Kirill Shilov

@kirillshilov

Why is Physical Mail still being Used to Share Sensitive Documents?

With all the evil corps, governments, and hackers out there hungry for your confidential information, it’s no wonder you’re worried about sending such info online.

Since the invention of the internet, there’s been a treasure hunt for personal data because, today, that information is more valuable than gold. What if somebody hacks a server with private commercial information about companies? Or when someone gets access to the personal emails of a major politician? Remember Hillary Clinton and her leaked emails in 2016; that event likely influenced the outcome of a presidential election. From celebrity photo cloud hacks to Facebook leaks, the possibilities are endless.

One detailed study published by Google mentioned that they found more than 1.9 billion usernames and passwords being traded on the black market. Almost everyone can be in this list, and if you keep or send something confidential via public services, it can easily leak. That’s why, as ridiculous as it sounds, confidential documents are often sent via physical mailing on DVD or USB thumb drives.

https://xkcd.com/

In this article we’re going to explore the new technical solutions that are meant to offer new ways to send files, data, and documents over the Internet without putting the data they contain at risk. We’re talking at Authpaper Delivery, BitTorrent, and Filecoin, and here we’ll see why they are superior in terms of security than all other centralized solutions available at the market today.

The current (ineffective) solutions

There are many ways to transmit, store, and sign data, the most common method being email. As we have already seen, even the top politicians store sensitive information in their personal inboxes. Thus, skilled hackers have multiple ways of getting what they want. They can use phishing techniques, giving them total access via social engineering skills or various trojan programs, or they can perform a sniffing attack by monitoring traffic between the server of outgoing email (SMTP) and the server of incoming emails (POP).

That’s why even if it’s one of the most common communication tools, especially for companies, email is a very unsafe way to send files, and the long history of email hacks clearly reinforces this fact. The only good thing about it is that it’s the simplest and most familiar tool for many Internet users. Everyone has an email address, and it’s okay to use it, just don’t send anything important via email. There are dedicated solutions for that. But are those really as safe as they claim?

Adobe Sign, an Adobe Document Cloud solution, and DocuSign are two services that allow users to store documents online and sign them, just as you sign a regular paper-printed contract, but using an electronic signature instead. So rather than having to print, sign, scan, and send a document, now you only need to click one button. Both of these services work from a mobile phone, and they simplify the process of handling documents between remote parties. So where is the weak point, you may ask? The whole cloud thing, it’s one big security breach away. Cloud providers are constantly targeted and hacked, because they are a good candidate for infection: once you inject a virus into the cloud server, it can infect all its users at once. These services can help speed up your daily routine if you work with a lot of documents, but you have to sacrifice security and understand that someone else might get unauthorized access to your document. It may be more secure than email, but still not secure enough for you to entrust it with your most important data.

There is another cloud-based solution that allows you to share files with other people, which uses advanced protective measures including encryption, identity, and authorization policies. That’s Microsoft Azure Rights Management System (RMS) where a user can safely assign rights and permissions to people who need important company data while preventing unauthorized access (or at least it was assumed it was safe). As we’re talking about Microsoft, it makes sense that it works best with Microsoft Office documents.

https://securelist.com/it-threat-evolution-q3-2018-statistics/88689/

The idea is good, but the reality is more harsh. You can find descriptions of how the write protection can be removed, or even worse, how it can be stealthily removed so the resulting document could still claim to be write protected, thus implying that the modified content was generated by the victim. This leaves a large window of opportunity for framing someone by making up documents that the victim didn’t create. Luckily, these security vulnerabilities were fixed, as this description was sent to Microsoft. But how many undisclosed breaches does it still have?

All of these solutions are good in their roles, but they don’t offer the security that is required when it comes to handling confidential documents. So how can blockchain technology aid in this task?

Blockchain solutions (that are a lot more effective)

The blockchain has a serious advantage over all other forms of storing and transmitting data — it can’t be modified. Every single byte of information written onto the blockchain is there to stay, forever. Any action can be traced and verified — including the signature of a document. Having the signature and the document itself stored on the blockchain can serve as incontestable evidence in case of legal dispute. So what blockchain-based solutions can offer this kind of trust?

https://www.makeuseof.com/tag/p2p-peer-peer-file-sharing-works/

For starters, the most popular service right now is BitTorent. According to a small study in 2018, the whole file-sharing accounts for 3% of global downstream and 22% of upstream traffic, and 97% of that traffic is from BitTorrent. BitTorrent is mainly known as a file-sharing service, especially as a means of piracy, but it’s not limited to only that kind of use. It’s a decentralized peer-to-peer protocol that can be used to share files, such as documents, directly with other users without having to worry about interference. What makes BitTorrent’s protocol so secure?

