​​​​​​Axis is adding support for Network Time Security (NTS) in AXIS OS 11.1, scheduled for November 2022. NTS provides cryptographic security for the client-server mode of the Network Time Protocol (NTP), allowing users to obtain time in an authenticated manner.

What will change?

  • Nothing will change if you do not integrate it. It is backwards compatible.

What are the benefits of this change?

Time synchronization between devices has always been a critical part of relying on security solutions to work. With a growing set of security features, such as certificate validation, tokens, and signed video, which requires time to be trusted, it is getting even more important.

  • Time synchronization is traditionally done using NTP (Network Time Protocol) which does a great job of synchronizing the time, but since everything is sent in clear text, there is a possibility to modify the time between the server and the device. NTS is an extension of NTP and NTP will still be used for time synchronization, but NTS adds a layer of security by authentication of the server and validation of every packet.
  • Using NTS will make sure that the device only gets time from sources that are trusted, with every synchronization authenticated and validated while keeping the time synchronization features of the NTP protocol.

Are there any limitations?

  • NTS will be available in AXIS OS 11.1 and later.

How to identify if the device have support for NTS or not?

  • NTP API version 1.3 supports NTS extension.
  • API discovery will tell you the version of NTP API.

What should be taken into consideration when doing an integration?

  • The NTS server needs to be reachable from the device to be able to synchronize it.
  • If a device is configured to use NTS, it will never fall back to using NTP. This is to make sure that a user can rely on that when NTS is enabled and time is synchronized, it is done in a secure way.