SECURE FILE TRANSFER SYSTEM USING HYBRID AES-RSACRYPTOGRAPHYAND ROLE-BASED ACCESS CONTROL

Abstract

The exchange of digital files across computer networks has become a routine activity in enterprise, healthcare, academic and governmental settings. Conventional mechanisms such as the File Transfer Protocol (FTP) and unmodified TCP socket programs transmit credentials and content in cleartext, leaving sensitive information exposed to passive interception on shared infrastructure. This paper presents the design and implementation of a Secure File Transfer System (SFTS), built entirely in Python, that addresses these vulnerabilities through a multilayered cryptographic architecture. The system combines AES-256-CBC symmetric encryption of bulk file data with RSA-2048-OAEP asymmetric key wrapping so that the persession AES key never appears on the wire in plaintext form. Data integrity is verified by SHA-256 checksums embedded in every encrypted payload. Two delivery modes are supported: a reliable unicast mode over TCP and a one-to-many broadcast mode over UDP, the latter augmented with a TCP feedback channel for targeted retransmission of missing chunks. User authentication is performed by a dedicated module that stores bcrypt-hashed passwords in an SQLite database and enforces three roles — administrator, user and blocked — at login time. The system exposes its functionality through both a PyQt5 desktop interface and a Flask web dashboard. Experimental measurements on a local area network demonstrate sustained throughput of approximately 19 MB/s for unicast transfers up to 100 MB, while security testing confirms that the cryptographic guarantees hold against passive eavesdropping, ciphertext tampering and credential-based bypass attempts.