Encrypted file transfer is something that we largely take for granted when using an SFTP server like Cerberus by Redwood, but it’s important to understand the fundamentals underlying that encryption in order to select the best options for your organization’s security needs. This post will answer common questions about encrypted file transfer.
What is encryption?
Encryption uses mathematical operations to turn plain-text data into unreadable, scrambled text that can’t be deciphered until it’s decrypted at its destination. Both the sender and recipient must have a shared “key” to the encryption formula to ensure that the transferred data can be rendered human-readable upon receipt.
How does encrypted file transfer work?
Encrypted file transfer is a four-step process, with some variation depending on protocol and provider:
- First, the client sends a connection request to the file transfer server using the control channel. Both parties then negotiate a connection according to the server’s security settings. This initial connection may occur in the clear or be encrypted, depending on the protocol and your server settings.
- Once a connection is established and the client’s identity is verified, the file transfer server encrypts the requested data and sends it according to your server’s specified encryption levels.
- The client receives the encrypted data and deciphers it using its decryption key. In some cases, a further decryption of hashed data occurs.
- The connection terminates
Are file transfer server/client connection requests encrypted?
Different secure file transfer protocols use different connection security protocols to accomplish the same objective of providing encrypted transfer. As an example, SFTP secures its connection via the SSH channel, which ensures that even initial connection communications will be encrypted. FTPS, however, is secured via SSL/TLS and may or may not require initial connection requests to be encrypted (learn more about the differences between FTPS and SFTP in this blog post).
FTPS introduces some level of risk, in that initial connection authentication may occur in the clear before the connection becomes encrypted. However, this also allows your server to offer more flexibility for clients with a diverse range of encryption requirements.
What types of file transfer encryption exist?
Most secure file transfer solutions, such as Cerberus FTP Server by Redwood, support a variety of cryptography solutions. The most common include:
- Private-key cryptography (also known as symmetric key encryption), which uses a single secret key to both encrypt and decrypt data. The most common cryptographic standard for this encryption method is the Advanced Encryption Standard block cipher, although other options exist.
- Asymmetric key encryption, which uses public keys to encrypt and private keys to decrypt data. The Diffie-Hellman and RSA algorithms are common cryptographic standards in this space, but a number of alternatives such as elliptic curve cryptography exist.
- Cryptographic hash functions, which are frequently used to augment the above encryption standards with another layer of security. The current United States national standard is the Secure Hash Algorithm (SHA) 3.
Do different types of encryption affect file transfer speeds?
Yes. The larger the number of bits you use in your encryption algorithm keys, the more computational power will be needed to encrypt and decrypt your data. Larger keys will also add volume to your file sizes, as well. The effects of these two components on total file transfer speeds will depend on your server and client hardware specifications, as well as your network bandwidth.
What types of file transfer encryption vulnerabilities exist?
The current generation of encryption algorithms has not yet been shown to have mathematical vulnerabilities that would allow them to be cracked. While the potential for flaws or vulnerabilities in algorithms always exists, the far more common issues with file transfer encryption occur in two related areas:
- Configuration errors: In the example of our FTPS server connection above, it is possible to transmit data like a decryption key or authentication information in an unencrypted format. Strong network security tools and policies should be in place to prevent these kinds of errors, but they do occasionally occur.
- Human vulnerabilities: Phishing and other social engineering attacks target the humans involved in file transfer, who are far more vulnerable than their ciphers. Prompts to log in to a server, download a file or access a directory all seek to capture or copy a user’s credentials and keys to gain access instead of trying to brute force the encryption itself.
We hope the above information has helped you understand how encrypted file transfer works.
To see it in action, download a trial of Cerberus FTP Server today.