Secure File Transfer Alternatives

Overview

Transferring files between machines (and users) is a common occurrence. Perhaps you need to send a class roster spreadsheet to an office assistant or a document containing a grant proposal to a colleague at another University. In each of these cases, it's important to know what options are available to get your file from point A to point B and to understand whether the method you choose provides adequate security given the sensitivity of the data being transferred. This document will describe some of the most common protocols that can be used to transfer files and it will list the pros and cons for each.

Terminology

Cryptography
Cryptography is the science of enabling secure electronic communications between a sender and one or more recipients.
Encryption
Encryption is the process of taking normal text (plaintext) and making that plaintext unintelligible by anyone other than those possessing the correct key. This unintelligible text is commonly referred to as ciphertext.
Decryption
Decryption is the process of applying a key to encrypted data and obtaining the original plaintext.
Key
A key is a value that is applied to plaintext during the encryption process to generate ciphertext, and is applied during the decryption process to convert ciphertext into plaintext.

Alternatives

FTP

File Transfer Protocol (FTP), as its name implies, was developed to transfer files from one machine to another reliably and efficiently. When an FTP connection from machine A to machine B is attempted, machine B will (optionally) prompt for a valid username and password. Once the authentication process is complete, the file(s) can be transferred between the machines. FTP, though efficient for transferring files, lacks any significant security features. The username, password, and file(s) are sent across the network unencrypted (i.e., in plaintext). In addition, there are no built-in safeguards to ensure that the machine on the other end of the FTP connection (machine B in this example) is who it claims to be.

Pros Cons
  • very ubiquitous
  • very efficient
  • username/password not encrypted
  • file in transit not encrypted
  • not guaranteed that the remote FTP server is who it claims to be

FTP an encrypted file

To use FTP and have the data protected while it is in transit on the network you'll need to encrypt the file before transferring it with FTP. This file encryption can be performed using utilities such as PGP, gpg, and with PKZIP's encryption features. In addition to protecting the file while in transit, file encryption also provides protection to the file while it is stored on the machines. Obviously, this requires that the file remain in its encrypted state.

Encryption is not without issues, but those are usually minor and can be worked around. And, since we are still using FTP as the transport, this method still has some of the same issues that were discussed above concerning FTP. Namely, the username and password are still sent across the network in plaintext and there are no built-in safeguards to ensure that the machine on the other end of the FTP connection is who it claims to be.

Pros Cons
  • very ubiquitous
  • very efficient
  • file in transit is encrypted
  • file protected while stored on the machines as long as it remains encrypted
  • username/password not encrypted
  • not guaranteed that the remote FTP server is who it claims to be
  • if encryption of file fails, or unecrypted version of file is mistakely sent, the file in transit is not encrypted
  • PGP and gpg key management and interoperability (minor)

FTP tunneled through SSH

Tunneling (also known as port forwarding) is a term used to describe what happens when you configure one protocol (e.g., FTP) to send its traffic across another protocol's (e.g., SSH) network connection. Tunneling can be performed for several reasons, but one of its primary uses is to improve the security of network communications.

Secure Shell (SSH) is a protocol that provides encrypted network communications between two machines. It is commonly used as a replacement for insecure protocols such as telnet and rlogin. An additional benefit of connecting to a machine using SSH is that it is possible to tunnel plaintext network traffic (e.g., FTP, POP3, etc.) through the established SSH connection so that the plaintext network traffic is encrypted by the SSH protocol. These tunnels are established by telling the insecure client (e.g., FTP) to connect to the local SSH client and by telling the SSH client to listen for the insecure client's connection.

One issue when tunneling FTP traffic over SSH is in the way that FTP handles its network connections. The FTP protocol uses two separate network connections when transferring files from one host to another. The first network connection, the control channel, is used to send commands between the FTP client and server that control the file transfer. The second network connection, the data channel, is used to transfer the actual file. When tunneling FTP, only the control channel is sent across the encrypted tunnel. The authentication process is done via FTP's control channel, so the username and password are protected by the tunnel. However, since the data channel is not tunneled, the file that is sent is not protected by the tunnel. Therefore, it is best to encrypt the file (as described above) before transferring it with this method.

SSH Communications Security has extended the normal port forwarding feature of its SSH client to address this dual-channel issue. This extended feature, called FTP forwarding tunnels both the control and data channels. As of this writing, this feature is only available in SSH's Windows client.

