Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
A PROJECT REPORT
Submitted by
P.SATHISH (113115104085)
G.RAJESH (13115104076)
S.BINUGANESH (113115104021)
of
BACHELOR OF ENGINEERING
in
COMPUTER SCIENCE AND ENGINEERING
MARCH 2019
i
ABSTRACT
ii
ABSTRACT
Data owners will store their data in public cloud along with
encryption and particular set of attributes to access control on the cloud
data. While uploading the data into public cloud they will assign some
attribute set to their data. If any authorized cloud user wants to download
their data they should enter that particular attribute set to perform further
actions on data owner’s data. A cloud user wants to register their details
under cloud organization to access the data owner’s data. Users want to
submit their details as attributes along with their designation. Based on
the user details Semi-Trusted Authority generates decryption keys to get
control on owner’s data. An user can perform a lot of operations over
the cloud data. If the user wants to read the cloud data he needs to be
entering some read related attributes, and if he wants to write the data he
needs to be entering write related attributes. Foe each and every action
user in an organization would be verified with their unique attribute set.
These attributes would be shared by the admins to the authorized users
in cloud organization. These attributes will be stored in the policy files
in a cloud. If any user leaks their unique decryption key to the any
malicious user data owners wants to trace by sending audit request to
auditor and auditor will process the data owners request and concludes
that who is the guilty.
iii
CHAPTER 1
INTRODUCTION
4
CHAPTER 1
INTRODUCTION
1.1 CLOUD COMPUTING
THE prevalence of cloud computing may indirectly incur vulnerability to the
confidentiality of outsourced data and the privacy of cloud users. A particular
challenge here is on how to guarantee that only authorized users can gain access to
the data, which has been outsourced to cloud, at anywhere and anytime. One naive
solution is to employ encryption technique on the data prior to uploading to cloud.
However, the solution limits further data sharing and processing. This is so because
a data owner needs to download the encrypted data from cloud and further re-
encrypt them for sharing (suppose the data owner has no local copies of the data).
A fine-grained access control over encrypted data is desirable in the context of
cloud computing. Ciphertext-Policy Attribute-Based Encryption (CPABE) may be
an effective solution to guarantee the confidentiality of data and provide fine-
grained access control here. In a CP-ABE based cloud storage system, for example,
organizations (e.g., a university such as the University of Texas at San Antonio)
and individuals (e.g., students, faculty members and visiting scholars of the
university) can first specify access policy over attributes of a potential cloud user.
Authorized cloud users then are granted access credentials (i.e., decryption keys)
corresponding to their attribute sets (e.g., student role, faculty member role, or
visitor role), which can be used to obtain access to the outsourced data. As a robust
one-to-many encryption mechanism, CP-ABE offers a reliable method to
protect data stored in cloud, but also enables fine-grained access control over the
data.
5
1.2 LITERATURE SURVEY
A. “ Attribute Based Data Sharing with Attribute Revocation”by
authors Shucheng, YuCong Wang, Kui Ren in 2010
6
semantic representation information of users’ retrieval and cannot completely
match users’ search intention. Therefore, how to design a content-based search
scheme and make semantic search more effective and context-aware is a difficult
challenge. In this paper, for the first time, we define and solve the problems of
semantic search based on conceptual graphs(CGs) over encrypted outsourced data
in clouding computing (SSCG).We firstly employ the efficient measure of
”sentence scoring” in text summarization and Tregex to extract the most important
and simplified topic sentences from documents. We then convert these simplified
sentences into CGs. To perform quantitative calculation of CGs, we design a new
method that can map CGs to vectors. Next, we rank the returned results based on
”text summarization score”. Furthermore, we propose a basic idea for SSCG and
give a significantly improved scheme to satisfy the security guarantee of
searchable symmetric encryption (SSE). Finally, we choose a real-world dataset the
CNN dataset to test our scheme. The results obtained from the experiment show
the effectiveness of our proposed scheme.
Cloud computing offers many services resources over the Internet and providing
them to users on demand. It main service is data storage, processing, and
management in the Internet of Thing (IoT). Various cloud service providers (CSPs)
offer huge volumes of storage to maintain and manage Internet data, which can
include videos, photos, and personal records. To preserve cloud data confidentiality
and user privacy, cloud data are often stored in an encrypted form. But duplicated
data that are encrypted under different encryption schemes could be stored in the
cloud, which greatly decreases the utilization rate of storage resources, especially
7
for big data. Several data reduplication schemes have recently been proposed. But
most of them suffer from security weakness and lack of flexibility to support
secure data access control. This paper proposes a scheme based on attribute-based
encryption (ABE) to deduplicate encrypted data stored in the cloud while also
supporting secure data access control. In this paper the survey based on analysis
and implementation, results show the efficiency, effectiveness, and scalability of
the survey for potential practical deployment.
