Secure File Storage in Cloud Computing

Using Hybrid Cryptography

J Component Report

Submitted by

k.sivapranav 18BCE0260
Y.krishna Chaitanya 18BCE0256
M.Raja Sekhar 18BCE0257
S.Mani Susanth 18BCE0552

B.Tech. Computer Science and Engineering

BCI3004 - SECURITY OF E-BASED SYSTEMS

Slot – G2

PROJECT SUPERVISOR
Prof. GOPICHAND.G

School of Computer Science and Engineering

Vellore Institute of Technology
Vellore
FALL SEMESTER 2021-22
 CONTENTS
Page No.

List of Figures i

ABSTRACT ii

Chapter 1: INTRODUCTION 1

Chapter 2: LITERATURE REVIEW 2

Chapter 3: OVERALL ARCHITECTURE 8

Chapter 4: PROPOSED METHODOLOGY 10

4.1 AES Algorithm 10

4.2 Blowfish Algorithm 11
4.3 Triple DES Algorithm 12
4.4 International Data Encryption Algorithm (IDEA) 13
4.5 Fernet (symmetric encryption) 14
Chapter 5: RESULTS AND IMPLEMENTATION 15
5.1 Starting the flask WebApp 15
5.2 Home Page 16
5.3 Input File 16
5.4 Encryption 16
5.5 Download the Secured Key 17
5.6 Decryption 18
5.7 Download the Decrypted File 19
Chapter 6: VULNERABILITY ANALYSIS 20
Chapter 7: PREVENTIVE MEASURES 21
Chapter 8: COMPARITIVE ANALYSIS 22
Chapter 9: CONCLUSION AND FUTURE WORK 25

REFERENCES 26

APPENDIX 27
 i
List of Figures

Fig No. Title Page no.

3.1 Overall architecture diagram of the hybrid cryptosystem 8
4.1 AES Algorithm 10
4.2 Blowfish Algorithm 11
4.3 Triple DES Algorithm 12
4.4 International Data Encryption Algorithm (IDEA) 13
4.5 Fernet (symmetric encryption) 14
5.1 Starting the Flask webapp by running the HybridCrypto.py file 15
5.2 Home page Running on http://127.0.0.1:5000 15
5.3 Input file that will be securely stored 16
5.4 Select the encryption option 16
5.5(a) Download the secured key 17
5.5(b) Secured key text file 17
5.5(c) File is splitted into 5 parts and stored 17
5.6(a) Upload the secured.txt 18
5.6(b) Select the decryption option 18
5.7(a) Download the decrypted file 19
5.7(b) Decrypted text file 19
6.1 Encryption time comparison between proposed system and Blowfish 22
6.2 Decryption time comparison between proposed system and Blowfish 23
6.3 Encryption time comparison between proposed system and RSA 23
6.4 Decryption time comparison between proposed system and RSA 24
 ii
ABSTRACT

In Cloud Computing, we share data among many clients, server and people. So, the security of
information present in cloud is not guaranteed. Thus, it is simple for an intruder to access and
demolish the first type of information. So, there is requirement of some plainly key which help us
to do cross breed encryption and protect the data. This project presents the hybrid encryption
scheme which combines the quick encryption schemes of encryption algorithms like AES,
Blowfish, Triple DES, IDEA, Fernet. The proposed approach includes file splitting and merging
mechanism along with Multi Threads to simultaneously encrypt files.

Keywords - Hybrid Cryptosystem; AES; Blowfish; Triple DES; IDEA; Fernet.

 1

1: INTRODUCTION

With the rise of cloud computing there has been an increase in companies and startups developing
their applications and product integrating the cloud. One of the most important service provided
by cloud computing companies are storage, services like S3, Glacier are highly used and easily
scalable. Through our project we would like to deliver such a system which acts as an efficient
storage system of our files encrypting it into various parts and merging the decrypted files when
we require. This would provide us ideal security for our files and also allow us to learn more about
security and encryption algorithms associating with the cloud.

