Security of information systems
secure file transfer
Who? Mateusz Grotek, 186816 Paweł Tarasiuk, 186875
Table of contents
IntroductionProblem statement
Different aspects of security Possible approaches
SSH
Why SSH? SSH protocols
How to transfer files through SSH? Different solutions FTPS NFS SMB Summary Questions
Problem statement
The meaning of the term file transfer in general refers to downloading/uploading a file from/to an external filesystem. While the definition applies e.g. to file transfer between a computer and a USB memory stick, we are going to focus on transferring files in computer networks.
The problem of file transfer security is related to both the processes of user authentication and authorization, and to a method of encryption of the transferred data (so sniffing would not reveal the file contents).
Authentication and authorization
It is possible to distinguish some important aspects of file transfer security. The most important distinction is the distinction between authentication and
authorization.
Authentication Authentication is a process, which shows that the claimed identity of a user matches the actual identity.
Authorisation Authorization is a process, which checks if a user is allowed to perform some actions.
Filesystem access vs. single file access
It is important to distinguish different sorts of access.Filesystem Which users are allowed to access which filesystems and how can they do it (read, write, execute)?
Files/Directories Which users are allowed to access which files/directories and how can they do it (read, write, execute)?
As far as remote execution has nothing to do with file transfer we are going to focus on the read/write access. Filesystem access and single file access can be separated. E.g. in FTP after authenticating successfully we are allowed to access the filesystem, but it does not mean we are automatically allowed to access all files in the filesystem. In NFS we may mount a filesystem, but it does not mean we can automatically access all its files and directories.
Possible approaches
We can use a dedicated secure protocol (e.g. SSH File Transfer Protocol).
We can use a non-secure protocol over a secure
connection (e.g. FTP over SSL/TLS, or HTTP through an IPSec tunnel/VPN).
Many different solutions of the problem
X over SSL/TLS (X ∈ {HTTP, FTP, . . .})
X over IPSec/VPN (X ∈ {HTTP, FTP, rsync, . . .}) X over SSH tunnel (X ∈ {HTTP, FTP, rsync, . . .}) native SSH protocols
NFS version 4 (thanks to RPCSEC_GSS) SMB version 3
What is good about SSH?
Open standards (RFC) and open source implementations Implementations exist for almost every platform
It is a mature, well understood technology Many authentication options
host
challenge-response (including simple password-based) public key
GSSAPI
PAM (Pluggable Authentication Modules) Many additional features including:
file transfer
tunneling and port forwarding (including X Window System support)
Key properties of how SSH works
RFC4251 states three key properties of how SSH works: All encryption, integrity, and public key algorithms used are well-known, well-established algorithms.
All algorithms are used with cryptographically sound key sizes that are believed to provide protection against even the strongest cryptanalytic attacks for decades.
All algorithms are negotiated, and in case some algorithm is broken, it is easy to switch to some other algorithm without modifying the base protocol.
SSH and its protocols
SSH consists of 3 protocols: transport layer protocol user authentication protocol connection protocol
FISH
Just use unix commands, that’s how simple it is!
Pros
conceptually simple easy to implement
Cons
available only on unices it is just a hack
SCP
It is just a specific way of doing FISH
Pros
conceptually simple
Cons
it is just a hack no standard
FTP over SSH tunnel
Just use SSH tunnels for FTP
Pros
conceptually simple
both SSH and FTP have RFC documents there are many FTP clients to choose
Cons
SFTP
This is the secure file transfer protocol. Do not confuse it with:
FTPS (FTP over SSL)
SFTP (simple file transfer protocol)
Pros
dedicated solution for file transfer extension of SSH, not just a hack documented in the IETF drafts
Cons
you need a whole SSH server to use it
FTP or HTTP over SSL/TLS (FTPS)
Just use FTP or HTTP over SSL/TLS
Pros
there are many FTP/HTTP clients to choose readily available in browsers
you can use the same SSL/TLS infrastructure for all services
documented in RFCs
Cons
certificates nightmare
NFS version 4 with RPCSEC_GSS
It is possible to secure NFS by using RPCSEC_GSS module. The solution is based on Kerberos.
Pros
documented in RFCs
all file operations of the OS available
Cons
Unix centric
SMB version 3
SMB (Server Message Block) version 3 added
AES-CCM encryption. It can use either NTLM version 2 or Kerberos.
Pros
available in Windows, which is popular
Cons
Windows-centric solution
available only since 2012, not available in previous versions of Windows
And the winner is...
In our opinion there are three winners of the comparison. One of them is SFTP. It is included in most SSH clients and very easy to use. Another winner is FTP over SSH, because it allows people to choose any client they want (FTP is implemented in most file transfer programs). The last winner is FTPS, because it is implemented in browsers and also very easy to use. All of these
technologies are platform agnostic. We do not think it is useful to use platform specific technologies. All of these technologies have open standards (or drafts of these) and open source clients. Therefore after deploying one of these solutions it is easy to switch to other software if the chosen one does not work as expected.
Our idea for the practical task
Out idea of practical task consists of showing all SSH based solutions. The most important of them is SFTP and we will focus on this one. We would like to focus on public key authentication and password authentication, but we will also briefly investigate PAM.
The second technology we would like to use is FTPS, which is very popular and it is important to understand how to use it and how it works.
After configuring both of the solutions we would like to benchmark them in terms of the amount of generated network traffic and used system resources.