New File Transfer Protocol Developed for Enhanced Security and Performance
/ 3 min read
Quick take - A new file transfer protocol has been developed, inspired by the WebRTC protocol stack, that emphasizes security, reliability, and performance while addressing privacy concerns by not retaining uploaded files on the server and facilitating end-to-end encrypted transfers.
Fast Facts
- A new file transfer protocol inspired by WebRTC emphasizes security, reliability, and performance, using a relay server for full-duplex communication without retaining uploaded files.
- The protocol addresses privacy concerns and limitations of traditional methods, which often rely on third-party servers and lack transparency in encryption.
- Key features include end-to-end encryption via WebSockets secured by TLS, a password-authenticated key exchange, and an IP exchange scheme for client connections.
- Empirical results indicate that the protocol performs competitively against established methods like SCP and FTP, particularly for larger file transfers.
- Future enhancements may include hosting the relay server on the Tor network to boost security, though this could affect performance.
New File Transfer Protocol Developed
A new file transfer protocol has been developed, focusing on security, reliability, and performance, drawing inspiration from the WebRTC protocol stack.
Limitations of Traditional Methods
Traditional file transfer methods often depend on third-party servers, leading to high storage and bandwidth costs. The study reviews existing file transfer methods, identifying limitations in security, performance, and transparency. Security is defined as ensuring the confidentiality and integrity of file data and protecting user privacy. Concerns over third-party services have grown, especially after incidents like the 2012 Dropbox cyberattack, which affected 68 million users. Many cloud-based solutions lack transparency in their encryption and storage mechanisms, potentially violating the Open Design security principle.
Features of the Proposed Protocol
The proposed protocol includes a relay server, a password-authenticated key exchange, an IP exchange scheme, and device clients. The relay server facilitates end-to-end encrypted file transfers using WebSockets secured by TLS. The password-authenticated key exchange method allows secure key generation from a shared passphrase without compromising security. The IP exchange scheme is crucial for establishing connections between clients, particularly in Network Address Translation (NAT) scenarios. Device clients use TCP sockets for reliable transport and implement the sPAKE2 protocol for secure key sharing. The protocol is implemented using Golang and is available as a command-line interface (CLI) tool. The relay server employs a minimal SQLite3 database to store connection-related information. Integrity checks are included to detect any modifications to data packets during transfer. The security framework is based on the computational Diffie-Hellman problem, making it resistant to man-in-the-middle attacks.
Performance and Future Enhancements
WebRTC is praised for meeting security, performance, and transparency goals, especially for real-time file sharing without server storage. The paper notes that WebRTC’s TURN server is mainly used as a fallback. Empirical results show that the proposed relay-based protocol performs competitively against established methods like SCP and FTP, with distinct advantages in transferring larger files, which WebRTC struggles to handle. The paper acknowledges potential challenges related to piracy and censorship, noting that the protocol does not regulate such transfers. Suggestions for future enhancements include hosting the relay server on the Tor network to improve security and privacy, although this may impact performance. The paper outlines the design of a secure end-to-end encrypted file transfer protocol that meets essential goals of security, performance, and transparency, offering a promising alternative to traditional methods in a privacy-conscious digital landscape.
Original Source: Read the Full Article Here
