Secure Cloud Communication Using ECC and AES Hybrid Encryption

Abstract

Today all our stuff is on the cloud, but it still can be breached. Most of our messaging apps claim to have encryption. This system does not really know who we are, so it does not really matter what we password are; our data can still be read by any intruder who get a hand of our cloud data. We present our own system which uses a hybrid system combined using both AES and ECC on one model. When we send a message our system encrypts the message using AES, and locks the AES key using receiver\'s ECC public key. Our message, along with the locked AES key are then sent on the cloud; our ECC private key, which is on the receiver\'s computer, is never sent out. Before we can decrypt anything we still need to identify our self using maybe a fingerprint or password. But this would not only be for messaging but any type of data stored on the cloud.

Introduction

The text describes a secure cloud communication system designed to protect data from attacks such as impersonation, man-in-the-middle attacks, and hacking. It addresses weaknesses in traditional password-based and device-based security systems, which can be compromised if credentials or devices are stolen.

The proposed solution uses a hybrid encryption approach combining AES and ECC along with biometric authentication. Each message is encrypted using AES-256-GCM, and the AES session key is further secured using the recipient’s ECC public key, creating a dual-layer encryption system. The encrypted data (ciphertext, nonce, integrity tag, and encrypted AES key) is stored in the cloud, which remains unable to access the actual message.

For decryption, the user must authenticate using biometrics (FIDO2/WebAuthn fingerprint verification). Only after successful authentication is the ECC private key used locally to decrypt the AES key, which is then used to decrypt the message securely. This ensures that even if the cloud is compromised, the data remains inaccessible without biometric verification.

Conclusion

The Proposed Secure Cloud Communication using Hybrid encryption techniques and biometric based authentication addresses critical lapses in traditional approaches. By combining AES-256-GCM, ECC, and biometric identity validation under zero trust model on cloud, the system ensures confidentiality, integrity, and even in the times of cloud breaches unauthorized users cannot access plain text data. The architecture is suitable for secure cloud communication and storage protection.

References

[1] Y. M. A. Abualkas and D. L. Bhaskari, “Hybrid Approach to Cloud Storage Security Using ECC AES Encryption and Key Management Techniques,” International Journal of Engineering Trends and Technology (IJETT), vol. 72, no. 4, pp. 92–100, Apr. 2024 [2] A. A. Abd Aljabbar, D. A. Hammood, and L. H. Abed, “Secure Cloud Storage Using Multi Modal Biometric Cryptosystem: A Deep Learning Based Key Binding Approach,” Journal of Al Qadisiyah for Computer Science and Mathematics, vol. 17, no. 1, pp. Comp 214–229, Mar. 2025. [3] M. Manimozhi and R. K. Mugelan, “Post-Quantum AES Encryption Using ECC Points Derived from BB84 Sifted Keys,” EPJ Quantum Technology, vol. 12, art. 109, 2025.

Copyright

Copyright © 2026 C. Laxmana Sai, V. Manognan, D. Adithyavardhan, K. Avinash. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.