Breaking Precision Time: OS Vulnerability Exploits Against IEEE 1588

• URL: http://arxiv.org/abs/2510.06421v1
• Date: Tue, 07 Oct 2025 20:00:42 GMT
• Title: Breaking Precision Time: OS Vulnerability Exploits Against IEEE 1588
• Authors: Muhammad Abdullah Soomro, Fatima Muhammad Anwar,
• Abstract summary: Precision Time Protocol (PTP) underpins critical infrastructure in telecommunications, finance, power systems, and industrial automation.<n>Prior work has extensively analyzed PTP's vulnerability to network-based attacks, prompting the development of cryptographic protections and anomaly detectors.<n>We identify and exploit a critical blind spot in current threat models: kernel-level adversaries operating from within the host running the PTP stack.
• Score: 0.0
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: The Precision Time Protocol (PTP), standardized as IEEE 1588, provides sub-microsecond synchronization across distributed systems and underpins critical infrastructure in telecommunications, finance, power systems, and industrial automation. While prior work has extensively analyzed PTP's vulnerability to network-based attacks, prompting the development of cryptographic protections and anomaly detectors, these defenses presume an uncompromised host. In this paper, we identify and exploit a critical blind spot in current threat models: kernel-level adversaries operating from within the host running the PTP stack. We present the first systematic study of kernel-rooted attacks on PTP, demonstrating how privileged attackers can manipulate system time by corrupting key interfaces without altering PTP network traffic. We implement three attack primitives, constant offset, progressive skew, and random jitter, using in-kernel payloads, and evaluate their impact on the widely used ptp4l and phc2sys daemons. Our experiments reveal that these attacks can silently destabilize clock synchronization, bypassing existing PTP security extensions. These findings highlight the urgent need to reconsider host-level trust assumptions and integrate kernel integrity into the design of secure time synchronization systems.

