test_data3.txt

•	System Model–

Before discussing about the proposed system in detail, we have to know about security issues in cloud environment and importance of AES, DES  & multiparty encryption algorithms.


o	Cloud computing security issue:
 
1.	Cloud Security: Often referred to as "cloud security," this domain encompasses a wide range of measures aimed at protecting data, applications, and infrastructure within cloud environments. It involves the implementation of policies, technologies, and controls to mitigate security risks.

2.	Security Issues Associated with the Cloud: Several security challenges exist within cloud computing environments, necessitating careful consideration and proactive measures. Some of these issues include:

i.	Privileged User Access: Access controls must be in place to manage and monitor privileged user access within the cloud environment, minimizing the risk of unauthorized activities.
ii.	Regulatory Compliance: Compliance with regulatory requirements is essential, especially in industries with stringent data protection regulations. Cloud users must ensure that their chosen cloud service provider complies with relevant standards and regulations.
iii.	Data Location: The geographical location of data stored in the cloud can raise concerns regarding jurisdictional regulations and data sovereignty. Users should be aware of where their data is stored and ensure compliance with applicable laws.
iv.	 Data Segregation: Effective data segregation mechanisms are necessary to prevent unauthorized access and ensure data confidentiality. Proper isolation of data is crucial to mitigate the risk of data breaches.
v.	Recovery: Robust disaster recovery and data backup strategies are essential components of cloud security. Organizations must have measures in place to recover data in the event of a disaster or system failure.
vi.	Investigative Support: Cloud providers should offer adequate support for forensic investigations in the event of security incidents or breaches. Access to relevant logs and audit trails is crucial for conducting thorough investigations.
vii.	Long-Term Viability: Assessing the long-term viability of cloud service providers is crucial for ensuring continuity of service and data accessibility. Users should consider factors such as vendor stability and financial viability when selecting cloud providers.


•	 Encryption Algorithm - 
The Proposed system is implemented using AES & DES Algorithm. Both algorithm are explained here.

1.	Advanced Encryption Standard (AES) Algorithm:
This algorithm was published by National Institute of Standards and Technology (NIST) in 2001. AES is symmetric block cipher that is intended to replaces DES. The cipher takes plaintext of size 18 bit. The key length can be 128,192,256 bits. The algorithm referred to as AES-128, AES-192 and AES-256 depending on key length. The cipher consists of N rounds depends on key length: 10 rounds for a 128 bit key, 12 rounds for a 192 bit key and 14 rounds for 256
bit key. First N-1 rounds consist of 4 transformation functions- One permutation (ShiftRows) and three substitutions (Substitute bytes, MixColumns, AddRoundKey). Final round of both encryption and decryption consist of only 3 stages. Substitute bytes use S box for byte by byte substitution. MixColumns makes use of arithmetic over GF (28) AddRoundKey is simple bit-wise XOR of current block with a portion of expanded key.

 
Fig A. Encryption With AES


2.	Data Encryption Standard (DES) Algorithm:
One of the famous symmetric-key block cipher known as the Data Encryption Standard (DES) had been published in 1977 by NIST. The encryption method of DES is very unique, as it received a receive a 64-bit plaintext at sender end and generates a 64 cipher text at receiver ends. In DES, although the key size is 64 bits but only 54 bits key size is used for encryption and decryption. DES is based on the concept of Feistel Cipher implementation and used 16 round of Feistel structure which helps to generates 48-bit unique key form the cipher as per the predefined DES algorithm as discussed in Figure B. 
Initially 64 bit permutation is performed on 64 bit block of data, then it is divided into two halves (i.e.32 bit sub-blocks) represented as L0 and R0 that are passed into the Feistel rounds. This process will repeat till 16 round of the encryption method, as the number of twofold is increased the security level is also increased. In the last round (at 16th round) the pre-output is generated by swapping of L15 and R15 bit quantities. Finally, the inverse function of the initial permutation is calculated by concatenating of [R15, L15].


 
Fig B.  Encryption With DES

3.	Multiparty Encryption Algorithm: Fully Homomorphic Encryption (FHE)
Fully Homomorphic Encryption (FHE) is an advanced encryption technique that enables computations to be performed directly on encrypted data without the need for decryption. In the context of multiparty encryption, FHE allows multiple parties to jointly compute functions over their respective encrypted inputs while preserving the confidentiality of individual data. FHE achieves this by supporting operations such as addition and multiplication on encrypted data, facilitating secure computation across distributed environments. 
The working principle of FHE involves encrypting data using a public key, performing computations on the encrypted data, and obtaining the result in its encrypted form. Only authorized parties with the corresponding private key can decrypt the final result, ensuring confidentiality throughout the computation process. FHE holds significant potential for enhancing data security in collaborative settings, enabling privacy-preserving data analysis and computation in multiparty scenarios.

•	Problem Statement:
In the realm of cloud computing, where remote data storage and accessibility are fundamental, safeguarding sensitive information becomes imperative. Despite offering scalability, convenience, and cost-effectiveness, cloud services present significant challenges to information security, particularly concerning confidentiality, integrity, and availability.
The primary concern revolves around the confidentiality of customer data stored in the cloud. Unauthorized access or data breaches can result in severe consequences, including privacy violations and data theft. Encryption emerges as a foundational solution to uphold data confidentiality, with the choice of encryption algorithm significantly influencing its effectiveness. In the context of cloud computing, where extensive data transmission, storage, and processing occur, the efficiency and processing speed of encryption algorithms become critical factors. Symmetric encryption algorithms, such as the Advanced Encryption Standard (AES) and Data Encryption Standard (DES), are favored due to their computational efficiency and suitability for large-scale data handling.
To address the challenges associated with data confidentiality and processing efficiency in cloud environments, this research proposes a novel approach based on AES & DES encryption with multiparty encryption using Fully Homomorphic Encryption (FHE). The proposed approach aims to enhance data security by ensuring:
Confidentiality: Customer data stored in the cloud remains inaccessible to unauthorized parties, preserving user privacy and confidentiality.
Integrity: The integrity of data is maintained through robust encryption mechanisms, ensuring that data remains unaltered and authentic.
Additionally, the proposed approach supports existing cloud features, including:
Availability: Customers can access their data from any machine at any time using their secret file_id, ensuring continuous availability of data.
Data Sharing: Customers can securely share their data with trusted parties, enhancing collaboration and data exchange.
•	System implementation/module – 

The proposed system contains three components: one cloud server, user and multiparty encryption. Delay measurement was performed based on the request and
response time during file upload. Fig.  shows the overall system architecture.