The project has couple of features integrated which we have implemented that builds the backend
functionality of our project:
• File uploads and downloads
• Splitting up file into multiple parts
• Merging Split up files into correct order
• Encrypting file parts with different algorithms
• Multi Threads to simultaneously encrypt files
• api routes functionality
In Cloud computing, both files and software are not fully contained on the user’s computer. File
security concerns arise because both user’s application and program are residing in provider
premises. The cloud provider can solve this problem by encrypting the files by using encryption
algorithm. Here we discussed a security model to give a productive answer for the fundamental
issue of security in cloud condition. In this model, a multithread hybrid encryption is utilized where
the file uploaded is split into parts and encrypted using various encryption algorithms like AES,
Blowfish, Triple DES, IDEA, Fernet utilized for the secured correspondence amongst clients and
the servers.
Use of single algorithm is not accomplish high level security. If we use single symmetric key
cryptography algorithm than we have to face security problem because in this type of algorithm
applies a single key for data encode and decode. So key transmission problems occur while sharing
key into multiuser environment. Public key cryptography algorithms accomplish high security but
maximum delay is needed for data encode and decode. To solve above issues, we have introduced
new security mechanism.
 2

2: LITERATURE SURVEY

Authors Title Concept/ Framework/ Relevant Finding/Conclusion

and Theoretical model
Year

Sreyam Extended The paper is fundamentally A configurable algorithm is

Dasgupta, AES worried about the suggested that permits client to alter
Pritish Das Algorithm information security issues the algorithm each time he
(2019). with Custom confronted while sending scrambles text, without the client as
Encryption the information over the a matter of fact knowing it. The
for organisation. The issues are algorithm utilises AES and adds a
Government- can be kept away from with few custom configurable strides in
level the proposed algorithm: the framework. As is known the
Classified Expanded AES Algorithm world is propelling more towards
Messages with Custom Configurable the online frameworks and web
Encryption. openness overall is generally
excellent. Numerous governments
use AES design for transmission of
arranged messages.

Aakash Hybrid If security isn't robust and Security of data and trust drawback
Gore, S. S. Cryptosystem consistent, benefits that has invariably been a fundamental
Meena and using cloud computing have to and difficult predicament in cloud
Preetesh Modified provide will have little computing.
Purohit. Blowfish believability. This paper The proposed model improves the
(2016) Algorithm presents an approach, which security issues related to cloud
and SHA is based on modified models and protection of file
Algorithm on blowfish algorithm and SHA exchanging is solved. The
Public Cloud algorithm for the security model is fruitful in data as a service,
purpose on the cloud which can be extended in their
environment. service models of cloud.

Authors Title Concept/ Framework/ Theoretical
and model
Year
Karthik, Data This paper contains a strategy for
Muruganand Encryption secret correspondence utilizing
am (2014) and cryptography. The mysterious
Decryption message is scrambled by a square
by Using cipher dependent on two
Triple DES cryptographic algorithms, the Data
and Encryption Standard (DES) and the
Performance Triple Data Encryption Algorithm
Analysis of (TDEA) which might be utilized by
Crypto Federal associations to secure touchy
System information. This algorithm
exceptionally characterizes the
numerical advances needed to
change information into a
cryptographic cipher and
furthermore to changes the cipher
back to the first structure with block
length of 128 pieces and key length
of 256 pieces.
S. International Cloud computing and storage
Artheeswari, Data solutions provide users and
Dr.RM. Encryption enterprises with various capabilities
Chandraseka Algorithm to store and process their data in
ran (2016) (Idea) For third-party data centres. There are a
Data number of security issues/concerns
Security in associated with cloud computing.
Cloud There are many security algorithms
that are used for security purpose.
International Data Encryption
Algorithm (IDEA) is a symmetric
key encryption technique that uses
same key for both encryption and
decryption. In order to provide more
clarity this paper describes how
IDEA algorithm works in cloud
security.
3
Relevant
Finding/Conclusion
The presented simulation
results showed that 3DES
has a better performance
result with ECB and CBC
than other common
encryption algorithms used.
In this paper we present a
performance evaluation of
selected symmetric
encryption algorithms. The
selected algorithms are
AES, DES, 3DES,
Blowfish, RC2, and RC4.
In case of changing key
size, it can be seen that
higher key size leads to
clear change in the battery
and time consumption.
IDEA is a patented and
universally applicable block
encryption algorithm,
which permits the effective
protection of transmitted
and stored data against
unauthorized access by
third parties. The
fundamental criteria for the
development of IDEA were
military strength for all
security requirements and
easy hardware and software
implementation. The
algorithm is used
worldwide in various
banking and industry
applications.
 4

Authors Title Concept/ Framework/ Relevant

and Theoretical model Finding/Conclusion
Year

Vipul Data Sharing On the distributed storage A method was proposed an

Bornare, with administrations like Google identity-based data integrity
Kiran Sensitive drive clients can store their auditing scheme for secure
Nikam Information information on the cloud cloud storage, which supports
Dhiraj Hiding for distantly and furthermore do data sharing with sensitive
Khedkar, Secure Cloud information offering to other information hiding in our
Sagar Hole Storage people. Encryption of the scheme, the file stored in the
entire record which is shared cloud can be shared and used
can tell that the touchy data by others on the condition
is covered up, however will that the sensitive information
be brought about that of the file is protected.
document isn't presented to
other people.

