As long as sensitive data passes through the internet, third parties will attempt to intercept it. Now that the internet is firmly incorporated into daily life, our data is more critical than ever. Data privacy has come a long way since FTP’s introduction in 1971. Numerous file transfer protocols have been established to promote data privacy in conjunction with laws like Canada’s PIPEDA. However, each protocol strikes a unique balance between security, speed, and efficiency, catering to different primary use cases. For example, SCP is often preferred for quick, straightforward file transfers in environments where simplicity and speed are paramount. SFTP is widely used in enterprise settings that require comprehensive file management features and robust security integrated with SSH. FTPS is favoured in scenarios where compatibility with existing FTP infrastructure is necessary while ensuring secure transmissions through SSL/TLS. Understanding these differences and their associated use cases is essential for allowing users to choose the best protocol to suit their needs. While maximizing security is vital, encryption impacts performance, resulting in differing optimal usage among the different transfer methods. Thus, deciding which protocols to use is not so clear-cut. However, we found few papers offering a comprehensive cross-analysis, which presents a gap in the existing knowledge. 

This project aims to identify the optimal use cases for each protocol, such as when considering large file transfers versus many small files, resource-limited devices, or environments where security takes priority. 

SFTP, FTPS or SCP protect files during transfer—each protocol offering specific advantages accompanied by particular disadvantages. Common metrics include data speed along with system load, but most studies examine protection features or execution speed in isolation. Also, analysis of encryption methods remains limited to single protocols rather than a broad comparison. A real example: SCP transfers data more efficiently than SFTP [1], yet version 9.0 uses SFTP by default [2]. OpenSSH references SCP's weakness to intercepted connections [3] to explain why the protocol became outdated [4]. However, networks using robust anti-interception systems could still benefit from SCP's quicker transfer rates.

Existing research lacks a thorough side-by-side review of all three protocols under equal test conditions. The analysis should cover various scenarios: large files, multiple small transfers, and devices with limited resources. Without detailed comparative data, users face difficulty in protocol selection. The historical background of improvements, like OpenSSH's updates, helps evaluate each protocol's current abilities or fit for specific uses.

We will conduct a comprehensive analysis and comparison of SFTP, FTPS, and SCP on an Ubuntu server using Mininet to simulate a network with real-world conditions like delay and packet loss. Performance and security metrics will be measured using tools such as iperf, htop, Wireshark, iftop, tcpdump, and sysstat. These metrics include:

Transfer Speed: The rate at which data is moved during file transfers.

Protocol Overhead: The amount of additional processing required by each protocol.

CPU Load: The level of CPU utilization when using each protocol.

RAM Usage: The memory consumption associated with each protocol.

Setup Duration: The time taken to establish a connection using each protocol.

File Handling: The performance of each protocol with different file sizes.

Tests will simulate various scenarios, including large file transfers, high-quantity, low-size transfers, and operations on resource-constrained devices. The data will undergo numerical and graphical analysis to compare the protocols, identify trade-offs and determine the most suitable protocol for each use case. This unified comparative assessment is intended to provide clear guidance for selecting the appropriate protocol based on specific requirements, integrating both performance and security evaluations.

The major deliverable stages for this project are listed below, along with the respective goals that we aim to complete for each deliverable. While the milestone deadlines are set in stone, the goals completed by each stage are subject to change as the project progresses.

Project Proposal: February 7, 2025. Submit the final proposal document and site draft.

First Biweekly Update: February 21, 2025. Firmly establish our methodology and finish setting up the testing environment.

Second Biweekly Update: March 7, 2025. Finish collecting data from our testing phase.

Third Biweekly Update: March 21, 2025. Complete data analysis and conclude. Rough draft of the report.

Final Presentation: April 4, 2025. Complete the report draft and present our findings.

Final Report: April 11, 2025. Complete and submit the final report.

[1] H. Kath, “SCP vs. SFTP: Which is better?,” GoAnywhere MFT, https://www.goanywhere.com/blog/scp-vs-sftp-which-is-better.

[2] “OpenBSD Manual Page Server,” scp(1) - OpenBSD manual pages, https://man.openbsd.org/scp.1#HISTORY.

[3] “CVE-2019-6111,” National Institute of Standards and Technology, https://nvd.nist.gov/vuln/detail/cve-2019-6111.

[4] “OpenSSH 8.0/8.0p1,” OpenSSH, https://www.openssh.com/txt/release-8.0.