0

I posted this question on "Software Recommendations" previously. I think that my security concerns will be better addressed here.

I am searching for a convenient way to securely transfer a single file from a desktop computer C_D to a mobile computer C_M. C_D runs Linux, C_M runs Android.

A method is secure if a file does not leak to a third party ("confidential") and computers see only the transferred file and nothing more ("least privilege").

A convenient way requires only simple configuration. The file transfer usually is the first and last transfer between C_D and C_M, and a complex configuration process would not pay off. The ideal "configuration process" is when I pick a file and select a connector which the other computer is connected to. Let's denote this requirement as "convenient".

What I thought up so far. An important fact to keep in mind is that to make a transfer "confidential", I need to make sure that the computer I connect to is not a computer belonging to a malicious person standing few meters aside. I can do this by manually typing a password, but typing a password is not "convenient". I can do this by connecting the computers with a "visible" link, for example, a cable. Transfer schemes follow.

  1. Radio (wireless) link. For example, Wi-Fi, Bluetooth. It is not shielded, so it is not "confidential" without typing a password.
  2. Optical link. 2.1. Infrared communication is not shielded, so it is not "confidential" too. 2.2. A video camera of one computer pointed to the screen of the other one. I guess that it is more "confidential" than the previous scheme. I don't like that the screen is visible to bystanders. QR Code is an implementation of this scheme for small files. 2.3. A light emitter of one computer inserted into a hole with a light sensor in the other computer, and the gap where the light may escape is covered by rubber. It can be manufactured, but I never heard of such technology in consumer electronics.
  3. Cable. 3.1. Ethernet. It is present in almost every device nowadays which is "convenient". It requires configuring a network server of some sort (for example, FTP, HTTP), which is not "convenient". 3.1.1. LAN. As I said, it is very likely that C_D and C_M were never connected before, so a LAN would require a configuration. Low on "convenient". Note that this LAN must be isolated from other networks, otherwise the scheme is not "confidential". 3.1.2. Internet. Is not "confidential" unless a network server is protected by a password. Take into account that at least one computer, probably both have no global IP addresses. 3.2. USB. 3.2.1. C_M serves as a MTP storage over USB. I discovered that even the internal flash memory of C_M is accessible. Contradicts "least privilege". 3.2.2. I suppose that other protocols over USB exist, but I never heard of any one that fits.
  4. Moving a flash memory device between A and B. Wiping the whole partition containing the file by the Unix program "shred" satisfies "confidential". Low on "convenient". For example, I discovered a smartphone where you need to disconnect a battery in order to change a microSD card.

Final thoughts. I did not expect this task to be such a hassle. A solution suggested on "Software Recommendations" requires that I write a script that starts a FTP server to transfer big files. OMG.

Community
  • 1
beroal
  • 139
  • 6
  • Radio, optical, cable and removable storage, those are all what the whole world is using to communicate files. IMHO a solution that comply with your definition of confidentiality and convenience, may need to investigate on self-shielded files..., by the way you haven't mentioned the 'encryption'. – elsadek Dec 03 '16 at 20:26
  • You can get USB devices which have both a micro and a full size USB connector - connect to phone, copy file, connect to computer, copy file off. – Matthew Jan 03 '17 at 19:29
  • Have you considered email? – SDsolar May 04 '17 at 01:36

3 Answers3

1

There's various android apps that support SSH/SCP/SFTP. Since that is encrypted, you'd be on the safe side. Very likely, your favourite third-Party File Explorer does that already. You can, also, install an SSH server on the android phone and go the other way around. SSH will allow you to verify the fingerprint of the other side's cryptographical authenticity. So no man-in-the-middling. That was easy!

Of course, these connections depend on networking, but considering you can usually use Bluetooth to tether and thus, set up a network, that should universally work – both locally as well as over the internet.

Radio (wireless) link. For example, Wi-Fi, Bluetooth. It is not shielded, so it is not "confidential" without typing a password.

I won't be going into security of wireless links here, but it's not universally true that those are unencrypted. Still, your desire for confidentiality is warranted, since an access point has to decrypt the over-the-air traffic.

No communication in this world is "shielded", by the way, aside from quantum cryptographically secured connections. The word your looking for is "easy to eavesdrop".

Optical link. 2.1. Infrared communication is not shielded, so it is not "confidential" too.

... and you show me the pair of devices that still have infrared transceivers in 2016....

2.2. A video camera of one computer pointed to the screen of the other one. I guess that it is more "confidential" than the previous scheme.

It's certainly not. Optics of cameras have a minimal focal length, and since the speed of this method would be pretty low, and you don't want to dedicate both your C_M and C_D for hours to copying files, you'll be creating larger loopholes for people that want to sniff.

I don't like that the screen is visible to bystanders. QR Code is an implementation of this scheme for small files.

exactly.

