Network Time Security (NTS)
E815704
Network Time Security (NTS) is a modern security protocol framework that provides authentication and integrity protection for Network Time Protocol (NTP) to defend against spoofing and man-in-the-middle attacks.
All labels observed (1)
| Label | Occurrences |
|---|---|
| Network Time Security (NTS) canonical | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T9690953 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: Network Time Security (NTS) Context triple: [NTP Autokey, relatedTo, Network Time Security (NTS)]
-
A.
Automated Updates of DNS Security (DNSSEC) Trust Anchors
"Automated Updates of DNS Security (DNSSEC) Trust Anchors" is an IETF specification that defines a mechanism for DNS resolvers to automatically maintain and update their DNSSEC trust anchors without manual intervention.
-
B.
Protocol Modifications for the DNS Security Extensions
"Protocol Modifications for the DNS Security Extensions" is an IETF standards-track document (RFC 4035) that specifies how DNSSEC is operationally implemented and processed by DNS resolvers and authoritative servers.
-
C.
Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)
"Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)" is an IETF standard (RFC 7919) that defines secure, standardized finite-field Diffie-Hellman parameter sets for use in TLS to improve cryptographic security and interoperability.
-
D.
DNS Security (DNSSEC) Hashed Authenticated Denial of Existence
DNS Security (DNSSEC) Hashed Authenticated Denial of Existence is a DNSSEC extension that uses cryptographic hashing to provide verifiable, secure proof that a requested DNS name or type does not exist without revealing the full contents of a zone.
-
E.
Temporal Key Integrity Protocol
Temporal Key Integrity Protocol (TKIP) is a legacy wireless security algorithm designed to enhance WEP encryption in early Wi‑Fi networks by dynamically changing encryption keys.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: Network Time Security (NTS) Target entity description: Network Time Security (NTS) is a modern security protocol framework that provides authentication and integrity protection for Network Time Protocol (NTP) to defend against spoofing and man-in-the-middle attacks.
-
A.
Automated Updates of DNS Security (DNSSEC) Trust Anchors
"Automated Updates of DNS Security (DNSSEC) Trust Anchors" is an IETF specification that defines a mechanism for DNS resolvers to automatically maintain and update their DNSSEC trust anchors without manual intervention.
-
B.
Protocol Modifications for the DNS Security Extensions
"Protocol Modifications for the DNS Security Extensions" is an IETF standards-track document (RFC 4035) that specifies how DNSSEC is operationally implemented and processed by DNS resolvers and authoritative servers.
-
C.
Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)
"Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)" is an IETF standard (RFC 7919) that defines secure, standardized finite-field Diffie-Hellman parameter sets for use in TLS to improve cryptographic security and interoperability.
-
D.
DNS Security (DNSSEC) Hashed Authenticated Denial of Existence
DNS Security (DNSSEC) Hashed Authenticated Denial of Existence is a DNSSEC extension that uses cryptographic hashing to provide verifiable, secure proof that a requested DNS name or type does not exist without revealing the full contents of a zone.
-
E.
Temporal Key Integrity Protocol
Temporal Key Integrity Protocol (TKIP) is a legacy wireless security algorithm designed to enhance WEP encryption in early Wi‑Fi networks by dynamically changing encryption keys.
- F. None of above. chosen
Statements (46)
| Predicate | Object |
|---|---|
| instanceOf |
network security protocol
ⓘ
security protocol framework ⓘ |
| abbreviation | NTS NERFINISHED ⓘ |
| abbreviationOf | TLS NERFINISHED ⓘ |
| abbreviationOfProtectedProtocol | NTP NERFINISHED ⓘ |
| appliesTo | client-server NTP communication ⓘ |
| component |
NTS-KE
NERFINISHED
ⓘ
NTS-protected NTP ⓘ |
| definedIn | RFC 8915 NERFINISHED ⓘ |
| designGoal | secure time synchronization over untrusted networks ⓘ |
| doesNotSupport |
broadcast NTP
ⓘ
manycast NTP ⓘ multicast NTP ⓘ |
| enables | secure time distribution over the Internet ⓘ |
| intendedFor |
enterprise NTP deployments
ⓘ
public NTP servers ⓘ |
| layer | application layer ⓘ |
| mitigates |
man-in-the-middle attacks
ⓘ
spoofing attacks ⓘ |
| NTS-KE | Network Time Security Key Establishment NERFINISHED ⓘ |
| NTS-KEUses | TLS NERFINISHED ⓘ |
| protectsProtocol | Network Time Protocol NERFINISHED ⓘ |
| provides |
authentication
ⓘ
integrity protection ⓘ replay protection ⓘ |
| publicationYear | 2020 ⓘ |
| relatedTo | NTPv4 NERFINISHED ⓘ |
| replaces | autokey security mechanism for NTP ⓘ |
| requires | unique client identifiers per association ⓘ |
| securityProperty |
prevents off-path time injection
ⓘ
prevents on-path time modification without detection ⓘ |
| separates | key establishment from time synchronization ⓘ |
| standardizedBy |
Internet Engineering Task Force
ⓘ
surface form:
IETF
|
| status | Proposed Standard ⓘ |
| supports |
IPv4
ⓘ
IPv6 ⓘ multiple NTP servers per key establishment ⓘ stateless server operation ⓘ unicast NTP ⓘ |
| threatModel |
active network attacker
ⓘ
passive network attacker ⓘ |
| uses |
AEAD algorithms
ⓘ
Transport Layer Security NERFINISHED ⓘ cookies for server state ⓘ public key cryptography ⓘ |
| workingGroup | NTP Working Group NERFINISHED ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: Network Time Security (NTS) Description of subject: Network Time Security (NTS) is a modern security protocol framework that provides authentication and integrity protection for Network Time Protocol (NTP) to defend against spoofing and man-in-the-middle attacks.
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.