Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Cloud Storage
A Thesis Submitted
in Partial Fulfillment of the Requirements
for the Degree of
Bachelor of Technology
in
Computer Science & Engineering
by
Navlok Mishra (20115039)
Deepika Uttam (20114063)
Satinjal Yadav (20114031)
Rupendra Kumar (20114012)
to the
COMPUTER SCIENCE AND ENGINEERING DEPARTMENT
UNDERTAKING
We declare that the work presented in this thesis titled KeyAggregate Cryptosystem For Data Sharing In Cloud Storage
, submitted to the Computer Science and Engineering Department, Motilal Nehru National Institute of Technology, Allahabad, U.P.(211004), India, for the award of the Bachelor of
Technology degree in Computer Science & Engineering ,
is my original work. We have not plagiarized or submitted the
same work for the award of any other degree. In case this undertaking is found incorrect, We accept that my degree may be
unconditionally withdrawn.
May, 2015
Allahabad
( Navlok Mishra (20115039)
Deepika Uttam (20114063)
Satinjal Yadav (20114031)
Rupendra Kumar
(20114012)
)
ii
CERTIFICATE
Certified that the work contained in the thesis titled KeyAggregate Cryptosystem For Data Sharing In Cloud Storage ,
by Navlok Mishra (20115039), Deepika Uttam(20114063), Satinjal Yadav(20114031), Rupendra Kumar(20114012), has been
carried out under my supervision and that this work has not
been submitted elsewhere for a degree.
iii
Preface
The following project report describes the work done by us in the 8th semester on
the "Key-Aggregate Cryptosystem For Data Sharing In Cloud Storage",
our final year project for even semester. We have designed a asymmetric cryptosystem which is entirely different from traditional asymmetric cryptosystem to provide
security to Cloud storage. In order to get the benefits of Key-Aggregate Cryptosystem, users need to register on Key-Aggregate Cryptosystem application. Once user
gets registered, he/she gets a Public Key that will be used in future for encryption.
We have used NetBeans editor to write code in JAVA. Finally the snapshots, future
aspects and conclusion mark the end of the document.
iv
Acknowledgements
We are extremely grateful to Dr. Anoj Kumar for his revered guidance and encouragement, which led to the completion of this project till now. Without his constant
appraisal and efforts, this task would have been merely dream. He was always there
to help us throughout this project. He provided us with all the necessary resources
and guidance during the project which helped us to complete the project successfully.
Finally, we deem it a great pleasure to thank one and all that helped us directly or
indirectly in carrying out this term paper project work. We are also thankful to our
colleagues and friends for their support.
Contents
Preface
iv
Acknowledgements
Workload Distribution
Targets Achieved
1 Introduction
1.1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2
Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.3
2.1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2
2.2.1
Secret-key cryptosystem . . . . . . . . . . . . . . . . . . . . .
2.2.2
Public-key cryptosystem . . . . . . . . . . . . . . . . . . . . .
Key-aggregate Cryptosystem . . . . . . . . . . . . . . . . . . . . . . .
