Skip to content

3.2.5. Design Devices To Have Accurate Time

ID Priority Best Practice
BP 3.2.5.1 Required Use NTP to maintain time synchronization on devices
BP 3.2.5.2 Highly Recommended Provide devices access to NTP servers

Architecture Notes - BP 3.2.5.1 - Use NTP to maintain time synchronization on devices

IoT devices need to have a client to keep track of time—either using Real Time Clock (RTC) or Network Time Protocol (NTP) to set the RTC on boot. Failure to provide accurate time to an IoT device could prevent it from being able to connect to the cloud.

Recommendation 3.2.5.1.1 - Prefer NTP to RTC when NTP synchronization is available

  • Many computers have an RTC peripheral that helps in keeping time. Consider that RTC is prone to clock drift of about 1 second a day, which can result in the device going offline because of certificate invalidity.

Recommendation 3.2.5.1.2 - Use Network Time Protocol for connected applications

  • Select a safe, reliable ntp pool to use, and a one that addresses your security design.
  • Many operating systems include an NTP client to sync with an NTP server
  • If the IoT device is using GNU/Linux, it’s likely to include the ntpd daemon
  • You can import an NTP client to your platform if using Amazon FreeRTOS
  • The device’s software needs to include an NTP client and should wait until it has synchronized with an NTP server before attempting a connection with AWS IoT Core
  • The system should provide a way for a user to set the device’s time so that subsequent connections can succeed.
  • Use NTP to synchronize RTC on the device to prevent the device from deviating from UTC

Architecture Notes - BP 3.2.5.2 - Provide devices access to NTP servers

An NTP server should be available for clients to use for local time. NTP servers are required by NTP clients to synchronize device time and function properly.

Recommendation 3.2.5.2.1 - Provide access to NTP services

  • ntp.org - can be used to synchronize your computer clocks.
  • Amazon Time Sync Service: a time synchronization service delivered over NTP, which uses a fleet of redundant satellite-connected and atomic clocks in each Region to deliver a highly accurate reference clock. This is natively accessible from Amazon EC2 instances and this can be pushed to edge devices.
  • Chrony is a different implementation of NTP than what ntpd uses and it’s able to synchronize the system clock faster and with better accuracy than ntpd. Chrony can be set up as a server and client.
  • https://chrony.tuxfamily.org/

Additional Resources

  1. The Internet of Things on AWS – Official Blog: Using Device Time to Validate AWS IoT Server Certificates
  2. AWS News Blog: Keeping Time With Amazon Time Sync Service
  3. Setting time for your instance
Back to top