DEVELOPMENT OF A SECURE FILE TRANSFER PROTOCOL FOR AN ENTERPRISE AND CAMPUS NETWORK



Similar documents
Secure Data Transfer

SSH Secure Client (Telnet & SFTP) Installing & Using SSH Secure Shell for Windows Operation Systems

DSI File Server Client Documentation

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

Secure Shell. The Protocol

Secure File Multi Transfer Protocol Design

Installing and Configuring vcenter Multi-Hypervisor Manager

Setting Up Scan to SMB on TaskALFA series MFP s.

QUANTIFY INSTALLATION GUIDE

How To Understand And Understand The Security Of A Key Infrastructure

My FreeScan Vulnerabilities Report

Sharp Remote Device Manager (SRDM) Server Software Setup Guide

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

WWA FTP/SFTP CONNECTION GUIDE KNOW HOW TO CONNECT TO WWA USING FTP/SFTP

Experian Secure Transport Service

Directory and File Transfer Services. Chapter 7

How To Set Up Safetica Insight 9 (Safetica) For A Safetrica Management Service (Sms) For An Ipad Or Ipad (Smb) (Sbc) (For A Safetaica) (

TELE 301 Network Management. Lecture 16: Remote Terminal Services

File Transfer And Access (FTP, TFTP, NFS) Chapter 25 By: Sang Oh Spencer Kam Atsuya Takagi

Sysax Multi Server User manual

BASIC ANALYSIS OF TCP/IP NETWORKS

Easy Setup Guide 1&1 CLOUD SERVER. Creating Backups. for Linux

Linux VPS with cpanel. Getting Started Guide

IIS, FTP Server and Windows

Step-by-Step Configuration


Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

Chapter 17. Transport-Level Security

Connecting to the School of Computing Servers and Transferring Files

Accessing the FTP Server - User Manual

Understanding Secure Shell Host Keys

User Guide. WS_FTP Server

LifeSize Control Installation Guide

Evolution from FTP to Secure File Transfer

4cast Server Specification and Installation

WS_FTP Server. User Guide

Systems Programming & Scripting

SSL SSL VPN

Introweb Remote Backup Client for Mac OS X User Manual. Version 3.20

Securing Windows Remote Desktop with CopSSH

Instructions for Setup and Connecting to Department of Education Secure FTP(SFTP) server January 23, 2013

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client

File transfer clients manual File Delivery Services

ShareFile Security Overview

Upgrade your Software

Virtual Private Networks

Using the ECM VPN with Windows 7

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP


Pre Sales Communications

Quick Start Guide. Hosting Your Domain

9 Headless Systems & Remote Management

BlackShield ID Agent for Remote Web Workplace

Introduction to Computer Security

NAS 109 Using NAS with Linux

Aradial Installation Guide

Asta Powerproject Enterprise

Secure File Transfer Protocol User Guide

Fundamentals of UNIX Lab Networking Commands (Estimated time: 45 min.)

Obtaining a user account and password: To obtain a user account, please submit the following information to AJRR staff:

Quick Reference Guide. Online Courier: FTP. Signing On. Using FTP Pickup. To Access Online Courier.

File Transfer Examples. Running commands on other computers and transferring files between computers

Preparing for GO!Enterprise MDM On-Demand Service

Canon WFT-E1 (A) Wireless File Transmitter. Network Support Guide

User Guide. WS_FTP Server

S-911 Bracelet Locator Protocol 1.0 Analyzer. User Manual

enicq 5 System Administrator s Guide

Chakchai So-In, Ph.D.

Citrix Access Gateway Plug-in for Windows User Guide

Active Directory Management. Agent Deployment Guide

File Transfer Protocol (FTP) & SSH

Knowledge Base Article: Article 218 Revision 2 How to connect BAI to a Remote SQL Server Database?

10972B: Administering the Web Server (IIS) Role of Windows Server

Network Security Platform 7.5

GS1 Trade Sync Connectivity guide

Implementing Network Monitoring Tools

GlobalSCAPE DMZ Gateway, v1. User Guide

WS_FTP Server. User s Guide. Software Version 3.1. Ipswitch, Inc.