8
The Secure Data Sharing in Clouds (SeDaSC) methodology that provides: data
confidentiality and integrity, access control, data sharing (forwarding) without
using compute-intensive re-encryption, insider threat security, and forward and
backward access control. The SeDaSC methodology encrypts a file with a single
encryption key. Two different key shares for each of the users are generated, with
the user only getting one share. The possession of a single share of a key allows the
SeDaSC methodology to counter the insider threats. The other key share is stored
by a trusted third party, which is called the cryptographic server. We implement a
working prototype of the SeDaSC methodology and evaluate its performance
based on the time consumed during various operations.
9
1
CHAPTER 2
SYSTEM ANALYSIS
2
CHAPTER 2
SYSTEM ANALYSIS
3
2.2 PROPOSED SYSTEM
2)If any user shares his decryption keys to other user the Semi-Trustable
Authority finds the malicious user and blocks him and finds the guilty
by sends the question who sends you that decryption key.
4
CHAPTER 3
SYSTEM DESIGN
5
CHAPTER 3
SYSTEM DESIGN
3.1 INPUT DESIGN
The input design is the link between the information system and the user. It
comprises the developing specification and procedures for data preparation and
those steps are necessary to put transaction data in to a usable form for processing
can be achieved by inspecting the computer to read data from a written or printed
document or it can occur by having people keying the data directly into the system.
The design of input focuses on controlling the amount of input required,
controlling the errors, avoiding delay, avoiding extra steps and keeping the process
simple. The input is designed in such a way so that it provides security and ease of
use with retaining the privacy. Input Design considered the following things:
6
easier and to be free from errors. The data entry screen is designed in such a
way that all the data manipulates can be performed. It also provides record
viewing facilities.
When the data is entered it will check for its validity. Data can be entered
with the help of screens. Appropriate messages are provided as when needed
so that the userwill not be in maize of instant. Thus the objective of input
design is to create an input layout that is easy to follow
A quality output is one, which meets the requirements of the end user and
presents the information clearly. In any system results of processing are
communicated to the users and to other system through outputs. In output design it
is determined how the information is to be displaced for immediate need and also
the hard copy output. It is the most important and direct source information to the
user. Efficient and intelligent output design improves the system’s relationship to
help user decision-making.
7
Convey information about past activities, current status or projections of the
Future.
Signal important events, opportunities, problems, or warnings.
Trigger an action.
Confirm an action.
Architecture includes four layers: raw data collection, context analysis, event
personalization, and diary generation. Through those four layers, Smart Diary
captures critical events according to users’ preferences, and automatically
generates diaries to the user.
8
STA
Account Blocked
9
3.4 USE CASE DIAGRAM
10
Unified Modeling Language, activity diagrams are intended to model both
computational and organisational processes (i.e. workflows).
11
Fig 4.4: Sequence Diagram
Collaboration Diagram:
UML Collaboration Diagrams illustrate the relationship and interaction between
software objects. They require use cases, system operation contracts and domain model to
already exist. The collaboration diagram illustrates messages being sent between classes and
objects.
12
3.7 DFD- DATA FLOW DIAGRAM:
A context level DFD is the most basic form of DFD. It aims to show how the entire
system works at a glance. There is only one process in the system and all the data
flows either into or out of this process. Context level DFD’s demonstrates the
interactions between the process and external entities. They do not contain Data
Stores. When drawing Context Level DFD’s, we must first identify the process, all
the external entities and all the data flows. We must also state any assumptions we
make about the system. It is advised that we draw the process in the middle of the
page. We then draw our external entities in the corners and finally connect our
entities to our process with the data flows.
LEVEL OF DFD’S
Level 1 DFD’s aim to give an overview of the full system. They look at the system
in more detail. Major processes are broken down into sub-processes. Level 1
DFD’s also indentifies data stores that are used by the major processes. When
13
constructing a Level 1 DFD, we must start by examining the Context Level DFD.
We must break up the single process into its sub-processes. We must then pick out
the data stores from the text we are given and include them in our DFD. Like the
Context Level DFD’s, all entities, data stores and processes must be labeled. We
must also state any assumptions made from the text.
