Technical Whitepaper

This document covers the full technical architecture of iMegha. For a plain-English overview, see the main site pages.

Updated February 2026

Architecture Patent Pending

1. Encryption

Algorithms

Algorithm	Use	Parameters
`AES-256-GCM`	Symmetric encryption (files, messages, keys)	256-bit key, 96-bit IV, 128-bit auth tag
`RSA-2048-OAEP`	Asymmetric encryption (key exchange)	2048-bit modulus, SHA-256 hash, OAEP padding
`PBKDF2-SHA256`	Key derivation (password to KEK)	100,000 iterations, random salt
`BIP39`	Recovery phrase	24-word English mnemonic (256-bit entropy)
`Web Crypto API`	Implementation	Browser-native, no JS crypto libraries

Key Hierarchy

KEK Key Encryption Key -- derived from password via PBKDF2-SHA256. Never stored.
DEK Data Encryption Key -- master key. Encrypted with KEK, stored on platform.
FEK File Encryption Key -- unique per file. Encrypted with DEK or RSA. AES-256-GCM.
CK Conversation Key -- unique per chat. Encrypted with DEK.
FK Folder Key -- per shared folder. Encrypted with recipient's RSA public key.
AK Album Key -- per shared album. Encrypted with recipient's RSA public key.
AIK AI Conversation Key (Pro only) -- Encrypted with DEK.

Key Guarantees

Every file gets a unique FEK -- compromise of one does not expose others
Every conversation gets a unique CK
Every IV is unique per encryption operation
RSA used ONLY for key exchange, never bulk data
DEK only exists in browser memory
KEK derived on-the-fly, never stored or transmitted

2. Zero-Copy Sharing Protocol

Files are never copied to the recipient's cloud or to the platform. The file stays in the owner's S3 bucket at all times. Only the encrypted key travels.

Owner generates FEK, encrypts file with AES-256-GCM
Owner fetches recipient's RSA-2048 public key from platform
Owner encrypts FEK with recipient's public key (RSA-2048-OAEP)
Encrypted FEK + IV stored as share record in owner's DynamoDB
Recipient decrypts FEK with their RSA private key
Recipient downloads encrypted file from owner's S3 via pre-signed URL
Recipient decrypts file with FEK in browser

Revocation

Delete the share record (encrypted FEK) from DynamoDB. The recipient can no longer obtain the decryption key and therefore cannot decrypt the file, even if they previously downloaded the encrypted blob.

3. Infrastructure

Account Architecture

Platform Account (centralized)

Cognito (authentication)
6 DynamoDB tables (metadata only)
REST API Gateway (v1)
Connection routing & orchestration

User Cloud (per-user AWS account)

S3 (encrypted file storage)
Single-table DynamoDB
Lambda functions (APIs)
HTTP API Gateway (v2)
KMS (server-side encryption key)

Cross-Account Security

The platform deploys infrastructure into user accounts via STS AssumeRole with a unique ExternalId per user (format: imegha-{uuid}). Temporary credentials expire after 1 hour. Permission boundaries restrict what the deployment role can do, even if the trust policy is broader.

Permission Boundary

Allowed Services

S3, DynamoDB, Lambda
API Gateway, CloudWatch, Logs
KMS, SNS, SQS

Denied (always)

iam:CreateUser, iam:CreateGroup
iam:*AccessKey, iam:*LoginProfile
Modifying the deployment role itself
Any service outside the allowed list

CloudFormation

User Cloud uses a nested stack pattern. The master template orchestrates sub-stacks:

user-cloud.yaml (master)
  ├── storage.yaml    (S3 + KMS)
  ├── database.yaml   (DynamoDB)
  ├── iam.yaml        (Lambda roles)
  ├── api.yaml        (API Gateway)
  ├── monitoring.yaml (CloudWatch)
  └── services/
      ├── storage_service.yaml
      ├── sharing_service.yaml
      ├── imchat.yaml
      └── audit_service.yaml

Lambda Runtime

Runtime: Python 3.12
Default memory: 256 MB
Default timeout: 30 seconds

4. Threat Model

Threat	Protected?	How
Platform breach	Yes	Attacker gets encrypted blobs, public keys, emails. No plaintext.
AWS employee access	Yes	Double encryption: client-side AES-256-GCM + server-side KMS.
Government subpoena to iMegha	Yes	We can only produce encrypted blobs. Cannot decrypt.
Network eavesdropping	Yes	HTTPS/TLS + content encrypted before transmission.
Confused deputy attack	Yes	Unique ExternalId per user prevents cross-account role assumption.
Password compromise	Partial	PBKDF2 100K iterations slows brute force. But with password, attacker can derive KEK.
Device compromise	Partial	Browser access while logged in = access to decrypted data in memory.