2.3
3 Cloud Storage
3.1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.2
3.3
3.4
3.5
4 Proposed Approach
12
4.1
Existing System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
4.2
Proposed Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
4.3
4.4
4.5
5 Implementation
15
5.1
Implementation Environment . . . . . . . . . . . . . . . . . . . . . . 15
5.2
Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
5.3
5.4
5.2.1
Pseduo Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
5.2.2
JAVA Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
5.3.2
Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
5.4.1
Result 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
5.4.2
Result 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
5.4.3
Result 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
5.4.4
Result 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
5.4.5
Result 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
5.4.6
Result 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
5.4.7
Result 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
5.4.8
Result 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
5.4.9
Result 9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
5.4.10 Result 10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
6 Software Tools Used
56
6.1
NetBeans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
6.2
OwnCloud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
6.2.1
Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
6.2.2
Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
6.2.3
Hardware Requiremnts . . . . . . . . . . . . . . . . . . . . . . 60
vii
6.2.4
Software Requiremnts . . . . . . . . . . . . . . . . . . . . . . 60
7 Conclusion
61
7.1
Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
7.2
Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
7.3
References
63
References
64
viii
List of Figures
1
Level 0 DFD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Level 1 DFD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Server is stopped . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Server is started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
10
11
12
13
14
15
16
17
18
19
Emily browse the file RSA.java whose content is showing on right side
and class index will be calculated for the selected file . . . . . . . . . 40
ix
20
21
22
23
24
All encrypted files are listed in the list under "Aggregate-Key" section 44
25
26
27
28
29
30
31
List of Tables
1
10
11
Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 60
12
Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . 60
. . . . . . . . . . . . . . . . . . . . . 53
xi
Workload Distribution
Name
Tasks
Navlok Mishra(20115039)
Deepika Uttam(20114063)
Satinjal Yadav(20114031)
Rupendra Kumar(20114012)
Contents
List of Figures
List of Tables
Targets Achieved
TARGET
STATUS
Done
Done
Done
Implementation of cryptosystem
Done
Done
Done
Contents
List of Figures
List of Tables
Chapter 1
Introduction
1.1
Introduction
Cloud storage is gaining popularity since last 5-6 years. Most of the online services
are based on the cloud storage and anyone can access the online services from anywhere and anytime. For example, Google offers an online service known as Google
Drive, that enables an user to upload and download files from Google Drive at anytime and anywhere . So clearly, all the data of all customers around the world is
stored in cloud storage.
Now the question arises about the security of data privacy. Traditional way to
provide data security relies on servers which provides different restriction to different customers, which means any unexpected privilege will expose the data [14]. In
a shared-tenancy cloud computing environment, things become even worse. Data
from different clients can be hosted on separate virtual machines (VMs) but reside
on a single physical machine. Data in a target VM could be stolen by instantiating
another VM coresident with the target one [8].
Customers may not have strong belief that cloud server is doing well in terms of
confidentiality or may not have trust on security of VM or on the honesty of technical staff. In these situation, customers are motivated to encrypt their files before
uploading to cloud servers. But the problem with this solution is in data sharing.
1.2
Motivation
1.3
Chapter 2
Cryptography and Cryptosystems
2.1
Introduction
2.2
2.2.1
Secret-key cryptosystem
2.2.2
Public-key cryptosystem
2.3
Key-aggregate Cryptosystem
Chapter 3
Cloud Storage
3.1
Introduction
Cloud storage means "the storage of data online in the cloud," wherein a companys
data is stored in and accessible from multiple distributed and connected resources
that comprise a cloud.
Cloud storage can provide the benefits of greater accessibility and reliability; rapid
deployment; strong protection for data backup, archival and disaster recovery purposes; and lower overall storage costs as a result of not having to purchase, manage
and maintain expensive hardware. However, cloud storage does have the potential
for security and compliance concerns [3].
3.2
1. Public Cloud :
service provider are separate and there arent any cloud resources stored in
the enterprises data center. The cloud storage provider fully manages the
enterprises public cloud storage.
2. Private Cloud :
storage provider are integrated in the enterprises data center. In private cloud
storage, the storage provider has infrastructure in the enterprises data center
that is typically managed by the storage provider. Private cloud storage helps
resolve the potential for security and performance concerns while still offering
the advantages of cloud storage.
3. Hybrid Cloud : Hybrid cloud storage is a combination of public and private
cloud storage where some critical data resides in the enterprises private cloud
while other data is stored and accessible from a public cloud storage provider.
[3]
3.3
1. Accessibility :
cess to different type of gadgets for work as well as recreational purpose. With
cloud storage services, people are no longer required to toggle files between
different gadgets which can prove to be complex and cumbersome. Files and
information can be accessed from different places provided that, there is internet connection.
2. Cost :
drives do not come for cheap prices. Apart from that, a lot of time is required
for manually completing routine backups. Cloud storage services do not require traditional backup methods and offers plenty of storage space at low
costs.
3. Security :
be easily carried out with few clicks of the mouse which makes it absolutely
convenient and easy for the users.