Tingyuan Performance Evaluating performance of Experimental results show

Nie. Evaluation of two symmetric key
(2010) DES and encryption algorithms: DES
Blowfish and Blowfish which
Algorithms commonly used for network
data encryption. In this
paper, encryption security,
evaluated encryption speed
and power consumption for
both algorithms is analyzed.
that Blowfish algorithm runs
faster than DES, while the
power consumption is almost
the same. It is proved that the
Blowfish encryption
algorithm maybe more
suitable for wireless network
application security.

Solanki, A model to Security of e-commerce The primary objective of the

Devendra secure e- system by single encryption research paper was to ensure
Singh, and commerce technique is difficult to a faster and more secure
Savita transaction ensure. The technologies means to transfer most
Shiwani using hybrid like asymmetrical sensitive part of data
(2014) encryption encryption and symmetrical in an e-commerce transaction,
encryption were introduced i.e., the credit card number,
to forward the combining its CVV and user PIN.
thought to produce a hybrid Enhanced Security because
encryption. DES and RSA were
interleaved to achieve the
benefits of both symmetric
and asymmetric encryption.
 5

In today’s applications storing the data in cloud is the most needed requirement. Every application
requires information like chat messages, images, videos, user’s authentication information to be
stored in the cloud. Social Media is the most popular and often overlooked application of cloud
computing. Facebook, LinkedIn, MySpace, Twitter, and many other social networking sites use
cloud computing.

So before storing the information or data in the cloud they need to be encrypted so as to protect
his/her data from other users (especially from hackers). There are many methods to encrypt the
data. The traditional security mechanisms are no longer suitable for applications and data in cloud,
some issues are:
• Due to dynamic scalability, service and location transparency features of cloud computing
model, all kinds of application and data of the cloud platform have no fixed infrastructure
and security boundaries. In the event of a security breach, it is difficult to isolate a particular
resource that has a threat or has been compromised.
• Due to the receptiveness of cloud and sharing virtualized assets by multitenant, client
information might be gotten to by other unapproved clients.
• According to service delivery models of Cloud computing, resources and cloud services
may be owned by multiple providers. As there is a conflict of interest, it is difficult to
deploy a unified security measure.

The most eccentric and widely used symmetric encryption algorithm most widely used at present
is the Advanced Encryption Standard (AES). It is found at least six times faster than triple DES.
Another solution for DES was needed as its key size was too small. With more computing power,
it was considered vulnerable against exhaustive key search attack. Triple DES was designed to
overcome this drawback, but it was found to be sluggish. It is not a secure cryptosystem because
there are only 26 possible keys to guess. A cryptanalytic (hacker) can compute an exhaustive key
search with even limited computing resources. [1]

Recent development within the discipline of could computing have immensely converted the way
of computing as well as the proposal of computing resources. In a cloud-based computing
infrastructure, the resources are extra often than not in anyone else's premise or community and
 6

accessed remotely with the help of the cloud customers. These offer the following three sensitive
states or scenarios, which can be of detailed challenge throughout the operational context of, cloud
computing: Transmission of exclusive sensitive knowledge to the cloud server, Transmission of
knowledge from the cloud server to consumers' desktops and Storage of customers’ individual
knowledge in cloud servers, which might be some distance, flung server now not owned with the
support of the consumers.

Blowfish encryption algorithm is symmetric algorithm with following parameters:

• Basic: It uses addition, XOR, lookup table with 32-bit operands.