 
Fig. System Architecture

1.	User Registration:

Users are required to register for a unique account before accessing the cloud system. During the registration process, users create or enter email address, username and password, which serve as their credentials for subsequent logins. Additionally, the system implements IP-based login authentication to enhance security measures.
Upon registration, users' IP addresses are logged and associated with their accounts. When users attempt to log in, the system verifies their credentials (username and password) along with the IP address from which the login request originated. This IP-based login authentication adds an extra layer of security by ensuring that users can only access their accounts from authorized IP addresses.
2.	File Uploading/Downloading:
Users can securely upload and download files using their registered credentials. Upon uploading, files are encrypted using AES, DES, and multiparty encryption (FHE) algorithms for enhanced security. During downloading, stored key in the cloud fetched to provide access and decrypt the files securely. This approach ensures data confidentiality, integrity, and efficient file management in the cloud environment.

3.	Multiparty Encryption with Fully Homomorphic Encryption (FHE):
In addition to AES and DES encryption, the proposed system leverages multiparty encryption with Fully Homomorphic Encryption (FHE) to enhance data security. FHE allows computations to be performed on encrypted data without decrypting it, thereby preserving data confidentiality throughout the computation process.
Key management in multiparty encryption with FHE involves the generation, distribution, and storage of encryption keys across multiple parties. Each party generates their own secret key, which is securely distributed among the participating entities using cryptographic protocols such as secure multiparty computation or key exchange algorithms.
During data encryption, the data is encrypted using a combination of keys from all participating parties, ensuring that no single entity has complete access to the encryption process. This distributed approach to key management enhances the security of the encryption process and mitigates the risk of key compromise.
By integrating multiparty encryption with FHE and robust key management mechanisms, the proposed system ensures strong data protection and confidentiality in cloud environments, even during collaborative data processing tasks.

4.	Data Security:
To ensure the highest level of security for data stored and processed in the cloud environment, our proposed system employs a hybrid encryption model leveraging the strengths of Advanced Encryption Standard (AES), Data Encryption Standard (DES), and Fully Homomorphic Encryption (FHE) as part of a multiparty encryption scheme. This multifaceted approach enhances both the confidentiality and integrity of user data.

AES and DES Integration: The system utilizes 128-bit AES encryption along with DES for securing user-uploaded data. AES is renowned for its speed and security as a symmetric encryption algorithm, making it a standard choice for encrypting large volumes of data efficiently. DES, though older, is incorporated to take advantage of its unique encryption mechanism, adding an extra layer of security through its established block cipher technique. This dual encryption ensures that even if one algorithm is compromised, the other layer of encryption maintains the integrity and confidentiality of the data.

Multiparty Encryption with FHE: To address the challenges of secure data sharing and processing in a multi-user cloud environment, our system incorporates multiparty encryption using Fully Homomorphic Encryption (FHE). FHE allows for computations to be performed on encrypted data, enabling the cloud system to process data without ever accessing the plaintext. This is critical for maintaining data privacy and security, especially in scenarios where sensitive data is being handled.

Key Management in FHE: Key management in our FHE scheme is carefully designed to support secure multiparty computation. It involves generating individual secret keys for each party (K1,K2,….,Kn) and combining these keys using a secure cryptographic function into a single encryption key (Kcombined). This approach ensures that no single party has access to the combined key, thereby preserving the confidentiality of the data and the integrity of the encryption process. The combined key is then utilized for encrypting data, which can only be decrypted by the collective agreement of all parties involved, thus adding a significant layer of security against unauthorized access.

This comprehensive encryption strategy, integrating AES, DES, and FHE, alongside a robust key management protocol, ensures that data stored in the cloud is protected against both external and internal threats, thereby guaranteeing data security, confidentiality, and integrity in cloud computing environments.

•	Results and Implementation - 

The proposed system was developed as an advanced online file storage and processing application, demonstrating a novel approach to data security in cloud environments. This application was successfully deployed on Google Cloud Platform (GCP), chosen for its robust infrastructure, scalability, and extensive support for Java-based applications. The choice of GCP as the cloud service provider underlines the system's focus on leveraging high-performance cloud resources while ensuring data security and privacy.

Development Framework and Languages:
The backend logic, including the encryption and decryption processes, user authentication, and file management, was implemented using Spring Boot, a highly efficient Java-based framework known for facilitating the rapid development of stand-alone, production-grade Spring applications. This choice was driven by Spring Boot's comprehensive ecosystem and its support for security extensions, which are crucial for implementing the hybrid encryption model and secure file storage mechanisms.
For the graphical user interface (GUI), Java Swing was employed to create a responsive and user-friendly desktop application. This decision was based on Swing's ability to provide a more secure, controlled environment for managing sensitive operations like file encryption, uploading, and downloading, minimizing the risk associated with web-based interfaces.

Cloud Service Integration:
Google Cloud Platform was utilized to host the backend services, including the application server and database, ensuring high availability, scalability, and security. The integration with GCP allowed for the leveraging of Google's robust cloud storage solutions and computing resources, providing a solid foundation for the application's data processing and storage needs.

Security Implementation:
The core of the proposed system's security architecture is based on a hybrid encryption model that combines AES, DES, and Fully Homomorphic Encryption (FHE) for multiparty encryption. This approach ensures that files uploaded to the cloud are encrypted in a manner that maximizes confidentiality and integrity. The AES and DES algorithms provide fast and reliable encryption for the bulk of the data, while FHE allows for secure computations on encrypted data, enabling features like secure data sharing and processing without compromising privacy.
Key management, a critical aspect of the system's security, is handled through a sophisticated protocol that supports the generation, distribution, and storage of encryption keys in a secure manner. This ensures that encrypted data remains accessible only to authorized users, further enhancing the system's security posture.