5. Invisibility :
others for all purposes and intents helps to keep valuable space at office or
home from getting occupied.
6. Syncing :
by syncing. As a result of that, users can have access to the updated files
irrespective of the device being used. [7]
3.4
measures adopted by cloud storage service providers but, it is not impossible. For instance, a compromise within any of the servers where the personal
information of millions of users is stored can expose it to the hackers.
3. Speed Issue :
3.5
1. Dropbox
2. Google Drive
3. Mega
4. Copy
10
5. Microsoft oneDrive
6. Tresorit
7. Box
8. Knowhow Cloud
9. Mediafire
10. Apple icloud
11. Mozy
12. Spideroak
13. Amazon Cloud Drive [4]
11
Chapter 4
Proposed Approach
4.1
Existing System
Traditional way to provide data security relies on servers which provides different
restriction to different customers, which means any unexpected privilege will expose
the data [14]. In a shared-tenancy cloud computing environment, things become
even worse. Data from different clients can be hosted on separate virtual machines
(VMs) but reside on a single physical machine. Data in a target VM could be stolen
by instantiating another VM coresident with the target one [8] .
Customers may not have strong belief that cloud server is doing well in terms of
confidentiality or may not have trust on security of VM or on the honesty of technical staff. In these situation, customers are motivated to encrypt their files before
uploading to cloud servers.
So to provide the solution for above situations, 2 possiblities are there:1. A can encrypt all files with an encryption key and send the secret key to B.The
problem is that B can also decrypt the those files which A would not like to
share with B.
2. A can encrypt each file with distinct encryption key and send all secret keys
to B.The problem is need of large memory.
12
4.2
Proposed Approach
In this paper, we study how to make a decryption key more powerful in the sense
that it allows decryption of multiple ciphertexts, without increasing its size. Specifically, our problem statement is "To design an efficient public-key encryption
scheme which supports flexible delegation in the sense that any subset of
the ciphertexts (produced by the encryption scheme) is decryptable by a
constant-size decryption key (generated by the owner of the master-secret
key)". We solve this problem by introducing a special type of public-key encryption which we call key-aggregate cryptosystem (KAC) [5]. In KAC, users encrypt a
message not only under a public-key, but also under an identifier of ciphertext called
class. That means the ciphertexts are further categorized into different classes. The
key owner holds a master-secret called master-secret key, which can be used to extract secret keys for different classes. More importantly, the extracted key have
can be an aggregate key which is as compact as a secret key for a single class, but
aggregates the power of many such keys, i.e., the decryption power for any subset
of ciphertext classes.
4.3
4.4
4.5
14
Chapter 5
Implementation
5.1
Implementation Environment
1. JDK 40.0
2. Wamp Server
3. Owncloud Server
4. LAN or WIFI connection
5.2
5.2.1
Code
Pseduo Codes
Introduction
Our algorithms for public/secret-key pair generation, encryption and decryption
are entirely based on RSA key public cryptosystem with some additions. In 1978,
RSA [12] [17] developed a public key cryptosystem that is based on the difficulty
15
of integer factoring. The RSA public key encryption scheme is the first example
of a provably secure public key encryption scheme against chosen message attacks.
RSA involves too many mathematics concepts [15] like factorization, euler totient
function denoted as phi(n). Assuming that the factoring problem is computationally
intractable and it is hard to find the prime factors of n = p * q.
16
17
5.2.2
JAVA Codes
r.setSeed(seedNum);
byte []k = new byte[16];
r.nextBytes(k);
for(i=0;i<15;++i) {
temp = (int)k[i];
temp%=128;
if(temp<0)
temp+=128;
k[i] = (byte)temp;
pk.append(temp);
pk.append("-");
}
temp = (int)k[i];
temp%=128;
if(temp<0)
temp+=128;
k[i] = (byte)temp;
pk.append(temp);
return pk.toString();
19
}
// Completion of generatePublicKey() method.
