Key-Aggregate Cryptosystem For Data Sharing In

Cloud Storage
A Thesis Submitted
in Partial Fulfillment of the Requirements
for the Degree of
Bachelor of Technology
in
Computer Science & Engineering
by
Navlok Mishra (20115039)
Deepika Uttam (20114063)
Satinjal Yadav (20114031)
Rupendra Kumar (20114012)

to the
COMPUTER SCIENCE AND ENGINEERING DEPARTMENT

MOTILAL NEHRU NATIONAL INSTITUTE OF TECHNOLOGY

ALLAHABAD, U.P.(211004), India
May, 2015

UNDERTAKING
We declare that the work presented in this thesis titled KeyAggregate Cryptosystem For Data Sharing In Cloud Storage
, submitted to the Computer Science and Engineering Department, Motilal Nehru National Institute of Technology, Allahabad, U.P.(211004), India, for the award of the Bachelor of
Technology degree in Computer Science & Engineering ,
is my original work. We have not plagiarized or submitted the
same work for the award of any other degree. In case this undertaking is found incorrect, We accept that my degree may be
unconditionally withdrawn.

May, 2015
Allahabad
( Navlok Mishra (20115039)
Deepika Uttam (20114063)
Satinjal Yadav (20114031)
Rupendra Kumar
(20114012)
)

ii

CERTIFICATE

Certified that the work contained in the thesis titled KeyAggregate Cryptosystem For Data Sharing In Cloud Storage ,
by Navlok Mishra (20115039), Deepika Uttam(20114063), Satinjal Yadav(20114031), Rupendra Kumar(20114012), has been
carried out under my supervision and that this work has not
been submitted elsewhere for a degree.

(Dr. Anoj Kumar)

Computer Science and Engineering Dept.
M.N.N.I.T,Allahabad,U.P.(211004),India
May, 2015

iii

Preface
The following project report describes the work done by us in the 8th semester on
the "Key-Aggregate Cryptosystem For Data Sharing In Cloud Storage",
our final year project for even semester. We have designed a asymmetric cryptosystem which is entirely different from traditional asymmetric cryptosystem to provide
security to Cloud storage. In order to get the benefits of Key-Aggregate Cryptosystem, users need to register on Key-Aggregate Cryptosystem application. Once user
gets registered, he/she gets a Public Key that will be used in future for encryption.
We have used NetBeans editor to write code in JAVA. Finally the snapshots, future
aspects and conclusion mark the end of the document.

iv

Acknowledgements
We are extremely grateful to Dr. Anoj Kumar for his revered guidance and encouragement, which led to the completion of this project till now. Without his constant
appraisal and efforts, this task would have been merely dream. He was always there
to help us throughout this project. He provided us with all the necessary resources
and guidance during the project which helped us to complete the project successfully.
Finally, we deem it a great pleasure to thank one and all that helped us directly or
indirectly in carrying out this term paper project work. We are also thankful to our
colleagues and friends for their support.

Contents
Preface

iv

Acknowledgements

Workload Distribution

Targets Achieved

1 Introduction

1.1

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1.2

Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1.3

Framework of Key-Aggregate Cryptosystem . . . . . . . . . . . . . .

2 Cryptography and Cryptosystems

2.1

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2.2

Different types of cryptosystems . . . . . . . . . . . . . . . . . . . . .

2.2.1

Secret-key cryptosystem . . . . . . . . . . . . . . . . . . . . .

2.2.2

Public-key cryptosystem . . . . . . . . . . . . . . . . . . . . .

Key-aggregate Cryptosystem . . . . . . . . . . . . . . . . . . . . . . .

2.3

3 Cloud Storage

3.1

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3.2

Types of Cloud Storage . . . . . . . . . . . . . . . . . . . . . . . . . .

3.3

Advantages of Cloud Storage Services . . . . . . . . . . . . . . . . . .

3.4

Disadvatanges of Cloud Storage Services . . . . . . . . . . . . . . . . 10

3.5

Examples of Cloud Storage Services . . . . . . . . . . . . . . . . . . . 10

vi

4 Proposed Approach

12

4.1

Existing System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

4.2

Proposed Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

4.3

Disadvantages Of Existing System . . . . . . . . . . . . . . . . . . . . 13

4.4

Advantages of Proposed System . . . . . . . . . . . . . . . . . . . . . 13

4.5

Data Flow Diagram of Key-Aggregate Cryptosystem . . . . . . . . . 14

5 Implementation

15

5.1

Implementation Environment . . . . . . . . . . . . . . . . . . . . . . 15

5.2

Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

5.3

5.4

5.2.1

Pseduo Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

5.2.2

JAVA Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Snapshots of Key-Aggregate Cryptosystem Application . . . . . . . . 27

5.3.1

Snapshots of Server Side . . . . . . . . . . . . . . . . . . . . . 27

5.3.2

Snapshots of Client Side . . . . . . . . . . . . . . . . . . . . . 31

Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
5.4.1

Result 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

5.4.2

Result 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

5.4.3

Result 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

5.4.4

Result 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

5.4.5

Result 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

5.4.6

Result 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

5.4.7

Result 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

5.4.8

Result 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

5.4.9

Result 9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

5.4.10 Result 10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
6 Software Tools Used

56

6.1

NetBeans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

6.2

OwnCloud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
6.2.1

Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

6.2.2

Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

6.2.3

Hardware Requiremnts . . . . . . . . . . . . . . . . . . . . . . 60
vii

6.2.4

Software Requiremnts . . . . . . . . . . . . . . . . . . . . . . 60

7 Conclusion

61

7.1

Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

7.2

Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

7.3

Future Aspects of Key-Aggregate Cryptosystem . . . . . . . . . . . . 62

References

63

References

64

viii

List of Figures
1

Different devices connected to cloud or cloud storage [6] . . . . . . . .