Practical Application and User Experience:

The application facilitates secure and efficient file storage and sharing, catering to users' needs for confidentiality and accessibility. Users can register and authenticate using a combination of email address, username, password, and IP-based login mechanisms, ensuring secure access. Files are encrypted client-side before being uploaded, and decryption keys are securely store and managed to only have access to authorized user. This setup not only guarantees the security of sensitive information like medical records, personal, and financial data but also offers a convenient and accessible means for users to manage and share their data.


A.	Secure File Encryption and Storage Process:
Upon the successful upload of a file to our system, developed with a focus on high security and privacy standards using Java and Spring Boot and hosted on a robust Google Cloud platform, the file undergoes a sophisticated encryption process designed to ensure maximal data security and privacy. This process involves splitting the file, applying layered encryption, and leveraging multiparty Fully Homomorphic Encryption (FHE) for enhanced security.

Proposed System hybrid Encryption Workflow:
Step 1: File Splitting
Immediately after a user uploads a file, the file contain read after according to file contain size it divides the file into two distinct parts. This division is the first step in a layered security strategy, enabling the application of different encryption methods to different segments of the data, thereby complicating unauthorized decryption attempts.

Step 2: Dual Encryption Scheme
Part 1 Encryption with AES: The first part of the file is encrypted using 256-bit AES encryption. This robust encryption standard is well-regarded for its impenetrability and efficiency, providing a high level of security without significantly impacting performance.
Part 2 Encryption with DES: Concurrently, the second part of the file is encrypted with 56-bit DES encryption. Despite DES's lower bit-size compared to AES, it still offers substantial security benefits, especially when combined with other encryption layers.

Step 3: Multiparty FHE Encryption
After initial encryption with AES and DES, both parts of the file are then encrypted again using multiparty Fully Homomorphic Encryption (FHE). This advanced encryption technique allows for computational operations on ciphertexts, generating encrypted results that, when decrypted, match the results of operations performed on the plaintext. By applying FHE, the system ensures that data can remain encrypted even during processing, significantly enhancing data security and privacy.

Step 4: Secure Storage on Cloud Servers
Following the completion of the encryption process, both encrypted parts of the file are securely stored on the server. This dual-encrypted data ensures that, even if one encryption method is compromised, the additional layers of encryption maintain the integrity and confidentiality of the user's data.

Secure File Retrieval and Decryption:
When a user wishes to download their file, the system retrieves the two encrypted parts from the server. Utilizing the keys provided by the user, the system first decrypts the data using the multiparty FHE decryption key. Subsequently, it applies the inverse operations of DES and AES encryption to restore the original file content.

This layered decryption process, which mirrors the encryption steps but in reverse order, ensures that the file's confidentiality and integrity are maintained throughout its lifecycle in the cloud. Only authorized users, possessing the necessary keys and credentials, can access and decrypt their files, significantly mitigating the risk of unauthorized access or 
data breaches.  Fig shows the diagrammatic representation of hybrid encryption

 
Fig A. hybrid Encryption

B.	Authentication and Authorization:
The proposed system implements robust authentication and authorization mechanisms to ensure secure user access and data sharing. During registration, users are required to create unique credentials consisting of an email address, username, and password. To verify the legitimacy of email addresses, the system leverages Mail SMTP relay, specifically integrating the Sendgrid API for efficient email verification. Upon successful registration, users are prompted to verify their email addresses before gaining access to the login window. This verification step is crucial, as it not only confirms the user's identity but also serves as a prerequisite for enabling file sharing capabilities via email. Additionally, the system enforces uniqueness constraints for usernames and email addresses, providing real-time alerts to users if their chosen credentials are already in use. This proactive approach enhances data security and prevents potential conflicts during user registration. Ultimately, the authentication and authorization protocols implemented in the system safeguard user accounts, mitigate the risk of unauthorized access, and ensure the integrity of shared data. 

C.	Multiparty Fully Homomorphic Encryption (FHE) Enhancement:
Multiparty Fully Homomorphic Encryption (FHE) stands as a pivotal component in our secure file storage and sharing system, significantly enhancing data security and facilitating secure data sharing among authorized parties. This advanced encryption technique allows for a novel approach to processing and analyzing encrypted data, ensuring that user information remains confidential and secure throughout its lifecycle in the cloud environment. Figure A shows multiparty encryption

How Multiparty FHE Works:
1. Secure Data Processing:
FHE enables computations to be performed on encrypted data (ciphertext) without needing to decrypt it first. The result of such computations, when decrypted, matches the outcome of operations performed on the plaintext. This means that data can be securely analyzed, aggregated, or modified while remaining encrypted, safeguarding user privacy and data integrity.
2. Enhanced Data Security:
By applying multiparty FHE to the encrypted file segments, our system ensures that each piece of data benefits from an additional layer of cryptographic security. This layer is particularly resistant to cryptanalysis and unauthorized access, as it allows the data to remain encrypted even during processing tasks. It effectively creates a secure enclave for data that even cloud administrators or potential attackers cannot penetrate, as they lack access to the decryption keys.
3. Facilitating Secure Data Sharing:
Multiparty FHE uniquely enables secure data sharing between authorized users. In scenarios where data needs to be shared among multiple parties, FHE allows for encrypted data to be jointly computed by different stakeholders without revealing the underlying data to one another. This is particularly useful in collaborative environments where data privacy is paramount but insights from the data need to be collectively accessed or analyzed.
4. Key Management and Collaboration:
The key management system within a multiparty FHE framework is designed to facilitate secure collaboration. Keys are distributed among authorized users in such a way that encrypted data can only be accessed and processed by participants holding the corresponding keys. This ensures that only authorized parties can decrypt the results of any computations on the encrypted data, thus maintaining confidentiality and data integrity during multiparty access and collaboration. 


