Folding@Home security practices

Moderators: Site Moderators, FAHC Science Team

Post Reply
stuartsoft
Posts: 3
Joined: Fri Apr 17, 2020 4:55 pm
Hardware configuration: Intel i5 4690k
Asus GeForce GTX 970 Strix
16GB DDR3 Ram

Folding@Home security practices

Post by stuartsoft »

I'm interested in setting up a Folding@Home team for my coworkers, but need to do my due diligence of evaluating Folding@Home's security measures before recommending it to them. I've looked through the about pages from the Folding@Home website on the topic of security, and while I was able to answer some questions, other topics were not covered. If you are willing to answer these questions, I'd greatly appreciate your time and answers!

What is the process for adding projects to Folding@Home? Is there an academic peer review process before new Work Units are made available?

What protections are in place to prevent malware from running within Folding@Home Work Units? If I'm giving up my computing power, it would be nice to have peace of mind that it's actually simulating protein folding and not doing something malicious.

Are Work Units encrypted on disk, or is the connection encrypted? From what I've read on the website, Folding@Home has a 2048 bit digital signature that is verified for incoming data and outgoing results. It also makes some mention of Public Key Infrastructure (PKI), but nothing specific.
HaloJones
Posts: 920
Joined: Thu Jul 24, 2008 10:16 am

Re: Folding@Home security practices

Post by HaloJones »

All work is created by members of the team of scientists. No outside party is involved with that process. So you either trust the scientists on the project or you don't.

The scientists aren't interested in putting malware on your computers, they're interested in finding cures for diseases.

Connections move work units over either port 80 or 8080. they are then worked on and then returned over the same ports. There is no need to encrypt the data. It contains nothing of any interest to anyone except the scientists.

Look, I get the concerns. But this is a science project that has been running for many years and is attached to serious science institutes publishing their results for others to then exploit to make (hopefully) cures.

This isn't credit card numbers, or personal identifying information. Or passwords. Or anything else. Run it, don't run it. It's not a security risk. Promise.
single 1070

Image
JimboPalmer
Posts: 2573
Joined: Mon Feb 16, 2009 4:12 am
Location: Greenwood MS USA

Re: Folding@Home security practices

Post by JimboPalmer »

stuartsoft wrote: Are Work Units encrypted on disk, or is the connection encrypted? From what I've read on the website, Folding@Home has a 2048 bit digital signature that is verified for incoming data and outgoing results. It also makes some mention of Public Key Infrastructure (PKI), but nothing specific.
Making it easier to spoof F@H check sums is not a security goal. No specifics will be supplied, I bet.
Tsar of all the Rushers
I tried to remain childlike, all I achieved was childish.
A friend to those who want no friends
stuartsoft
Posts: 3
Joined: Fri Apr 17, 2020 4:55 pm
Hardware configuration: Intel i5 4690k
Asus GeForce GTX 970 Strix
16GB DDR3 Ram

Re: Folding@Home security practices

Post by stuartsoft »

Thanks HaloJones. Is there a list of Universities/Institutions that these scientists belong to? Obviously Stanford and Washington University School of Medicine.
PantherX
Site Moderator
Posts: 7020
Joined: Wed Dec 23, 2009 9:33 am
Hardware configuration: V7.6.21 -> Multi-purpose 24/7
Windows 10 64-bit
CPU:2/3/4/6 -> Intel i7-6700K
GPU:1 -> Nvidia GTX 1080 Ti
§
Retired:
2x Nvidia GTX 1070
Nvidia GTX 675M
Nvidia GTX 660 Ti
Nvidia GTX 650 SC
Nvidia GTX 260 896 MB SOC
Nvidia 9600GT 1 GB OC
Nvidia 9500M GS
Nvidia 8800GTS 320 MB

Intel Core i7-860
Intel Core i7-3840QM
Intel i3-3240
Intel Core 2 Duo E8200
Intel Core 2 Duo E6550
Intel Core 2 Duo T8300
Intel Pentium E5500
Intel Pentium E5400
Location: Land Of The Long White Cloud
Contact:

Re: Folding@Home security practices

Post by PantherX »

Welcome to the F@H Forum stuartsoft,

To create a new Project, there's analysis done by the researchers, then internal testing, then Beta testing, then pre-release testing then full release. You can always pause folding and look at the files inside the work directory, they contain simulation data.

Folding is done by FahCore_22 (on GPUs) or FahCore_a7 (on CPUs). They are built using GROMACS (for CPU) and OpenMM using OpenCL (for GPUs). All three are open source and widely used in the molecular simulation field.

WUs don't have to be encrypted but there's a verification done once the WU is downloaded to the client and then once it is uploaded to the servers. If the verification fails, the WU is dumped.

Here's the F@H Consortium page: https://foldingathome.org/about/the-fol ... onsortium/
ETA:
Now ↞ Very Soon ↔ Soon ↔ Soon-ish ↔ Not Soon ↠ End Of Time

Welcome To The F@H Support Forum Ӂ Troubleshooting Bad WUs Ӂ Troubleshooting Server Connectivity Issues
stuartsoft
Posts: 3
Joined: Fri Apr 17, 2020 4:55 pm
Hardware configuration: Intel i5 4690k
Asus GeForce GTX 970 Strix
16GB DDR3 Ram

Re: Folding@Home security practices

Post by stuartsoft »

Thank you PantherX!
bruce
Posts: 20910
Joined: Thu Nov 29, 2007 10:13 pm
Location: So. Cal.

Re: Folding@Home security practices

Post by bruce »

In the interest of scientific validity, several techniques are use to weed out potential falsified or erroneous results. While the WU is running, "sanity checks" are run periodically to catch things like unstable overclocking before the WU gets too far along. Additional validation steps are performed once the results are uploaded before the data are accepted. Rejections are not frequent but they do happen. Even though points are virtually worthless, there's a great appeal to earning more, including various forms of cheating.
Post Reply