When transferring files between two systems, it is important to understand the various methods of non-repudiation. This will help ensure that the data is not lost or damaged in the process. There are a number of ways to protect data when transferring files between systems. One way is to use a secure file transfer protocol such as SFTP. Another way is to use a password-protected file transfer service. Finally, you can use a third party service to help you protect your data. When using a secure file transfer protocol, it is important to remember that both systems must be authenticated before the data can be transferred. This means that both systems must have access to the same security keys and certificates. Additionally, both systems must be configured with correct authentication methods. When using a password-protected file transfer service, it is important to remember that passwords are not safe and should not be used as your primary means of protecting your data. Instead, you should use strong passwords that are difficult for others to guess. Additionally, you should make sure that your service supports multiple authentication methods and that your passwords are unique across all of your accounts. Finally, when transferring files between systems, it is important to understand the various risks involved in each method and take steps to mitigate them. For example, if you are using SFTP for transfers over an insecure network connection, then you should consider using an encryption algorithm such as AES or 3DES instead of SFTP’s default security measures. If you are using a password-protected service over an insecure network connection, then you should consider using two-factor authentication instead of just one-factor authentication. And finally, if you are transferring files over an unprotected FTP server, then you should consider using HTTPS instead of FTP for security reasons.]

What is Non-Repudiation in File Transfers Built On?

There are a few building blocks that help define a secure end-to-end file transfer process. Broadly speaking, these building blocks are:

Verification of Senders and Receivers Data File Encryption Secure Transport File Receipt Verification and Validation

Verification of Senders and Receivers

This authentication piece is primarily built around the idea of certificates and signatures. Before uploading a file to send, the certificate is examined to verify that the endpoint is indeed the correct location. Conversely, when the recipient is downloading the file, the digital signature of the sending party is checked to verify that they are who they say they are. This process works like so:

The sender encrypts the file using their private key and digital signature which is signed by a trusted certificate authority (CA) and attached to the file. The recipient decrypts the digital signature on the file using the public key that is held by the CA.

With this time-tested process, the sender and file can be validated as correct. To authenticate the sender and recipient, a system may implement a login system that ideally incorporates multi-factor authentication best practices.

Data File Encryption

Files are typically encrypted using one of several different protocols. These protocols should be FIPS-validated encryption protocols such as 3DES or AES. These are purely data encryption protocols and although 3DES is included, it is an older protocol. The current gold-standard is to use AES-256. Unfortunately, certain file transfer solutions such as the AS2 and AS3 systems are limited to 3DES.

Secure Transport

Securely transporting data is typically done over a TLS encrypted link and not SSL. This link will be validated by server-level certificates and utilize TLS 1.2 or the newer TLS 1.3 protocol.

File Receipt Verification and Validation

Just because a file is encrypted, and we have digital signatures for the sender and receiver, does not necessarily mean the file was not tampered with in transport. To verify that the file is correct, the best practice is to use a mechanism known as an HMAC (Keyed-Hashing for Message Authentication). There are several HMAC algorithms, such as HMAC-MD5, HMAC-SHA1, or HMAC-SHA256. This hashing algorithm employs both a hash of the file and a shared secret key. This allows the exchanging parties the ability to establish the authenticity of the message.

Common Systems for Managed File Transfers

Taking all of the building blocks together, what are the available solutions and common protocols for secure and managed file transfers? There are a few protocols and systems that help to facilitate this process. The three most commonly used protocols and technologies are:

AS1-4 Family OFTP2 HTTPS (TLS 1. 2+), AES-256, HMAC-SHA256, SFTP, and Multi-Factor Authentication

AS1-4 Family

One of the best-known EDI protocols is the AS1-4 family of protocols. AS2 is one of the most commonly deployed versions of this protocol, but AS3 has added security by building on the FTP/SSL protocol which adds authentication into the mix. AS4 has further enhanced interoperability with modern network infrastructures by being built on SOAP and Web Services.

OFTP2

The original Odette File Transfer Protocol was developed in the mid-’80s to assist in EDI data exchanges. In 2007 the updated version, OFTP2, was introduced with enhanced security and compression features over its predecessor.

HTTPS (TLS 1.2+), AES-256, HMAC-SHA256, SFTP, Multi-Factor Authentication

Though the above combination of technologies is a bit of a handful to say, many modern managed file transfer solutions are built on the above set of technologies. Systems that utilize TLS for secure transport, AES-256 for data encryption, HMAC-SHA246 for data integrity, SFTP as a secure endpoint, and multi-factor authentication to verify senders and receivers, ensures that transferred data is accurate according to non-repudiation standards.

Conclusion

In today’s world, validating that a received file is tamper-free and from a trusted sender is more important than ever. Utilizing non-repudiation techniques in file transfers helps to secure data transfers that are core to many business processes. Using known secure techniques and products serves to provide the peace of mind that is needed when transferring sensitive data.