Standard Frame Work . . . . . . . . . . . . . . . . . . . . . . . . . .

Frame Work For Our Proposed Approach . . . . . . . . . . . . . . . .

Level 0 DFD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Level 1 DFD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Server is stopped . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Server is started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

No user is currently connected to server . . . . . . . . . . . . . . . . . 29

Details of all current users . . . . . . . . . . . . . . . . . . . . . . . . 30

10

User tries to register when server is offline . . . . . . . . . . . . . . . 31

11

User is successfully registered with Key-Management Server . . . . . 32

12

User has already registered with the same email-ID . . . . . . . . . . 33

13

User tries to login when server is offline . . . . . . . . . . . . . . . . . 34

14

User provides wrong credentials while login to key management server 35

15

User login successfully and now can access all features . . . . . . . . . 36

16

Profile page of user having the list of all features . . . . . . . . . . . . 37

17

When "Emily" click on "Generate Key" button then an input dialog

box is opened to put the name of user whose Public Key is needed.
Here "Emily" needs her own Public Key . . . . . . . . . . . . . . . . 38

18

Emily Click on "OK" button then public key is recieved . . . . . . . 39

19

Emily browse the file RSA.java whose content is showing on right side
and class index will be calculated for the selected file . . . . . . . . . 40

ix

20

When Emily click on "Encrypt" button, file will be encypted and

stored in My Documents directory . . . . . . . . . . . . . . . . . . . . 41

21

Emily logins in owncloud server . . . . . . . . . . . . . . . . . . . . . 42

22

Emily uploads all encrypted files to owncloud server . . . . . . . . . . 43

23

Emily shares all encrypted files with user Brandon . . . . . . . . . . . 43

24

All encrypted files are listed in the list under "Aggregate-Key" section 44

25

Emily selects files and click on "Master Key" button to generate

Aggregate-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

26

Brandon downloads all encrypted files from owncloud servers . . . . . 46

27

Brandon opens all decrypted files shared by Emily . . . . . . . . . . . 47

28

Brandon enters the senders username and aggregate-key given by Emil 48

29

Invalid aggregate-key is entered . . . . . . . . . . . . . . . . . . . . . 49

30

All files are decrypted succesfully and stored in My Documents directory 50

31

Click on the Finish setup button [10] . . . . . . . . . . . . . . . . . . 59

List of Tables
1

Emily Posas files details . . . . . . . . . . . . . . . . . . . . . . . . . 51

Daniel Vettoris files details . . . . . . . . . . . . . . . . . . . . . . . 51

Navlok Mishras files details . . . . . . . . . . . . . . . . . . . . . . . 52

Satinjal Yadavs files details . . . . . . . . . . . . . . . . . . . . . . . 52

Rupendra Kumars files details

Deepikas files details . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Rutherfords files details . . . . . . . . . . . . . . . . . . . . . . . . . 54

Brandon Taylors files details . . . . . . . . . . . . . . . . . . . . . . . 54

Jamess files details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

10

Jamess files details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

11

Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 60

12

Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . 60

. . . . . . . . . . . . . . . . . . . . . 53

xi

Workload Distribution
Name

Tasks

Navlok Mishra(20115039)

Coding (Server+encryption module), Report, Installation

Deepika Uttam(20114063)

Coding(Aggregate key Generation module), Report, PPT

Satinjal Yadav(20114031)

Coding(GUI Design), Documentation

Rupendra Kumar(20114012)

Coding(Decryption Module), Documentation, Installation

Contents

List of Figures

List of Tables

Targets Achieved
TARGET

STATUS

Requirement analysis and gathering

Done

Selection of an asymmetric cryptosystem

Done

Designing of various algorithms based on selected cryptoysystem

Done

Implementation of cryptosystem

Done

Analysis of cryptosystems results

Done

Testing of cryptosystem on real cloud storage

Done

Contents

List of Figures

List of Tables

Chapter 1
Introduction
1.1

Introduction

Cloud storage is gaining popularity since last 5-6 years. Most of the online services
are based on the cloud storage and anyone can access the online services from anywhere and anytime. For example, Google offers an online service known as Google
Drive, that enables an user to upload and download files from Google Drive at anytime and anywhere . So clearly, all the data of all customers around the world is
stored in cloud storage.
Now the question arises about the security of data privacy. Traditional way to
provide data security relies on servers which provides different restriction to different customers, which means any unexpected privilege will expose the data [14]. In
a shared-tenancy cloud computing environment, things become even worse. Data
from different clients can be hosted on separate virtual machines (VMs) but reside
on a single physical machine. Data in a target VM could be stolen by instantiating
another VM coresident with the target one [8].
Customers may not have strong belief that cloud server is doing well in terms of
confidentiality or may not have trust on security of VM or on the honesty of technical staff. In these situation, customers are motivated to encrypt their files before
uploading to cloud servers. But the problem with this solution is in data sharing.

