Mitigation-page

MID-037: Network Timestamps

Mitigation Tier: Foundational

Description

Network timestamps have multiple use-cases in a device. They can be used to reject messages that are too old, be used as unique seeds for certain functions, aid with logging, and be used to synchronize network data interactions across multiple devices. Timestamps can also be used to prevent replay attacks, either as an additional piece of information alongside a nonce (MID-036 - Cryptographic Nonces) or to reject data that is too old, which may be another indicator of a replayed message.

Limitations: Timestamp-based packet rejection may present operational issues if network guarantees aren’t met or if adversaries derive a means to slow down packet delivery. In both of these cases, valid packets may be delivered late, and the device may reject them.

IEC 62443 4-2 Mappings

  • CR 3.1 – Communication integrity (1) Communication authentication

References

[1] E. Barker. “NIST 800-89 - Recommendation for Obtaining Assurances for Digital Signature Applications.” nist.gov. Accessed: Aug. 28, 2024. [Online.] Available: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-89.pdf

[2] E. Barker. “NIST 800-102 - Recommendation for Digital Signature Timeliness.” nist.gov. Accessed: Aug. 28, 2024. [Online.] Available: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-102.pdf]

[3] F. Farha, H. Ning, S. Yang, J. Xu, W. Zhang and K. -K. R. Choo, “Timestamp Scheme to Mitigate Replay Attacks in Secure ZigBee Networks,” in IEEE Transactions on Mobile Computing, vol. 21, no. 1, pp. 342-351, 1 Jan. 2022, doi: 10.1109/TMC.2020.3006905.