• Compact: it run in very less memory compare to other

Blowfish symmetric block cipher algorithm encrypts block data of 64-bits at a time.it will track
the Feistel network. [2]

Triple DES runs three times slower than DES, but is much more secure if used properly. The
procedure for decrypting something is the same as the procedure for encryption, except it is
executed in reverse. In DES, data is encrypted and decrypted in 64 -bit chunks. The input key for
DES is 64 bits long; the actual key used by DES is only 56 bits in length. The least significant
(right-most) bit in each byte is a parity bit, and should be set so that there are always an odd number
of 1s in every byte. These parity bits are ignored, so only the seven most significant bits of each
byte are used, resulting in a key length of 56 bits. This means that the effective key strength for
Triple DES is actually 168 bits because each of the three keys contains 8 parity bits that are not
used during the encryption process. [3]

IDEA is one of the ciphers which encrypt the text into an unreadable format and makes it secured
in order to send it over to internet. The IDEA encryption algorithm provides high level security
not based keeping the algorithm a secret, but rather upon ignorance of the secret key. IDEA is a
patented and universally applicable block encryption algorithm, which permits the effective
protection of transmitted and stored data against unauthorized access by third parties. The
fundamental criteria for the development of IDEA were military strength for all security
requirements and easy hardware and software implementation. The algorithm is used worldwide
in various banking and industry applications. [4]
 7

Cloud computing is an attracting technology in the field of computer science. It is proven that
cloud will bring changes to the IT industry. The cloud is changing our life by providing users with
new types of services. Users get service from a cloud without paying attention to the details. Cloud
computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared
pool of configurable computing resources (e.g., networks, servers, storage, applications, and
services) that can be rapidly provisioned and released with minimal management effort or service
provider interaction. More and more people pay attention to cloud computing. Cloud computing
is efficient and scalable but maintaining the stability of processing so many jobs in the cloud
computing environment is a very complex problem with load balancing receiving much attention
for researchers. [5]

Encryption algorithm plays an important role for information security guarantee in recent growing
internet and network application. Both DES and Blowfish are extensively used for security of
communication system, like wireless network, portable terminal, and so on. It is essential to
evaluate their performance to ensure their domain application. It is also a significant work to
facilitate the process of the encryption algorithm optimization. Both of them are symmetric key
encryption algorithms using block cipher. Referencing the encryption process methods, we analyze
their security. [6]

E-commerce is an important topic in dealing with the security issues. Its core research area is its
way of protecting the security of e-commerce system and data. Transaction records, commercial
transactions, user account, market scheme and others are the sensitive financial data and assets in
the e-commerce database. The parties involved in e-commerce are needed to be assured of security
of their data transactions completely. As in the transactions there are always a threat of third-party
hack. So, we need a secure transaction with maintaining speed and efficiency. However, a simple
encryption technology, such as symmetrical encryption or asymmetrical encryption, is very
difficult to guarantee the security of network transactions. We must combine both of these and
through hybrid encryption we can create a safe, efficient ecommerce transaction mechanism. [7]
 8

3: OVERALL ARCHITECTURE

Fig. 3.1: Overall architecture diagram of the hybrid cryptosystem

 9

File Upload:
• To provide functionalities of file upload and download we are exposing a flask server
with the required endpoints.
• When a user has to upload his file, he uploads it at the / endpoint.
• The file is first split into several parts which is self-coded in python.
• Each of the split part is encrypted by different encryption algorithms.
• To fasten the process, we are using multi-threading in which each thread encrypts one
part of the file.
• Each of the parts are stored in a storage directory sequentially
• The user obtains a special encryption key for his upload

File Download:

• The file download functionality is exposed by an endpoint using our flask server.
• We first retrieve the special encryption key provided by the users.
• The split files stored in the server are found by matching the special encryption key.
• Using threads, we decrypt each of the encrypted part which increases efficiency.
• All the decrypted parts are merged together as one.
• User has an option to download the decrypted file.

Technical Specifications

• Languages Used: Python 3.9.5

• CPU: Intel(R) Core (TM) i5-8250U CPU @ 1.60GHz
• RAM: 16GB DDR4
• OS: Windows 10 Home
Python Flask: Flask is a lightweight WSGI web application framework. It is designed to make
getting started quick and easy, with the ability to scale up to complex applications. It began as a
simple wrapper around Werkzeug and Jinja and has become one of the most popular Python web
application frameworks.
 10

4: PROPOSED METHODOLOGY

In the proposed algorithm, we will have two phases - Encryption Phase and Decryption Phase. In
the encryption phase, we will split the file into pieces and encrypt it with encryption algorithms
like AES, Blowfish, Triple DES, IDEA, Fernet. Each split will be encrypted in a separate thread
making the process faster and more optimized. We will obtain a secured key that the user can
download. In the Decryption phase, we will provide the secured key, which will be used to decrypt
the split files stored in the server. After uploading the key, it will decrypt the different splits using
the respective decryption algorithms and finally the user will be given the option to download the
decrypted text that would match the original file uploaded.