•	Performance Analysis:
In this study, the proposed desktop application was developed using Spring Boot in Java to provide an encryption/decryption tool and ensure secure file sharing and storage using cryptographic modules and packages. From the practical implementation, we obtained the following results:
TABLE 1
ENCRYPTED AND DECRYPTED FILE SIZE IN BYTES


File size	Encrypted File Size	Decrypted File Size
58 kB	115 bytes	58kb
		

•	System Model–

Before discussing about the proposed system in detail, we have to know about security issues in cloud environment and importance of AES, DES  & multiparty encryption algorithms.

o	Cloud computing security issue:
 
1.	Cloud Security: Often referred to as "cloud security," this domain encompasses a wide range of measures aimed at protecting data, applications, and infrastructure within cloud environments. It involves the implementation of policies, technologies, and controls to mitigate security risks.

2.	Security Issues Associated with the Cloud: Several security challenges exist within cloud computing environments, necessitating careful consideration and proactive measures. Some of these issues include:

i.	Privileged User Access: Access controls must be in place to manage and monitor privileged user access within the cloud environment, minimizing the risk of unauthorized activities.
ii.	Regulatory Compliance: Compliance with regulatory requirements is essential, especially in industries with stringent data protection regulations. Cloud users must ensure that their chosen cloud service provider complies with relevant standards and regulations.
iii.	Data Location: The geographical location of data stored in the cloud can raise concerns regarding jurisdictional regulations and data sovereignty. Users should be aware of where their data is stored and ensure compliance with applicable laws.
iv.	 Data Segregation: Effective data segregation mechanisms are necessary to prevent unauthorized access and ensure data confidentiality. Proper isolation of data is crucial to mitigate the risk of data breaches.
v.	Recovery: Robust disaster recovery and data backup strategies are essential components of cloud security. Organizations must have measures in place to recover data in the event of a disaster or system failure.
vi.	Investigative Support: Cloud providers should offer adequate support for forensic investigations in the event of security incidents or breaches. Access to relevant logs and audit trails is crucial for conducting thorough investigations.
vii.	Long-Term Viability: Assessing the long-term viability of cloud service providers is crucial for ensuring continuity of service and data accessibility. Users should consider factors such as vendor stability and financial viability when selecting cloud providers.


•	 Encryption Algorithm - 
The Proposed system is implemented using AES & DES Algorithm. Both algorithm are explained here.

1.	Advanced Encryption Standard (AES) Algorithm:
This algorithm was published by National Institute of Standards and Technology (NIST) in 2001. AES is symmetric block cipher that is intended to replaces DES. The cipher takes plaintext of size 18 bit. The key length can be 128,192,256 bits. The algorithm referred to as AES-128, AES-192 and AES-256 depending on key length. The cipher consists of N rounds depends on key length: 10 rounds for a 128 bit key, 12 rounds for a 192 bit key and 14 rounds for 256
bit key. First N-1 rounds consist of 4 transformation functions- One permutation (ShiftRows) and three substitutions (Substitute bytes, MixColumns, AddRoundKey). Final round of both encryption and decryption consist of only 3 stages. Substitute bytes use S box for byte by byte substitution. MixColumns makes use of arithmetic over GF (28) AddRoundKey is simple bit-wise XOR of current block with a portion of expanded key.

 
Fig A. Encryption With AES


2.	Data Encryption Standard (DES) Algorithm:
One of the famous symmetric-key block cipher known as the Data Encryption Standard (DES) had been published in 1977 by NIST. The encryption method of DES is very unique, as it received a receive a 64-bit plaintext at sender end and generates a 64 cipher text at receiver ends. In DES, although the key size is 64 bits but only 54 bits key size is used for encryption and decryption. DES is based on the concept of Feistel Cipher implementation and used 16 round of Feistel structure which helps to generates 48-bit unique key form the cipher as per the predefined DES algorithm as discussed in Figure B. 
Initially 64 bit permutation is performed on 64 bit block of data, then it is divided into two halves (i.e.32 bit sub-blocks) represented as L0 and R0 that are passed into the Feistel rounds. This process will repeat till 16 round of the encryption method, as the number of twofold is increased the security level is also increased. In the last round (at 16th round) the pre-output is generated by swapping of L15 and R15 bit quantities. Finally, the inverse function of the initial permutation is calculated by concatenating of [R15, L15].


 
Fig B.  Encryption With DES

3.	Multiparty Encryption Algorithm: Fully Homomorphic Encryption (FHE)
Fully Homomorphic Encryption (FHE) is an advanced encryption technique that enables computations to be performed directly on encrypted data without the need for decryption. In the context of multiparty encryption, FHE allows multiple parties to jointly compute functions over their respective encrypted inputs while preserving the confidentiality of individual data. FHE achieves this by supporting operations such as addition and multiplication on encrypted data, facilitating secure computation across distributed environments. 
The working principle of FHE involves encrypting data using a public key, performing computations on the encrypted data, and obtaining the result in its encrypted form. Only authorized parties with the corresponding private key can decrypt the final result, ensuring confidentiality throughout the computation process. FHE holds significant potential for enhancing data security in collaborative settings, enabling privacy-preserving data analysis and computation in multiparty scenarios.

•	Problem Statement:
In the realm of cloud computing, where remote data storage and accessibility are fundamental, safeguarding sensitive information becomes imperative. Despite offering scalability, convenience, and cost-effectiveness, cloud services present significant challenges to information security, particularly concerning confidentiality, integrity, and availability.
The primary concern revolves around the confidentiality of customer data stored in the cloud. Unauthorized access or data breaches can result in severe consequences, including privacy violations and data theft. Encryption emerges as a foundational solution to uphold data confidentiality, with the choice of encryption algorithm significantly influencing its effectiveness. In the context of cloud computing, where extensive data transmission, storage, and processing occur, the efficiency and processing speed of encryption algorithms become critical factors. Symmetric encryption algorithms, such as the Advanced Encryption Standard (AES) and Data Encryption Standard (DES), are favored due to their computational efficiency and suitability for large-scale data handling.
To address the challenges associated with data confidentiality and processing efficiency in cloud environments, this research proposes a novel approach based on AES & DES encryption with multiparty encryption using Fully Homomorphic Encryption (FHE). The proposed approach aims to enhance data security by ensuring:
Confidentiality: Customer data stored in the cloud remains inaccessible to unauthorized parties, preserving user privacy and confidentiality.
Integrity: The integrity of data is maintained through robust encryption mechanisms, ensuring that data remains unaltered and authentic.
Additionally, the proposed approach supports existing cloud features, including:
Availability: Customers can access their data from any machine at any time using their secret file_id, ensuring continuous availability of data.
Data Sharing: Customers can securely share their data with trusted parties, enhancing collaboration and data exchange.
•	System implementation/module – 

The proposed system contains three components: one cloud server, user and multiparty encryption. Delay measurement was performed based on the request and
response time during file upload. Fig.  shows the overall system architecture.

