Encrypted UDP based FTP - UFTP

Encrypted UDP based FTP with multicast

UPDATE: Version 4 of UFTP is now available! The protocol has been heavily altered to support a number of new features:

ºThe ability to send multiple files in a single session
ºAn SSL/TLS derived encryption layer to protect your data
ºMulticast tunneling
ºNAT traversal
ºAggregation of client responses, providing scalability
ºSupport for variable packet sizes, including jumbo frames
ºMore fine grained control of network timing/retransmission parameters

The code has also been completely restructured to be more readable and easier to update/support.

UFTP is an encrypted multicast file transfer program, designed to securely, reliably, and efficiently transfer files to multiple receivers simultaneously. This is useful for distributing large files to a large number of receivers, and is especially useful for data distribution over a satellite link (with two way communication), where the inherent delay makes any TCP based communication highly inefficient. The multicast encryption scheme is based on TLS with extensions to allow multiple receivers to share a common key. UFTP also has the capability to communicate over disjoint networks separated by one or more firewalls (NAT traversal) and without full end-to-end multicast capability (multicast tunneling) through the use of a UFTP proxy server. These proxies also provide scalability by aggregating responses from a group of receivers. UFTP has been used in the production process of The Wall Street Journal to send WSJ pages over satellite to their remote printing plants, and other users have used it to send to over 1000 receivers.


Encrypted UDP based FTP: UFTP Protocol Summary

A UFTP session consists of 3 main phases: The Announce/Register phase, the File Transfer phase, and the Completion/Confirmation phase. The File Transfer phase additionally consists of the File Info phase and the Data Transfer phase for each file sent.

The Announce/Register phase sets up the multicast file transfer session and negotiates all encryption parameters. The server sends out an announcement over a public multicast address which the clients are expected to be listening on. All subsequent messages from the server go over a private multicast address specified in the announcement. Allowed clients send a registration to respond to the announcement. The server will then send either a confirmation message if encryption is disabled, or the encryption keys for the session if encryption is enabled. If the client receives the encryption keys, it sends an acknowledgment back to the server.

Encrypted UDP based FTP UFTP DocumentationThe File Transfer phase starts with the File Info phase for the first file to send. The server sends a message describing the file in question. Besides the name and size of the file, this message describes how the file will be broken down. A file is divided into a number of blocks, and these blocks are grouped into sections. A block is a piece of the file that is sent in a single packet, and a section is a grouping of blocks. The total number of blocks and sections is included in this message.

Continuing the File Transfer phase is the Data Transfer phase for the first file. Data packets, each of which is a block, are sent by the server at a rate specified by the user. Because UDP does not guarantee that packets will arrive in order, each block is numbered so the client can properly reassemble the file. When the server has finished sending all data packets, it sends a message to the clients indicating this.

When a client detects the end of a section or receives an end of file message from the server, and the client has detected one or more missing blocks, the client will send back a message containing a list of NAKs (negative acknowledgments). When the server receives NAKs from one or more clients, it goes back and retransmits any blocks that were NAKed, then continues on sending any untransmitted blocks. When a client has received the entire file, it sends a completion message in response to the server’s end of file message. This continues until all clients have either send a completion message or have timed out after the server sent its end of file message.

The File Info phase and the Data Transfer phase are then repeated for each file to be sent during the session.


The Completion/Confirmation phase shuts down the session between the server and clients. It starts with a message from the server indication the end of the session. The clients then respond with a completion message, and the server responds to each completion with a confirmation message.

Download UFTP