4.1 AES ALGORITHM

AES is an iterative rather than Feistel cipher. It is based on ‘substitution–permutation network’. It

comprises of a series of linked operations, some of which involve replacing inputs by specific
outputs (substitutions) and others involve shuffling bits around (permutations). These 16 bytes are
arranged in four columns and four rows for processing as a matrix. Unlike DES, the number of
rounds in AES is variable and depends on the length of the key. AES uses 10 rounds for 128-bit
keys, 12 rounds for 192-bit keys and 14 rounds for 256-bit keys. Each of these rounds uses a
different 128-bit round key, which is calculated from the original AES key.

Fig. 4.1: AES Algorithm

 11

4.2 BLOWFISH ALGORITHM

Blowfish is a symmetric block cipher which uses a Fiestal network, 16 rounds of iterative
encryption and decryption functional design. The block size used is of 64- bits and key size can
vary from any length to 448. Blowfish cipher uses 18 sub arrays each of 32-bit commonly known
as P-boxes and four Substitution boxes each of 32-bit, each having 256 entries. The algorithm
design is shown in figure. It consists of two phases: one is Key Expansion phase another is Data
Encryption phase. In Key expansion phase, key is converted into several sub-keys and in Data
Encryption phase, encryption occurs via 16-round networks. Each round consists of a key
dependent permutation and a key and data-dependent substitution.

Fig. 4.2: Blowfish Algorithm

 12

4.3 TRIPLE DES ALGORITHM

The speed of exhaustive key searches against DES after 1990 began to cause discomfort amongst
users of DES. However, users did not want to replace DES as it takes an enormous amount of time
and money to change encryption algorithms that are widely adopted and embedded in large
security architectures. The pragmatic approach was not to abandon the DES completely, but to
change the manner in which DES is used. This led to the modified schemes of Triple DES
(sometimes known as 3DES).

Incidentally, there are two variants of Triple DES known as 3-key Triple DES (3TDES) and 2-key
Triple DES (2TDES). Before using 3TDES, user first generate and distribute a 3TDES key K,
which consists of three different DES keys K1, K2 and K3. This means that the actual 3TDES key
has length 3×56 = 168 bits. The encryption scheme is illustrated as follows –

Fig. 4.3: Triple DES Algorithm

 13

4.4 International Data Encryption Algorithm (IDEA)

It is a symmetric key block cypher that:

• uses a fixed-length plaintext of 16 bits and
• encrypts them in 4 chunks of 4 bits each
• to produce 16 bits ciphertext.
• The length of the key used is 32 bits.
• The key is also divided into 8 blocks of 4 bits each.
This algorithm involves a series of 4 identical complete rounds and 1 half-round. Each complete
round involves a series of 14 steps that includes operations like:
• Bitwise XOR
• Addition modulo (24)
• Multiplication modulo (24) +1

Fig. 4.4: International Data Encryption Algorithm (IDEA)

 14

4.5 Fernet (symmetric encryption)

Fernet guarantees that a message encrypted using it cannot be manipulated or read without the
key. Fernet is an implementation of symmetric (also known as “secret key”) authenticated
cryptography. Fernet also has support for implementing key rotation via MultiFernet.
The fernet module guarantees that data encrypted using it cannot be further manipulated or read
without the key.
Methods Used:

• generate_key() : This method generates a new fernet key. The key must be kept safe as it
is the most important component to decrypt the ciphertext. If the key is lost then the user
can no longer decrypt the message. Also, if an intruder or hacker gets access to the key,
they can not only read the data but also forge the data.
• encrypt(data): It encrypts data passed as a parameter to the method. The outcome of this
encryption is known as a “Fernet token” which is basically the ciphertext. The encrypted
token also contains the current timestamp when it was generated in plaintext. The encrypt
method throws an exception if the data is not in bytes.
Fernet builds on best practice cryptography methods, and allows developers to provide a simple
method of encrypting and authenticating. Overall, it uses 128-bit AES symmetric encryption in a
CBC mode with PKCS7 padding and HMAC using SHA256 for authentication.
The token has a version number, a time stamp, the IV, the cipher text and an HMAC signature:
• Version: 8 bits
• Timestamp: 64 bits (the number of seconds since between January 1, 1970 UTC and the
time of the encryption).
• IV (Initialization Vector): 128 bits
• Ciphertext - variable length: Multiple of 128 bits
• HMAC: 256 bits

