When transferring files between two systems, it is important to understand the various methods of non-repudiation. This will help ensure that the data is not lost or damaged in the process. There are a number of ways to protect data when transferring files between systems. One way is to use a secure file transfer protocol such as SFTP. Another way is to use a password-protected file transfer service. Finally, you can use a third party service to help you protect your data. When using a secure file transfer protocol, it is important to remember to use strong passwords and keep them safe. You can also use a password manager to keep your passwords safe and easy to access. If you are using a password-protected file transfer service, it is important that you remember the security measures that have been put in place. You should also be sure that the service has proper security measures in place such as two-factor authentication and anti-virus protection.
What is Non-Repudiation in File Transfers Built On?
There are a few building blocks that help define a secure end-to-end file transfer process. Broadly speaking, these building blocks are:
Verification of Senders and Receivers Data File Encryption Secure Transport File Receipt Verification and Validation
Verification of Senders and Receivers
This authentication piece is primarily built around the idea of certificates and signatures. Before uploading a file to send, the certificate is examined to verify that the endpoint is indeed the correct location. Conversely, when the recipient is downloading the file, the digital signature of the sending party is checked to verify that they are who they say they are. This process works like so:
The sender encrypts the file using their private key and digital signature which is signed by a trusted certificate authority (CA) and attached to the file. The recipient decrypts the digital signature on the file using the public key that is held by the CA.
With this time-tested process, the sender and file can be validated as correct. To authenticate the sender and recipient, a system may implement a login system that ideally incorporates multi-factor authentication best practices.
Data File Encryption
Files are typically encrypted using one of several different protocols. These protocols should be FIPS-validated encryption protocols such as 3DES or AES. These are purely data encryption protocols and although 3DES is included, it is an older protocol. The current gold-standard is to use AES-256. Unfortunately, certain file transfer solutions such as the AS2 and AS3 systems are limited to 3DES.
Secure Transport
Securely transporting data is typically done over a TLS encrypted link and not SSL. This link will be validated by server-level certificates and utilize TLS 1.2 or the newer TLS 1.3 protocol.
File Receipt Verification and Validation
Just because a file is encrypted, and we have digital signatures for the sender and receiver, does not necessarily mean the file was not tampered with in transport. To verify that the file is correct, the best practice is to use a mechanism known as an HMAC (Keyed-Hashing for Message Authentication). There are several HMAC algorithms, such as HMAC-MD5, HMAC-SHA1, or HMAC-SHA256. This hashing algorithm employs both a hash of the file and a shared secret key. This allows the exchanging parties the ability to establish the authenticity of the message.
Common Systems for Managed File Transfers
Taking all of the building blocks together, what are the available solutions and common protocols for secure and managed file transfers? There are a few protocols and systems that help to facilitate this process. The three most commonly used protocols and technologies are:
AS1-4 Family OFTP2 HTTPS (TLS 1. 2+), AES-256, HMAC-SHA256, SFTP, and Multi-Factor Authentication
AS1-4 Family
One of the best-known EDI protocols is the AS1-4 family of protocols. AS2 is one of the most commonly deployed versions of this protocol, but AS3 has added security by building on the FTP/SSL protocol which adds authentication into the mix. AS4 has further enhanced interoperability with modern network infrastructures by being built on SOAP and Web Services.
OFTP2
The original Odette File Transfer Protocol was developed in the mid-’80s to assist in EDI data exchanges. In 2007 the updated version, OFTP2, was introduced with enhanced security and compression features over its predecessor.
HTTPS (TLS 1.2+), AES-256, HMAC-SHA256, SFTP, Multi-Factor Authentication
Though the above combination of technologies is a bit of a handful to say, many modern managed file transfer solutions are built on the above set of technologies. Systems that utilize TLS for secure transport, AES-256 for data encryption, HMAC-SHA246 for data integrity, SFTP as a secure endpoint, and multi-factor authentication to verify senders and receivers, ensures that transferred data is accurate according to non-repudiation standards.
Conclusion
In today’s world, validating that a received file is tamper-free and from a trusted sender is more important than ever. Utilizing non-repudiation techniques in file transfers helps to secure data transfers that are core to many business processes. Using known secure techniques and products serves to provide the peace of mind that is needed when transferring sensitive data.