1 / 14

Secure Transfer over an Unsecure Connection

Secure Transfer over an Unsecure Connection. A TEAM Ashwini Reddy Chris Coyne Jeng-Yuh Chang Savitha Murthy Shubhangi Srivastava. History. rlogin, rcp, rsh and other BSD programs transfer in clear text Written before malicious attacks were considered

Download Presentation

Secure Transfer over an Unsecure Connection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.


Presentation Transcript

  1. Secure Transfer over an Unsecure Connection A TEAM Ashwini Reddy Chris Coyne Jeng-Yuh Chang Savitha Murthy Shubhangi Srivastava

  2. History • rlogin, rcp, rsh and other BSD programs transfer in clear text • Written before malicious attacks were considered • Currently security is a high priority • Necessity for secure connection over unknown network

  3. SCP (Secure Copy Protocol) • Both a protocol and a program • Virtually identical to rcp • Uses SSH to transfer data securely • Local-remote host or remote-remote • Generally uses outdated SSH-1 • Very few features • Though part of SSH, basically obsolete

  4. SFTP (SSH File Transfer Protocol) • Full featured secure file transfer protocol • Advantages over SCP include resume, append, larger file size limits • Uses SSH-2 • Independent of FTP and FTPS protocols • Still in use today on many different Operating Systems

  5. SSH (Secure Shell) • Protocol for secure communications • 1st developed by Tatu Ylönen in 1995 for version 1, version 2 in 1996 • 3 layers in the protocol (Transport, User Authentication, Connection) • Creates secure channel with authenticated hosts for file transfer, tunneling, TCP port forwarding, X11 connections

  6. Transport Protocol • Responsible for Server authentication, encryption, integrity verification • Key exchange using Diffie-Hellman algorithm • Encryption using 3DES, AES128, blowfish or other algorithm including proprietary ones • Allows higher layers to assume secure channel

  7. User Authentication Protocol • Responsible for client authentication • Runs over transport layer • Assumes secure encrypted channel and authenticated server • Several methods of authentication, including combinations (password, publickey, keyboard-interactive)

  8. Connection Protocol • Runs on top of User Authentication layer • Manages channels for data transfer • Several connections on one channel • Channel uses include: SFTP sessions, remote shell sessions, X11, Windows Shares • Assumes encrypted, authenticated channel

  9. Server Client Rsync is file transfer utility for UNIX systems. Faster File transfer. Rsync sends the differences in the files across the link. Rsync compresses the differences between the files saving transfer time. Rsync(Remote Synchronization) update New file Old file request

  10. Rsync Process. • Startup: - Client server connection established through a pipe/socket. - send the protocol version. - Now Client - Sender and Server-Receiver. • File list: - Sender creates file list and sends to Receiver. - Both sort the file list lexicographically.

  11. Rsync Algorithm • Rsync utility uses the algorithm by Andrew Tridgell.

  12. DEMO • SCP command • WinSCP3 • Rsync

  13. Reference [1] Andrew Tridgell (1999, February). Efficient Algorithms for Sorting and Synchronization. Retrieved February 19, 2006 from http://samba.org/~tridge/ phd_thesis.pdf [2] Galbraith J. and Sareenma O. (2006, January 25). SSH File Transfer Protocol. Retrieved February 16, 2006 from http://www.ietf.org/internet-drafts/draft- ietf-secsh-filexfer-12.txt [3] Michael Holve (1999, November 20). A Tutorial on Using rsync. Retrieved February 18, 2006 from http://everythinglinux.org/rsync/ [4] Rsync (2006, February 16). Wikipedia, The Free Encyclopedia. Retrieved February 18, 2006 from http://en.wikipedia.org/wiki/Rsync [5] Sean Boran (2004, July 22). SSH Disadvantages. All about SSH – Part I. Retrieved February 20, 2006 from http://www.boran.com/security/sp/ssh-part1.html [6] Secure Copy (2006, February 1). Wikipedia, The Free Encyclopedia. Retrieved February 14, 2006 from http://en.wikipedia.org/wiki/Secure_copy# SCP_protocol. [7] Secure Shell (2006, February 18). Wikipedia, The Free Encyclopedia. Retrieved February 14, 2006 from http://en.wikipedia.org/wiki/Secure_shell .etc

  14. Thank you! Any Questions??

More Related