NEFSIS DEDICATED SERVER

IBM Aspera Add-in for Microsoft Outlook 1.3.2

GENERAL FILE TRANSFER GUIDELINES

Install FileZilla Client. Connecting to an FTP server

Uploading files to a web server using SSH Secure Shell 3.2.9

Quick Start Guide. Cerberus FTP is distributed in Canada through C&C Software. Visit us today at

Guide to the Configuration and Use of SFTP Clients for Uploading Digital Treatment Planning Data to ITC

SFTP Server User Login Instructions. Open Internet explorer and enter the following url:

Uploading files to FTP server

Administering the Web Server (IIS) Role of Windows Server

Server Installation ZENworks Mobile Management 2.7.x August 2013

Web Plus Security Features and Recommendations

Secret Server Installation Windows Server 2012

Administering the Web Server (IIS) Role of Windows Server 10972B; 5 Days

Ad Hoc (Temporary) Accounts Instructions

Remote Logging. Tanveer Brohi(14cs28)

Security Policy Revision Date: 23 April 2009

Transcription:

ADVANCES IN SCIENTIFIC AND TECHNOLOGICAL RESEARCH (ASTR) VOL. 1(2), pp. 74-87, MAY 2014 REF NUMBER: ONLINE: http://www.projournals.org/astr ------------------------------------------------------------------------------------------------------------------------------- Full Length Research ------------------------------------------------------------------------------------------------------------------------------- DEVELOPMENT OF A SECURE FILE TRANSFER PROTOCOL FOR AN ENTERPRISE AND Akingbade Kayode Francis 1 and Adekanbi Gregory 2 1,2 Department of Electrical & Electronics Engineering The Federal University of Technology, Akure, Ondo State, Nigeria. Accepted: 23 MAY, 2014 ------------------------------------------------------------------------------------------------------------------------------- ABSTRACT his paper presents a user friendly Secure File Transfer Protocol (SFTP) client application T that can be deployed in small or large scale enterprises or in a campus network for secure, reliable and efficient upload or retrieval of file from a remote destination server. The platform gives restricted access to users on the network and gives administrators full access to the server after being authenticated. The developed SFTP Client Application has functionalities and capabilities for executing various SFTP commands and related functions. The SFTP Client application is developed using C-Sharp programming language and Secure Shell (SSH) protocol to create secure channel between networked devices. The application has enhanced ability to connect securely to the central server. The proposed application can be deployed on different operating system and is cost effective. KEYWORDS: FTP, SFTP, TCP/IP, SSH, Server, Client. ----------------------------------------------------------------------------------------------------------------------------- --------------- *Corresponding Author. Email: kfakingbade@futa.edu.ng ------------------------------------------------------------------------------------------------------------------------------- T

INTRODUCTION The main activities that people use the Internet for is file transfer. This includes but not limited to data, music, video, software download and upload. Day in day out, Internet users download files from various websites and Webmasters upload files and web pages to their website. The File Transfer Protocol (FTP) is the most common technique for file transfer over the Internet. FTP is a standard network protocol used to transfer files reliably from one host to another over a Transmission Control Protocol/ Internet Protocol (TCP/IP) based network. [1].The FTP runs on the upper layers of the OSI model and uses the Transport Control Protocol (TCP) to transport the transferred files. The TCP is a connection-oriented protocol that resides at layer 4 of the OSI Model. It provides extensive error control and flow control to ensure that data is delivered successfully [2]. For file transfer to be successful via FTP, a client software/application needs to be in place, connected to a server application which listens to commands from the client. This client application is expected to run on individual computer which will be connected to the server via networks, be it Internet or Intranet [3,4,5]. The server is identified by a text name or an IP address. The remote user logs into the FTP server using a login name and password, which the server then authenticates. The legacy FTP protocol authentication details could be compromised through password sniffing attacks as it is being transmitted in plain text format. To address this problem, Secure File Transfer Protocol (SFTP) could be employed [6]. SECURE FILE TRANSFER PROTOCOL SFTP is an interactive file transfer protocol which performs all operations over the SSH transport layer and use for transferring files securely over the Internet. SFTP is a completely distinct file transfer protocol that is built on the Secure Shell (SSH) Protocol. This enables SFTP to provide secure and efficient file transfer over an SSH encrypted pipe or tunnel. This technology requires connection to a remote SSH/SFTP server on port 22 and also to perform a secure SSH v2 handshake with the remote server. Therefore, unlike the legacy FTP any other future communications would take place through the existing encrypted tunnel and there would be no need for establishment of new connections [7]. The major different between standard FTP and SFTP is that FTP is built on client-server architecture and utilizes separate control and data channels between the client and server. The use of different channels generates security issues because client and server would have no guarantee that there is not a man-in-themiddle attack after data connection has been established [7]. On the other hand, what SFTP does is to carry out the entire conversation over a single secured channel so that there will be assurance that there is no data hijack. In [6], security benefits of SSH protocol such as authentication, data encryption, and data integrity are explained. Also, explanation on how 128-bit encryption is used to send and receive data during a session to make transmission interception extremely difficult to decrypt is highlighted. METHODOLOGY This section aims at discussing the procedures used in the development of Client software using CSharp programming language. CSharp was designed for developing components in a fully object-oriented manner as part of the Microsoft.NET initiative. The codes are written and complied with Microsoft Visual Studio. Page 2 ENTERPRISE AND By Akingbade Kayode Francis 1 and Adekanbi Gregory 2