Figure 1: Different devices connected to cloud or cloud storage [6]

1.2

Motivation

Data sharing is an important functionality in cloud storage. In this paper, we show

how to securely, efficiently, and flexibly share data with others in cloud storage. We
describe new public-key cryptosystems that produce constant-size cipher texts such
that efficient delegation of decryption rights for any set of ciphertexts is possible. The
novelty is that one can aggregate any set of secret keys and make them as compact as
a single key, but encompassing the power of all the keys being aggregated. In other
words, the secret key holder can release a constant-size aggregate key for flexible
choices of ciphertext set in cloud storage, but the other encrypted files outside the
set remain confidential. This compact aggregate key can be conveniently sent to
others or be stored in a smart card with very limited secure storage. We provide
formal security analysis of our schemes in the standard model. We also describe
other application of our schemes. In particular, our schemes give the first public-key
patient-controlled encryption for flexible hierarchy, which was yet to be known. [14].

1.3

Framework of Key-Aggregate Cryptosystem

Standard framework of key-aggregate cryptosystem.

Figure 2: Standard Frame Work

Framework of our proposed approach

Figure 3: Frame Work For Our Proposed Approach

Chapter 2
Cryptography and Cryptosystems
2.1

Introduction

In cryptography cryptosystem refers to a suite of cryptographic algorithms needed to

implement a particular security service, most commonly for achieving confidentiality
(encryption).
Typically, a cryptosystem consists of three algorithms: one for key generation, one
for encryption, and one for decryption. The term cipher (sometimes cypher) is often
used to refer to a pair of algorithms, one for encryption and one for decryption.
Therefore, the term "cryptosystem" is most often used when the key generation
algorithm is important. For this reason, the term "cryptosystem" is commonly used
to refer to public key techniques; however both "cipher" and "cryptosystem" are
used for symmetric key techniques[16].

2.2

Different types of cryptosystems

There are two basic types of cryptosystems:

2.2.1

Secret-key cryptosystem

Secret-key cryptosystem or traditional cryptography is also referred as symmetric

cryptography. In this the sender and receiver of a message know and use the same
secret key; the sender uses the secret key to encrypt the message, and the receiver
uses the same secret key to decrypt the message.
The main challenge is getting the sender and receiver to agree on the secret key
without anyone else finding out. Anyone who overhears or intercepts the key in
transit can later read, modify, and forge all messages encrypted or authenticated
using that key. All cryptosystems must deal with key management issues. Because
all keys in a secret-key cryptosystem must remain secret, secret-key cryptography
often has difficulty providing secure key management. The most popular secret-key
cryptosystem in use today is the Data Encryption Standard (DES). Other examples
are IDEA, Blowfish, etc [2] .

2.2.2

Public-key cryptosystem

Public-key cryptosystem is also referred as Asymmetric cryptography, in which each

user has a pair of keys (1) a public key and (2) a private key. The public key
is made public while the private key remains secret. Encryption is performed with
the public key while decryption is done with the private key.
The need for the sender and receiver to share secret information is eliminated; all
communications involve only public keys, and no private key is ever transmitted or
shared. In this system, it is no longer necessary to trust the security of some means of
communications. The only requirement is that public keys be associated with their
users in a trusted (authenticated) manner (for instance, in a trusted directory).
Anyone can send a confidential message by just using public information, but the
message can only be decrypted with a private key, which is in the sole possession of
the intended recipient [2].
6

2.3

Key-aggregate Cryptosystem

It is a cryptosystem which is different from traditional cryptosystems in the sense

that a single constant size decryption key is needed which is sufficient to decrypt a
subset of files while remaining files undecryptable.
In key-aggregate cryptosystem (KAC), users encrypt a message not only under a
public-key, but also under an identifier of ciphertext called class. That means the
ciphertexts are further categorized into different classes. The key owner holds a
master-secret called master-secret key, which can be used to extract secret keys for
different classes. More importantly, the extracted key have can be an aggregate key
which is as compact as a secret key for a single class, but aggregates the power of
many such keys, i.e., the decryption power for any subset of ciphertext classes.
The sizes of ciphertext, public-key, master-secret key and aggregate key in our KAC
schemes are all of constant size. The public system parameter has size linear in the
number of ciphertext classes, but only a small part of it is needed each time and it
can be fetched on demand from large (but non-confidential) cloud storage.

Chapter 3
Cloud Storage
3.1

Introduction

Cloud storage means "the storage of data online in the cloud," wherein a companys
data is stored in and accessible from multiple distributed and connected resources
that comprise a cloud.
Cloud storage can provide the benefits of greater accessibility and reliability; rapid
deployment; strong protection for data backup, archival and disaster recovery purposes; and lower overall storage costs as a result of not having to purchase, manage
and maintain expensive hardware. However, cloud storage does have the potential
for security and compliance concerns [3].

3.2

Types of Cloud Storage

1. Public Cloud :

Public cloud storage is where the enterprise and storage

service provider are separate and there arent any cloud resources stored in
the enterprises data center. The cloud storage provider fully manages the
enterprises public cloud storage.
2. Private Cloud :

A form of cloud storage where the enterprise and cloud

storage provider are integrated in the enterprises data center. In private cloud
storage, the storage provider has infrastructure in the enterprises data center

that is typically managed by the storage provider. Private cloud storage helps
resolve the potential for security and performance concerns while still offering
the advantages of cloud storage.
3. Hybrid Cloud : Hybrid cloud storage is a combination of public and private
cloud storage where some critical data resides in the enterprises private cloud
while other data is stored and accessible from a public cloud storage provider.
[3]

3.3

Advantages of Cloud Storage Services

1. Accessibility :

With the advancement of technology, people now have ac-

cess to different type of gadgets for work as well as recreational purpose. With
cloud storage services, people are no longer required to toggle files between
different gadgets which can prove to be complex and cumbersome. Files and
information can be accessed from different places provided that, there is internet connection.
2. Cost :

