I'm studying Kerberos and other Key Exchange Protocols.
They always (or very often) require that the clocks are synchronized. To this purpose they periodically probe a time-server. This is said to be a critical operation because new kind of attacks arise. But which attacks?
Kerberos requires synchronised clocks mainly to ensure the messages are fresh and to thwart replay attacks. The messages include timestamps so that those with outdated timestamps (e.g. more than 5 minutes) will be thrown away (although there is still a time window in which replay is possible).
Many key exchange protocols don't use timestamps because clock synchronisation is often problematic and difficult. Nonce based based challenge response is used instead to prevent replay attacks.