Pros Cons
  • username/password is encrypted in transit via tunnel
  • file in transit not encrypted
  • must be combined with file encryption to protect data
  • have to have an SSH connection already established to the host that you want to transfer the file to
  • configuration of the tunnel can be tricky

E-mail

Simple Mail Transfer Protocol (SMTP) is a protocol used for transmitting email messages on the Internet, and it can also be used to transfer files as attachments. Where protocols such as FTP normally only transfer its content (i.e., files in the case of FTP), between two machines, SMTP's content (i.e., email messages and attachments) can travel through several machines before ending up in the recipient's email inbox. SMTP performs no user authentication nor does it do any sort of data encryption. Only non-important files should be transferred using SMTP.

Pros Cons
  • very ubiquitous
  • no authentication (e.g., username/password) required
  • email messages and attachment not encrypted
  • email messages travel through a number of machines

E-mail an encrypted file

To use SMTP and have the file attachment protected while it is in transit on the network you'll need to encrypt the file before sending it as an attachment in email. This file encryption can be performed using utilities such as PGP, gpg, and with PKZIP's encryption features. In addition to protecting the file while in transit, file encryption also provides protection to the file while it is stored on the machines. Obviously, this requires that the file remain in its encrypted state.

Encryption is not without issues, but those are usually minor and can be worked around. And, since we are still using SMTP as the transport, this method still has some of the same issues that were discussed above concerning SMTP. Namely, SMTP traffic can travel through several machines, SMTP performs no user authentication nor does it do any sort of data encryption.

Pros Cons
  • very ubiquitous
  • file attachment in transit is encrypted
  • file protected while stored on the machines as long as it remains encrypted
  • no authentication (e.g., username/password) required
  • email messages travel through a number of machines
  • PGP and gpg key management and interoperability (minor)

HTTP

HyperText Transfer Protocol (HTTP) is a protocol commonly used to transfer hypertext documents between a web server and a web browser. HTTP also provides the ability to transfer files using GET and PUT commands. HTTP performs no user authentication nor does it do any sort of data encryption. Only non-important files should be transferred using HTTP. And, under no circumstances should authentication data (e.g., passwords) be validated through an HTTP web page.

Pros Cons
  • very ubiquitous
  • no authentication (e.g., username/password) required
  • file in transit not encrypted
  • no guarantees that the web server is who it says it is

HTTPS

HTTPS is the term used to describe using HTTP over a Secure Socket Layer (SSL). SSL uses cryptography to encrypt the data between the web server and web browser, and it also uses digital signatures to authenticate the web server to the web browser. In addition, username and password authentication can be performed for user access since SSL also protects the authentication data while it is in transit. https://www.slashtmp.iu.edu/ is an example of a web server that uses HTTPS for file transfers.

Pros Cons
  • very ubiquitous
  • username/password is encrypted in transit
  • file in transit is encrypted
  • digital signatures can be used to verify identify of web server that is using SSL
  • requires a web server that has been configured to handle file transfers

VPN

A Virtual Private Network (VPN) can be used to establish an encrypted network connection between two machines on a network. Normally, a VPN server is setup to provide remote (i.e., home office and traveling) users with secure connectivity to the enterprise network. A connection to a VPN server is also referred to as a tunnel because it tunnels all of the traffic between the client machine and the VPN server using an encrypted connection.

It's important to note that a VPN server acts as an intermediary between the remote client machine and the client's intended target machine (e.g., an FTP server, web server, etc.). Since a VPN server only provides encryption between the remote client machine and the VPN server itself, traffic between the VPN server and the intended target machine falls back to the security of the underlying protocol (e.g., FTP, HTTP, HTTPS, etc.).

This is easiest explained by way of an example. A home user using client machine A connects to a VPN server on machine B. Then, the user decides to send a file via FTP to an FTP server that resides on machine C. The network traffic from machine A to machine B is encrypted using the VPN tunnel. However, the traffic from machine B to machine C is not protected by the tunnel and would be vulnerable to all of the problems outlined above in our discussion of the FTP protocol.

Pros Cons
  • encrypts all network traffic between client machine and VPN server
  • only encrypts network traffic between client machine and VPN server, so traffic from the VPN server to the intended target machine reverts back to the security of the underlying protocol

SFTP

Secure FTP (SFTP) is an application that uses SSH to encrypt the entire file transfer process. SFTP provides an interactive interface that is similar to that of FTP. In addition, the command line version of SFTP is scriptable in that it allows you to specify a batch file to control the file transfer process. A benefit of SFTP is its use of SSH's cryptographic functions to verify the server's identity to the client.

