International Research Journal of Engineering and Technology (IRJET) e-ISSN:2395-0056 p-ISSN:2395-0072
Volume:12Issue:04|Apr2024 www.irjet.net
TRUSTED WEB-BASED CLOUD STORAGE FOR SECURE DATA SHARING
Mangina Umamaheswararao1, Ballanki Venu Gopal2, Chinthapalli Venu Gopal 3 ,
Manukonda Satish 4 , Veedhi Uday5 , Valavala Surya Teja6
1CST, Sri Vasavi Engineering College(A), Pedatadepalli,Tadepalligudem-534101
2CST, Sri Vasavi Engineering College(A), Pedatadepalli,Tadepalligudem-534101
3CST, Sri Vasavi Engineering College(A), Pedatadepalli,Tadepalligudem-534101
4CST, Sri Vasavi Engineering College(A), Pedatadepalli,Tadepalligudem-534101
5CST, Sri Vasavi Engineering College(A), Pedatadepalli,Tadepalligudem-534101
6CST, Sri Vasavi Engineering College(A), Pedatadepalli,Tadepalligudem-534101
Abstract - Public cloud storage, while offering cost reduction and accessibility, presents significant security risks due to potential data breaches and server-side vulnerabilities. Client-side encryption is a promising solution, but current implementations often suffer from limitations, including poor security due to weak passwordbased encryption, inflexible hybrid encryption schemes, and usability issues stemming from required software installations. This paper identifies the shortcomings of existing client-side encryption approaches, such as limited file-sharing capabilities and coarse-grained access control. To address these challenges, we propose a trusted webbased cloud storage system designed to enhance data protection, control unauthorized access, and facilitate secure file sharing while preserving data integrity and confidentiality. This system aims to provide a secure, efficient, and user-friendly solution, mitigating the security andusabilitydrawbacksofcurrentcloudstorageencryption methods.
Key Words: Public Cloud Storage, Cryptographic Techniques, Unauthorized Access Prevention, EncryptionAlgorithms,SecureFileSharing
1.INTRODUCTION
Public cloud storage services have gained widespread adoptionduetocostefficiencyandeaseofuse,prompting individuals and organizations to store and share data online. However, this reliance on cloud providers raises significant security concerns, as sensitive data is often storedunencrypted,makingitvulnerabletobreachesand unauthorized access. While cloud providers implement server-sideencryption,transport-layersecurity(TLS),and authentication mechanisms, these measures do not fully eliminate the risks associated with insider threats, misconfigurations,orcyberattacks.
To mitigate these risks, client-side encryption has emerged as a robust solution, ensuring that data is encrypted before being uploaded and only decrypted by authorized users. Since the cloud provider stores
only encrypted data, exposure from server-side vulnerabilities is minimized. However, major cloud storage providers like Google Drive and Dropbox do not support built-in client-side encryption, relying instead on server-side measures. Apple iCloud employs end-to-end encryption only for select data types, leaving most stored informationvulnerabletopotentialbreaches.
Several encryption techniques have been employed to enhance cloud security. Password-based encryption, often utilizing symmetric encryption algorithms like AES, is a common approach. However, it suffers from vulnerabilities due to low-entropy passwords, making brute-force attacks feasible. Additionally, such methods typically support only single-user encryption, limiting securefile-sharingcapabilities.
Hybrid encryption, integrating a Key Encapsulation Mechanism (KEM) and a Data Encapsulation Mechanism (DEM), is another widely used approach. PubliccloudproviderssuchasAmazon,Tresorit,andMega implement the RSA-AES model, where data is encrypted using AES, and encryption keys are secured with RSA public keys. However, this approach has drawbacks, including inefficiencies in managing recipient public keys, increasedciphertextsize,andhighercomputational costs whensharingdatawithmultipleusers.
International Research Journal of Engineering and Technology (IRJET) e-ISSN:2395-0056 p-ISSN:2395-0072
Volume:12Issue:04|Apr2024 www.irjet.net
1.1 Benefits:
EnhancedDataSecurity
Encrypting data before uploading ensures that only authorized users can access the original content.