Level 0:
Level 1:
Level 2:
14
Level 3:
system's classes, their attributes, operations (or methods), and the relationships
among objects.
15
CHAPTER 4
SYSTEM IMPLEMENTATION
16
CHAPTER 4
SYSTEM IMPLEMETATION
4.1 HARDWARE REQUIREMENTS
18
19
CHAPTER 5
CONCLUSION
CHAPTER 5
CONCLUSION
20
In this work, we have addressed the challenge of
credential leakage in CP-ABE based cloud storage system
by designing an accountable authority and revocable
CryptCloud which supports white-box traceability and
auditing (referred to as CryptCloud+). This is the first CP-
ABE based cloud storage system that simultaneously
supports white-box traceability,accountable authority,
auditing and effective revocation.Specifically,
CryptCloud+ allows us to trace and revoke
malicious cloud users (leaking credentials). Our approach
can be also used in the case where the users’ credentials
are redistributed by the semi-trusted authority.
21
APPENDIX-2
SCREEN SHOTS
22
User Sign Up
Semi-Trustable Authority
23
Semi-Trustable Authority Generating Decryption key based
on User Attributes
User Sign In
24
Key Generation by E-Mail
26
[1] Mazhar Ali, Revathi Dhamotharan, Eraj Khan, Samee U. Khan, Athanasios V. Vasilakos,
Keqin Li, and Albert Y. Zomaya. Sedasc: Secure data sharing in clouds. IEEE Systems Journal,
11(2):395–404, 2017.
[2] Mazhar Ali, Samee U. Khan, and Athanasios V. Vasilakos. Security in cloud computing:
[3] Michael Armbrust, Armando Fox, R ean Griffith, Anthony D Joseph, Randy Katz, Andy
Konwinski, Gunho Lee, David Patterson, Ariel Rabkin, Ion Stoica, et al. A view of cloud
direct/indirect revocation modes. In Cryptography and Coding, pages 278–300. Springer, 2009.
[5] Amos Beimel. Secure schemes for secret sharing and key distribution. PhD thesis, PhD
[6] Mihir Bellare and Oded Goldreich. On defining proofs of knowledge. In Advances in
[7] Dan Boneh and Xavier Boyen. Short signatures without random oracles. In EUROCRYPT -
[8] Hongming Cai, Boyi Xu, Lihong Jiang, and Athanasios V. Vasilakos. Iot-based big data
storage systems in cloud computing: Perspectives and challenges. IEEE Internet of Things
[9] Jie Chen, Romain Gay, and Hoeteck Wee. Improved dual system ABE in prime-order groups
via predicate encodings. In Advances in Cryptology - EUROCRYPT 2015, pages 595–624, 2015.
27
[10] Angelo De Caro and Vincenzo Iovino. jpbc: Java pairing based cryptography. In ISCC 2011,
[11] Hua Deng, Qianhong Wu, Bo Qin, Jian Mao, Xiao Liu, Lei Zhang, and Wenchang Shi. Who
[12] Zhangjie Fu, Fengxiao Huang, Xingming Sun, Athanasios Vasilakos, and Ching-Nung Yang.
Enabling semantic search based on conceptual graphs over encrypted outsourced data. IEEE
[13] Vipul Goyal. Reducing trust in the PKG in identity based cryptosystems.In Advances in
[14] Vipul Goyal, Steve Lu, Amit Sahai, and Brent Waters. Black-box accountable authority
[15] Vipul Goyal, Omkant Pandey, Amit Sahai, and Brent Waters. Attribute-based encryption for
fine-grained access control of encrypted data. In Proceedings of the 13th ACM conference on
[16] Qi Jing, Athanasios V. Vasilakos, Jiafu Wan, Jingwei Lu, and Dechao Qiu. Security of the
[17] Allison Lewko. Tools for simulating features of composite order bilinear groups in the prime
[18] Allison Lewko, Tatsuaki Okamoto, Amit Sahai, Katsuyuki Takashima, and Brent Waters.
28
encryption. In Advances in Cryptology–EUROCRYPT 2010, pages 62–91. Springer, 2010.
[19] Allison Lewko and Brent Waters. New proof methods for attribute-based encryption:
[20] Jiguo Li, Xiaonan Lin, Yichen Zhang, and Jinguang Han. KSFOABE: outsourced attribute-
based encryption with keyword search function for cloud storage. IEEE Trans. Services
29