Dest Address Cookie Key ID Session Key ID List Final Index Final Key ID Compute Hash Compute Signature Index n Next Key ID Signature Index n + 1

20. NTP Header and Extension Fields Session Key ID List Compute Hash Key ID Message Authenticator Code (MAC)