When it comes to backing up data, backup tapes or external hard

drives do not come for cheap prices. Apart from that, a lot of time is required
for manually completing routine backups. Cloud storage services do not require traditional backup methods and offers plenty of storage space at low
costs.
3. Security :

Businesses can benefit a lot by storing sensitive or confidential

information on cloud storage services. Storing files or data locally presents

businesses with more security concerns whereas encrypted data on online storage services prevents unauthorized use or access in an easy way.
4. Sharing :

Sharing an entire folder or a single file with other users can

be easily carried out with few clicks of the mouse which makes it absolutely
convenient and easy for the users.
5. Invisibility :

The fact that data on cloud storage remains invisible from

9

others for all purposes and intents helps to keep valuable space at office or
home from getting occupied.
6. Syncing :

Automatic update of files across different devices is ensured

by syncing. As a result of that, users can have access to the updated files
irrespective of the device being used. [7]

3.4

Disadvatanges of Cloud Storage Services

1. Technical Problems : There is no doubt that cloud storage services allow

people to access information from any place with an internet connection but,
technical problems can occur at any time. Chances of technical issues or
outages can never be disregarded when it comes to technology. Even the most
highly efficient and quality cloud storage service providers run into such risks
at different times.
2. Security Breach :

Even though, it is quite hard to break the security

measures adopted by cloud storage service providers but, it is not impossible. For instance, a compromise within any of the servers where the personal
information of millions of users is stored can expose it to the hackers.
3. Speed Issue :

There are times when users of cloud storage services face

a difficult time downloading and uploading large documents as they tend to

take huge amounts of time. [7]

3.5

Examples of Cloud Storage Services

1. Dropbox
2. Google Drive
3. Mega
4. Copy

10

5. Microsoft oneDrive
6. Tresorit
7. Box
8. Knowhow Cloud
9. Mediafire
10. Apple icloud
11. Mozy
12. Spideroak
13. Amazon Cloud Drive [4]

11

Chapter 4
Proposed Approach
4.1

Existing System

Traditional way to provide data security relies on servers which provides different
restriction to different customers, which means any unexpected privilege will expose
the data [14]. In a shared-tenancy cloud computing environment, things become
even worse. Data from different clients can be hosted on separate virtual machines
(VMs) but reside on a single physical machine. Data in a target VM could be stolen
by instantiating another VM coresident with the target one [8] .
Customers may not have strong belief that cloud server is doing well in terms of
confidentiality or may not have trust on security of VM or on the honesty of technical staff. In these situation, customers are motivated to encrypt their files before
uploading to cloud servers.
So to provide the solution for above situations, 2 possiblities are there:1. A can encrypt all files with an encryption key and send the secret key to B.The
problem is that B can also decrypt the those files which A would not like to
share with B.
2. A can encrypt each file with distinct encryption key and send all secret keys
to B.The problem is need of large memory.

12

4.2

Proposed Approach

In this paper, we study how to make a decryption key more powerful in the sense
that it allows decryption of multiple ciphertexts, without increasing its size. Specifically, our problem statement is "To design an efficient public-key encryption
scheme which supports flexible delegation in the sense that any subset of
the ciphertexts (produced by the encryption scheme) is decryptable by a
constant-size decryption key (generated by the owner of the master-secret
key)". We solve this problem by introducing a special type of public-key encryption which we call key-aggregate cryptosystem (KAC) [5]. In KAC, users encrypt a
message not only under a public-key, but also under an identifier of ciphertext called
class. That means the ciphertexts are further categorized into different classes. The
key owner holds a master-secret called master-secret key, which can be used to extract secret keys for different classes. More importantly, the extracted key have
can be an aggregate key which is as compact as a secret key for a single class, but
aggregates the power of many such keys, i.e., the decryption power for any subset
of ciphertext classes.

4.3

Disadvantages Of Existing System

1. In case of secret-key cryptosystem, the complexity and cost will be increased

with the increase of decryption keys to be shared.
2. In case of public-key cryptosystem, the encryption key and decryption key are
different.

4.4

Advantages of Proposed System

1. The extracted key have can be an aggregate key which is as compact as a

secret key for a single class
2. The delegation of decryption can be efficiently implemented with the aggregate
key.
13

4.5

Data Flow Diagram of Key-Aggregate Cryptosystem

Figure 4: Level 0 DFD

Figure 5: Level 1 DFD

14

Chapter 5
Implementation
5.1

Implementation Environment

The proposed "Key-Aggregate Cryptosystem" has been implemented in NetBeans.

Swing for GUI, JDBC for Database, Socket Programming for Networking are used
in the project. Following tools are required for proper implementation.

1. JDK 40.0
2. Wamp Server
3. Owncloud Server
4. LAN or WIFI connection

5.2
5.2.1

Code
Pseduo Codes

Introduction
Our algorithms for public/secret-key pair generation, encryption and decryption
are entirely based on RSA key public cryptosystem with some additions. In 1978,
RSA [12] [17] developed a public key cryptosystem that is based on the difficulty
15

of integer factoring. The RSA public key encryption scheme is the first example
of a provably secure public key encryption scheme against chosen message attacks.
RSA involves too many mathematics concepts [15] like factorization, euler totient
function denoted as phi(n). Assuming that the factoring problem is computationally
intractable and it is hard to find the prime factors of n = p * q.