 
Fig. System Architecture

1.	User Registration:

Users are required to register for a unique account before accessing the cloud system. During the registration process, users create or enter email address, username and password, which serve as their credentials for subsequent logins. Additionally, the system implements IP-based login authentication to enhance security measures.
Upon registration, users' IP addresses are logged and associated with their accounts. When users attempt to log in, the system verifies their credentials (username and password) along with the IP address from which the login request originated. This IP-based login authentication adds an extra layer of security by ensuring that users can only access their accounts from authorized IP addresses.
2.	File Uploading/Downloading:
Users can securely upload and download files using their registered credentials. Upon uploading, files are encrypted using AES, DES, and multiparty encryption (FHE) algorithms for enhanced security. During downloading, stored key in the cloud fetched to provide access and decrypt the files securely. This approach ensures data confidentiality, integrity, and efficient file management in the cloud environment.

3.	Multiparty Encryption with Fully Homomorphic Encryption (FHE):
In addition to AES and DES encryption, the proposed system leverages multiparty encryption with Fully Homomorphic Encryption (FHE) to enhance data security. FHE allows computations to be performed on encrypted data without decrypting it, thereby preserving data confidentiality throughout the computation process.
Key management in multiparty encryption with FHE involves the generation, distribution, and storage of encryption keys across multiple parties. Each party generates their own secret key, which is securely distributed among the participating entities using cryptographic protocols such as secure multiparty computation or key exchange algorithms.
During data encryption, the data is encrypted using a combination of keys from all participating parties, ensuring that no single entity has complete access to the encryption process. This distributed approach to key management enhances the security of the encryption process and mitigates the risk of key compromise.
By integrating multiparty encryption with FHE and robust key management mechanisms, the proposed system ensures strong data protection and confidentiality in cloud environments, even during collaborative data processing tasks.

4.	Data Security:
To ensure the highest level of security for data stored and processed in the cloud environment, our proposed system employs a hybrid encryption model leveraging the strengths of Advanced Encryption Standard (AES), Data Encryption Standard (DES), and Fully Homomorphic Encryption (FHE) as part of a multiparty encryption scheme. This multifaceted approach enhances both the confidentiality and integrity of user data.

AES and DES Integration: The system utilizes 128-bit AES encryption along with DES for securing user-uploaded data. AES is renowned for its speed and security as a symmetric encryption algorithm, making it a standard choice for encrypting large volumes of data efficiently. DES, though older, is incorporated to take advantage of its unique encryption mechanism, adding an extra layer of security through its established block cipher technique. This dual encryption ensures that even if one algorithm is compromised, the other layer of encryption maintains the integrity and confidentiality of the data.

Multiparty Encryption with FHE: To address the challenges of secure data sharing and processing in a multi-user cloud environment, our system incorporates multiparty encryption using Fully Homomorphic Encryption (FHE). FHE allows for computations to be performed on encrypted data, enabling the cloud system to process data without ever accessing the plaintext. This is critical for maintaining data privacy and security, especially in scenarios where sensitive data is being handled.

Key Management in FHE: Key management in our FHE scheme is carefully designed to support secure multiparty computation. It involves generating individual secret keys for each party (K1,K2,….,Kn) and combining these keys using a secure cryptographic function into a single encryption key (Kcombined). This approach ensures that no single party has access to the combined key, thereby preserving the confidentiality of the data and the integrity of the encryption process. The combined key is then utilized for encrypting data, which can only be decrypted by the collective agreement of all parties involved, thus adding a significant layer of security against unauthorized access.

This comprehensive encryption strategy, integrating AES, DES, and FHE, alongside a robust key management protocol, ensures that data stored in the cloud is protected against both external and internal threats, thereby guaranteeing data security, confidentiality, and integrity in cloud computing environments.

•	Results and Implementation - 

The proposed system was developed as an advanced online file storage and processing application, demonstrating a novel approach to data security in cloud environments. This application was successfully deployed on Google Cloud Platform (GCP), chosen for its robust infrastructure, scalability, and extensive support for Java-based applications. The choice of GCP as the cloud service provider underlines the system's focus on leveraging high-performance cloud resources while ensuring data security and privacy.

Development Framework and Languages:
The backend logic, including the encryption and decryption processes, user authentication, and file management, was implemented using Spring Boot, a highly efficient Java-based framework known for facilitating the rapid development of stand-alone, production-grade Spring applications. This choice was driven by Spring Boot's comprehensive ecosystem and its support for security extensions, which are crucial for implementing the hybrid encryption model and secure file storage mechanisms.
For the graphical user interface (GUI), Java Swing was employed to create a responsive and user-friendly desktop application. This decision was based on Swing's ability to provide a more secure, controlled environment for managing sensitive operations like file encryption, uploading, and downloading, minimizing the risk associated with web-based interfaces.

Cloud Service Integration:
Google Cloud Platform was utilized to host the backend services, including the application server and database, ensuring high availability, scalability, and security. The integration with GCP allowed for the leveraging of Google's robust cloud storage solutions and computing resources, providing a solid foundation for the application's data processing and storage needs.

Security Implementation:
The core of the proposed system's security architecture is based on a hybrid encryption model that combines AES, DES, and Fully Homomorphic Encryption (FHE) for multiparty encryption. This approach ensures that files uploaded to the cloud are encrypted in a manner that maximizes confidentiality and integrity. The AES and DES algorithms provide fast and reliable encryption for the bulk of the data, while FHE allows for secure computations on encrypted data, enabling features like secure data sharing and processing without compromising privacy.
Key management, a critical aspect of the system's security, is handled through a sophisticated protocol that supports the generation, distribution, and storage of encryption keys in a secure manner. This ensures that encrypted data remains accessible only to authorized users, further enhancing the system's security posture.