BitTorrent works as a swarm of computers in the network that doesn’t need a central server. A network made out of nodes that constantly upload and download files. After a successful download, the node is ready to start sharing the freshly downloaded files to all other active nodes in the network. Plus, it’s highly efficient. The transfer speed is maximized by dividing each file into smaller pieces, which allows one single node to simultaneously download from any number of available nodes. Sadly, the transmitted files aren’t encrypted. If anyone gets the link created to transfer a confidential document, he/she can download and read it. Recently, BitTorrent has got its own token on the Tron blockchain, which can be used to tip creators or pay for faster downloads, but this is not the expected use of the blockchain when there are still security concerns around its core features. However, being a protocol, new solutions can be developed on top of it. And this is exactly what happened.

Authpaper Delivery developed a way to send files safely based on BitTorrent’s protocol, blockchain, and other technologies. The result is a peer-to-peer platform for delivering confidential data, signing it, and creating delivery records that cannot be forged, at least according to the developers. Document fraud and forgery are problems that can be quite expensive for their victims. Now Authpaper Delivery presents a technical solution to these problems that’s based on software that the Authpaper’s team has been working on for years. A technology that is now patented and has been internationally acclaimed. Their solution allows for the delivery of any type of file, from documents to large-sized files, such as movies, software, or system images, as it uses the protocol of BitTorent to transfer files. For example, a movie producer can send an unreleased movie over the network with less risk of the movie being leaked to the Internet. But where this security comes from?

All of the sent data is kept confidential except for the specified recipients, because it’s encrypted by two private keys before sending it over the public network. Anyone who gets the torrent link can download the files, but only those who have these two keys can read the sent files. The BitTorrent network nodes now have an extra role, not only to store the encrypted data but also to verify and record all operations on data and its delivery. For their work they are rewarded with the platform’s tokens, Authpaper coins (AUPC). The process looks like this:

  • Any user on the network can issue a document under his/her email and name and send it to other people
  • The receiver authorizes the transfer and signs the data
  • Once they sign it, they can’t deny it
  • The anti-forgery system prevents forging signs and stamps on the document

Another blockchain-based option is Filecoin. It’s a decentralized storage network from the creators of IPFS protocol, a decentralized storage network, where miners earn tokens for providing storage space on their hard drive. Filecoin stores information about its files in cryptographic hashes to identify and distribute data stored on the network, so the data stored on the network can’t be accessed by third parties. Only the owner of the file can get access to it.

Anyway, for now, the Filecoin network is having a hard time finding enough miners to store large files, which makes it expensive to store large data files, especially with the high demand for decentralized space. And it doesn’t provide signing functions for documents, a function that Authpaper Delivery successfully integrated into its protocol.

Conclusion

Of course, physical mailing won’t disappear instantly, and neither will the current centralized solutions — blockchain technologies are still in their infancy, they have a long road yet ahead. Centralized systems can be useful in many cases, when the stakes aren’t that high. If you send a not-so-important document, you can be okay with signing it in DocuSign. But if the importance of your files is really high, for example, if it’s a real estate contract, you have to use the most secure way of transmission, and right now, that’s the blockchain. Document forgery is still a thing, and with the current technologies, it’s easier to do than ever before.

https://dilbert.com/

As time passes, more and more ordinary actions that are usually done offline will be performed online. And document signing and data transfer will be one of them. Currently, centralized systems are used by the majority of the world, but with the spread of censorship, people start caring about privacy and freedom of speech. That’s why we can expect more people to start using BitTorrent, Filecoin, and Authpaper Delivery solutions. People deliver documents physically, because they don’t trust online centralized platforms in some cases. But in decentralized systems, there’s no one to trust, it just works — and that’s a good thing.

More by Kirill Shilov

Topics of interest

More Related Stories