2. Aggregate-Key Generation
encryption.hasRecieved = false;
login.sessionObject.out.println("_ReQuEsTpK_");
login.sessionObject.out.println(login.usernameField.getText());
while (!encryption.hasRecieved);
while (st.hasMoreTokens())
pk[j++] = (byte)(Integer.parseInt(st.nextToken()));
20
while (j<16) {
masterKey+= ("-" + Integer.toString((int)pk[j]));
j++;
}
aggregateKeyField.setText(masterKey);
//Completion of generateMasterKey() method
3. Encryption
21
fn.append(myDocsPath);
fn.append(fileSeparator);
fn.append("keyAggregateCryptosystem");
fn.append(fileSeparator);
fn.append(getUserName(login.usernameField.getText()));
fn.append(fileSeparator);
fn.append("encryptedFiles");
fn.append(fileSeparator);
fn.append(fileName);
while (st.hasMoreTokens()) {
pk[++j] = (byte)(Integer.parseInt(st.nextToken()));
if(j!=15)
}
22
for(l=0;l<bytesRead;++l) {
result.append(myBuffer[l]);
}
data = result.toString();
ans = data.getBytes();
temp = XOR(pk,ans);
bw.write(temp);
}
if (classIndex<10)
23
bw.write("00");
else if (classIndex<100)
bw.write("0");
bw.write(classIndexField.getText());
bw.close();
} catch(Exception ex) {
System.out.println(ex);
System.out.println("encryption.java.actionPerformed.encrypt
Button.encrypt():Exception");
}
JOptionPane.showMessageDialog(null, "File is encrypted successfully and saved into encryptedFiles folder inside My Documents directory",
"", JOptionPane.PLAIN_MESSAGE);
}
//Completion of encrypt() method.
4. Decryption
24
int l,bytesRead = 0;
String data,temp;
byte []ans;
try{
BufferedReader in = new BufferedReader(new FileReader(inputFileName));
if (!f.exists()) {
f.createNewFile();
}
for(l=0;l<bytesRead;++l) {
result.append(myBuffer[l]);
}
data = result.toString();
ans = data.getBytes();
temp = XOR(k,ans);
bw.write(temp);
25
bw.close();
in.close();
} catch (Exception ex) {
ex.printStackTrace();
System.out.println("decryption.decrypt():exception");
}
}
//Completion of decrypt() method.
26
5.3
5.3.1
27
28
29
30
5.3.2
31
32
Figure 12: User has already registered with the same email-ID
33
34
Figure 14: User provides wrong credentials while login to key management server
35
Figure 15: User login successfully and now can access all features
36
Figure 16: Profile page of user having the list of all features
37
Figure 17: When "Emily" click on "Generate Key" button then an input dialog box
is opened to put the name of user whose Public Key is needed. Here "Emily" needs
her own Public Key
38
Figure 18: Emily Click on "OK" button then public key is recieved
39
Figure 19: Emily browse the file RSA.java whose content is showing on right side
and class index will be calculated for the selected file
40
Figure 20: When Emily click on "Encrypt" button, file will be encypted and stored
in My Documents directory
41
42
Figure 23: Emily shares all encrypted files with user Brandon
43
Figure 24: All encrypted files are listed in the list under "Aggregate-Key" section
44
Figure 25: Emily selects files and click on "Master Key" button to generate
Aggregate-key
45
Figure 26: Brandon downloads all encrypted files from owncloud servers
46
47
Figure 28: Brandon enters the senders username and aggregate-key given by Emil
48
49
Figure 30: All files are decrypted succesfully and stored in My Documents directory
5.4
Results
The proposed "Key-Aggregate Cryptosystem" has been found to perform successfully the following features.