Algorithm for public/private-key pair

1. Randomly and secretly choose 2 large prime numbers, say p and q.
2. Compute the value of n as n = p *q.
3. Compute the value of Euler totient function for n as phi(n) = (p-1) *(q-1).
4. Choose randomly the value of e such that 1<e<n and gcd(e,phi(n)) = 1.
5. Use Baghdad method [1], compute the value of d such that (e*d) mod phi(n)
= 1.
6. Now e,n will be publically announced now d must be kept secret.

Algorithm for encryption

Now here comes an addition in RSA.
In RSA, ciphertext C = power(M,e) mod n.
But in our approach, ciphertext C = power(M,e*i) mod n, where i the ciphertext
index of message M
To encrypt a message M having i as ciphertext index,
C = power(M,e*i) mod n

16

Algorithm to generate Aggregate Key

Say S is the set of ciphertext indices of those files whose aggregate-key is to be
generated. Following is the Pseudo-code to generate aggregate-key.
Extract_Aggregate_Key(d,S)
aggr_key = d
s <- S.size()
i <- 1
while i<=s
aggr_key <- aggr_key * S[i]
return aggr_key

Algorithm for decryption

Here comes another modification and addition in RSA.
In RSA, ciphertext C can be decrypted as M = power(C,d) mod n
In our approach, to decrypt a set of files whose ciphertext indices are kept in set S,
following is the pseudo code of our approach.
Decryption(C,aggr_key,S)
S <- S.size()
i <- 1
while S!=empty
temp = temp * S[i]
dd = aggr_key/temp
i <- 1
while S!=empty
Mi = power(Ci,dd/i) mod n

17

Correctness of the algorithm

C = M(e*i) mod n
M = C(temp_key) mod n
Since temp_key = arrg_key/i, so
M = C(aggr_key/i) mod n
M = C(d/i) mod n
M = (M(e*i))(d/i) mod n
M = M(e*i*d/i) mod n
Here i will be cancelled out
M = M(e*d) mod n [2]
M = M mod phi(n) mod n
M=M

5.2.2

JAVA Codes

Our project "Key-Aggregate Cryptosystem" contains four main modules.

1. Public Key Generation
"Secure Random" class is used to create a random number which is nothing
but our public key. Now to enhance the randomness, we use current date and
time as seed value to built-in random methods of "Secure Random" class.

// generatePublicKey() is an user-defined method.

// The task is to generate random public key.
// Here the length of key is 128 bits.

private String generatePublicKey() {

StringBuilder pk = new StringBuilder("");
SecureRandom r = new SecureRandom();
SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy/MM/dd
HH:mm:ss");
Date date = new Date();
18

char []dateAndTime = (dateFormat.format(date)).toCharArray();

int seedNum = 0;
int keyLen = 128;
int i;
int temp;

for(i=0; i<dateAndTime.length; ++i)

if(dateAndTime[i]>=0 dateAndTime[i]<=9)
seedNum = 10*seedNum + dateAndTime[i] - 0;

r.setSeed(seedNum);
byte []k = new byte[16];
r.nextBytes(k);

for(i=0;i<15;++i) {
temp = (int)k[i];
temp%=128;
if(temp<0)
temp+=128;
k[i] = (byte)temp;
pk.append(temp);
pk.append("-");
}

temp = (int)k[i];
temp%=128;
if(temp<0)
temp+=128;
k[i] = (byte)temp;
pk.append(temp);
return pk.toString();
19

}
// Completion of generatePublicKey() method.
2. Aggregate-Key Generation

//generateMasterKey() is an user-defined method

//The task is to generate master key using class index and pk

private void generateMasterKey() {

int index[] = fileNameListForAggregateKeyGeneration.getSelectedIndices();
int len = (index.length);
int xor = 0;

for(int i = 0; i < len; i++)

xor = xor(index[i]+1);

encryption.hasRecieved = false;
login.sessionObject.out.println("_ReQuEsTpK_");
login.sessionObject.out.println(login.usernameField.getText());

while (!encryption.hasRecieved);

String strKey = (String)(encryption.publicKeyField.getText());

StringTokenizer st = new StringTokenizer(strKey, "-");
byte []pk = new byte[16];
int j = 0;

while (st.hasMoreTokens())
pk[j++] = (byte)(Integer.parseInt(st.nextToken()));

20

pk[15] = (byte)((int)pk[15] (xor));

j = 0;
String masterKey = Integer.toString((int)pk[j]);
++j;

while (j<16) {
masterKey+= ("-" + Integer.toString((int)pk[j]));
j++;
}

aggregateKeyField.setText(masterKey);
//Completion of generateMasterKey() method
3. Encryption

//encryt() is an user-defined method.

//The task is to encrypt the files.
private void encrypt(String ifn) {
createFolders();

String strKey = (String)(publicKeyField.getText());

String fileName = getFileName(ifn);

String myDocsPath = getDefaultFilePath();

StringBuilder fn = new StringBuilder("");

21

int classIndex = Integer.parseInt(classIndexField.getText());

fn.append(myDocsPath);
fn.append(fileSeparator);
fn.append("keyAggregateCryptosystem");
fn.append(fileSeparator);
fn.append(getUserName(login.usernameField.getText()));
fn.append(fileSeparator);
fn.append("encryptedFiles");
fn.append(fileSeparator);
fn.append(fileName);

String ofn = fn.toString();

byte []pk = new byte[16];

int i;
int j=-1;
int k;
int tempKey;

StringTokenizer st = new StringTokenizer(strKey,"-");