5. Data Residency

Complete separation between user content and platform metadata. The platform never stores or processes user content.

User's Cloud Account

S3: encrypted files, profile pictures
DynamoDB: file metadata, FEKs, folder structures, share records, albums, chat messages, CKs, profile fields, audit logs
Lambda: Storage API, Sharing API, Chat API, Audit API
KMS: server-side S3 encryption key

Platform

Cognito: email, password hash
UserDirectoryTable: userId, email, iMTag, encrypted DEK, RSA public key, cloudApiUrl
ConnectionsTable: friend relationships, group memberships
DeploymentsTable: stack status, ExternalId

6. AWS Cost Breakdown

Each user pays their own AWS bill directly. No markup from iMegha. Costs depend on usage.

Service	Free Tier (Year 1)	After Free Tier
S3	5 GB free	~$0.023/GB/month
DynamoDB	25 GB free	~$1.25/GB/month
Lambda	1M requests free	~$0.20/1M requests
API Gateway	1M calls free	~$1.00/1M calls
KMS	20K requests free	~$1/month + $0.03/10K requests
Typical Total	$0-5/month	$5-20/month

7. Regulatory Compliance

The architecture natively satisfies requirements from multiple regulatory frameworks. When the platform cannot read user data, most compliance requirements are met by default.

GDPR (EU General Data Protection Regulation)

Requirement	How iMegha Satisfies It
Art. 17 — Right to Erasure	User deletes their CloudFormation stack; all data (S3, DynamoDB) destroyed. Platform retains only email.
Art. 20 — Data Portability	User owns their AWS account. Standard AWS export tools (S3 sync, DynamoDB export) work without iMegha involvement.
Art. 25 — Data Protection by Design	End-to-end encryption (AES-256-GCM). Platform stores only encrypted blobs, public keys, and routing metadata. Cannot access content.
Art. 44-49 — Cross-Border Transfer	User chooses AWS region. Data physically stays in selected region. No cross-border transfer by platform.

CCPA (California Consumer Privacy Act)

Right to Know (Sec. 1798.100): Audit trail stored in user's own cloud — every share, view, and access event logged with timestamps.
Right to Delete (Sec. 1798.105): User deletes CloudFormation stack. Platform data reduced to email and locked keys. Full deletion of content immediate.
Right to Opt-Out (Sec. 1798.120): No data sale possible. Platform cannot read user data. Zero-knowledge architecture prevents data monetization.

HIPAA (Health Insurance Portability and Accountability Act)

Technical Safeguard	Implementation
Access Control (164.312(a))	Per-file encryption keys (FEK). Per-conversation keys (CK). Only authorized recipients can decrypt.
Audit Controls (164.312(b))	Audit trail in user's DynamoDB: share events, view events, access timestamps. Stored in user's cloud.
Integrity (164.312(c))	AES-256-GCM authentication tags detect any tampering. AWS KMS provides additional integrity guarantees.
Transmission Security (164.312(e))	HTTPS/TLS for all API calls. Content encrypted with AES-256-GCM before transmission. Double encryption in transit.

Note on BAAs: Because iMegha operates on a zero-knowledge basis and patient data never passes through or is stored on the platform, the typical BAA requirement is architecturally mitigated. The platform cannot be a business associate if it cannot access PHI.

SOX & Financial Compliance

Audit Trail: Immutable access log in user's DynamoDB with timestamps, event types, and actor IDs.
Data Integrity: AES-256-GCM authentication tags provide cryptographic proof of data integrity.
Access Controls: Per-file sharing permissions with instant revocation. All access events logged.
Segregation of Duties: Platform (coordination) and user cloud (data) are architecturally separated. Neither can access the other's content.