Eliminatesrelianceon cloudprovidertrust, reducingrisksofdatabreachesfrominsider threatsorexternalattacks.
Protectsagainstunauthorizedaccess,evenif the cloudprovider’ssecurityiscompromised.
ProtectionAgainstDataLeakage
Sincethecloudstoresonly encrypteddata, exposure from misconfigurations, hacking attempts,orlegalsurveillanceissignificantly reduced.
Unlike traditional cloud storage, where providers have access to user data, client-side encryption preventsunauthorizeddecryption
ImprovedAccessControlandFileSharing
Unlike traditional password-based encryption, which supports only single-user encryption, your projectenables securemulti-userfilesharing
Ensures fine-grained access control, allowing different users to have different permissions withoutexposingencryptionkeys.
EfficientandScalableEncryptionMechanism
Overcomes inefficiencies of existing RSA-AES hybrid encryption, where increasing recipients results in larger cipher text and higher computationcosts.
Provides a lightweight and scalable encryption model that optimizes storage and bandwidth usage.
BetterUsabilityandPlatformCompatibility
Eliminates the need for third-party software or plugins, improving accessibility across multiple devicesandplatforms.
Users do not need to repeatedly reinstall encryption software, making data sharing and storage moreseamlessanduser-friendly
CostReductionandPerformanceOptimization
Unlike enterprise-grade encryption solutions that demand high processing power and expensive infrastructure,yourprojectoffersacost-effective alternative.
Reducestheburdenoncloudprovidersbyshifting encryption processes to client-side devices, minimizing storage and computational overhead
IncreasedTrustandCompliance
Addresses compliance concerns for GDPR, HIPAA, and other data privacy
regulations,ensuringusersmaintain fullcontrol overtheirsensitiveinformation
Boosts user confidence in cloud storage by eliminatingrelianceon third-partytrust
2. LITERATURE SURVEY
The literature review stands out as a crucial phase in the softwaredevelopmentprocess.Itentailsanexplorationof prior research conducted by various authors in the relevantfield. We will analyzeand builduponkeyarticles toenhanceourwork.
2.1 ASecureFrameworkforDataStorage andSharing inCloudComputing(2019) Thispaperproposesasecure framework for storing and sharing data in cloud computing while ensuring confidentiality and integrity. It employs client-side encryption to protect data before uploading and decrypts it after downloading, preventing unauthorized access. The framework incorporates access control mechanisms, allowing only authorized users to retrieve and share data securely. Additionally, it ensures data integrity through cryptographic techniques, reducing the risk of data tampering or unauthorized modifications. The proposed solution enhances security, efficiency, and usability, making cloud storage more reliable.MohammadReza Inthispaper,aspeechemotion recognition system based on a 3D CNN is suggested to analyseandclassifytheemotions.Heconcluded,thethreedimensional reconstructed phase spaces of the speech signals were calculated in order to recognise the emotion inspeech.
2.2 Group Key Management Protocol for File Sharing on Cloud Storage (2020) presents a group key management protocol to facilitate secure file sharing on cloud storage. It ensures that only authorized group members can access shared files while preventing unauthorized access. The protocol efficiently manages dynamic group membership by securely distributing and updating encryption keys. It reduces computational overheadandcommunicationcosts,makingfilesharing more efficient and scalable. The proposed approach enhances security,confidentiality,andaccesscontrol in cloud-basedfile-sharingsystems.
2.3Secure Data Sharing Mechanism for Cloud-Edge Computing (2023) introduces a secure data-sharing mechanism designed for cloud-edge computing environments. It integrates encryption and access control techniques to protect sensitive data while enabling efficientsharing betweencloudandedgenodes. The mechanism ensures low-latency data access and minimizes computational overhead, making it suitable for real-time applications. Additionally, it addresses key management challenges, maintaining security while supporting dynamic user access. The proposed solution enhances data confidentiality, integrity, and performance incloud-edgecomputingsystems.
