Pandit

Name: Suyash Anand Trivedi
Roll No: E16CSE135
Email: Suyash.anand@bennett.edu.in
Project Title: Vulnerability Analysis on Network Time Protocol
Data Details
Source of Data/Size of Data/No. of Records/ Variety/ Authenticity of Data Etc. (2 Marks)
( At least 200 Words)
This project is based on testing an already existing networking protocol i.e., Network Time Protocol and
therefore the data that was needed for bringing this project to this point was mainly the knowledge relating to
the basics of Network Time protocol. Now Basics of any protocol involves it’s structure, the various labels
involved in its definition, the packet structure that is used by the protocol to communicate with other protocols
and systems and also when we are talking about any networking protocol the thing that we should be aware
about is the nature of ports that we use for that protocol.
Most of the data that was collected during the project was from two places:
1. www.ntp.org -It is a site which gives us all the information needed to know about the Network Time
Protocol and also the existing and older properties of the protocol, the ports being used by NTP to
communicate with other protocol and systems. Also it explains the client server architecture it follows
for time synchronization of the system clocks.
2. A paper by Dr Anchal Malhotra named – “Attacking the Network Time Protocol”. It again explains the
structure but also with that it explains the drawbacks of it’s design and how those flaws can be exploited
by attackers to do some malicious activity over a system or a network as a whole.
User Interface Design
Salient Points/ How it meets the characteristics of User Centered Design etc. (2 Mark)
( At least 150 words and at least 4 figures of the User interface or other related figures of your project)
This project actually tests for different vulnerabilities in a networking protocol and hence is based on kali
linux. But the linux systems are only used by a tester to test for vulnerabilities in the protocol. The actual
potential users or beneficiaries of this project will actually be benefitting from the end results, getting to know
the vulnerabilities existing in the Network Time protocol and securing themselves against those vulnerabilities.
As such there is no GUI for the users instead the project focuses more on discovering threats to the potential
users of Network Time Protocol or other channels related to this protocol.
The user centred design focused in this project is basically the testing parameters to search for possible loose
ends through which the protocol can be exploited for some malicious reasons and can cause harm to any
computer user with a work involving the use of Internet.
The images below show one of the ways NTP can be used to stop updation of system clock on a computer
system using on-path attack which in turn makes the systems vulnerable to certain types of attacks. Also we can
see that stopping a system clock makes it difficult for system to access certain sites on the internet.
Fig1 of User interface or related Fig2 of User interface or related