Related papers

• A New Quantum Secure Time Transfer System [3.9556117884773]
  High-precision clock synchronization is essential for a wide range of network-distributed applications.<n>Current synchronization techniques are vulnerable to attacks, such as intercept-resend attacks, spoofing, and delay attacks.<n>We propose and experimentally demonstrate a new quantum secure time transfer system, subsequently used for clock synchronization.
  arXiv  Detail & Related papers  (2025-11-13T23:15:04Z)
• An Open-source Implementation and Security Analysis of Triad's TEE Trusted Time Protocol [1.1060425537315088]
  In Trusted Execution Environments (TEEs) like Intel SGX, a malicious system hosting the TEE can manipulate that TEE's notion of time.<n>Previous work like Triad propose protocols for TEEs to maintain a trustworthy time source.<n>We empirically showcase vulnerabilities to this protocol.
  arXiv  Detail & Related papers  (2025-07-28T14:02:59Z)
• Cyber Attacks Detection, Prevention, and Source Localization in Digital Substation Communication using Hybrid Statistical-Deep Learning [39.58317527488534]
  This paper proposes a novel method using hybrid statistical-deep learning for the detection, prevention, and source localization of IEC 61850 SV injection attacks.<n>It effectively discards malicious SV frames with minimal processing overhead and latency, maintains robustness against communication network latency variation and time-synchronization issues.<n>Results demonstrate the method's suitability for practical deployment in IEC 61850-compliant digital substations.
  arXiv  Detail & Related papers  (2025-07-01T07:38:22Z)
• CyFence: Securing Cyber-Physical Controllers via Trusted Execution Environment [45.86654759872101]
  Cyber-physical systems (CPSs) have experienced a significant technological evolution and increased connectivity, at the cost of greater exposure to cyber-attacks.<n>We propose CyFence, a novel architecture that improves the resilience of closed-loop control systems against cyber-attacks by adding a semantic check.<n>We evaluate CyFence considering a real-world application, consisting of an active braking digital controller, demonstrating that it can mitigate different types of attacks with a negligible overhead.
  arXiv  Detail & Related papers  (2025-06-12T12:22:45Z)
• The Cost of Performance: Breaking ThreadX with Kernel Object Masquerading Attacks [16.54210795506388]
  We show that popular real-time operating systems (RTOSs) lack essential security protections.<n>We identify a performance optimization practice in ThreadX that introduces security vulnerabilities, allowing for the circumvention of parameter sanitization processes.<n>We introduce an automated approach involving under-constrained symbolic execution to identify the Kernel Object Masquerading (KOM) Attack.
  arXiv  Detail & Related papers  (2025-04-28T05:01:35Z)
• MDHP-Net: Detecting an Emerging Time-exciting Threat in IVN [42.74889568823579]
  We identify a new time-exciting threat model against in-vehicle network (IVN)<n>These attacks inject malicious messages that exhibit a time-exciting effect, gradually manipulating network traffic to disrupt vehicle operations and compromise safety-critical functions.<n>To detect time-exciting threat, we introduce MDHP-Net, leveraging Multi-Dimentional Hawkes Process (MDHP) and temporal and message-wise feature extracting structures.
  arXiv  Detail & Related papers  (2025-04-16T08:41:24Z)
• R-TPT: Improving Adversarial Robustness of Vision-Language Models through Test-Time Prompt Tuning [69.72249695674665]
  We propose a robust test-time prompt tuning (R-TPT) for vision-language models (VLMs)<n>R-TPT mitigates the impact of adversarial attacks during the inference stage.<n>We introduce a plug-and-play reliability-based weighted ensembling strategy to strengthen the defense.
  arXiv  Detail & Related papers  (2025-04-15T13:49:31Z)
• SoK: State of the time: On Trustworthiness of Digital Clocks [1.4502611532302039]
  We aim to obtain a holistic understanding of the issues that make the timing stacks vulnerable to adversarial manipulations.<n>In doing so, we discover new attack surfaces, i.e., physical timing components and on-device timekeeping.<n>We show that the emerging trusted timing architectures are flawed and risk compromising wider system security.
  arXiv  Detail & Related papers  (2025-02-14T00:37:02Z)
• TIMESAFE: Timing Interruption Monitoring and Security Assessment for Fronthaul Environments [25.43682473591802]
  We show how a spoofing attack is able to cause a production-ready O-RAN and 5G-compliant private cellular base station to catastrophically fail within 2 seconds of the attack.<n>To counter this, we design a Machine Learning-based monitoring solution capable of detecting various malicious attacks with over 97.5% accuracy.
  arXiv  Detail & Related papers  (2024-12-17T16:13:37Z)
• MDHP-Net: Detecting an Emerging Time-exciting Threat in IVN [42.74889568823579]
  We identify a new time-exciting threat model against in-vehicle network (IVN)<n>These attacks inject malicious messages that exhibit a time-exciting effect, gradually manipulating network traffic to disrupt vehicle operations and compromise safety-critical functions.<n>To detect time-exciting threat, we introduce MDHP-Net, leveraging Multi-Dimentional Hawkes Process (MDHP) and temporal and message-wise feature extracting structures.
  arXiv  Detail & Related papers  (2024-11-15T15:05:01Z)
• PTPsec: Securing the Precision Time Protocol Against Time Delay Attacks Using Cyclic Path Asymmetry Analysis [1.765099515298011]
  Precision Time Protocol (PTP) can accomplish high-precision time synchronization in trusted environments. Time delay attacks pose the highest threat to the protocol, enabling attackers to diverge targeted clocks undetected. This work proposes an approach to detect and counteract delay attacks against PTP based on cyclic path asymmetry measurements.
  arXiv  Detail & Related papers  (2024-01-19T12:35:00Z)
• Tamper-Evident Pairing [55.2480439325792]
  Tamper-Evident Pairing (TEP) is an improvement of the Push-Button configuration (PBC) standard. TEP relies on the Tamper-Evident Announcement (TEA), which guarantees that an adversary can neither tamper a transmitted message without being detected, nor hide the fact that the message has been sent. This paper provides a comprehensive overview of the TEP protocol, including all information needed to understand how it works.
  arXiv  Detail & Related papers  (2023-11-24T18:54:00Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.