Volume:12Issue:04|Apr2025 www.irjet.net
2.4 ASecureCloudStorageFrameworkwithEnhanced Integrity and Auditability Using Consortium Blockchain System (2024) presents a secure cloud storage framework that improves data integrity and auditability using a consortium blockchain system. It ensures that stored data remains tamper-proof by recording transactions on a decentralized ledger. The framework enables verifiable audits, allowing users to check data integrity without relying on a third party. It also integrates encryption and access control mechanisms to prevent unauthorized access. The proposed solution enhances security, transparency, and trust incloudstorageenvironments.
2.5 A Reliable Approach for Data Security Framework inCloudComputingNetwork(2024) proposesareliable datasecurityframeworkforcloudcomputingnetworksto protect sensitive information from unauthorized access andcyberthreats.Itintegratesencryption,authentication, and access control mechanisms to enhance data confidentiality and integrity. The framework ensures secure data transmission and storage while minimizing vulnerabilities to attacks. It optimizes performance by reducing computational overhead and improving scalability. The proposed approach strengthens cloud security,reliability,andusertrust.
2.6 Web Cloud Internet Linked Cloud Repository for SecureExchangeofData(2024) introducesaWebCloud InternetLinkedCloudRepository(WCILCR)forthesecure exchange of data. It ensures data confidentiality and integrityusingencryptionandaccesscontrolmechanisms. The system enables seamless and efficient data sharing across multiple cloud platforms while preventing unauthorized access. Additionally, it incorporates auditability features to track and verify data exchanges. The proposed solution enhances security, transparency, and interoperability in cloud-based data-sharing environments.
3. EXISTING SYSTEM
Existingcloudstoragesystemsareofteninsecureduetoa lack of strong client-side encryption. They rely on serverside encryption, which puts data at risk, or use complex cryptographic methods that are inefficient or impractical for web applications. Furthermore, solutions requiring plugins limit usability. Attribute-Based Encryption (ABE) offers better access control but is computationally heavy and lacks immediate user revocation, creating security vulnerabilities
3.1 Relatively Poor Security: The absence of end-to-end encryption leaves cloud data susceptible to breaches, as information is vulnerable both during transmission and once stored on the server. Furthermore, the lack of a reliablerevocationmechanismforshareddata
p-ISSN:2395-0072
exacerbates security risks, as access rights cannot be effectively managed or revoked, potentially leading to unauthorizeddataexposure.
3.2Coarse-grained Access Control: Existing cloud storage suffers from rigid access controls, restricting precisesharingpoliciesandlimitingusercontroloverdata access,whichresultsininefficientfile-sharingpractices.
3.3Poor usability: Many existing solutions require additional browser extensions or plugins, creating compatibilityissuesacrossdifferentdevicesandoperating systems. Complex encryption and decryption processes addoverhead,makingitdifficultfornon-technicalusersto securelystoreandmanagefiles.
3.4Lack of Immediate User Revocation: When a user’s access rights change or need to be revoked, there is no immediateenforcement, creatingsecurityrisks.Delayed revocationincreasesthechancesofunauthorizedaccessto sensitivedata.
4. PROPOSED WORK
Trusted Web-Based Cloud Storage offers a user-friendly, securecloudsolutionwithclient-sideencryptionandfinegrained access control via optimized CP-ABE. It improves upon traditional ABE with features like immediate revocation and offline encryption, providing strong security and performance. Built on ownCloud, it delivers fast, scalable, and secure storage without requiring plugins. High-Quality and Diverse Datasets: A critical foundation for any speech emotion analysis system is a comprehensive, high-quality dataset that covers a wide range of emotions and demographic groups. Collecting diverse data can help reduce biases and improve the system'sgeneralizability.
End-to-End Client-Side Encryption: Data is encrypted on the user's device before it's uploaded anddecryptedonlyafterdownload,ensuringthatthe cloud provider never sees unencrypted data, thus maximizingdataconfidentiality.
Fine-Grained Access Control: Users can precisely define who can access specific data, allowing for highly controlled sharing and preventing unauthorizedaccesstosensitiveinformation.
