A Polycentric Authentication Mesh with Role-Derived Audit Provenance for Tamper-Resilient Cloud File Ecosystems

Abstract

Cloud-based storage has become a widely adopted solution for managing and sharing digital data due to its flexibility, scalability, and cost efficiency; however, it introduces critical security challenges such as unauthorized access, data leakage, and weak authentication mechanisms. Traditional cloud systems often rely on password-based authentication and server-side encryption, which remain vulnerable if the infrastructure is compromised, potentially exposing sensitive information. To address these limitations, this work proposed a secure cloud file storage and sharing model that emphasized robust data protection and controlled accessibility. The system incorporated Multi-Factor Authentication (MFA), where users authenticated using a combination of passwords and One-Time Passwords (OTP) delivered via Simple Mail Transfer Protocol (SMTP), thereby enhancing login security. For data protection, Advanced Encryption Standard–Galois/Counter Mode (AES-GCM) was employed to encrypt files efficiently, while Rivest–Shamir–Adleman (RSA) was utilized for secure key exchange, ensuring that encryption keys remained protected. All files were encrypted before storage, eliminating the risk of plaintext exposure. Additionally, Access Control Lists (ACL) mechanisms were implemented to enable secure file sharing among authorized users only. To ensure data integrity, Secure Hash Algorithm (SHA-256) hashing was applied during file upload, allowing verification of file authenticity and detection of tampering. Files were decrypted only after validating access permissions. Furthermore, the system maintained detailed activity logs, ensuring traceability and accountability.