File sharing is what makes up the internet.
Internet would not exist without it being possible to share files between
applications and people. Whether you are browsing the internet, sending emails,
or checking Facebook you are sharing files. The issue that comes into play when
sharing files is security. For most of the files integrity is enough for
sharing the files across the internet but for sensitive information the files
have to have confidentiality and integrity. And if you are downloading
files from third-party sources, torrents, or possibly even from Dropbox they
could include viruses or malware. There are many layers of security required from
both the host and the user end to make sure the files are safe and secure.
One of the aspects of file sharing
is checking the integrity of the file. When you upload or send a file someone
could capture the packets and modify the file any way they desire. This is
where integrity comes in and tells the parties involved whether the original
file has been tampered with. The two most common methods for proving file
integrity are the MD5 and SHA-1 hash functions. They compute a hash from all
the packets sent but unfortunately they are not
as secure as believed. The next level of security for file sharing is confidentiality.
This requires files to be encrypted with a key and then sent out. The key is
either a symmetric key established between the parties, a public key, or a
session key if a connection was established (hopefully using a secure
protocol). Then the files are encrypted with algorithms such as AES and DES.
The files can have both integrity and confidentiality if executed properly.
The last part I want to touch upon
is downloading files from file sharing applications. Third-party sites and torrents
are often tricky for the user because anyone could have uploaded a file with
any name. Most common example I have seen is if you are looking to download a
specific pdf file you may find a file with a similar name but instead of the
file having a pdf extension it is an executable. One has to be very careful
when the source is unknown or open to anyone.
Hello,
ReplyDeleteYou have created a very interesting blog post on the security of file sharing. Alarm bells started ringing when you mentioned Dropbox since I used that service. It is surprising to hear how easily you make it sound for someone to “capture the packets and modify” files that we upload. I have never heard of methods for proving file integrity that you mentioned and I would have loved to hear more explanation on how that sort of stuff works.
If you ever plan to go back to this topic I would also like to hear more about the article you posted in your own words so that you can pick out the juicier tidbits of information for your reader. Great work, it was very informative!
Hi Sander,
ReplyDeleteYour post is really interesting and informative. I heard that even Dropbox got hacked, so what else can't be hacked right? We as Internet users should always be aware of stuff we upload or share with on the Internet. I have heard of SHA and MD5, but never really understand how they work. It would be awesome if you can elaborate on how they work.
Also, before I start downloading anything on the Internet, I always check it on virustotal.com. It is one of the best free virus, malware and URL online scanning services.
Hi! I definitely agree that file sharing is very risky, since even Dropbox may contain files with viruses/malware. This is the first time I've read about file integrity and the MD5 and SHA-1 Hash functions, and they seem really complicated. I agree with the posts above if you would explain the process. People should definitely be cautious in downloading anything!
ReplyDeleteWhen I found out about torrenting, I went so crazy on downloading that I became careless on what I downloaded. To no surprise, my laptop was hit with a virus, completely shutting it down.
This is the first time I have heard of a pdf file being an executable. That is a seriously scary thought due to the amount of textbook sharing people do. It's probably a safe bet to never download any sort of pirated software or key generator for such software because of the many Trojans or key loggers that they can contain. It is important to note that commercial anti viruses are really sensitive and give out many false positives executable files. So I guess we don't know who to trust.
ReplyDelete