Skip to content
/ securetime Public
forked from tajchert/securetime

Library for Roughtime protocol on Android. Superior to NTP protocol in terms of security. Based on Java library by int08h https://github.com/int08h/nearenough

License

Apache-2.0 license
0 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

lz000/securetime

BranchesTags
 
 

Repository files navigation

SecureTime (Android Roughtime library)

Library for easy usage of Roughtime protocol on Android (with Rx). This is based on Java library Nearenough by int08h - kudos!

Usage (WIP)

  Observable.fromCallable {
      roughtimeHelper!!.getTime()
  }
  .subscribeOn(Schedulers.io())
  .observeOn(AndroidSchedulers.mainThread())
  .subscribe(
      { result ->
          val midpoint = result.first
          val radiousOfUncertanity = result.second
          val localTimeDiffMilliseconds = result.third
          val localTimeDiffSeconds = TimeUnit.MILLISECONDS.toSeconds(result.third)
          //Use result for something
          Timber.d("Result from server, midpoint: $midpoint, radius(ms): $radiousOfUncertanity, localDiff (ms): $localTimeDiffMilliseconds")
      },
      {
          Timber.e(it)
      })

Dependency

Use Jitpack.io, with Gradle:

    implementation 'com.github.tajchert:securetime:0.0.1'

Add Jitpack in your root build.gradle at the end of repositories:

	allprojects {
		repositories {
			...
			maven { url "https://jitpack.io" }
		}
	}

Why Roughtime, instead of NTP?

  • Secured - responses are signed by server, contains nonce send by client.
  • Scalable - much better handling on backend (signing and batches), compact payload of network packages.
  • Doesn't allow amplification of DDOS attacts.

Why not?

  • It is not millisecond accurate - accuracy is around 1 second.

Much more details on Roughtime

Sample Android App

Command line

Roughtime servers

App is hooked to roughtime.cloudflare.com:2002, second known running server is roughtime.int08h.com:2002. PublicKeys:

  • roughtime.cloudflare.com:2002
    • Base64 = gD63hSj3ScS+wuOeGrubXlq35N1c5Lby/S+T7MNTjxo=
    • hex = 803eb78528f749c4bec2e39e1abb9b5e5ab7e4dd5ce4b6f2fd2f93ecc3538f1a
  • roughtime.int08h.com:2002
    • Base64 = AW5uAoTSTDfG5NfY1bTh08GUnOqlRb+HVhbJ3ODJvsE=
    • hex = 016e6e0284d24c37c6e4d7d8d5b4e1d3c1949ceaa545bf875616c9dce0c9bec1

Known issues

Some requests fail to get response in 5 sec. timeframe. Extending it doesn't seem to solve problem - might be a server issue as it seems to be random and results in Timeout.

Roadmap for this library (help wanted)

  • Separate Rx extension to separate library module
  • Retry mechanism
  • Allow using multiple servers on one getTime()
  • Utilize same interface as TrueTime library to allow for easy switch.
  • In sample app allow for server picker (Cloudflare/int08h) or both servers
  • Debug issue with requests that are not served in 5-10 seconds window.

About

Library for Roughtime protocol on Android. Superior to NTP protocol in terms of security. Based on Java library by int08h https://github.com/int08h/nearenough

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages

  • Java 96.7%
  • Kotlin 3.3%