Fig3 of User interface or related Fig4 of User interface or related
User Surveys (1 Mark) ( At least 50 words for each feedback)
Potential User 1 Feedback:
Design Documents (Overall Block Diagram/ Data Flow Diagram/ Architecture Diagram/ Solution
Diagram, UML Diagram etc.) (As Applicable) (3 Marks)
Ethical and legal/privacy/terms and conditions (3 Marks)
(At least 500 Words)
Actual Text of such issues that will be put before the user to agree
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
feasibility study/ Business Context of the idea/ Monetization/ Opportunity Analysis ( 2 Marks)
( At least 250 Words)
The idea presented in this project is completely feasible even with the time constraint imposed on the project as
after the 2nd milestone the only thing needed is to test for more existing vulnerabilities on the virtual local
network and using the results obtained in them try to find out some other vulnerabilities in the protocol.
Coming to the business context of this project in today’s modern world almost all the IT companies use internet
and intranet and for any of these privileges we need different networking protocols to communicate between
systems on a network. Hence, cybersecurity and information security becomes an essential requirement for
such companies and vulnerabilities in a particular and rather very basic and essential protocol can be a threat to
the whole communication channel.
Therefore finding vulnerabilities in such a protocol and then finding a solution to prevent such vulnerabilities
from getting exploited and attacking the host systems or networks. Such solution can be very important to the
individuals and the organizations to secure their network framework. Hence this idea can be easily monetized
and can generate finances for further research into this field and also developing this as a product.
Since the market for cybersecurity is increasing with the increase in online and offline computer applications,
therefore there are some design vulnerabilities in the protocols being used for communication over a network
and these vulnerabilities need to be defended against and hence it paves the way for opportunities in this area
of research.
– Partial Implementation/ Draft Code ( 3 Marks)
Give Link of Github or any other public Repository/ Web Link where your partial code is available to see
Weekwise Updates/ Diary/ Proportional achievement of stated outcomes/ Graded Functionality etc ( 2
Mark)
( At least 100 words in each week)
Week 1
For this week the goal was to work on completing the report for my internship and submit the same.
Also, it was the week that we were introduced to the procedure that was uniquely going to be followed in our
university for making the capstone project and how we were going to follow a timed milestone system for
submitting the partial completions of the project and how the project will be evaluated based on our constant
performance. Also the marking scheme pertaining to the various milestones mentioned earlier and we were also
informed on how our project’s final milestone and implementation was going to be evaluated by some
professionals coming from industry.
Week 2
In this week the main focus was taken by the selection of the elective courses for the new semester. The course
choice had to be made quickly as the classes had already started and we were not properly introduced to the
electives so capstone project took a backseat but in the hindsight a selection was to be made on what topic
should be taken for the capstone project. The choice was being made between cybersecurity and machine
learning as cybersecurity was my major whereas machine learning and artificial intelligence had a great scope in
our university as well as the industry.
Week 3
the internship report was finally completed in this week and the presentation for the same was made and
submitted so now I started focussing more on deciding the topic for capstone project. Still the confusion was in
what domain should I make the project. Finally, I decided upon cybersecurity as I had done my internship in the
form of a training program at IIT Kanpur in cybersecurity as well. So I thought a project in cyber security would
be a good way to implement the concepts that I learned during my summer training program. After this the
main task left was to decide the topic for the project.
Week 4
This week was the deadline for submitting the first milestone of the project and hence I had to finalise my topic
of the project and then also research upon the topic thoroughly so that we could fill up the first milestone form
provided to us. So, I consulted with Mayank sir who was my faculty for the cybersecurity course and discussed
with him various potential topics that I could take up as my capstone project. The main motive behind choosing
a topic was that, the project had to be interesting as well as be complex enough to do justice to the time frame
provided to complete it. So finally keeping that in mind I chose “Vulnerability Analysis on Network Time
Protocol” as my capstone project.
Week 5
The topic for the project had been finally decided and now we were to prepare for the second milestone which
consisted about the feedback form various people and also a partial detailed description of the scope of the
project in today’s industry. Also we had to work on partial implementation of the project. My project being a
more research oriented project not directly affecting the benefitted users had some grey areas where I had to
prove the relation and worth of the project to real world. I started by researching about the Network Time
Protocol and also referencing to a paper by Dr Anchal Malhotra telling various weaknesses of the Network Time
Protocol.
Week 6
The second step towards execution was to setup an environment for testing various already known
vulnerabilities of the Network Time Protocol. For that I downloaded VMware workstation and also kali linux
operating system along with previous versions of windows Operating system for testing the effect of NTP
between systems in a local network and then configuring them for off-path and time stepping testing as well.
For the first few testing I decide to use the network configurations for the two virtual machines as NAT so that
we can use a local network for on-path attacks. Also still I had to research more on the difference between the
present versions and the older versions of NTP.
Week 7
This week I was engaged in placement activities as in my seventh semester I think the main focus should be on
the career, so I sent capstone project to a standby for some time as I was getting no free time for it. Also, we
had our placement preparedness classes in the evening and even on Sundays and Saturdays for 2 continuous
weeks so I could not work much on my project. With little free time that I got I setup a NTP server on my Kali
Linux virtual machine and also configured it for connecting to other systems on the local network so that I could
imitate the client-server architecture of the Network Time Protocol.
Week 8
At the end of this week we had to submit our 2nd milestone report and therefore amid the placement procedure
still going on I had to complete at least the demonstration of one vulnerability of the Network Time Protocol and
demonstrate how it can be exploited to attack the time synchronization process of another system on the same
network. For this I chose to go with a common vulnerability existing in the design of the protocol – the security
in the connection between a client and server of a Network Time Server. Due to weak or no authentication put
on the communication between a client and server, this could be exploited to cause the system clock of the
target system to stop updating the time causing various other time sensitive processes on the system to
collapse.
Week Wise Plan for the remaining time to complete the Project ( 2 Mark)
( At least 100 Words in each week)
Week 9
Week 10
Week 11
Week 12
One Impressive Post on Linkedin regarding your Project ( 2 Marks)
( At least 100 words and one Image and 5 hashtags, Tag atleast CSE Bennett handle )
Discuss your Project with at least three students of your junior batches of Bennett University and ask them how
they rate your project from 1 to 10 scale. Write all three name, Roll No, email and Mobile No of those students.
They should be ready to confirm if they are called on their mobile number (1+1+1 for each of three students)
(At least 50 words feedback from each of them) ( At least 50 words feedback from each of them, Positive or
negative feedback will not determine the marks but the quality of the feedback will)
Discuss your project with Two Persons outside the Bennett University (apart from your family members) and
and ask them how they rate your project and its progress from 1 to 10 scale. Write all three names, who they
are, email and Mobile No of those. They should be ready to confirm if they are called on their mobile number
(1+1 for each of two).
( At least 50 words feedback from each of them, Positive or negative feedback will not determine the marks but
the quality of the feedback will)
Get a rating from your mentor (Only One Mentor) and ask him for a rating from 1 to 10 about your consistency,
progress and potential to complete the project on time. ( 3 Marks)
( At least 50 words feedback from each of them, Positive or negative feedback will not determine the marks but
the quality of the feedback will)

Pandit

Uploaded by

Copyright:

Available Formats

Pandit

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Pandit

Uploaded by

Copyright:

Available Formats

Name: Suyash Anand Trivedi

Roll No: E16CSE135

Project Title: Vulnerability Analysis on Network Time Protocol

Source of Data/Size of Data/No. of Records/ Variety/ Authenticity of Data Etc. (2 Marks)

( At least 200 Words)

Fig1 of User interface or related Fig2 of User interface or related

User Surveys (1 Mark) ( At least 50 words for each feedback)

Potential User 1 Feedback:

Potential User 2 Feedback:

Potential User 3 Feedback:

Potential User 4 Feedback:

Potential User 5 Feedback:

(At least 500 Words)

( At least 250 Words)

( At least 100 words in each week)

( At least 100 Words in each week)

You might also like