How to securely share files with other individuals?

Question

I have a collection of files I would like to securely share with a small number of other people. The collection is mostly static; no more than one or two new files will be added per month (after the initial set up). The files are mostly PDFs, videos (< 5 minutes long), and audio files. It is extremely important that these files remain private - they could be very damaging if released to a wider audience. Thus, I am willing to make it a pain to access these files if it makes leaks less likely.

I am hoping to find a solution that has some of the following attributes: (I understand I probably can't get all of them.)

• Requires possession of a physical object, like a one-time-password generating dongle, as well as knowing a text password, to access the files
• Possible for me to wipe the archive remotely
• Archive will wipe itself after a number of incorrect attempts
• Once someone has accessed the files, it's difficult for him to redistribute them
• Each person I'm sharing with has their own password, so I can see who is accessing the files

Do you know of anything I could use that has the aforementioned properties? (I'm not even sure where to start looking.)

Clarifications:

• I'm not worried about the police or anything; it's just that some people in my group are allowed to see these documents and some aren't. I'm worried that authorized people may inadvertently leak files, or that unauthorized people may try to break in by stealing machines or passwords to accounts like email.
• Most people in the group are in one physical location
• I know that it's basically impossible to truly prevent the redistribution of information, but if I could make it difficult for non-technical users, that would suffice. I'm not trying to defend against a security expert; I'm trying to defend against people who barely know what JavaScript is.

Answer 1

I have a collection of files I would like to securely share with a small number of other people.

Are the other people remote? If they are in your office, the cheapest and most secure way is to go low tech. Physically secure the machine; keep it off any network; and allow physical access only to the keyboard/mouse/screen.

That's the only way you are going to achieve all of those things. If multiple people need access at the same time, you need multiple kiosks in the secure room.

Answer 2

If you find out how to prevent redistribution, then the music and movie industries will be very interested. This kind of prevention is exactly what they look for, and they would pay a hefty sum for a reliable protection method ("hefty" meaning "at least 7-digit, in US dollars"). Corollary: it is hard and there is no known good answer.

Partial solutions are about "tagging" the files with the name of each user (i.e. each user receives a file which has been tagged with his name) in a way which makes the tag hard to remove. This is called watermarking and, as the name says, it is as difficult as writing on water. The movie industry was doing that for the video tapes sent to journalists for reviews of movies which were about to go live; but we are in a digital age where surgical removal of watermarks from digital media is relatively easy.

Another possibility is to control the physical conditions under which the users access the data. Yet again, movie distributors do that in theaters, by organizing projections in dedicated rooms (the theaters) where video cameras are forbidden. This kind of solution is probably not applicable to you.

Answer 3

In general, if someone has access to the information, they have the ability to replicate the information. DRM is an attempt to allow access without the ability to duplicate, but it is historically insecure and problematic at best. All systems that I know of effectively rely on trusted client software to protect the unlock and viewing, but that is really just security through obscurity which should not be relied upon.

To take it even a step further, your combination of steps 2 and 4 are truly impossible. Once you release content, it will be impossible to remotely wipe it from all places it has gone. It is impossible to stop the flow of information to anyone who is able to access it. The best you can hope for is to time-lock the access (which again is an active task in the realm of DRM and security through obscurity), but the protected file will be out there and open to being cracked.

If you gave more detail about what you are trying to accomplish, it might be possible to give better information on what is and isn't possible or if online distribution is even a really viable option.

Answer 4

Given your new information, it sounds like physical security and user training need to be addressed. Ultimately, the vast majority of issues come from stupid user syndrome. Social engineering is the most successful attack venue. If the documents really are super sensitive, then it is critical that the users understand the importance of not sharing the information and that can only be done through proper training, otherwise users WILL find a way to share the information if it is inconvenient for them not to be able to. Most users at least know how to take a screen shot and WILL use similarly apparently silly, but none-the-less effective means of overcoming your best thought out security.

With all that said, something like Sharepoint or something similar might be all you need. You can configure two factor authentication for AD and setup a lot of access rules. You can have the logging you want, the individual users and I believe to some level can even setup a web viewer and not allow local download as long as they only need to view. But like I previously mentioned, if they can see it, there are ways they can share it that don't require great sophistication, so I'll re-emphasise that proper training (and regular retraining) of users is critical.