2.3. A light emitter of one computer inserted into a hole with a light sensor in the other computer, and the gap where the light may escape is covered by rubber.

That sounds like you'd actually want fiberoptic networking :)

It can be manufactured, but I never heard of such technology in consumer electronics.

Depends on what you'd consider "consumer". SFP PCIe cards and SFP 1000Base-SX transceivers can be bought used for very little money nowadays, but it'll be hard to attach those to a smartphone.

If you want to use a screen or the flash LED of your smart phone: Screens have an update rate of let's say 60 Hz. Let's assume you can code 8 bit each time – then you get 60B/s. That'll be extremely slow.

Cable. 3.1. Ethernet. It is present in almost every device nowadays which is "convenient". It requires configuring a network server of some sort (for example, FTP, HTTP), which is not "convenient".

Aside from your linux system making it extremely convenient to have such. As mentioned faaar above, SSH is available on any linux distro as standard package, and will let cryptographically and/or password-authenticated users access your computer or transfer files. totally convenient.

3.1.1. LAN. As I said, it is very likely that C_D and C_M were never connected before, so a LAN would require a configuration. Low on "convenient".

Yawn. That'd be true in 1996... nowadays, we have Bonjour/avahi/Windows Networking... things work out of the box as soon as you're on the same network, and you only have to care about configuring either side to use something well-encrypted. For example, many chat clients can be used with end-to-end encryption, and there's Bonjour auto-detection built into clients like Pidgin.IM and so on.

Note that this LAN must be isolated from other networks, otherwise the scheme is not "confidential".

encryption. It doesn't cost you anything. this is not the early 1980s.

3.1.2. Internet. Is not "confidential" unless a network server is protected by a password. Take into account that at least one computer, probably both have no global IP addresses.

Whatever applies to network in general applies to internet, too. You wouldn't want unencrypted file transfers even in a LAN.

3.2. USB. 3.2.1. C_M serves as a MTP storage over USB. I discovered that even the internal flash memory of C_M is accessible. Contradicts "least privilege".

That's something that you should be able to modify if you roll your own Android. However, I don't know of a single case where access restriction has been implemented – there's simply little demand. Also, plugging your phone directly into a foreign PC is practically the most physical access one can get – the "holy grail" of security loss.

3.2.2. I suppose that other protocols over USB exist, but I never heard of any one that fits.

Networking! Simply emulate a network interface. Android phones call that mode "USB tethering". Then run a chat client, an SSH client, an SSH server, an FTPS server, whatever you like.

all in all, it feels like you've never heard of encryption, which is the ubiquitous and simple solution to your problem.

Frankly, I'd just take my files, encrypt them, and send them via email (if small enough) or just use encrypted email (there's good email clients for both Linux and Android that support PGP).

If the files were to large to be sent via email, I'd really just push them encryptedly via any other method – probably simply via Bluetooth, or as a file dropped onto a network share. Don't act as if those are hard to set up – in fact, with most linux distros, it should be pretty easy to just share a folder.

Marcus Müller
  • 5,843
  • 2
  • 16
  • 27
0

You seem to have some very odd and specific definitions of things like "confidential" and "convenient".

SSH/SFTP/etc become convenient after initial setup for example. And are now so ubiquitous that they shouldn't be at all difficult to realise.

Confidentiality does not necessarily mean that someone cannot see that you have transferred something. For example, many shops know what kind of credit card I might have but most of my information and purchase history remains confidential.

I can write 20 QR codes on the side of a bus but the content would remain confidential if encrypted.

That nature of the wording of your "question" makes me think this is an assignment of some kind because this is not a practical examination of real-world use cases. In the real-world convenience tends to take precedence over security for most people and so most would consider the use of Dropbox sufficient security. With the addition of pre-encryption where needed.

If you really need to hide even the fact that you are communicating, you need to look at the newer messaging apps such as Telegram that allow file transfer with point-to-point encrypted channels.

Julian Knight
  • 7,092
  • 17
  • 23
0

Have you considered using Bittorrent Sync (now resilio)? It satisfies your requirements pretty well.

  • Files are transferred using bittorrent only to the target computer - no intermediate servers
  • Authentication is done by e-mailing a link or scanning a QR code and authorization is then manually performed by the user that initiated the process

Now the usual caveats remain, namely:

  • Its security has been controversial in the past (circa 2014). I do not know whether anyone did a re-test on the findings; however you're transferring files from/to a mobile device and I hope you don't think your files are safe against a nation-state adversary
  • See also this answer, and their rebuttal with HN thread
  • It's not open source; usability trumps openness, and eventually there'll be a viable open source alternative (syncthing seems to be one but I haven't tested it yet)

And of course, it's a compromise. If you want complete security then plug in a cable and manually copy the file over is the only reasonable way.

Community
  • 1
lorenzog
  • 1,911
  • 11
  • 18