Secure Cloud Storage with Encryption and Data Integrity Mechanisms

Abstract

Remote cloud infrastructure for sensitive data storage continues to pose unresolved technical and governance challenges as cloud adoption grows across healthcare, finance, and public administration. This survey examines ten recent research contributions from 2021 to 2025 that address encryption algorithms, cryptographic key lifecycle management, access control enforcement, and integrity verification mechanisms in cloud file storage environments. The examined works encompass symmetric block ciphers, public-key exchange protocols, hybrid combinations, client-controlled encryption architectures, hardware-assisted key protection, and distributed fault-tolerant storage models. Comparative analysis consistently reveals that the gap between theoretically sound cryptographic designs and their practical deployment usability remains the central unsolved challenge. End-user key management burdens, computational overhead from asymmetric operations, and the absence of lightweight implementations for resource-constrained environments each contribute to this divide. The findings inform the design of a PHP and MySQL-based secure cloud file storage prototype that performs AES-256 encryption on the client side before any data reaches the server.

Introduction

The text provides an overview of cloud data storage security challenges and summarizes research focused on improving encryption, access control, and key management in cloud environments.

It explains that the widespread use of third-party cloud services has improved convenience and scalability but created a major security trade-off, where users lose direct control over their data. The dominant server-side encryption model is vulnerable because cloud providers manage encryption keys, meaning a breach of provider systems can expose all stored data. In contrast, client-side encryption improves security by encrypting data on the user’s device, but it introduces difficulties in key management and usability.

The literature survey reviews recent studies (2021–2025) exploring solutions such as:

• AES, RSA, and hybrid encryption systems for balancing security and performance
• Client-side encryption frameworks to enhance data confidentiality
• Attribute-based and proxy re-encryption methods for flexible access control
• Data fragmentation and sharding across multiple servers to improve resilience
• Network coding and threshold schemes for fault tolerance and integrity
• Hardware Security Modules (HSMs) to protect encryption keys physically

Across studies, AES is consistently identified as efficient for data encryption, while RSA is mainly used for key protection. However, most approaches face limitations such as high computational cost, complex key management, scalability issues, lack of interoperability, and weak usability.

Conclusion

This survey has examined ten research contributions addressing cryptographic protection for cloud-stored files, spanning 2021 to 2025 and covering algorithm benchmarking, hybrid encryption architectures, client-side key management, access control enforcement, hardware-assisted key custody, and fault-tolerant distributed storage. AES-256 is the most practical symmetric cipher for encrypting file payloads, offering a combination of security margin and processing efficiency that no alternative examined in the reviewed literature surpasses for this purpose. Asymmetric algorithms such as RSA are best applied to key transport rather than bulk encryption. Hybrid architectures combining both families address the symmetric key distribution problem while keeping computational costs manageable. The central unsolved challenge identified across the reviewed body of work is key management: how to store, distribute, rotate, and recover cryptographic keys in a manner simultaneously secure, accessible to non-expert users, and resilient to common failure modes such as forgotten passwords or lost devices. Every reviewed paper acknowledges this problem; none presents a fully satisfying resolution. The hardware security module approach of Crocker and Querido comes closest to a principled solution but at a cost in procurement complexity and accessibility that limits its general applicability. A further gap is the absence of lightweight implementations suited to small-scale institutional deployments. The present project contributes to filling this gap by combining AES-256 client-side encryption with session-based access control in a PHP and MySQL architecture deployable on standard hosting infrastructure. Future extensions could incorporate post-quantum cryptographic primitives, integrate machine-learning-based anomaly detection, and adopt blockchain-based audit logging to provide tamper-evident records of all file operations.

References

[1] G. V. Rajan, R. Mittal, and A. Gupta, \"Secured cloud storage with client side encryption,\" Galgotias University, Greater Noida, India, 2025. Available: https://ssrn.com/abstract=5870642 [2] A. Brundashree et al., \"Secure file storage on cloud using hybrid cryptography,\" IJSAT, vol. 16, no. 2, pp. 1–11, 2025. [3] J. T. Myers et al., \"Evaluation of encryption algorithms in cloud-based password storage systems,\" Journal of Cloud Security and Privacy, vol. 14, no. 3, pp. 187–205, 2024. [4] Ravindrakumar, \"Data encryption techniques for securing cloud storage and communication,\" ShodhKosh, vol. 5, no. 4, pp. 861–869, 2024. [5] R. M. Zahir, \"Cloud storage security: risks and solutions,\" Preprints.org, Nov. 2025. [6] C. Kim, J. Park, Y. Lee, and S. Wang, \"Distributed encryption mechanisms for multi-cloud storage environments,\" IEEE Trans. Cloud Comput., vol. 13, no. 2, pp. 156–170, 2025. [7] A. Singh et al., \"Hybrid encryption and access control frameworks for enterprise cloud storage,\" IJISP, vol. 17, no. 3, pp. 234–252, 2023. [8] H. Kaur, J. Kaur, and A. Verma, \"Access control mechanisms and permission management in encrypted cloud storage,\" IEEE Access, vol. 10, pp. 45678–45695, 2022. [9] H. Chen, Y. Zhang, and B. Zhu, \"Secure cloud storage using network coding and cryptographic verification,\" IEEE Trans. Cloud Comput., vol. 9, no. 4, pp. 1045–1060, 2021. [10] B. Crocker and S. Querido, \"Hardware-based security and multi-factor authentication in cloud storage systems,\" Journal of Cybersecurity and Privacy, vol. 11, no. 2, pp. 89–107, 2021.

Copyright

Copyright © 2026 Sheela Rani C M, Naveen K, Likhith Kumar R P, Mahamad Usen, Akash B V. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.