DESIGN OF THE FILE TRANSFER APPLICATION The design of the application entails the graphical arrangements of the events and tools on the interface which includes the buttons, the textboxes, combo boxes and list views as shown in fig.1 to fig.4. Figure 1: Button Figure 2: List View Figure 3: Label Page 3 ENTERPRISE AND By Akingbade Kayode Francis 1 and Adekanbi Gregory 2

Figure 4: Combo Box ALGORITHM This involves appropriate planning and structuring of the system architecture. Operation of the software is considered at this stage of development. Fig. 5 and fig. 6 depict the application architecture and algorithm respectively. Figure 5: Application Architecture Page 4 ENTERPRISE AND By Akingbade Kayode Francis 1 and Adekanbi Gregory 2

Figure 6: Application Algorithm/Flow Chart SERVER SIDE The server is the central point of the entire system. The planning for the server entails the software and the hardware planning. It is ensured that the server computer has enough processor speed and Random Access Memory (RAM) for efficiency in serving multiple clients at the same time. In this study, the server-side comprises the FILEZILLA server which helps to connect all users together. The FileZilla Server is a server that supports FTP and secures encrypted connections to the server. FileZilla supports SSL, the same level of encryption supported by the web browser, to protect data. It also supports on-the-fly data compression, which can improve the transfer rates. The major operation of the server is to authenticate users. Fig. 7 shows Filezilla activity log. Page 5 ENTERPRISE AND By Akingbade Kayode Francis 1 and Adekanbi Gregory 2

Figure 7: Filezilla activity log SOFTWARE DEVELOPMENT The Microsoft Visual Studio 2010 was the development tool used in writing the program for the file transfer software. The coding language used is CSharp.NET. This is one of the coding languages usable on the Visual Studio.NET platform. The Visual Studio is an interactive tool with a very user friendly coding interface. It has design and coding views to allow the programmer see the graphic interface as the code is being typed. The Visual Studio has debugging capabilities to check errors in written code and to ensure that the developed software does not unexpectedly crash. Fig. 8 illustrates Visual Studio Interface. Figure 8: Visual Studio Interface Page 6 ENTERPRISE AND By Akingbade Kayode Francis 1 and Adekanbi Gregory 2

WRITING CODES FOR THE SOFTWARE The C-sharp codes that power the application are written in Visual Studio Code Line Interface (CLI). The controls on the interface are controlled by the codes in the code-behind files. The software is coded using C- sharp object oriented classes and events as illustrated with the picture view in fig. 9. CODES Figure 9: Command Line Interface of Visual Studio The codes are divided into two, the design codes and the source codes. The Codes namespaceftp_project { partial class Form1 { /// <summary> /// Required designer variable. /// </summary> privatesystem.componentmodel.icontainer components = null; /// <summary> /// Clean up any resources being used. /// </summary> /// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param> protected override void Dispose(bool disposing) { if (disposing && (components!= null)) { components.dispose(); } Page 7 ENTERPRISE AND By Akingbade Kayode Francis 1 and Adekanbi Gregory 2