File file;
FileWriter fw;
BufferedWriter bw;

while (st.hasMoreTokens()) {
pk[++j] = (byte)(Integer.parseInt(st.nextToken()));
if(j!=15)
}

22

pk[j] = (byte)((int)pk[j] (Integer.parseInt((String)(classIndexField.getText()))));

char[] myBuffer = new char[16];

int l,bytesRead;
String data,temp;
byte []ans;
try {
BufferedReader in = new BufferedReader(new FileReader(ifn));
file = new File(ofn);
if (!file.exists()) {
file.createNewFile();
}
fw = new FileWriter(file.getAbsoluteFile());
bw = new BufferedWriter(fw);

while ((bytesRead = in.read(myBuffer,0,16)) != -1) {

StringBuilder result = new StringBuilder();

for(l=0;l<bytesRead;++l) {
result.append(myBuffer[l]);
}

data = result.toString();
ans = data.getBytes();

temp = XOR(pk,ans);
bw.write(temp);
}

if (classIndex<10)
23

bw.write("00");
else if (classIndex<100)
bw.write("0");
bw.write(classIndexField.getText());
bw.close();
} catch(Exception ex) {
System.out.println(ex);
System.out.println("encryption.java.actionPerformed.encrypt
Button.encrypt():Exception");
}

JOptionPane.showMessageDialog(null, "File is encrypted successfully and saved into encryptedFiles folder inside My Documents directory",
"", JOptionPane.PLAIN_MESSAGE);
}
//Completion of encrypt() method.
4. Decryption

//decrypt() is an user-defined method.

//The task is to decrypt the files.

private void decrypt(byte[]k, String ifn) {

String fileSeparator = System.getProperty("file.separator");
String inputFileName = getDefaultFilePath() + fileSeparator + "keyAggregateCryptosystem" + fileSeparator + getUserName(login.usernameField.getText())
+ fileSeparator + "encryptedFiles" + fileSeparator + ifn; //
String outputFileName = getDefaultFilePath() + fileSeparator + "keyAggregateCryptosystem" + fileSeparator + getUserName(login.usernameField.getText())
+ fileSeparator + "decryptedFiles" + fileSeparator + ifn;
char[] myBuffer = new char[16];

24

int l,bytesRead = 0;
String data,temp;
byte []ans;

try{
BufferedReader in = new BufferedReader(new FileReader(inputFileName));

File f = new File(outputFileName);

if (!f.exists()) {
f.createNewFile();
}

FileWriter fw = new FileWriter(outputFileName);

BufferedWriter bw = new BufferedWriter(fw);

while ((bytesRead = in.read(myBuffer,0,16)) != -1)

{
StringBuilder result = new StringBuilder();

for(l=0;l<bytesRead;++l) {
result.append(myBuffer[l]);
}

data = result.toString();
ans = data.getBytes();

temp = XOR(k,ans);
bw.write(temp);

25

bw.close();
in.close();
} catch (Exception ex) {
ex.printStackTrace();
System.out.println("decryption.decrypt():exception");
}
}
//Completion of decrypt() method.

26

5.3

Snapshots of Key-Aggregate Cryptosystem Application

5.3.1

Snapshots of Server Side

Figure 6: Server is stopped

27

Figure 7: Server is started

28

Figure 8: No user is currently connected to server

29

Figure 9: Details of all current users

30

5.3.2

Snapshots of Client Side

Figure 10: User tries to register when server is offline

31

Figure 11: User is successfully registered with Key-Management Server

32

Figure 12: User has already registered with the same email-ID

33

Figure 13: User tries to login when server is offline

34

Figure 14: User provides wrong credentials while login to key management server

35

Figure 15: User login successfully and now can access all features

36

Figure 16: Profile page of user having the list of all features

37

Figure 17: When "Emily" click on "Generate Key" button then an input dialog box
is opened to put the name of user whose Public Key is needed. Here "Emily" needs
her own Public Key

38

Figure 18: Emily Click on "OK" button then public key is recieved

39

Figure 19: Emily browse the file RSA.java whose content is showing on right side
and class index will be calculated for the selected file

40

Figure 20: When Emily click on "Encrypt" button, file will be encypted and stored
in My Documents directory

41

Figure 21: Emily logins in owncloud server

42

Figure 22: Emily uploads all encrypted files to owncloud server

Figure 23: Emily shares all encrypted files with user Brandon

43

Figure 24: All encrypted files are listed in the list under "Aggregate-Key" section

44

Figure 25: Emily selects files and click on "Master Key" button to generate
Aggregate-key

45

Figure 26: Brandon downloads all encrypted files from owncloud servers

46

Figure 27: Brandon opens all decrypted files shared by Emily

47

Figure 28: Brandon enters the senders username and aggregate-key given by Emil

48

Figure 29: Invalid aggregate-key is entered

49

Figure 30: All files are decrypted succesfully and stored in My Documents directory

5.4

Results

The proposed "Key-Aggregate Cryptosystem" has been found to perform successfully the following features.