Immediate User Revocation: Access rights can be instantly revoked, preventing unauthorized access when user permissions change, thus reducing securityvulnerabilities.
Offline Encryption Support: Encryption and decryption can be performed even without an internetconnection,improvingusabilityandensuring dataprotectioninvariousscenarios.
International Research Journal of Engineering and Technology (IRJET) e-ISSN:2395-0056 p-ISSN:2395-0072
Volume:12Issue:04|Apr2025 www.irjet.net
Outsourced Decryption for Performance Optimization: Decryption tasks can be offloaded to a third party, reducing the computational load on user devices and improving performance, especially on resourceconstraineddevices.
Cross-Platform and Plugin-Free: The system works across different operating systems and deviceswithoutrequiringbrowserextensionsor plugins,enhancingaccessibilityandusabilityfor allusers.
Enhanced Security Model: A robust security model with provable security against web and cryptographic threats ensures a high level of protectionforstoreddata.
METHODOLOGY:
This project employs a hybrid encryption strategy by integrating AES (Advanced Encryption Standard) for data confidentiality and RSA (Rivest-Shamir-Adleman) for secure key transmission. The process encompasses key generation, encryption, and decryption to ensure secure storageandsharingofdatainacloudenvironment
1. CryptographicKeyGeneration:
Theencryptionframeworkbeginsbygeneratingnecessary cryptographickeys:
AES Key: A symmetric key is generated using a fixed string or a secure random generator. This key, typically 128 or 256 bits in length, is responsibleforencryptingtheactual data quickly andsecurely.
RSA Key Pair: An RSA key pair (public and private keys) is generated using Java’s KeyPairGenerator class. The public key is later usedtoencrypttheAESkey,whiletheprivatekey isreservedfordecryptingitonthereceiver’sside.
2. EncryptionWorkflow:
Theencryptionprocessisdividedintotwophases:
Phase1:EncryptingDatausingAES
1. The plain text is encrypted using the AES algorithminencryptionmode.
2. The encrypted output is encoded using Base64 to ensure it can be safely transmitted or stored in textualform.
Phase2:SecuringtheAESKeyusingRSA
1. The AES key, in its byte array form, is encryptedusingtherecipient’sRSApublickey.
2. This ensures that only someone with the corresponding RSA private key can retrieve and usetheAESkey.
3. The encrypted AES key is also encoded in Base64 forseamlesstransmission.
3.DecryptionProcess:
Decryptioniscarriedoutinthereverseorder:
Step1:RecoveringAESKeyviaRSADecryption
1. The AES key is retrieved by decrypting the Base64-decoded RSA-encrypted key using the privateRSAkey.
2. This operation ensures that only the intended recipientcangainaccesstotheencryptionkey.
Step2:DecryptingEncryptedDatausingAES
1. Using the decrypted AES key, the encrypted contentisdecryptedback toitsoriginal plaintext form.
2. The result is the original message that was initiallyencrypted.
4.SecurityMeasuresandPerformanceConsiderations:
Hybrid Encryption Advantage: The system combinesthespeedandefficiencyofAESwiththe robustkeysecurityofRSA.AEShandleslargedata volumes, while RSA secures the exchange of AES keys.
Base64 Encoding: Encoding binary encrypted data into Base64 helps ensure compatibility duringtransmissionorstorage.
Resource Optimization: Since RSA is only used for encrypting small amounts of data (i.e., keys), thecomputational loadisminimized.AEShandles thebulkdataprocessingefficiently.
International Research Journal of Engineering and Technology (IRJET) e-ISSN:2395-0056 p-ISSN:2395-0072
Volume:12Issue:04|Apr2025 www.irjet.net
6.User Interface:
Figure 6.1:UserInterface
7.CONCLUSION:
Thishybridcryptographicsystemleverages thestrengthsofbothAESandRSA.AESsecurestheactual content,whileRSAsafeguardstheencryptionkey,offering a secure and efficient method for data storage and sharing. This approach provides a balanced solution, maintaining both performance and data confidentiality in cloud-basedsystems.
