Skip to content

XuefengHuang/Cloud_Encrypted

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Cloud_Encrypted

Project: Party1 stores files on a cloud server and later allows other Parties to retrieve (some of) them.

Precedure: ./encrypt keyfile.txt file.txt filename.txt ./recover efile.txt filename.txt keyfile.txt

Structure: 1.Encrypt: on input a key k, and a file f1 with filename fn1, returns a related file f2 with a related filename fn2. 2.Recover: on input a file f2 with filename f1, and string key, returns a file f3.

What has been done: In this project, the target is to encrypt the file before posting it on the storage server. Encrypting the file and leaving the same name may not be a good idea (from a privacy point of view) since file names sometimes reveal the file content. Accordingly, in Encrypt we assign a new name fn2 to the encrypted file. Moreover, encrypting all files with the same key is not a good idea as later we want to selectively authorize decryption of some but not all of the files. Accordingly, we generate an encryption key for each file as a function of the key k and the original file name fn1. After Encrypt is running, it will encrypt file,filename, and calculate the HMAC of encrypted file. Later we can post the encrypted file with the new name into the storage server.

At this point, others could download or copy the encrypted file, but only those we choose can decrypt it. Thus, we run Recover program to regenerate fn1 just as done in Preprocess, and generate fn3 just as we generated fn2 in Preprocess (thus, fn3=fn2). We also can verify sender's identify by digital signature.

We also need to transfer the symmetric key and HMAC of efile.txt to the user using asymmetric encryption that is via secure channel implemented with RSA. Our peer can use key received from us and the encrypted file downloaded from the storage server, to run Recover program and successfully decrypt the file and verify the integrity of file.

Primitives Used:

  1. Encrypt: AES in CFB Mode with 256bit Key Length + HMAC + SHA256

  2. Recover: SHA256 + Digital Signature verification + transfer the symmetric key and HMAC of efile.txt to the user using RSA + HMAC Verification then decryption

Technical Detals:

  1. Encrypt:

     Preprocess takes as input: key.txt, file.txt (F1) with filename.txt (Fn1).
     It outputs efile.txt (F2) with efilename.txt (Fn2).
     The Key (K) and initialization vector (IV) are dynamically generated by the crypto++ library.        
     The Key K, IV are now stored in key.txt file.
     file.txt (F1) is encrypted with AES encryption in CFB mode to generate efile.txt (F2).
     eFilename.txt (Fn2) is generated by SHA256
     We now generate HMAC of file efile.txt (F2) with key Kmac and store it in filename hmac_efilename.txt.
     The key Kmac for HMAC is also stored in the key.txt file.
    
  2. Recover:

     We transfer the symmetric key key and HMAC of efile.txt to the user using asymmetric encryption that is via secure channel implemented with RSA.
     Sender implement digital signature for the file he wants to post to cloud server.
     Authorize Stage takes as input  Filename.txt (Fn1).
     It gives as output, sfilename.txt (Fn3).
     Sfilename.txt (Fn3) is generated by calculating SHA256 of Fn1.
     Then check if Fn3 is equal to Fn1. If it is not, the file is not what we want.
     Once we verify the name of file, we use digital signature to verify authentication and non-repudiation.
     We use this HMAC to verify for integrity by using the key Kmac stored in Key.
     Once we verify that the integrity of the file is not compromised, we move forward with decryption of the file.
     Once the user receives the symmetric key he can now proceed with the decryption of the file.
     Once we derive (K + IV) we can now get sfile.txt (F3), plaintext file from efile.txt(F2) by using the decryption algorithm in AES crypto++ library.
    

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages