Time synchronisation is a discreet yet fundamental technical base of digital systems. The Network Time Protocol (NTP) is specifically intended to ensure the temporal alignment of machines connected to a network, by providing them with a shared time reference. Used across almost all IT infrastructures, NTP ensures that event logs remain consistent and that transactions are recorded in the correct order. From the moment digital systems generate, exchange or retain data that bear legal value, the reliability of that time reference becomes an issue of security and proof.
Understanding what NTP is, how it works and where its limits lie helps explain the challenges of maintaining the temporal integrity of electronic data.
Table of contents
- What is NTP (Network Time Protocol)?
- How does the NTP protocol work?
- What are the limitations and vulnerabilities of the NTP protocol?
- Why is the NTP protocol fundamental to electronic timestamping?
- Practical business implications: data security and traceability
- Why trust Evidency’s timestamping services?
Key points on NTP Protocol
- The NTP protocol is a technical mechanism designed to synchronise the clocks of computer systems within a network.
- This shared time reference becomes decisive where the date and time of an event are relied upon for evidential purposes.
- As NTP may be subject to alteration, the reliability of a timestamped element must be reinforced through the issuance of a timestamp token delivered by an eIDAS-qualified trust service provider.
What is NTP (Network Time Protocol)?
The NTP protocol refers to a standardised mechanism for time synchronisation between computer systems connected to a network, enabling separate machines to share a common time reference despite the natural drift of their internal clocks.
Its role is to correct these discrepancies by aligning local clocks with universal time servers, in order to preserve a coherent time base, compatible with operational and security requirements.
Definition of NTP
From a technical standpoint, NTP is a network protocol that compares a system’s local time with a reference server and then adjusts the clock to correct any time difference.
It relies on a hierarchical structure known as stratum, at the top of which sit highly precise time sources such as atomic clocks or GPS signals. These sources feed intermediate servers, which then distribute the time to client systems.
Each exchange makes it possible to estimate the time difference and network delay, allowing the computer’s clock to be adjusted gradually. This mechanism is intended to ensure consistent time synchronisation across systems.
Why is time synchronisation essential?
Time synchronisation underpins the operations of information systems that rely on automated exchanges and traceability mechanisms.
A shared time reference makes it possible to order events, reconstruct sequences of actions and use technical logs in a reliable manner.
By contrast, when clocks are not synchronised, incident analysis becomes more difficult and time-based security mechanisms are weakened.
How does the NTP protocol work?
The NTP protocol operates through regular exchanges between client systems and time servers in order to assess and then correct any time differences.
Hierarchical architecture of time servers (stratum)
NTP is based on a hierarchical structure organised into levels, known as stratum, which defines how the time reference is produced and then distributed across networks.
- Stratum 0: highly precise reference time sources that are not directly accessible over the network (atomic clocks, GPS signals).
- Stratum 1: servers directly connected to a stratum 0 source. In the United Kingdom, the National Physical Laboratory (NPL) maintains the national time scale, UTC(NPL), and operates reference time services that disseminate the legal time.
- Stratum 2 and above: intermediate servers and end clients that synchronise with higher-level servers in order to relay time at scale.
This hierarchy makes it possible to distribute a shared time reference while controlling the load on primary sources and ensuring a controlled dissemination of time.
NTP exchanges and system clock adjustment
When a client queries an NTP server, several messages are exchanged to estimate both the time difference and the network transmission delay.
The system then calculates the necessary adjustment, with millisecond-level precision.
This correction is applied gradually to avoid abrupt changes to system time and to preserve application stability.
What are the limitations and vulnerabilities of the NTP protocol?
While NTP provides a well-established technical foundation for time synchronisation, it nevertheless has inherent limitations that can be an issue if the time reference becomes a matter of security or evidence.
Risks of time manipulation
NTP may be exposed to manipulation scenarios aimed at altering a system’s reference time.
Spoofing attacks or the injection of a rogue time server may cause a client to accept an incorrect time, advanced or delayed.
An intentionally introduced time drift then affects the dating of events, alters the chronological order of recorded actions, and undermines the reliability of the system’s digital traceability.
Impacts on cybersecurity
Any alteration to time synchronisation has direct consequences for security mechanisms.
- Inconsistent event logs make incident analysis and alert correlation within monitoring systems more difficult.
- Time-dependent mechanisms, such as qualified timestamping and electronic seals and signatures, may thus lose their internal consistency.
In a litigation or audit context, such discrepancies make it harder to establish a reliable chronology, thereby weakening the evidential weight of timestamped data.
Why is the NTP protocol fundamental to electronic timestamping?
Electronic timestamping relies on the ability to associate a certain date and time with digital data or documents.
In this respect, NTP acts as a technical link that helps ensure the temporal accuracy of the systems that generate or rely on such timestamps.
Timestamping relies on a reliable time source
For a timestamp to be usable, the systems that generate it must rely on a shared time reference. NTP aligns the clocks of application servers and technical infrastructures on the same time base, which is necessary to avoid discrepancies in dating. This synchronisation provides a consistent internal timeline, which is required for a timestamp to have legal effect under eIDAS.
NTP as a technical component, not an evidential guarantee
NTP provides the technical foundation required for time synchronisation. It aligns system clocks, but on its own it does not guarantee the integrity of the process, nor does it prevent the time reference from being altered.
For a timestamp to have legal effect, it must be generated within a controlled and traceable framework that can be relied upon in the event of a dispute. This is the role of a trust service provider, such as Evidency, which secures the time source, seals the timestamp and ensures its admissibility in accordance with the eIDAS framework.
How does NTP help build a chain of trust?
Using NTP helps keep time consistent across all servers involved in generating timestamps. This ensures that timestamps are based on the same stable time reference, reducing discrepancies between systems.
By providing this continuous time consistency, NTP supports the reliability of date-related information. It therefore contributes to a temporal chain of trust on which timestamping mechanisms with higher legal requirements can be built.
Practical business implications: data security and traceability
Poor clock synchronisation can trigger a cascade of issues across information systems. Misaligned clocks undermine the analysis of security incidents by making it difficult to accurately reconstruct events or to correctly order records within a database. Such time discrepancies can, for example, lead to the invalidation of an electronic signature. This, in turn, weakens an evidential file or creates a risk of non-compliance during audits.
Why trust Evidency’s timestamping services?
Evidency is an eIDAS-qualified trust service provider, accredited by ANSSI. This status is based on the use of secure, audited and reliable time sources, built into an infrastructure designed to prevent any tampering with the time reference.
As a result, each timestamp token issued by Evidency constitutes legally enforceable evidence and benefits from a presumption of reliability. If a timestamp is challenged, the burden of proof lies with the party disputing it.
The NTP protocol provides a shared time reference across information systems, which is necessary for consistency and traceability. However, NTP alone is only a technical foundation. It does not, by itself, meet the legal standards required for electronic evidence. Where date and time are relied upon as evidence, their integrity must be demonstrable. This is why timestamps should be issued by an eIDAS-qualified trust service provider, capable of delivering time evidence that can withstand audit and legal scrutiny.
Disclaimer
The opinions, presentations, figures and estimates set forth on the website including in the blog are for informational purposes only and should not be construed as legal advice. For legal advice you should contact a legal professional in your jurisdiction.
The use of any content on this website, including in this blog, for any commercial purposes, including resale, is prohibited, unless permission is first obtained from Evidency. Request for permission should state the purpose and the extent of the reproduction. For non-commercial purposes, all material in this publication may be freely quoted or reprinted, but acknowledgement is required, together with a link to this website.