base.dispose(disposing); } #region Windows Form Designer generated code /// <summary> /// Required method for Designer support - do not modify /// the contents of this method with the code editor. /// </summary> private void InitializeComponent() { this.components = new System.ComponentModel.Container(); System.ComponentModel.ComponentResourceManager resources = new System.ComponentModel.ComponentResourceManager(typeof(Form1)); this.tb_username = new System.Windows.Forms.TextBox(); this.tb_password = new System.Windows.Forms.TextBox(); this.label1 = new System.Windows.Forms.Label(); this.label2 = new System.Windows.Forms.Label(); this.btn_connect = new System.Windows.Forms.Button(); this.menustrip1 = new System.Windows.Forms.MenuStrip(); this.filetoolstripmenuitem = new System.Windows.Forms.ToolStripMenuItem(); this.edittoolstripmenuitem = new System.Windows.Forms.ToolStripMenuItem(); this.viewtoolstripmenuitem = new System.Windows.Forms.ToolStripMenuItem(); this.abouttoolstripmenuitem = new System.Windows.Forms.ToolStripMenuItem(); this.helptoolstripmenuitem = new System.Windows.Forms.ToolStripMenuItem(); this.splitcontainer1 = new System.Windows.Forms.SplitContainer(); this.combobox_local = new System.Windows.Forms.ComboBox(); this.toolstrip1 = new System.Windows.Forms.ToolStrip(); this.toolstripbtn_back = new System.Windows.Forms.ToolStripButton(); this.toolstripbtn_next = new System.Windows.Forms.ToolStripButton(); this.toolstripbutton4 = new System.Windows.Forms.ToolStripButton(); this.toolstripbtn_local_delete = new System.Windows.Forms.ToolStripButton(); this.listview_local = new System.Windows.Forms.ListView(); this.columnheader1 = ((System.Windows.Forms.ColumnHeader)(new this.columnheader2 = ((System.Windows.Forms.ColumnHeader)(new this.columnheader3 = ((System.Windows.Forms.ColumnHeader)(new this.columnheader4 = ((System.Windows.Forms.ColumnHeader)(new this.btn_download = new System.Windows.Forms.Button(); this.btn_upload = new System.Windows.Forms.Button(); this.combobox_server = new System.Windows.Forms.ComboBox(); this.listview_server = new System.Windows.Forms.ListView(); this.columnheader5 = ((System.Windows.Forms.ColumnHeader)(new Page 8 ENTERPRISE AND By Akingbade Kayode Francis 1 and Adekanbi Gregory 2

this.columnheader6 = ((System.Windows.Forms.ColumnHeader)(new this.columnheader7 = ((System.Windows.Forms.ColumnHeader)(new this.columnheader8 = ((System.Windows.Forms.ColumnHeader)(new this.toolstrip2 = new System.Windows.Forms.ToolStrip(); this.toolstripbtn_server_back = new System.Windows.Forms.ToolStripButton(); this.toolstripbtn_server_nxt = new System.Windows.Forms.ToolStripButton(); this.toolstripbtn_server_refresh = new System.Windows.Forms.ToolStripButton(); this.toolstripbtn_server_delete = new System.Windows.Forms.ToolStripButton(); this.make_directory = new System.Windows.Forms.ToolStripButton(); this.imagelist1 = new System.Windows.Forms.ImageList(this.components); this.tb_statusmsg = new System.Windows.Forms.TextBox(); this.groupbox1 = new System.Windows.Forms.GroupBox(); this.label_status = new System.Windows.Forms.Label(); this.progressbar_ftp = new System.Windows.Forms.ProgressBar(); this.button1 = new System.Windows.Forms.Button(); this.label3 = new System.Windows.Forms.Label(); this.groupbox2 = new System.Windows.Forms.GroupBox(); this.lb_online = new System.Windows.Forms.ListView(); this.label4 = new System.Windows.Forms.Label(); this.textbox3 = new System.Windows.Forms.TextBox(); this.tooltip1 = new System.Windows.Forms.ToolTip(this.components); this.menustrip1.suspendlayout(); ((System.ComponentModel.ISupportInitialize)(this.splitContainer1)).BeginInit(); this.splitcontainer1.panel1.suspendlayout(); this.splitcontainer1.panel2.suspendlayout(); this.splitcontainer1.suspendlayout(); this.toolstrip1.suspendlayout(); this.toolstrip2.suspendlayout(); this.groupbox1.suspendlayout(); this.groupbox2.suspendlayout(); this.suspendlayout(); DEBUGGING Debugging of codes is done after writing the software code. The Visual Studio 2010 debugger is used to check for errors in the code and the generated errors are located and resolved, indicated in fig.10. The software has to be error free for proper operation and to prevent periodic crashing of the application. Page 9 ENTERPRISE AND By Akingbade Kayode Francis 1 and Adekanbi Gregory 2