Fig. 4.5: Fernet (symmetric encryption)

 15

5: RESULTS AND IMPLEMENTATION

5.1 Starting the Flask WebApp

Fig. 5.1: Starting the Flask webapp by running the HybridCrypto.py file
5.2 Home Page

Fig. 5.2: Home page Running on http://127.0.0.1:5000

 16

5.3 INPUT FILE

Fig. 5.3: Input file that will be securely stored

5.4 ENCRYPTION

Fig. 5.4: Select the encryption option

 17

5.5 DOWNLOAD THE SECURED KEY

Fig. 5.5(a): Download the secured key

Fig. 5.5(b): Secured key text file

Fig. 5.5(c): File is splitted into 5 parts and stored

 18

5.6 DECRYPTION
We upload the secured.txt file that the user was provided

Fig. 5.6(a): Upload the secured.txt

Fig. 5.6(b): Select the decryption option

 19

5.7 DOWNLOAD THE DECRYPTED FILE

Fig. 5.7(a): Download the decrypted file

Fig. 5.7(b): Decrypted text file

As we can see the file we uploaded and the file downloaded are the same, and the file stored on
the server/storage was splitted into 5 parts where each part was encrypted with a different
algorithm. Hence making this hybrid cryptosystem unfeasible to get attacked.
 20

6: VULNERABILITY ANALYSIS

As the model is fairly new and small scale tested webapp there are some vulnerabilities associated
with the application:

• Remote File Upload Vulnerability- A remote file upload vulnerability is when an

application does not accept uploads directly from site visitors. Instead, a visitor can provide
a URL on the web that the application will use to fetch a file. That file will be saved to disk
in a publicly accessible directory.
• Cross Site Scripting (XSS) - XSS attacks occur when an attacker uses a web application
to send malicious code, generally in the form of a browser side script, to a different end
user that allow these attacks to succeed are quite widespread and occur anywhere a web
application uses input from a user within the output it generates without validating or
encoding it.
• Improper error handling- Improper error handling flaws occur when an error message
that’s displayed to an end user provides clues about how an application or website operates.
This results when security mechanisms fail to deny access until it's specifically granted. It
may also result from code that lacks appropriate error handling logic.
• Security Misconfiguration- Security Misconfiguration is simply defined as failing to
implement all the security controls for a server or web application, or implementing
the security controls, but doing so with errors. A web server software may ship with default
user accounts that an attacker can use to access the system, or the software may contain
sample files, such as configuration files, and scripts that an attacker can exploit.
• Insecure Deserialization- which occurs when untrusted data is used to abuse the logic of
an application. It is when user-controllable data is deserialized by a website. This
potentially enables an attacker to manipulate serialized objects in order to pass harmful
data into the application code.
• Insufficient Logging & Monitoring- Insufficient logging and monitoring vulnerability
occur when the security-critical event is not logged off properly, and the system is not
monitored. Lack of such functionalities can make malicious activities harder to detect and
in turn affects the incident handling process. Attackers rely on the lack of monitoring and
timely response to achieve their goals without being detected.
 21

7: PREVENTIVE MEASURES

Some of the ways these vulnerabilities of the webapp can be fixed are as follows:

• Remote File Upload Vulnerability- The website is configured properly to accept only
valid text file formats like txt doc and prevent any other file formats. Store files in a non-
public accessibly directory if you can. Store files in a non-public accessibly directory if
you can. Write to the file when you store it to include a header that makes it non-
executable.
• Cross Site Scripting (XSS) - At the point where user input is received, filter as strictly as
possible based on what is expected or valid input. At the point where user-controllable data
is output in HTTP responses, encode the output to prevent it from being interpreted as
active content.
• Improper error handling- Proper error handling so that none gets any irrelevant error
messages. A specific policy for how to handle errors should be documented, including the
types of errors to be handled and for each, what information is going to be reported back
to the user, and what information is going to be logged. All developers need to understand
the policy and ensure that their code follows it.
• Security Misconfiguration- Regular analysis of the website so that no flow is remained
and Limit access to administrator interfaces and the implementation of the policy should
also be reviewed via regular audits.
• Insecure Deserialization- The webapp should not accept serialized objects from untrusted
sources or to use serialization mediums that only permit primitive data types.
• Insufficient Logging & Monitoring- Log all the details properly for further analysis of
the data transfer and errors.
 22