Public Key Generation

Encryption
Aggregate Key Generation
Decryption

50

5.4.1

Result 1

User Name : Emily Posa

Public Key: 24-67-6-17-60-67-57-36-35-39-2-103-53-72-65-44
Details of files encrypted by Emily Posa

File Name
RemoveRows.java
syn.java
Client.java

Class Index
2
5
3

Table 1: Emily Posas files details

Aggregate Key : 24-67-6-17-60-67-57-36-35-39-2-103-53-72-65-40

5.4.2

Result 2

User Name : Daniel Vettori

Public Key: 66-57-19-20-59-17-67-34-22-5-19-127-42-42-94-14
Details of files encrypted by Daniel Vettori

File Name
printReverseNameUsingLoop.py
guiUsingClass.py
mission.cpp
spoj.cpp
resto.cpp

Class Index
1
2
3
4
5

Table 2: Daniel Vettoris files details

Aggregate Key : 66-57-19-20-59-17-67-34-22-5-19-127-42-42-94-8

51

5.4.3

Result 3

User Name : Navlok Mishra

Public Key: 17-43-96-115-43-65-6-69-103-103-101-38-76-28-68-49
Details of files encrypted by Navlok Mishra

File Name
login.txt
goodNode.cpp

Class Index
1
2

Table 3: Navlok Mishras files details

Aggregate Key : 17-43-96-115-43-65-6-69-103-103-101-38-76-28-68-50

5.4.4

Result 4

User Name : Satinjal Yadav

Public Key: 86-72-88-114-66-48-120-77-95-3-43-85-73-77-81-5
Details of files encrypted by Satinjal Yadav
Aggregate Key : 86-72-88-114-66-48-120-77-95-3-43-85-73-77-81-5
File Name
dijsktraQueue.cpp
spath.cpp
roads.cpp

Class Index
1
2
3

Table 4: Satinjal Yadavs files details

52

5.4.5

Result 5

User Name : Rupendra Kumar

Public Key: 26-41-110-127-126-106-79-57-31-116-69-31-74-74-5-108
Details of files encrypted by Rupendra Kumar

File Name
dijsktraQueue.cpp
spath.cpp
roads.cpp

Class Index
1
2
3

Table 5: Rupendra Kumars files details

Aggregate Key : 26-41-110-127-126-106-79-57-31-116-69-31-74-74-5-108

5.4.6

Result 6

User Name : Deepika

Public Key: 115-51-15-89-40-54-71-96-11-58-44-81-73-7-90-80
Details of files encrypted by Deepika

File Name
dijsktraQueue.cpp
spath.cpp
roads.cpp

Class Index
1
2
3

Table 6: Deepikas files details

Aggregate Key : 115-51-15-89-40-54-71-96-11-58-44-81-73-7-90-80

53

5.4.7

Result 7

User Name : Rutherford

Public Key: 40-44-12-33-34-60-53-75-77-95-121-54-109-97-35-31
Details of files encrypted by Rutherford

File Name
dijsktraQueue.cpp
spath.cpp
roads.cpp

Class Index
1
2
3

Table 7: Rutherfords files details

Aggregate Key : 40-44-12-33-34-60-53-75-77-95-121-54-109-97-35-31

5.4.8

Result 8

User Name : Brandon Taylor

Public Key: 47-94-101-23-32-118-114-83-55-17-39-16-121-104-14-91
Details of files encrypted by Brandon Taylor

File Name
dijsktraQueue.cpp
spath.cpp
roads.cpp

Class Index
1
2
3

Table 8: Brandon Taylors files details

Aggregate Key : 47-94-101-23-32-118-114-83-55-17-39-16-121-104-14-91

54

5.4.9

Result 9

User Name : James

Public Key: 65-107-60-72-73-51-62-50-100-42-79-121-12-83-46-58
Details of files encrypted by James

File Name
dijsktraQueue.cpp
spath.cpp
roads.cpp

Class Index
1
2
3

Table 9: Jamess files details

Aggregate Key : 65-107-60-72-73-51-62-50-100-42-79-121-12-83-46-58

5.4.10

Result 10

User Name : Navlok

Public Key: 63-4-70-69-66-115-108-122-63-55-15-25-12-78-56-126
Details of files encrypted by Navlok

File Name
dijsktraQueue.cpp
spath.cpp
roads.cpp

Class Index
1
2
3

Table 10: Jamess files details

Aggregate Key : 63-4-70-69-66-115-108-122-63-55-15-25-12-78-56-126

55

Chapter 6
Software Tools Used
6.1

NetBeans

NetBeans is an integrated development environment (IDE) for developing primarily

with Java, but also with other languages, in particular PHP, C/C++, and HTML5.
The proposed cryptosystem is implemented using this platform tool.[9]

6.2

OwnCloud

OwnCloud is free and open source software that operates as a very simple way to set
up your own syncing, Dropbox-like cloud storage system on your own server or web
site. The ownCloud server is written in the PHP and JavaScript scripting languages.
For remote access, it employs SabreDAV, an open-source WebDAV server. ownCloud
is designed to work with several database management systems, including SQLite,
MariaDB, MySQL, Oracle Database, and PostgreSQL. OwnCloud allows anyone to
install and operate it without charge on a private server, with no limits on storage
space (except for disk capacity or account quota) or the number of connected clients.
OwnCloud features include: [10] [11] [13]
1. File storage in conventional directory structures or via WebDAV.
2. Encryption of user files.

56

3. Synchronization of client running Windows (Windows XP, Vista, 7 and 8),

Mac OS X (10.6 or later), or Linux.
4. Task scheduler.
5. Address book (also as CardDAV).
6. Music streaming (through Ampache).
7. User and group administration (via OpenID or LDAP).
8. Sharing of content across groups or public URLs.
9. Online text editor with syntax highlighting and code folding.
10. Viewer for ODF Files (.odt, .odp, .ods)
11. Mozilla Sync hosting - If you are a Mozilla Firefox user, all history, form data,
bookmarks etc. can be stored in your ownCloud server.
12. RSS/Atom feed reader.
13. Connecting external storages (If you have accounts on Dropbox, GoogleDrive,
or Amazon S3, you can mount those storages into your ownCloud installation).
14. Customizable with one-click-install apps.
15. Logging Module: supports logging of file-related actions, logs, who accessed
what, when and from where.

