How should I send business critical data?
Secure and Verifiable Transport
You need to ensure that your data gets where is needs to go. You would also not want people to view the content of that data. There are several potential ways to send data, SFTP, FTPS, FTP, AS2, and AS3. Of these options, AS2 allows you to ensure that these needs are met and is available in free (for 1 connection) or inexpensive options.
AS2 is a protocol which uses the same process that all web pages use. On top of that, the protocol encrypts the data. This make sure that the data cannot be viewed by others. The protocol also signs the data. so you know that it came from the person you think it did. The protocol further requires an MDN as proof that the file was successfully received and accepted by the other party.
Importance of Encryption
It is a reality that there are those out on the internet who want nothing more than to intercept and steal your data. In years past, you could send emails encrypted by Pretty Good Privacy (PGP or the GNU version GPG). You could also send a file once run through that encryption. This usually meant that you needed a second step to encrypt the data, once you had gone through the process of setting up your key.
This relied on 2 keys, a public and a private version. You would need the key of the party to whom you were sending the file. This would be a copy of their public key. You would use that key to encrypt the file. Once they got the file, they would then use their private key to decrypt the file.
During those transports (usually FTP) from the sending location to the destination location, the file could be intercepted and copied, but with out the ability to decrypt the file, it would have no use. Some files could be decrypted but the amount of effort required is not usually worth it will all that unencrypted traffic ripe for the picking.
AS2 uses the concept of certificates to replace the key concept. The program takes care of the encryption as part of the transfer, as long as you have it set to do so.
Remember that this sends data the same way that the web does. This means that, like a web page, you can also use the HTTPS protocol to encrypt your data during transfer.
Importance of Signing
So you got this encrypted data but how do you know it came from the right place? After all, anyone who can access your public key could have encrypted that file. In the PGP days, there were public key rings onto which you would put your key. Anyone could get your key off that ring and encrypt a file.
So a process called signing was created. Remember that in the last section I mentioned public and private keys. You kept your private key and did not share it. You needed a password in addition to the key to decrypt a file. This is the key you use to sign your file.
The same applies to AS2 certificates. You will sign the file so that your recipient knows it came from you. You can sign and then encrypt or encrypt then sign. If you sign first, then you must decrypt the file before you can verify where it came from. If you encrypt first, then the sender's identity can be verified first, but the signature block is sent in the "clear".
You can also use the HTTPS protocol here to encrypt the entire content. This would then protect through encryption the signature block during transport and allow you to verify the identity prior to your attempt to decrypt he content.
As with the encryption, the AS2 programs handle the signing as part of the transport saving you that step, as long as you have it configured to sign.
Verification of Receipt
One of the things lacking in most file transfer protocols is the concept of the file receipt. You sent the file but got no acknowledgement, at least as part of the transfer process, that the file got to its destination without issue.
Enter the MDN or Message Disposition Notification. This is an acknowledgement file. This will verify receipt, that the system recognized he sender, and that the file could be decrypted. If there were issues, then it also will list those errors.
In this way, you have proof that the file got there. There are 2 possible ways to get that. The first and best way is from a Synchronous transfer. The second is via an Asynchronous transfer.
Synchronous means that you open the connection to your partner and leave that open for a period of time to allow your partner to return the MDN on that connection. This gives you immediate feedback on each and every files sent.
Asynchronous means that you open the connection, send the file, monitoring the bits transferred, and then close the connection before the MDN. Your recipient would then open a connection into your system to send you the MDN. This means you have to wait on them to let you know they got the file, which could be quickly or slowly depending on how they are configured.
An Under the Covers View
There are a couple of additional items of note in this system. Some servers require you to log in to them before you can send data. All servers have a concept of ID pairs.
Remember again that this is the same way you would interact with a web page. Just like a web page, you would look for some indication that the sending of your credentials was protected through encryption. If you were wondering about why you would send encrypted data over HTTPS, here is a reason, to protect those log in credentials. You are creating a single connection to send the data, so you begin with an HTTPS session, log in to the server, and then send your data.
At this point you may wonder why you wouldn't just use HTTPS to send the data. I would refer you to the articles on web certificate theft (see the additional resources section) as a reason why that is not the most secure way to send your data every time.
In addition to the certificates for identification, AS2 has the concept of ID pairs. There is a sender ID (yours) and a receiver ID. On the receiving system, these would also exist (although reversed, naturally). Once the file is successfully transferred, the system has to know where to put the file. This ID pairing refers to the equivalent of a mailbox on the system. Using the IDs sent along with the file, the proper mailbox can be found. If the proper mailbox cannot be found, that information is reflected in the MDN and returned in that document.
There will always be someone out there who wants your data. And, while there may be a way to get it, there is no reason to make it easy for them. Using AS2, you get:
- Encryption of your data to protect its content
- Signing of the data to verify the sender
- A report that the file was successfully received and that the system recognized the sender
- The ability to require someone to log in, further verifying their identity
Keep your data safe and secure. Look into AS2.
The Drummond group is one of the certification groups for AS2, you can see about the tests and products at their site.
2011 was the year of the SSL (used for HTTPS) certificate thefts. ComputerWorld has an article detailing the companies impacted.
This ComputerWorld article, unfortunately, shows that we may not always know when these thefts occur.
Also, please make sure that you pick reasonable expiration dates for your certificates. It can be very easy to try to set and forget but remember that the longer you encrypt with the same certificate, the more information you provide to those trying to decrypt your data. Don't allow long expirations of certificates with high volume transfers to make your own data into a Rosetta stone for those trying to get your data.