Cloud Computing for File Storage and Encryption System

Cloud Computing for File Storage and Encryption System

Radhika Audumbar Gore

ragore@@dypcoeakurdi.ac.in Dept. of Computer Engineering

D.Y. Patil College of Engineering, Akurdi

Pune, India

Ms. Farhina S. Sayyad

fssayyad@dypcoeakurdi.ac.in Dept. of Computer Engineering

D.Y. Patil College of Engineering, Akurdi

Pune, India

Shreya Pandey

shreyapx247@gmail.com
Dept. of Computer Engineering

D.Y. Patil College of Engineering, Akurdi

Pune, India

Abstract—CSE is an increasingly popular approach to protect- ing user data uploaded to cloud storage providers, wherein users encrypt their files locally and upload ciphertext only, instead of trusting the cloud service with plaintext or encryption keys. This paper performs a comprehensive, threat-aware design and analysis for CSE-based cloud file storage systems. We synthesize findings from an empirical audit of widely used E2EE storage providers and the author’s seminar synopsis to identify recurring anti-patterns and concrete mitigations. Key contributions include:

(1) a practical architecture that combines authenticated symmet- ric encryption (AES-GCM) for data confidentiality and integrity with asymmetric key encapsulation (RSA-OAEP or ECIES) for key distribution; (2) a carefully designed key hierarchy including a KDF-derived master key, per-folder metadata keys (MEKs), and per-file ephemeral data encryption keys (DEKs), along with recommended secure handling and audit mechanisms;

(3) deployment-level mitigations such as key transparency or append-only key logs, authenticated manifests and Merkle trees for chunked-file integrity, and guidance on balancing KDF hard- ness with device capabilities; and (4) diagrams and simulated re- sults that quantify the performance and storage overhead trade- offs of the proposed design. We show how common field vulner- abilities (such as unauthenticated public keys, unauthenticated chunk lists, IV reuse, and protocol downgrade) can be effectively mitigated by adopting authenticated primitives, binding metadata to content via Merkle roots, and enforcing versioned, signed manifests. Our proposed system aims at being practical for web and native clients, considerate of usability challenges (key recov- ery, cross-device sync, deduplication), and mindful of regulatory realities (auditing, enterprise recovery). The paper concludes by recommending research directions: formal verification of the protocol, privacy-preserving deduplication, and prototypes demonstrating real-world usability and performance.

Index Terms—Cloud Storage, Client-Side Encryption, AES- GCM, RSA-OAEP, Key Management, End-to-End Encryption, Metadata Protection