Cloudflare has released a Roughtime service as part of their ‘Crypto Week‘, which is a way for clients and servers to ensure that they are using the proper clock time.
Google originally came up with the idea for Roughtime, but Cloudflare’s version of Roughtime is unique since they have created a Clockchain, which is essentially a blockchain that lists queries to servers that have Roughtime enabled. The Clockchain reveals any servers which have an improper time.
The reason Roughtime was created in the first place is that internet users and servers often have incorrect clock time, which causes TLS certificates to show up as expired if the clock time is too far in the future, or not yet valid if the clock time is too far in the past. Roughly 6.75% of internet users’ clock times are off by more than 24 hours, and these users tend to get large amounts of TLS certificate errors. Consequently, users click through errors and become used to it, and these users can end up visiting a malicious website since they ignore the warnings, causing their computer to become compromised.
There are services like the Network Time Protocol which can help synchronize clock time, but they are unencrypted, so a hacker can intercept this service and alter clock times. A hacker would turn a user’s clock time backward so that an already expired certificate would appear valid, or move a user’s clock time forward so a not yet valid certificate would appear valid.
Cloudflare’s Roughtime can easily be used to make sure clock time is synchronized, to ensure TLS certificates won’t appear expired or valid due to the wrong time. A user sends a query to Cloudflare’s Roughtime server, and the server returns a timestamp and a radius; the radius shows the uncertainty which is usually less than 1 second. The request from the user includes a nonce, which is a random string of numbers, and this nonce is included in the server’s cryptographically signed response, to ensure authenticity. The user can verify the response with the server’s public key. The Cloudflare Roughtime service is highly scalable to handle numerous requests since it can organize requests into a merkle tree with each request having a unique nonce, and then sign the root of the tree, to respond to multiple requests at once.
A user can make Roughtime requests to multiple servers to verify that the time is accurate. This is where the Clockchain comes in. A user queries a list of servers via the Roughtime protocol, and for the first query, it generates a random nonce. After that, the timestamp and signature from the first response are hashed into a nonce for the next request.
This creates a chain of timestamps, much like a typical blockchain, and this Clockchain can be viewed to see if any servers are using the wrong time. The Clockchain should have a list of timestamps that move forward in time, except if any servers are using the wrong time. This makes it easy to identify servers with the wrong time and fix them. If this is properly implemented, Cloudflare’s Roughtime and Clockchain could put an end to TLS certificate errors caused by incorrect time, thereby protecting users.
Follow BitcoinNews.com on Twitter: @BitcoinNewsCom
Telegram Alerts from BitcoinNews.com: https://t.me/bconews
Want to advertise or get published on BitcoinNews.com? – View our Media Kit PDF here.
Image Courtesy: Pixabay