Practical Application and User Experience:

The application facilitates secure and efficient file storage and sharing, catering to users' needs for confidentiality and accessibility. Users can register and authenticate using a combination of email address, username, password, and IP-based login mechanisms, ensuring secure access. Files are encrypted client-side before being uploaded, and decryption keys are securely store and managed to only have access to authorized user. This setup not only guarantees the security of sensitive information like medical records, personal, and financial data but also offers a convenient and accessible means for users to manage and share their data.


A.	Secure File Encryption and Storage Process:
Upon the successful upload of a file to our system, developed with a focus on high security and privacy standards using Java and Spring Boot and hosted on a robust Google Cloud platform, the file undergoes a sophisticated encryption process designed to ensure maximal data security and privacy. This process involves splitting the file, applying layered encryption, and leveraging multiparty Fully Homomorphic Encryption (FHE) for enhanced security.

Proposed System hybrid Encryption Workflow:
Step 1: File Splitting
Immediately after a user uploads a file, the file contain read after according to file contain size it divides the file into two distinct parts. This division is the first step in a layered security strategy, enabling the application of different encryption methods to different segments of the data, thereby complicating unauthorized decryption attempts.

Step 2: Dual Encryption Scheme
Part 1 Encryption with AES: The first part of the file is encrypted using 256-bit AES encryption. This robust encryption standard is well-regarded for its impenetrability and efficiency, providing a high level of security without significantly impacting performance.
Part 2 Encryption with DES: Concurrently, the second part of the file is encrypted with 56-bit DES encryption. Despite DES's lower bit-size compared to AES, it still offers substantial security benefits, especially when combined with other encryption layers.

Step 3: Multiparty FHE Encryption
After initial encryption with AES and DES, both parts of the file are then encrypted again using multiparty Fully Homomorphic Encryption (FHE). This advanced encryption technique allows for computational operations on ciphertexts, generating encrypted results that, when decrypted, match the results of operations performed on the plaintext. By applying FHE, the system ensures that data can remain encrypted even during processing, significantly enhancing data security and privacy.

Step 4: Secure Storage on Cloud Servers
Following the completion of the encryption process, both encrypted parts of the file are securely stored on the server. This dual-encrypted data ensures that, even if one encryption method is compromised, the additional layers of encryption maintain the integrity and confidentiality of the user's data.

Secure File Retrieval and Decryption:
When a user wishes to download their file, the system retrieves the two encrypted parts from the server. Utilizing the keys provided by the user, the system first decrypts the data using the multiparty FHE decryption key. Subsequently, it applies the inverse operations of DES and AES encryption to restore the original file content.

This layered decryption process, which mirrors the encryption steps but in reverse order, ensures that the file's confidentiality and integrity are maintained throughout its lifecycle in the cloud. Only authorized users, possessing the necessary keys and credentials, can access and decrypt their files, significantly mitigating the risk of unauthorized access or 
data breaches.  Fig shows the diagrammatic representation of hybrid encryption

 
Fig A. hybrid Encryption

B.	Authentication and Authorization:
The proposed system implements robust authentication and authorization mechanisms to ensure secure user access and data sharing. During registration, users are required to create unique credentials consisting of an email address, username, and password. To verify the legitimacy of email addresses, the system leverages Mail SMTP relay, specifically integrating the Sendgrid API for efficient email verification. Upon successful registration, users are prompted to verify their email addresses before gaining access to the login window. This verification step is crucial, as it not only confirms the user's identity but also serves as a prerequisite for enabling file sharing capabilities via email. Additionally, the system enforces uniqueness constraints for usernames and email addresses, providing real-time alerts to users if their chosen credentials are already in use. This proactive approach enhances data security and prevents potential conflicts during user registration. Ultimately, the authentication and authorization protocols implemented in the system safeguard user accounts, mitigate the risk of unauthorized access, and ensure the integrity of shared data. 

C.	Multiparty Fully Homomorphic Encryption (FHE) Enhancement:
Multiparty Fully Homomorphic Encryption (FHE) stands as a pivotal component in our secure file storage and sharing system, significantly enhancing data security and facilitating secure data sharing among authorized parties. This advanced encryption technique allows for a novel approach to processing and analyzing encrypted data, ensuring that user information remains confidential and secure throughout its lifecycle in the cloud environment. Figure A shows multiparty encryption

How Multiparty FHE Works:
1. Secure Data Processing:
FHE enables computations to be performed on encrypted data (ciphertext) without needing to decrypt it first. The result of such computations, when decrypted, matches the outcome of operations performed on the plaintext. This means that data can be securely analyzed, aggregated, or modified while remaining encrypted, safeguarding user privacy and data integrity.
2. Enhanced Data Security:
By applying multiparty FHE to the encrypted file segments, our system ensures that each piece of data benefits from an additional layer of cryptographic security. This layer is particularly resistant to cryptanalysis and unauthorized access, as it allows the data to remain encrypted even during processing tasks. It effectively creates a secure enclave for data that even cloud administrators or potential attackers cannot penetrate, as they lack access to the decryption keys.
3. Facilitating Secure Data Sharing:
Multiparty FHE uniquely enables secure data sharing between authorized users. In scenarios where data needs to be shared among multiple parties, FHE allows for encrypted data to be jointly computed by different stakeholders without revealing the underlying data to one another. This is particularly useful in collaborative environments where data privacy is paramount but insights from the data need to be collectively accessed or analyzed.
4. Key Management and Collaboration:
The key management system within a multiparty FHE framework is designed to facilitate secure collaboration. Keys are distributed among authorized users in such a way that encrypted data can only be accessed and processed by participants holding the corresponding keys. This ensures that only authorized parties can decrypt the results of any computations on the encrypted data, thus maintaining confidentiality and data integrity during multiparty access and collaboration. 