DEPLOYMENT OF THE SOFTWARE Figure 10: Error list on Visual Studio The installation package was built using the Click Once deployment feature of the Visual Studio 2010. This package contains the prerequisites as well as the installation files for the software to be installed on the destination PC. The two major prerequisites required for the installation of the software are Microsoft.NET Framework 4 Client Profile (x86 and x64) and Windows Installer 3.1. TESTS, RESULTS AND ANALYSIS CONNECTIVITY TEST The server is properly integrated into the network so that all users connected to the network would be able to have duplex communication with the server. To ensure and confirm effective connection, the IP address of the server is pinged from clients connected to the network and also from the server; IP addresses of clients are pinged. It is observed that there are replies from both side of the link that confirm connection to the other side of the network. Fig. 11 shows result of the ping at the client side while Fig. 12 shows result of the ping at the server side. Page 10 ENTERPRISE AND By Akingbade Kayode Francis 1 and Adekanbi Gregory 2

Figure 11: Pinging the server to ensure connection AUTHENTICATION TEST Figure 12: Filezilla Server Interface There is a login option in which users are required to login if they have an account on the server and an option is provided for anonymous login for users not having account, these users have restricted access. Login cannot be successful if wrong username or password is entered, a dialog box is shown with the error message Username or Password incorrect, Please check and try again. Fig. 13 shows an authentication Error Dialog Box. Once the right username and password is entered, access is granted and the server drive is populated in the list box. Page 11 ENTERPRISE AND By Akingbade Kayode Francis 1 and Adekanbi Gregory 2

Figure 13: Authentication Error Dialog Box UPLOAD AND DOWNLOAD TESTS Before the upload / download can be successful, a file needs to be selected on the local / server drive panel, after which the upload or download button can be clicked; this copies the selected file on the active directory in the server /local drive panel as the case may be. The file transfer status is as shown in fig. 14. With the help of SSH, during an SFTP session where data needs to be transferred between the client and server, the client will just sends an OPEN command to the server along with the name of the file to be transferred. After the file has been transferred, using the existing connection the client will send a CLOSE command to the server. Since the entire file transfer was completed over an existing secure channel, both client and server can be assured that there is no man-in-the-middle attack. Figure 14: Upload and Download Notification Page 12 ENTERPRISE AND By Akingbade Kayode Francis 1 and Adekanbi Gregory 2

CONCLUSION In this paper, a user friendly Secure File Transfer Protocol (SFTP) client application that can be deployed in medium or large scale enterprises or in a campus network for secure, reliable and efficient upload or retrieve file from remote destination server is presented. The SFTP Client application is developed using C-Sharp programming language on Secure Shell (SSH) protocol to create secure channel between networked devices. The application has enhanced ability to connect securely to the central server and this can be deployed on different operating system platform and is cost effective. REFERENCES [1] Forouzan BA TCP/IP; Protocol suite. 1 st Edition, New Delhi, India, Tata Mcgraw-Hill publishing company limited. [2]Clark MP (2003). Data Networks IP and the Internet. 1st ed. West Sussex, England: John Wiley & Sons Ltd. [3] 2006 South River Technologies FTP The File Transfer Protocol http://www.southrivertech.com.pp. 1-5 [4] Rakheja MG. Performance analysis of ANESAT Protocol for FTP,FTP generic, VBR and CBR over SatelliteCommunication.International Journal of Advanced Research in Electrical, Electronics and Instrumentation Engineering. Vol. 1, Issue 5, November 2012. pp. 443-447 [5] Dean, Tamara (2010). Network+ Guide to Networks.Delmar. pp. 168 171. [6] Krishna M, Jamwal P, Chaitanya KRS, Kumar BV. Secure File Multi Transfer Protocol DesignJournal of Software Engineering and Applications, 2011, 4, pp. 311-315 [7]2010 South River Technologies SFTP: The Secure File Transfer Protocol http://www.southrivertech.com.pp. 1-4 [8] Alizar B, Gabhane P, Gampawar V and Naraswani A File Transfer Protocol Client: By Using Multithreading. BIOINFO Computer Engineering.Volume 2, Issue 1, 2012, pp.-36-38. Page 13 ENTERPRISE AND By Akingbade Kayode Francis 1 and Adekanbi Gregory 2

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information