50
5.4.1
Result 1
File Name
RemoveRows.java
syn.java
Client.java
Class Index
2
5
3
5.4.2
Result 2
File Name
printReverseNameUsingLoop.py
guiUsingClass.py
mission.cpp
spoj.cpp
resto.cpp
Class Index
1
2
3
4
5
51
5.4.3
Result 3
File Name
login.txt
goodNode.cpp
Class Index
1
2
5.4.4
Result 4
Class Index
1
2
3
52
5.4.5
Result 5
File Name
dijsktraQueue.cpp
spath.cpp
roads.cpp
Class Index
1
2
3
5.4.6
Result 6
File Name
dijsktraQueue.cpp
spath.cpp
roads.cpp
Class Index
1
2
3
53
5.4.7
Result 7
File Name
dijsktraQueue.cpp
spath.cpp
roads.cpp
Class Index
1
2
3
5.4.8
Result 8
File Name
dijsktraQueue.cpp
spath.cpp
roads.cpp
Class Index
1
2
3
54
5.4.9
Result 9
File Name
dijsktraQueue.cpp
spath.cpp
roads.cpp
Class Index
1
2
3
5.4.10
Result 10
File Name
dijsktraQueue.cpp
spath.cpp
roads.cpp
Class Index
1
2
3
55
Chapter 6
Software Tools Used
6.1
NetBeans
6.2
OwnCloud
OwnCloud is free and open source software that operates as a very simple way to set
up your own syncing, Dropbox-like cloud storage system on your own server or web
site. The ownCloud server is written in the PHP and JavaScript scripting languages.
For remote access, it employs SabreDAV, an open-source WebDAV server. ownCloud
is designed to work with several database management systems, including SQLite,
MariaDB, MySQL, Oracle Database, and PostgreSQL. OwnCloud allows anyone to
install and operate it without charge on a private server, with no limits on storage
space (except for disk capacity or account quota) or the number of connected clients.
OwnCloud features include: [10] [11] [13]
1. File storage in conventional directory structures or via WebDAV.
2. Encryption of user files.
56
6.2.1
Installation
57
58
59
6.2.2
Requirements
6.2.3
Hardware Requiremnts
Processor
RAM
Hard Disk
Floppy Drive
Graphics
6.2.4
Software Requiremnts
Operating System
Front End
Scripts
Server Side Script
Database
Database
Windows95/98/2000/XP
HTML, Java, Jsp
Java Scripts
Java server pages
Mysql
Connectivity-JDBC
60
Chapter 7
Conclusion
7.1
Conclusion
Our approach to protect users data privacy more effective than other cryptographic
schemes. It is more flexible than hierarchical key assignment which can only save
spaces if all key-holders share a similar set of privileges.
7.2
Limitations
The limition in our approach is the predefined bound of the number of maximum ciphertext classes. In cloud storage, the number of ciphertexts usually
grows rapidly. So we have to reserve enough ciphertext classes for the future
extension.
Due to time limitation, we are able to design our cryptosystem only for text
files.
Since to send aggregate key, we are rely on the some secure mail system, so
security of our key-aggregate cryptosystem is entriely dependent on the secure
mail system.
61
7.3
62
References
[1] Aboud, S. Baghdad method for calculating multiplicative inverse. Software
Engineering: An International Journal International Conference on Information Technology, Las Vegas, Nevada, USA (2004), 816819.
[2] AnkitJain. Types of cryptosystems, 2015. url=http://tinyurl.com/qgsm6ko.
[3] Beal, V. Cloud storage, 2015. url=http://tinyurl.com/k6e4jvg.
[4] Casserly,
M.
13
best
cloud
storage
services
2015,
2015.
url=http://tinyurl.com/nr77rgb.
[5] Cheng-Kang Chu, Sherman S.M. Chow, W.-G. T. J. Z. R. H. D. S. M.
Security for scalable data sharing in cloud storage, transactions on parallel and
distributed systems. Software Engineering: An International Journal 25, 2
(2014).
[6] Google. Image, 2014. url=http://tinyurl.com/mrrqcws.
[7] Gupta, A. Advantages and disadvantages of cloud storage services, 2015.
url=http://tinyurl.com/lhmqv7z.
[8] Hardesty, L.
url=http://www.physorg.com/news176107396.html.
[9] Netbeans. Netbeans ide, 2014. url=https://netbeans.org/features/index.html.
[10] OwnCloud. Installation manual, 2015. url=http://tinyurl.com/kyodex6.
[11] OwnCloud. Setup, 2015. url=https://owncloud.org/install/.
63
64