8: COMPARITIVE ANALYSIS

The following graphs have been used to evaluate the performance of the proposed hybrid system
compared with conventional encryption algorithms like RSA and Blowfish algorithm
The parameters used for this are:
• Encryption Time
• Decryption Time
All the evaluation has been done on .txt files with file size of 200, 400, 600 and 800 KB.

Fig. 6.1: Encryption time comparison between proposed system and Blowfish
 23

Fig. 6.2: Decryption time comparison between proposed system and Blowfish

Fig. 6.3: Encryption time comparison between proposed system and RSA
 24

Fig. 6.4: Decryption time comparison between proposed system and RSA

The graphs show that there is negligible difference in the encryption and decryption times of
proposed System and Blowfish System, but since storing the file as multiple splits encrypted with
multiple algorithms make it unfeasible to attack, there is a significant difference in RSA, due to
big values of prime numbers and the random number generators. The use of multithreading where
each thread runs a different encryption algorithm make it faster and efficient.
 25

9: CONCLUSION AND FUTURE WORK

Through this project we were successful in developing a secure file storage system. The proposed
model is liable to meet the required security needs of data center of cloud. This can help maintain
the integrity of cloud storage, protect unaware or vulnerable people storing files online. The hybrid
approach when deployed in cloud environment makes the remote server more secure and thus,
helps the cloud providers to fetch more trust of their users. For data security and privacy protection
issues, the fundamental challenge of separation of sensitive data and access control is fulfilled.
The various benefits are as summarized: The public key cryptography used helps to facilitate
authorization of user for each file. The need of more light and secure encryption system for file
information preserving system on cloud is satisfied. The file splitting and merging makes the
model unfeasible to get attacked. There can be further enhancements to the project done, such as
working with more features, being available on more platforms and integrating it with an android
app. This can help reduce the chances of user data leak and provide more security to the users.
 26

REFERRENCES
[1] Sreyam Dasgupta, Pritish Das, "Extended AES Algorithm with Custom Encryption for
Government-level Classified Messages" 2019 International Journal of Innovative Technology and
Exploring Engineering (IJITEE) ISSN: 2278-3075, Volume-8 Issue-8,
June, 2019

[2] Aakash Gore, S S Meena and Preetesh Purohit. “Hybrid Cryptosystem using Modified Blowfish
Algorithm and SHA Algorithm on Public Cloud.” International Journal of Computer Applications
155(3):6-10, December 2016

[3] Karthik, S., and A. Muruganandam. "Data Encryption and Decryption by using Triple DES and
performance analysis of crypto system." International Journal of Scientific Engineering and Research
2.11 (2014): 24-31.

[4] Artheeswari, S., and R. Chandrasekaran. "International Data Encryption Algorithm (IDEA) for
data security in cloud." International Journal of Technology and Engineering 8.1 (2016): 6-11.

[5] Vipul Bornare, Kiran Nikam Dhiraj Khedkar, Sagar Hole, " Data Sharing with Sensitive
Information Hiding for Secure Cloud Storage ", IJSRD - International Journal for Scientific Research &
Development| Vol. 8, Issue 3, 2020 | ISSN (online): 2321-0613

[6] Tingyuan Nie. "Performance Evaluation of DES and Blowfish Algorithms", 2010 International
Conference on Biomedical Engineering and Computer Science, 04/2010.

[7] Solanki, Devendra Singh, and Savita Shiwani. "A model to secure e-commerce transaction using
hybrid encryption", 2014 International Conference on Control Computational Technologies (ICCICCT),
2014.

[8] https://www.tutorialspoint.com/cryptography/advanced_encryption_standard.htm

[9] https://www.researchgate.net/figure/Blowfish-Encryption-and-Decryption-
Algorithm_fig1_331231479

[10] https://www.tutorialspoint.com/cryptography/triple_des.htm

[11] https://www.geeksforgeeks.org/simplified-international-data-encryption-algorithm-idea/

[12] https://cryptography.io/en/latest/fernet/

[13] https://flask.palletsprojects.com/en/2.0.