•	Performance Analysis:
In this study, the proposed desktop application was developed using Spring Boot in Java to provide an encryption/decryption tool and ensure secure file sharing and storage using cryptographic modules and packages. From the practical implementation, we obtained the following results:
TABLE 1
ENCRYPTED AND DECRYPTED FILE SIZE IN BYTES


File size	Encrypted File Size	Decrypted File Size
58 kB	115 bytes	58kb
		

•	System Model–

Before discussing about the proposed system in detail, we have to know about security issues in cloud environment and importance of AES, DES  & multiparty encryption algorithms.

o	Cloud computing security issue:
 
1.	Cloud Security: Often referred to as "cloud security," this domain encompasses a wide range of measures aimed at protecting data, applications, and infrastructure within cloud environments. It involves the implementation of policies, technologies, and controls to mitigate security risks.

2.	Security Issues Associated with the Cloud: Several security challenges exist within cloud computing environments, necessitating careful consideration and proactive measures. Some of these issues include:

i.	Privileged User Access: Access controls must be in place to manage and monitor privileged user access within the cloud environment, minimizing the risk of unauthorized activities.
ii.	Regulatory Compliance: Compliance with regulatory requirements is essential, especially in industries with stringent data protection regulations. Cloud users must ensure that their chosen cloud service provider complies with relevant standards and regulations.
iii.	Data Location: The geographical location of data stored in the cloud can raise concerns regarding jurisdictional regulations and data sovereignty. Users should be aware of where their data is stored and ensure compliance with applicable laws.
iv.	 Data Segregation: Effective data segregation mechanisms are necessary to prevent unauthorized access and ensure data confidentiality. Proper isolation of data is crucial to mitigate the risk of data breaches.
v.	Recovery: Robust disaster recovery and data backup strategies are essential components of cloud security. Organizations must have measures in place to recover data in the event of a disaster or system failure.
vi.	Investigative Support: Cloud providers should offer adequate support for forensic investigations in the event of security incidents or breaches. Access to relevant logs and audit trails is crucial for conducting thorough investigations.
vii.	Long-Term Viability: Assessing the long-term viability of cloud service providers is crucial for ensuring continuity of service and data accessibility. Users should consider factors such as vendor stability and financial viability when selecting cloud providers.


•	 Encryption Algorithm - 
The Proposed system is implemented using AES & DES Algorithm. Both algorithm are explained here.

1.	Advanced Encryption Standard (AES) Algorithm:
This algorithm was published by National Institute of Standards and Technology (NIST) in 2001. AES is symmetric block cipher that is intended to replaces DES. The cipher takes plaintext of size 18 bit. The key length can be 128,192,256 bits. The algorithm referred to as AES-128, AES-192 and AES-256 depending on key length. The cipher consists of N rounds depends on key length: 10 rounds for a 128 bit key, 12 rounds for a 192 bit key and 14 rounds for 256
bit key. First N-1 rounds consist of 4 transformation functions- One permutation (ShiftRows) and three substitutions (Substitute bytes, MixColumns, AddRoundKey). Final round of both encryption and decryption consist of only 3 stages. Substitute bytes use S box for byte by byte substitution. MixColumns makes use of arithmetic over GF (28) AddRoundKey is simple bit-wise XOR of current block with a portion of expanded key.

 
Fig A. Encryption With AES


2.	Data Encryption Standard (DES) Algorithm:
One of the famous symmetric-key block cipher known as the Data Encryption Standard (DES) had been published in 1977 by NIST. The encryption method of DES is very unique, as it received a receive a 64-bit plaintext at sender end and generates a 64 cipher text at receiver ends. In DES, although the key size is 64 bits but only 54 bits key size is used for encryption and decryption. DES is based on the concept of Feistel Cipher implementation and used 16 round of Feistel structure which helps to generates 48-bit unique key form the cipher as per the predefined DES algorithm as discussed in Figure B. 
Initially 64 bit permutation is performed on 64 bit block of data, then it is divided into two halves (i.e.32 bit sub-blocks) represented as L0 and R0 that are passed into the Feistel rounds. This process will repeat till 16 round of the encryption method, as the number of twofold is increased the security level is also increased. In the last round (at 16th round) the pre-output is generated by swapping of L15 and R15 bit quantities. Finally, the inverse function of the initial permutation is calculated by concatenating of [R15, L15].


 
Fig B.  Encryption With DES

3.	Multiparty Encryption Algorithm: Fully Homomorphic Encryption (FHE)
Fully Homomorphic Encryption (FHE) is an advanced encryption technique that enables computations to be performed directly on encrypted data without the need for decryption. In the context of multiparty encryption, FHE allows multiple parties to jointly compute functions over their respective encrypted inputs while preserving the confidentiality of individual data. FHE achieves this by supporting operations such as addition and multiplication on encrypted data, facilitating secure computation across distributed environments. 
The working principle of FHE involves encrypting data using a public key, performing computations on the encrypted data, and obtaining the result in its encrypted form. Only authorized parties with the corresponding private key can decrypt the final result, ensuring confidentiality throughout the computation process. FHE holds significant potential for enhancing data security in collaborative settings, enabling privacy-preserving data analysis and computation in multiparty scenarios.

•	Problem Statement:
In the realm of cloud computing, where remote data storage and accessibility are fundamental, safeguarding sensitive information becomes imperative. Despite offering scalability, convenience, and cost-effectiveness, cloud services present significant challenges to information security, particularly concerning confidentiality, integrity, and availability.
The primary concern revolves around the confidentiality of customer data stored in the cloud. Unauthorized access or data breaches can result in severe consequences, including privacy violations and data theft. Encryption emerges as a foundational solution to uphold data confidentiality, with the choice of encryption algorithm significantly influencing its effectiveness. In the context of cloud computing, where extensive data transmission, storage, and processing occur, the efficiency and processing speed of encryption algorithms become critical factors. Symmetric encryption algorithms, such as the Advanced Encryption Standard (AES) and Data Encryption Standard (DES), are favored due to their computational efficiency and suitability for large-scale data handling.
To address the challenges associated with data confidentiality and processing efficiency in cloud environments, this research proposes a novel approach based on AES & DES encryption with multiparty encryption using Fully Homomorphic Encryption (FHE). The proposed approach aims to enhance data security by ensuring:
Confidentiality: Customer data stored in the cloud remains inaccessible to unauthorized parties, preserving user privacy and confidentiality.
Integrity: The integrity of data is maintained through robust encryption mechanisms, ensuring that data remains unaltered and authentic.
Additionally, the proposed approach supports existing cloud features, including:
Availability: Customers can access their data from any machine at any time using their secret file_id, ensuring continuous availability of data.
Data Sharing: Customers can securely share their data with trusted parties, enhancing collaboration and data exchange.
•	System implementation/module – 

The proposed system contains three components: one cloud server, user and multiparty encryption. Delay measurement was performed based on the request and
response time during file upload. Fig.  shows the overall system architecture.

