Centros de radioterapia

The Network Time Protocol (NTP) is a protocol designed to facilitate the exchange the current time and provide a means for accurately establishing the time over a network of computers. The time is transferred as a 64 bit fixed-point quantity, with the top 32 bits representing the time in seconds since the beginning of 1900 and the remaining 32 buts representing the fractions of a second, giving a resolution of about 232 picoseconds and a range of 136 years.

UDP packets are exchanged regularly between hosts which contain that hosts idea of the current time together with its estimatiom of how accurate that value is. Some hosts also have external accurate clocks connected to them derived from such sources as atomic clocks and GPS receivers. They advertise an accurate time which the others synchronise to.

To improve the accuracy, statistics are kept about the round-trip delay times between hosts and how much they vary. Various statistical calculations are made which allow an accurate idea of the time to be derived and maintained.

Chapter 20. Security

20.1. Introduction

Whenever a computer is connected to a network, questions of security arise. Any computer is subject to security problems. Who should be allowed to use it? What data should they be allowed to access? How do you prevent data from being corrupted or transferred to somebody who shouldn’t have it?

Connecting the computer to the network compounds these problems. Now it is possible for people to access the computer without being physically present. In addition, now some of the data is being transferred over the network and passing through other people’s hosts and cables where we have no control. How do we know that the data is coming from where we think it is?

20.2. Authentication

Authentication is the process of verifying that somebody is who they say they are. There are various techniques for doing this relying either on the possession of some unique physical device (including various characteristics of a person such as a fingerprint or retina pattern or a physical device such as an access card) or on the common knowledge of some piece of information which only the person and the computer possess (such as a password).

Unfortunately, when the computers are connected to a network, the authentication information must pass over the network somehow, and it is then prone to capture by other people who then have the information. Even if it is a physical device which is needed, the characteristics of it must pass over the network and if those characteristics are later retransmitted then it can be difficult to tell the difference between the original transmission of the data and a later forgery.

The most common form of authentication today is still the simple password. Passwords are becoming less secure, partly because computers are becoming faster and faster and so it is easier to crack them and partly because they are prone to “sniffing” by observing packets on a local area network. Consequently it is necessary to find replacement techniques for user authentication. Most of the possible replacements rely on the use of one-time-passwords (OTPs) which are like ordinary passwords except they are valid for only one use.

Some OTP systems rely on a user having a physical device which displays a password which changes regularly. The computer knows which password will be displayed at any time and thus knows which to expect. There are problems with such a system in keeping the time on the portable device and the computer synchronised but they can be overcome by having the computer accept any one of a few passwords generated around the correct time and thus being able to calculate the drift of the clock on the portable device. Such a system does rely on the user not losing the device. If it is lost then the security of the system is compromised because the finder can use it to log in to the computer.

Another OTP system uses encryption to generate the passwords. By using a pass phrase which is remembered by the user and typed in to the computer at which he is actually sitting (and thus not passing over the network) it is possible to generate passwords by repeatedly encrypting the phrase. The first time it is used, the pass phrase might be encrypted 100 times. The next time it would be encrypted 99 times and so on. With a good encryption scheme, knowing the passwords which have already been used it will still be impossible to generate the next password to be used. When the pass phrase has been used 100 times (the last with only a single encryption) it will be necessary to choose another pass phrase. This would need to be done while physically located at the computer (so that the pass phrase does not pass over the network) or encrypted in some way using keys which have already been agreed upon.

A related problem is that of authenticating messages on a network. This particularly applies to email messages where you want to be sure that they really come from whom they purport to. There are now systems available which allow this authentication to take place, although they all share the problem that at some stage you have to trust some information that you receive from somebody else.