Skip to content

FayNguyen03/secure-cloud-storage-application

Repository files navigation

Secure Cloud Storage

Demo Video

Demo

Features:

Security Features:

  • AES Encryption for Files: Files are encrypted using AES before being stored.

  • RSA Encryption for Keys: AES keys are encrypted per user using each user’s public key (X.509 certificate).

  • Metadata Management: Each file has a metadata file storing the IV and encrypted AES keys per user.

  • Master Key Encryption: AES keys are additionally encrypted and stored using a master key for backup and adding new members purpose.

User Access Management Features:

  • User Accounts: Users can sign in and have unique identity through their email.

  • User-Based File Access: File can be shared with an individual so this individual will have an encrypted AES key for future decryption.

Group Access Management Features:

  • Group Creation: Admins can create named groups with selected members.

  • Group Admin Role: Admins have edit and delete privileges within their group.

  • Add/Remove Group Members: Edit group members dynamically.

  • Group-Based File Access: Files can be shared with entire groups, not just individuals.

  • Dynamic Key Distribution: When a new user is added to a group, AES keys for all previously shared files are encrypted for the new user automatically.

Group Access Management Features:

  • File Upload: Upload files through a form.

  • Multi-Recipient Access: Assign access to individual users or entire groups.

  • File Encryption and Storage: Files are stored encrypted on the server-side storage.

  • Download Access Control: Only authorized users can decrypt and download files.

  • Unauthorized Access Protection: Unauthorized users can only see the files or download the encrypted version.

Project Structure

SecureCloudStorage.sln
│
├── SecureCloudStorage.Web/             
│   ├── Controllers/
|   |   ├── RegisterController.cs   #Control the registration for new user as well as the generation of the user certificates
|   |   ├── SigninController.cs     #Control the sign in actions
|   |   ├── HomeController.cs       #Control the home page and the navigation bar
|   |   ├── GroupController.cs      #Control the group-scoped activities (creating new groups, adding or removing members, providing file access to a group, ...)
|   |   └── FileController.cs       #Manage file-processing tasks (uploading, downloading, encrypting, decrypting, ...)
│   ├── Models/
|   |   ├── ErrorViewModel.cs
|   |   ├── AdminViewModel.cs
|   |   └── EncryptedFileViewModel.cs
│   ├── Views/      #User Interface
│   │   ├── Home/
|   |   |   ├── Index.cshtml
|   |   |   └── Privacy.cshtml
│   │   ├── Files/
|   |   |   ├── DisplayFiles.cshtml
|   |   |   ├── Upload.cshtml
|   |   |   └── UploadSuccessfully.cshtml
|   |   ├── Group/
|   |   |   ├── AddGroup.cshtml
|   |   |   ├── DeleteGroup.cshtml
|   |   |   ├── DisplayGroup.cshtml
|   |   |   └── EditGroup.cshtml
|   |   ├── Register/
|   |   |   ├── Register.cshtml
|   |   |   └── RegisterSuccessfully.cshtml
|   |   ├── Signin/
|   |   |   └── Signin.cshtml
│   │   └── Shared/
|   |   |   ├── _Layout.cshtml
|   |   |   ├── _Layout.cshtml.css
|   |   |   ├── Error.cshtml.css
|   |   |   └── _ValidationScriptsPartial.cshtml
│   ├── wwwroot/                        
│   ├── appsettings.json
│   ├── appsettings.Develoipemnt.json
│   └── Program.cs
|
├── SecureCloudStorage.Application/     
|   ├── IEncryptionService.cs      
|   ├── EncryptionService.cs  
|   ├── AesKeyService.cs
│   └── CertificateGenerationService.cs   
|
├── SecureCloudStorage.Infrastructure/   #Secured Storage Accessed Only from Server Side
|   ├── Data/
|   |   └── AppDbContext.cs        
|   ├── Storage/ 
|   |   ├── uploads/    #Store encrypted version of the uploaded file
|   |   ├── certs/      #Store users' certificates + public keys + metadata
|   |   ├── certs-private/ #Store users' password-secured private keys
|   |   ├── metada/ #Store users' password-secured private keys
│   └── CertificateGenerationService.cs   
| 
└──  SecureCloudStorage.Domain/           
    ├── Entities/  #Binding with the MySQL Database
    |   ├── User.cs     #Binding with the User table (storing users' information)
    |   ├── EncryptedFile.cs #Binding with the EncryptedFile table (storing encrypted uploaded files' information - file name, uploader, time)
    |   ├── UserFileAccess.cs
    |   ├── Group.cs    #Binding with the GroupMember table (storing groups' information)
    |   ├── GroupMember.cs  #Binding with the UserMember table (linking users with their groups and indicating whether a user has admin right or not)
    |   ├── GroupFileAccess.cs #Binding with the GroupFileAccess table (linking groups with the files that all members can access)
    ├── FileMetadata.cs
    └── UserCertificate.cs

Cryptographic Design

  1. Hybrid Encryption Approach
  • Symmetric encryption (AES-256) for encrypting files (fast and secure).

  • Asymmetric encryption (RSA) for encrypting the AES key per user using their public certificate.

  1. Key Management System

Each registered user has:

  • A public/private key pair (e.g., using RSA)

  • A self-signed digital certificate (securely stored at the server-side)

  • File encrypted with a random but consistent AES key

  • Store metadata alongside encrypted file (encrypted AES keys for each group member, initialization vector)

Note

Check password that generates .pfx: openssl pkcs12 -in yourfile.pfx -info -nokeys

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors