Call for expertise in Security for IP networks in regards to PTP infrastructure.

18/10/2019

Call for expertise in Security for IP networks in regards to PTP infrastructure.

Initial Report of the SMPTE Study Group on Security in SMPTE ST 2059

About SMPTE Standards Development

The Society of Motion Picture and Television Engineers (SMPTE) is an internationally-recognized Standards Development Organization (SDO), Incorporated and headquartered in the State of New York, USA. SMPTE has membership in more than 64 countries on six continents.

SMPTE Engineering Documents, include Standards, Recommended Practices, Engineering Guidelines and Engineering Reports, the work a parent Standards Committee and of several Technology Committees. Participation is open to all with a bona fide interest in the work. SMPTE cooperates closely with other standards development organizations, including ATSC, IEEE, IEC, ISO, ITU, and SCTE.

About SMPTE Study Groups (SG)

Study Groups (SG) are formed by a SMPTE Technology Committee (TC) to examine a particular system or technology. The SG proceeds to investigate and study the system or technology and issues an Engineering Report (ER) to the parent TC and Society Membership through the Motion imaging Journal and presentation at SMPTE Conferences. The SG often makes recommendations on Standards Development by SMPTE or other industry Standards Development Organizations.

ST 2059/PTP SG Scope of Work

The SG on 2059/PTP Security was created by SMPTE Engineering Leadership, SC, and TC chairs pursuant to a request from The Joint Task Force on Networked Media (JT-NM)[1]. The work was assigned to the TC on Network/Facilities Architecture (TC-32NF). The SG was directed to focus its investigation and study on Security aspects of ST 2059 Synchronization and Time Labeling Standards which are based on the Institut of Electrical and Electronic Engineers (IEEE) 1588 Precision Time Protocol (PTP).

Study Group scope of work closely follows questions and concerns articulated in the JT-NM request which described several areas of IP infrastructure security needing improvement. SG activities are focused exclusively on security aspects of ST 2059-1 and ST 2059-2 both of which are based on and compliant with IEEE 1588V2-2008 Precision Time Protocol (PTP).

ST 2059-1, Generation and Alignment of Interface Signals to the SMPTE Epoch defines the SMPTE Epoch, the alignment real-time signals to that epoch, and calculation of SMPTE ST 12-1 Time Address values and SMPTE ST 309 date values from SMPTE Profile IEEE 1588-2008 PTP data. ST-2059-2, SMPTE Profile for use of IEEE-1588 Precision Time Protocol in Professional Broadcast Applications specifies rules and parameters of a broadcast/media industry PTP profile. Together, these standards are intended to replace legacy synchronization signal distribution such as black burst and time code generation by IP-based PTP time distribution.

The SG areas of investigation and study can be summarized as follows:

Ways to harden PTP infrastructure against the assumption of PTP Grand Master by a rogue device

Ways to harden the network against PTP attacks generally (e.g., rogue management TLV messages or other intentional attacks, changing PTP time)

Ways to improve recovery time when power is restored to a facility with a large number of PTP devices and whether this scenario causes a particular issue for PTP devices

Appropriate best practices regarding the design of PTP networks to reduce the likelihood of an attack against critical PTP infrastructure

Appropriate test methods to ensure devices implement recommendations from the various Coordination Group members

Methods for detecting that attacks are occurring The Study Group should investigate issues surrounding PTP security within a facility.

The SG is expected to deliver a report by the end of November 2019 identifying theoretical and observed security risks, and recommend an approach or approaches, and/or mitigation strategies that address threats that could disturb, disrupt, or otherwise unfavorably impact higher-level system synchronization and timing characteristics.

Recommendations will be constrained to the nature of, or strategic protection aspects of sync and timing network interface, ports, switch or routing hardware and protocols. (e.g., architectural characteristics, operational practice, device behavior, new specifications, new standards, etc.) and will not be design specific solutions.

Current Work Activities of the Study Group

Current work items are listed below. Additional items may be uncovered as work progress unfolds. The list may be expanded prior to completion of work and delivery of a Report.

Define a common vocabulary in the form of a glossary with acronyms, terms and definitions

Define and describe an architecture appropriate for consideration of threats and vulnerabilities across the SMPTE ST 2059/PTP attack surface where sync and time label reference signals are distributed and used throughout a facility

Identify threats to, and vulnerability of PTP infrastructure; list them in a structured way

Define a suitable threat modeling system and apply it to the list of PTP threats and perceived vulnerabilities

Future work may include:

Investigation and evaluation of other industrial segment's adoption of the PTP Standard by their development of an industry specific profile

Map PTP threats to reference signals and vulnerabilities of a model signal distribution network into aforementioned network architecture

Make recommendations on PTP network architecture and how to protect it from a list of defined attack vectors

Liaison Activities

This work is not being conducted in isolation. The Study Group reached out to IEEE where the PTP standard originated, and is currently undergoing revision.

Call for Contributions

While work in the Study Group is proceeding, expertise in securing PTP reference signals, identification of threats and vulnerabilities

LINK:	https://www.smpte.org/news-events/news-releases/call-expertise-securit...
	See more stories from smpte

Call for expertise in Security for IP networks in regards to PTP infrastructure.

More from SMPTE

25/03/2021

24/03/2021

12/03/2021

02/03/2021

24/02/2021

24/02/2021

24/02/2021

24/02/2021

27/01/2021

21/12/2020

25/11/2020

30/10/2020

30/10/2020

16/10/2020

16/10/2020

16/10/2020

16/10/2020

16/10/2020

16/10/2020

16/10/2020

16/10/2020

16/10/2020

29/09/2020

23/09/2020

16/09/2020

07/08/2020

08/06/2020

04/06/2020

04/06/2020

03/06/2020

18/05/2020

23/04/2020

18/03/2020

04/02/2020

15/01/2020

10/01/2020

06/11/2019

25/10/2019

19/10/2019

18/10/2019

27/09/2019

29/08/2019

21/08/2019

17/08/2019

14/08/2019

29/07/2019

19/07/2019

23/05/2019

07/05/2019

29/04/2019