Security of information systems secure file transfer

Transcription

1 Security of information systems secure file transfer Who? Mateusz Grotek, Paweł Tarasiuk, When? October 30, 2012

2 Introduction SSH Different solutions Summary Questions Table of contents Problem statement Different aspects of security Possible approaches Why SSH? SSH protocols How to transfer files through SSH? FTPS NFS SMB

3 Problem statement The meaning of the term file transfer in general refers to downloading/uploading a file from/to an external filesystem. While the definition applies e.g. to file transfer between a computer and a USB memory stick, we are going to focus on transferring files in computer networks. The problem of file transfer security is related to both the processes of user authentication and authorization, and to a method of encryption of the transferred data (so sniffing would not reveal the file contents).

4 Authentication and authorization It is possible to distinguish some important aspects of file transfer security. The most important distinction is the distinction between authentication and authorization. Authentication Authorisation Authentication is a process, which shows that the claimed identity of a user matches the actual identity. Authorization is a process, which checks if a user is allowed to perform some actions.

5 Filesystem access vs. single file access It is important to distinguish different sorts of access. Filesystem Which users are allowed to access which filesystems and how can they do it (read, write, execute)? Files/Directories Which users are allowed to access which files/directories and how can they do it (read, write, execute)? As far as remote execution has nothing to do with file transfer we are going to focus on the read/write access. Filesystem access and single file access can be separated. E.g. in FTP after authenticating successfully we are allowed to access the filesystem, but it does not mean we are automatically allowed to access all files in the filesystem. In NFS we may mount a filesystem, but it does not mean we can automatically access all its files and directories.

6 Possible approaches We can use a dedicated secure protocol (e.g. SSH File Transfer Protocol). We can use a non-secure protocol over a secure connection (e.g. FTP over SSL/TLS, or HTTP through an IPSec tunnel/vpn).

7 Many different solutions of the problem X over SSL/TLS (X {HTTP, FTP,...}) X over IPSec/VPN (X {HTTP, FTP, rsync,...}) X over SSH tunnel (X {HTTP, FTP, rsync,...}) native SSH protocols NFS version 4 (thanks to RPCSEC_GSS) SMB version 3...

8 What is good about SSH? Open standards (RFC) and open source implementations Implementations exist for almost every platform It is a mature, well understood technology Many authentication options host challenge-response (including simple password-based) public key GSSAPI PAM (Pluggable Authentication Modules) Many additional features including: file transfer tunneling and port forwarding (including X Window System support)

9 Key properties of how SSH works RFC4251 states three key properties of how SSH works: All encryption, integrity, and public key algorithms used are well-known, well-established algorithms. All algorithms are used with cryptographically sound key sizes that are believed to provide protection against even the strongest cryptanalytic attacks for decades. All algorithms are negotiated, and in case some algorithm is broken, it is easy to switch to some other algorithm without modifying the base protocol.

10 SSH and its protocols SSH consists of 3 protocols: transport layer protocol user authentication protocol connection protocol

11 FISH Just use unix commands, that s how simple it is! Pros conceptually simple easy to implement Cons available only on unices it is just a hack no standard

12 SCP It is just a specific way of doing FISH Pros conceptually simple Cons it is just a hack no standard

13 FTP over SSH tunnel Just use SSH tunnels for FTP Pros conceptually simple both SSH and FTP have RFC documents there are many FTP clients to choose Cons not a dedicated secure file transfer solution

14 SFTP This is the secure file transfer protocol. Do not confuse it with: FTPS (FTP over SSL) SFTP (simple file transfer protocol) Pros dedicated solution for file transfer extension of SSH, not just a hack documented in the IETF drafts Cons you need a whole SSH server to use it not actually a standard (drafts are not standards)

15 FTP or HTTP over SSL/TLS (FTPS) Just use FTP or HTTP over SSL/TLS Pros there are many FTP/HTTP clients to choose readily available in browsers you can use the same SSL/TLS infrastructure for all services documented in RFCs Cons certificates nightmare authentication has to be developed separately

16 NFS version 4 with RPCSEC_GSS It is possible to secure NFS by using RPCSEC_GSS module. The solution is based on Kerberos. Pros documented in RFCs all file operations of the OS available Cons Unix centric Kerberos is complicated

17 SMB version 3 SMB (Server Message Block) version 3 added AES-CCM encryption. It can use either NTLM version 2 or Kerberos. Pros available in Windows, which is popular Cons Windows-centric solution available only since 2012, not available in previous versions of Windows

18 And the winner is... In our opinion there are three winners of the comparison. One of them is SFTP. It is included in most SSH clients and very easy to use. Another winner is FTP over SSH, because it allows people to choose any client they want (FTP is implemented in most file transfer programs). The last winner is FTPS, because it is implemented in browsers and also very easy to use. All of these technologies are platform agnostic. We do not think it is useful to use platform specific technologies. All of these technologies have open standards (or drafts of these) and open source clients. Therefore after deploying one of these solutions it is easy to switch to other software if the chosen one does not work as expected.

19 Our idea for the practical task Out idea of practical task consists of showing all SSH based solutions. The most important of them is SFTP and we will focus on this one. We would like to focus on public key authentication and password authentication, but we will also briefly investigate PAM. The second technology we would like to use is FTPS, which is very popular and it is important to understand how to use it and how it works. After configuring both of the solutions we would like to benchmark them in terms of the amount of generated network traffic and used system resources.

20 Questions Feel free to ask!