Not all versions of SSH support SFTP, so compatibility issues might come into play. Some products that do are OpenSSH, Secure iXplorer, and Putty.

Pros Cons
  • username/password is encrypted in transit
  • data in transit is encrypted
  • digital signatures used by SSH/SFTP can be used to verify identify of server
  • provides interactive interface and is scriptable
  • requires an SSH server that supports SFTP

SCP

Secure CoPy (SCP) is another application that uses SSH to encrypt the entire file transfer process. Whereas SFTP provides an interactive interface similar to that of FTP, SCP is modeled after the UNIX rcp command and provides one-at-a-time file transfers. A benefit of SCP is its use of SSH's cryptographic functions to verify the server's identity to the client.

Some products that support SCP are WinSCP, OpenSSH, Secure iXplorer, and Putty.

Pros Cons
  • username/password is encrypted in transit
  • data in transit is encrypted
  • digital signatures used by SSH/SFTP can be used to verify identify of server
  • simplistic command interface
  • not as flexible as SFTP

Stunnel

Stunnel is a program that allows tunneling of network connections using SSL. While robust, it is considerably more difficult to configure and use than tunneling via SSH.

Some products that support SCP are WinSCP, OpenSSH, Secure iXplorer, and Putty.

Pros Cons
  • all data in transit between tunnel endpoints is encrypted
  • digital signatures can be used to verify identify of endpoints
  • can be difficult to configure

Summary

As you can tell, there are numerous alternatives available to transmit a file from one location to another on the Internet. And, all of these alternatives have various security characteristics. When selecting one of these methods, there are four primary issues that you must take into consideration:

  • Sensitivity of the data being transferred.
  • Protection afforded the data while in transit on the network.
  • Protection afforded the authentication data (i.e., username and password) while in transit on the network.
  • Protection afforded the data while stored on the machines.

For most general purpose file transfers, SFTP and/or SCP should fit your needs adequately. If the data is particularly sensitive, you should also consider encrypting the file before using SFTP and/or SCP to perform the actual transfer.

Security & Policy Blog Posts

  • May 17, 2013 at 12:52 PM

    • Critical Linux Kernel Security Update
    A local, unprivileged user can use a Linux kernel flaw to gain escalated privileges, without authentication, on a system running a Linux kernel. Technical details, as well as exploit code, have been publically released.
  • April 10, 2013 at 4:07 PM

    • S/MIME certificates available
    S/MIME certificates are now available to all IU personnel at no cost.
  • March 13, 2013 at 4:00 PM

    • Policy Draft IT-28 Provisioning of IT Services
    IU VP for IT and Chief Information Officer, Brad Wheeler, spoke at a town hall meeting on March 8th on the subject of, “Mitigating Cyber Risks,” including the current risk environment, and the development of IT-28.
  • March 1, 2013 at 5:06 PM

    • Domain 12: Compliance
    As Jacqueline Simmons explains, IU operates in a complex legal, regulatory, & contractual environment, with responsibilities to comply with applicable legal, regulatory, & contractual requirements regarding safeguards over information and information assets. Doing so protects the university's reputation & minimizes the risk of negative financial consequences associated with noncompliance.

    Recent Security Bulletins

  • February 12, 2013 at 11:03 AM

    • Vulnerabilities in Adobe ColdFusion
    This bulletin details four recently published, critical rated, vulnerabillies in Adobe ColdFusion and ways to mitigate the risk of them being exploited including the hotfix for supported versions.
  • January 22, 2013 at 9:02 AM

    • Java Security Recommendations
    As the use of Java applets on websites continues to diminish and in light of the rash of recent vulnerability exploits, the implications of installing Java for use in web browsers should be considered carefully.
  • January 10, 2013 at 1:59 PM

    • Zero Day Java 7 Vulnerability
    On January 10, 2013, security researchers reported a zeroday vulnerability in Oracle Java 1.7u10.
  • November 8, 2012 at 3:50 PM

    • Vulnerability in Symantec Endpoint Protection
    On November 5th, 2012, the United States Computer Emergency Readiness Team (US-CERT) website announced their researcher had discovered a vulnerability in the way some versions of Symantec Endpoint Protections handle CAB