Folding@Home security practices

Moderators: Site Moderators, FAHC Science Team

Folding@Home security practices

Postby stuartsoft » Fri Apr 17, 2020 5:59 pm

I'm interested in setting up a Folding@Home team for my coworkers, but need to do my due diligence of evaluating Folding@Home's security measures before recommending it to them. I've looked through the about pages from the Folding@Home website on the topic of security, and while I was able to answer some questions, other topics were not covered. If you are willing to answer these questions, I'd greatly appreciate your time and answers!

What is the process for adding projects to Folding@Home? Is there an academic peer review process before new Work Units are made available?

What protections are in place to prevent malware from running within Folding@Home Work Units? If I'm giving up my computing power, it would be nice to have peace of mind that it's actually simulating protein folding and not doing something malicious.

Are Work Units encrypted on disk, or is the connection encrypted? From what I've read on the website, Folding@Home has a 2048 bit digital signature that is verified for incoming data and outgoing results. It also makes some mention of Public Key Infrastructure (PKI), but nothing specific.
stuartsoft
 
Posts: 3
Joined: Fri Apr 17, 2020 5:55 pm

Re: Folding@Home security practices

Postby HaloJones » Fri Apr 17, 2020 8:41 pm

All work is created by members of the team of scientists. No outside party is involved with that process. So you either trust the scientists on the project or you don't.

The scientists aren't interested in putting malware on your computers, they're interested in finding cures for diseases.

Connections move work units over either port 80 or 8080. they are then worked on and then returned over the same ports. There is no need to encrypt the data. It contains nothing of any interest to anyone except the scientists.

Look, I get the concerns. But this is a science project that has been running for many years and is attached to serious science institutes publishing their results for others to then exploit to make (hopefully) cures.

This isn't credit card numbers, or personal identifying information. Or passwords. Or anything else. Run it, don't run it. It's not a security risk. Promise.
1x Titan X, 5x 1070, 1x 970, 1 x Ryzen 3600

Image
HaloJones
 
Posts: 859
Joined: Thu Jul 24, 2008 11:16 am

Re: Folding@Home security practices

Postby JimboPalmer » Fri Apr 17, 2020 8:47 pm

stuartsoft wrote: Are Work Units encrypted on disk, or is the connection encrypted? From what I've read on the website, Folding@Home has a 2048 bit digital signature that is verified for incoming data and outgoing results. It also makes some mention of Public Key Infrastructure (PKI), but nothing specific.

Making it easier to spoof F@H check sums is not a security goal. No specifics will be supplied, I bet.
Tsar of all the Rushers
I tried to remain childlike, all I achieved was childish.
A friend to those who want no friends
JimboPalmer
 
Posts: 2018
Joined: Mon Feb 16, 2009 5:12 am
Location: Greenwood MS USA

Re: Folding@Home security practices

Postby stuartsoft » Fri Apr 17, 2020 11:25 pm

Thanks HaloJones. Is there a list of Universities/Institutions that these scientists belong to? Obviously Stanford and Washington University School of Medicine.
stuartsoft
 
Posts: 3
Joined: Fri Apr 17, 2020 5:55 pm

Re: Folding@Home security practices

Postby PantherX » Fri Apr 17, 2020 11:28 pm

Welcome to the F@H Forum stuartsoft,

To create a new Project, there's analysis done by the researchers, then internal testing, then Beta testing, then pre-release testing then full release. You can always pause folding and look at the files inside the work directory, they contain simulation data.

Folding is done by FahCore_22 (on GPUs) or FahCore_a7 (on CPUs). They are built using GROMACS (for CPU) and OpenMM using OpenCL (for GPUs). All three are open source and widely used in the molecular simulation field.

WUs don't have to be encrypted but there's a verification done once the WU is downloaded to the client and then once it is uploaded to the servers. If the verification fails, the WU is dumped.

Here's the F@H Consortium page: https://foldingathome.org/about/the-fol ... onsortium/
ETA:
Now ↞ Very Soon ↔ Soon ↔ Soon-ish ↔ Not Soon ↠ End Of Time

Welcome To The F@H Support Forum Ӂ Troubleshooting Bad WUs Ӂ Troubleshooting Server Connectivity Issues
User avatar
PantherX
Site Moderator
 
Posts: 6602
Joined: Wed Dec 23, 2009 10:33 am
Location: Land Of The Long White Cloud

Re: Folding@Home security practices

Postby stuartsoft » Sat Apr 18, 2020 4:12 pm

Thank you PantherX!
stuartsoft
 
Posts: 3
Joined: Fri Apr 17, 2020 5:55 pm

Re: Folding@Home security practices

Postby bruce » Mon Apr 20, 2020 9:56 pm

In the interest of scientific validity, several techniques are use to weed out potential falsified or erroneous results. While the WU is running, "sanity checks" are run periodically to catch things like unstable overclocking before the WU gets too far along. Additional validation steps are performed once the results are uploaded before the data are accepted. Rejections are not frequent but they do happen. Even though points are virtually worthless, there's a great appeal to earning more, including various forms of cheating.
bruce
 
Posts: 19854
Joined: Thu Nov 29, 2007 11:13 pm
Location: So. Cal.


Return to V7.5.1 Public Release Windows/Linux/MacOS X

Who is online

Users browsing this forum: No registered users and 2 guests

cron