6.2.1

Installation

1. Installing Prerequisites For ownCloud [10] [11] [13]

OwnCloud requires the following softwares to be installed on computer.
A server software such as Apache
PHP (ownCloud is written in PHP language)

57

 A database software (ownCloud comes with SQLite database by default

but you can use MySQL)
But we dont need to install these softwares separately. All these softwares are
packaged in WAMPserver. So install WAMPserver on your computer.
2. Downloading ownCloud Source Files and Installing ownCloud

Download latest version of OwnCloud from http://owncloud.org

Extract the contents of the zip file. The extracted contents will be in a
folder named "owncloud".
3. Keep ownCloud in the "www" directory of WAMPserver.
4. Go to phpMyAdmin and create a MySQL database.
5. Create the ownCloud admin account (make sure that WAMPserver is running
on computer)
a. Open a web browser, write "localhost/owncloud" in the address bar, and
press the Enter key.
b. Click on "Advanced" in the page as shown above, then click on "MySQL"
Now, enter the details as shown below.
Write an admin username of your choice.
Write a password.
Leave the default value for the field Data folder
Write Database user name. You can use "root" which is the MySQL
SuperUser.
Write Database password. If you are using the "root" user above, you
can keep the password field blank if the default password associated with
"root" was not changed.
Write "localhost" in the field Database host.

58

Figure 31: Click on the Finish setup button [10]

59

6.2.2

Requirements

6.2.3

Hardware Requiremnts

Processor
RAM
Hard Disk
Floppy Drive
Graphics

1.1 Ghz or greater

minimum 256 MB
20 GB
1.44. MB
Support for DirectX 9 graphics with minimum 128MB RAM
Table 11: Hardware Requirements

6.2.4

Software Requiremnts
Operating System
Front End
Scripts
Server Side Script
Database
Database

Windows95/98/2000/XP
HTML, Java, Jsp
Java Scripts
Java server pages
Mysql
Connectivity-JDBC

Table 12: Software Requirements

60

Chapter 7
Conclusion
7.1

Conclusion

Our approach to protect users data privacy more effective than other cryptographic
schemes. It is more flexible than hierarchical key assignment which can only save
spaces if all key-holders share a similar set of privileges.

7.2

Limitations

The limition in our approach is the predefined bound of the number of maximum ciphertext classes. In cloud storage, the number of ciphertexts usually
grows rapidly. So we have to reserve enough ciphertext classes for the future
extension.
Due to time limitation, we are able to design our cryptosystem only for text
files.
Since to send aggregate key, we are rely on the some secure mail system, so
security of our key-aggregate cryptosystem is entriely dependent on the secure
mail system.

61

7.3

Future Aspects of Key-Aggregate Cryptosystem

Since our encryption, decryption, and aggregate-key generation algorithms work

only for text files, so would to like to extend our project to files of different formats
like for images, pdf, csv etc.

62

References
[1] Aboud, S. Baghdad method for calculating multiplicative inverse. Software
Engineering: An International Journal International Conference on Information Technology, Las Vegas, Nevada, USA (2004), 816819.
[2] AnkitJain. Types of cryptosystems, 2015. url=http://tinyurl.com/qgsm6ko.
[3] Beal, V. Cloud storage, 2015. url=http://tinyurl.com/k6e4jvg.
[4] Casserly,

M.

13

best

cloud

storage

services

2015,

2015.

url=http://tinyurl.com/nr77rgb.
[5] Cheng-Kang Chu, Sherman S.M. Chow, W.-G. T. J. Z. R. H. D. S. M.
Security for scalable data sharing in cloud storage, transactions on parallel and
distributed systems. Software Engineering: An International Journal 25, 2
(2014).
[6] Google. Image, 2014. url=http://tinyurl.com/mrrqcws.
[7] Gupta, A. Advantages and disadvantages of cloud storage services, 2015.
url=http://tinyurl.com/lhmqv7z.
[8] Hardesty, L.

Secure computers are not so secure. mit press, 2009.

url=http://www.physorg.com/news176107396.html.
[9] Netbeans. Netbeans ide, 2014. url=https://netbeans.org/features/index.html.
[10] OwnCloud. Installation manual, 2015. url=http://tinyurl.com/kyodex6.
[11] OwnCloud. Setup, 2015. url=https://owncloud.org/install/.
63

[12] Rivest R, Shamir A, A. L. A method for obtaining digital signature and

public key cryptosystems. Communications of the ACM 21 (1978), 120126.
[13] Server, W. Wamp ide, 20. url=http://www.wampserver.com/en/.
[14] S.S.M. Chow, Y.J. He, L. H. S.-M. Y. Spice simple privacy-preserving
identity-management for cloud environment. Software Engineering: An International Journal 7341, 9 (2012), 526543.
[15] Turner, C. S. Euler totient function and public key cryptography. Software
Engineering: An International Journal (2008).
[16] Wikipedia. Cryptosystem, 2015. url=http://tinyurl.com/lbq2ew4.
[17] Zhou, X., and Tang, X. Research and implementation of rsa algorithm for
encryption and decryption. The 6th International Forum on Strategic Technology (2011).

64