 
Fig. System Architecture

1.	User Registration:

Users are required to register for a unique account before accessing the cloud system. During the registration process, users create or enter email address, username and password, which serve as their credentials for subsequent logins. Additionally, the system implements IP-based login authentication to enhance security measures.
Upon registration, users' IP addresses are logged and associated with their accounts. When users attempt to log in, the system verifies their credentials (username and password) along with the IP address from which the login request originated. This IP-based login authentication adds an extra layer of security by ensuring that users can only access their accounts from authorized IP addresses.
2.	File Uploading/Downloading:
Users can securely upload and download files using their registered credentials. Upon uploading, files are encrypted using AES, DES, and multiparty encryption (FHE) algorithms for enhanced security. During downloading, stored key in the cloud fetched to provide access and decrypt the files securely. This approach ensures data confidentiality, integrity, and efficient file management in the cloud environment.

3.	Multiparty Encryption with Fully Homomorphic Encryption (FHE):
In addition to AES and DES encryption, the proposed system leverages multiparty encryption with Fully Homomorphic Encryption (FHE) to enhance data security. FHE allows computations to be performed on encrypted data without decrypting it, thereby preserving data confidentiality throughout the computation process.
Key management in multiparty encryption with FHE involves the generation, distribution, and storage of encryption keys across multiple parties. Each party generates their own secret key, which is securely distributed among the participating entities using cryptographic protocols such as secure multiparty computation or key exchange algorithms.
During data encryption, the data is encrypted using a combination of keys from all participating parties, ensuring that no single entity has complete access to the encryption process. This distributed approach to key management enhances the security of the encryption process and mitigates the risk of key compromise.
By integrating multiparty encryption with FHE and robust key management mechanisms, the proposed system ensures strong data protection and confidentiality in cloud environments, even during collaborative data processing tasks.

4.	Data Security:
To ensure the highest level of security for data stored and processed in the cloud environment, our proposed system employs a hybrid encryption model leveraging the strengths of Advanced Encryption Standard (AES), Data Encryption Standard (DES), and Fully Homomorphic Encryption (FHE) as part of a multiparty encryption scheme. This multifaceted approach enhances both the confidentiality and integrity of user data.

AES and DES Integration: The system utilizes 128-bit AES encryption along with DES for securing user-uploaded data. AES is renowned for its speed and security as a symmetric encryption algorithm, making it a standard choice for encrypting large volumes of data efficiently. DES, though older, is incorporated to take advantage of its unique encryption mechanism, adding an extra layer of security through its established block cipher technique. This dual encryption ensures that even if one algorithm is compromised, the other layer of encryption maintains the integrity and confidentiality of the data.

Multiparty Encryption with FHE: To address the challenges of secure data sharing and processing in a multi-user cloud environment, our system incorporates multiparty encryption using Fully Homomorphic Encryption (FHE). FHE allows for computations to be performed on encrypted data, enabling the cloud system to process data without ever accessing the plaintext. This is critical for maintaining data privacy and security, especially in scenarios where sensitive data is being handled.

Key Management in FHE: Key management in our FHE scheme is carefully designed to support secure multiparty computation. It involves generating individual secret keys for each party (K1,K2,….,Kn) and combining these keys using a secure cryptographic function into a single encryption key (Kcombined). This approach ensures that no single party has access to the combined key, thereby preserving the confidentiality of the data and the integrity of the encryption process. The combined key is then utilized for encrypting data, which can only be decrypted by the collective agreement of all parties involved, thus adding a significant layer of security against unauthorized access.

This comprehensive encryption strategy, integrating AES, DES, and FHE, alongside a robust key management protocol, ensures that data stored in the cloud is protected against both external and internal threats, thereby guaranteeing data security, confidentiality, and integrity in cloud computing environments.

•	Results and Implementation - 

The proposed system was developed as an advanced online file storage and processing application, demonstrating a novel approach to data security in cloud environments. This application was successfully deployed on Google Cloud Platform (GCP), chosen for its robust infrastructure, scalability, and extensive support for Java-based applications. The choice of GCP as the cloud service provider underlines the system's focus on leveraging high-performance cloud resources while ensuring data security and privacy.

Development Framework and Languages:
The backend logic, including the encryption and decryption processes, user authentication, and file management, was implemented using Spring Boot, a highly efficient Java-based framework known for facilitating the rapid development of stand-alone, production-grade Spring applications. This choice was driven by Spring Boot's comprehensive ecosystem and its support for security extensions, which are crucial for implementing the hybrid encryption model and secure file storage mechanisms.
For the graphical user interface (GUI), Java Swing was employed to create a responsive and user-friendly desktop application. This decision was based on Swing's ability to provide a more secure, controlled environment for managing sensitive operations like file encryption, uploading, and downloading, minimizing the risk associated with web-based interfaces.

Cloud Service Integration:
Google Cloud Platform was utilized to host the backend services, including the application server and database, ensuring high availability, scalability, and security. The integration with GCP allowed for the leveraging of Google's robust cloud storage solutions and computing resources, providing a solid foundation for the application's data processing and storage needs.

Security Implementation:
The core of the proposed system's security architecture is based on a hybrid encryption model that combines AES, DES, and Fully Homomorphic Encryption (FHE) for multiparty encryption. This approach ensures that files uploaded to the cloud are encrypted in a manner that maximizes confidentiality and integrity. The AES and DES algorithms provide fast and reliable encryption for the bulk of the data, while FHE allows for secure computations on encrypted data, enabling features like secure data sharing and processing without compromising privacy.
Key management, a critical aspect of the system's security, is handled through a sophisticated protocol that supports the generation, distribution, and storage of encryption keys in a secure manner. This ensures that encrypted data remains accessible only to authorized users, further enhancing the system's security posture.