Topics in cryptography - file storage system secured with cryptographic operations

Abstract

The project demonstrates a file storage prototype which leverages cryptographic oper ations to provide additional layers of defense beyond standard cloud service provider. Traditional cloud services mainly uses server-side encryption where the provider man ages both data and encryption keys, this introduces risks in the event of internal com promise or unauthorized access by malicious user. Toaddress the limitations of cloud service provider, the system implements both client side encryption and end-to-end encryption (E2EE), files are encrypted client-side using AES-GCM before upload. The encrypted files are stored in AWS S3, each AES encryption key is encrypted using Google Cloud Key Management Service (KMS) and stored in Google Cloud Storage (GCS). These implementations enforces multi-cloud security architecture which separates storing of data and keys, eliminating single point of failure. Confidentiality of the file is secured. The system also ensures data intergrity by using Hash-Based Message Authentication Codes (HMAC). HMACis computed for each file and stored in PostgreSQL for verifi cation during file retrieval. This measure will detect any tampering during storage or transmission.User access is secured using AWS Cognito with multi-factor authentica tion (MFA). The detailed design, architecture and implementation of the system will be covered in this project.