South Asian Journal of Engineering and Technology

Vol. 6 No. 1 (2026): Vol 16, Iss 1, Year 2026
Articles

Hybrid Encryption and Intelligent Pattern-Matching Architecture for Cloud Security

PDF
  • Atharva Gupta,
  • Arun Kumar R,
  • A Prithiviraj,
  • E Saravana Kumar
Atharva Gupta
Department of Computer Science and Engineering, The Oxford College of Engineering, Affiliated to Visvesvaraya Technological University, Belagavi, Karnataka, India.
Arun Kumar R
Department of Computer Science and Engineering, The Oxford College of Engineering, Affiliated to Visvesvaraya Technological University, Belagavi, Karnataka, India.
A Prithiviraj
Department of Computer Science and Engineering, The Oxford College of Engineering, Affiliated to Visvesvaraya Technological University, Belagavi, Karnataka, India.
E Saravana Kumar
Department of Computer Science and Engineering, The Oxford College of Engineering, Affiliated to Visvesvaraya Technological University, Belagavi, Karnataka, India.
DOI: https://doi.org/10.26524/sajet.2026.16.1

Published 2026-01-07

Keywords

  • Cloud Security Architecture, Zero Knowledge Encryption, Two Factor Authentication (2FA), sensitive data detection, Cross region replication (CRR), hybrid encryption PBKDF2 key derivation, AWS S3 Security, Session Fingerprinting, Compliance Auditing, Disaster Recovery and Automated Threat Mitigation.
Crossref
Scopus
Google Scholar
Europe PMC

Abstract

The escalating frequency of data breaches in cloud storage environments has exposed the inadequacies of monolithic security models, where static authentication and opaque server-side encryption fail to protect against credential compromise and insider threats. This work presents Zenith, a secure cloud management platform that unifies multi-layered defense mechanisms across three critical domains: cryptographic access control, hybrid dual-encryption architecture, and automated threat detection. The Security Management Service implements RFC 6238-compliant Time-based One-Time Password (TOTP) authentication using HMAC-SHA1 verification with a flexible 90-second drift tolerance window, achieving verification speeds of 10–20ms while mitigating replay attacks. The encryption framework introduces a hybrid model offering Server-Side Encryption (SSE) using AWS S3 native AES-256 for general performance, and a zero-knowledge Client-Side Encryption (CSE) architecture that derives 256-bit keys using PBKDF2-HMAC-SHA256 with 100,000 iterations and a unique 16-byte salt, ensuring the platform possesses no decryption capability for sensitive data. To proactively prevent data leakage, an Automated Sensitive Data Detection pipeline utilizes regex-based pattern matching to identify Personally Identifiable Information (PII), credit card sequences (13−16 digits), and private IP ranges in real time, automatically triggering mandatory encryption workflows for flagged files. Data durability and disaster recovery are secured through AWS Cross-Region Replication (CRR) spanning approximately 2,800 miles (N. Virginia to Oregon), achieving 99.999999999% (eleven nines) data durability with eventual consistency typically achieved within 15 minutes.Comprehensive session auditing through MongoDB collects the device fingerprint and geolocation information, giving fine-grained visibility to access patterns. Experimental validation looks at that the platform balances rigorous security with operational efficiency, maintaining a client-side encryption overhead of only 200–300ms per megabyte, effectively establishing a compliant, resilient, and transparent foundation for secure cloud data management.

PDF

Downloads

Download data is not yet available.