8. REFERENCES:
[1]Web Cryptography API, The Web Cryptography WG of theW3C,Tech.Rep.,January2017.Providesastandardfor performing cryptographic operations within web applications.
https://www.w3.org/TR/WebCryptoAPI/
[2]E.Stark,M.Hamburg,andD.Boneh,"Symmetric cryptographyinJavaScript,"in ComputerSecurity ApplicationsConference (ACSAC’09),IEEE,2009,pp.373–381
https://ieeexplore.ieee.org/document/5375889
[3]OpenPGP.js,"OpenPGPImplementationforJavaScript," [Online]. A JavaScript library for client-side encryption, usefulforimplementingweb-basedencryptionsolutions.
https://github.com/openpgpjs/openpgpjs
[4]B. Waters, "Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably
securerealization,"in InternationalWorkshoponPublic KeyCryptography,Springer,2011,pp.53–70.Introduces Ciphertext-PolicyAttribute-BasedEncryption(CP-ABE), essentialforaccesscontrolincloudstorage.
https://doi.org/10.1007/978-3-642-19379-8_4
[5] W. Zhu, J. Yu, T. Wang, P. Zhang, and W. Xie, "Efficient attribute-based encryption from R-LWE," Chinese Journal of Electronics, vol. 23, no. 4, pp. 778–782, 2014. Discusses efficient attribute-based encryption for secure data sharingincloudenvironments.
https://doi.org/10.1049/cje.2014.08.007
[6] S. Hohenberger and B. Waters, "Online/offline attribute-based encryption," in International Workshop on Public Key Cryptography, Springer, 2014, pp. 293–310. Explores advanced encryption techniques for optimizing securityandperformanceincloud-basedstorage.
https://doi.org/10.1007/978-3-642-36362-7_18
[7] S. Yu, C. Wang, K. Ren, and W. Lou, "Attribute-based data sharing with attribute revocation," in Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, 2010, pp. 261–270. Provides a framework for managing access control and attribute revocationinencryptedcloudstoragesystems.
https://doi.org/10.1145/1755688.1755723
[8] A. Haas, A. Rossberg, D. L. Schuff, B. L. Titzer, et al., "BringingthewebuptospeedwithWebAssembly,"in ACM SIGPLAN Notices, vol. 52, no. 6, ACM, 2017, pp. 185–200. Discusses WebAssembly's role in improving encryption speedinweb-basedapplications.
https://doi.org/10.1145/3140587.3062363
[9]R.Zhang,H.Ma,andY.Lu,"Fine-grainedaccesscontrol system based on fully outsourced attribute-based encryption," Journal of Systems and Software, vol. 125, pp. 344–353, 2017. Explores fine-grained access control mechanisms relevant for blockchain-integrated cloud storage.
https://doi.org/10.1016/j.jss.2016.11.027
[10] OwnCloud, "OwnCloud - The leading open-source cloud collaboration platform, A widely used open-source cloud storage platform that supports client-side encryption.
https://owncloud.org/
[11] E. Bocchi, I. Drago, and M. Mellia, “Personal cloud storage: Usage, performance and impact of terminals,” in 4th IEEE International Conference on Cloud Networking,
© 2025, IRJET | Impact Factor value: 8.315 | ISO 9001:2008 Certified Journal | Page589
International Research Journal of Engineering and Technology (IRJET) e-ISSN:2395-0056 p-ISSN:2395-0072
Volume:12Issue:04|Apr2025 www.irjet.net
CloudNet 2015, Niagara Falls, ON, Canada, October 5-7, 2015.IEEE,2015,pp.106–111.
https://doi.org/10.1109/CloudNet.2015.7335291
[12] M. Green, S. Hohenberger, B. Waters et al.,
“Outsourcing the decryption of ABE ciphertexts,” in USENIXSecuritySymposium,vol.2011,no.3,2011.
https://www.sciencedirect.com/science/article/pii/ S0167404819300525