Академический Документы
Профессиональный Документы
Культура Документы
Cloud
Dissertation Submitted to the
JAWAHARLAL NEHRU TECHNOLOGICAL UNIVERSITY
In partial fulfillment of the requirement for the award of degree of
MASTER OF TECHNOLOGY
IN
INFORMATION TECHNOLOGY
By
MOHD ISHAQ
08B91D4006
Under the guidance of
Mr. G.RAJEST (M. Tech.)
Assistant Professor
CERTIFICATE
This is to certify that the dissertation entitled MONA: SECURE MULTIOWNER DATA SHARING FOR DYNAMIC GROUPS IN THE CLOUD is
a confide work done and submitted by Mr. Mohd Ishaq bearing Roll
No(08B91D4006), in partial fulfillment of the requirement for the award of degree of
Master Of Technology In Information Technology Guru Nanak Institutions
Technical Campus Affiliated To Jawaharlal Nehru Technological University,
Hyderabad is a record of bonafide work carried out by him under our
guidance and supervision.
The results presented in this dissertation have been verified and are
found to be satisfactory. The results embodied in this dissertation
have not been submitted to any other universit for the award of any
other degree or diploma
ORGANIZATION PROFILE
COMPANY PROFILE:
its
entire
attention
on
achieving
transcending
For
Them.
We
Practice
Exclusively
in
Software
The
indispensable
factors,
which
give
the
competitive
Mobile
Computing,
Cloud
Computing,
Image
OUR VISION:
Impossible as Possible this is our vision; we work according
to our vision.
ABSTRACT:
With the character of low maintenance, cloud computing provides an economical
and efficient solution for sharing group resource among cloud users. Unfortunately,
sharing data in a multi-owner manner while preserving data and identity privacy
from an untrusted cloud is still a challenging issue, due to the frequent change of
the membership. In this paper, we propose a secure multiowner data sharing
scheme, named Mona, for dynamic groups in the cloud. By leveraging group
signature and dynamic broadcast encryption techniques, any cloud user can
anonymously share data with others. Meanwhile, the storage overhead and
encryption computation cost of our scheme are independent with the number of
revoked users. In addition, we analyze the security of our scheme with rigorous
proofs, and demonstrate the efficiency of our scheme in experiments.
INTRODUCTION
What is cloud computing?
Cloud computing is the use of computing resources (hardware and
software) that are delivered as a service over a network (typically the Internet). The
name comes from the common use of a cloud-shaped symbol as an abstraction for
the complex infrastructure it contains in system diagrams. Cloud computing
entrusts remote services with a user's data, software and computation. Cloud
computing consists of hardware and software resources made available on the
Internet as managed third-party services. These services typically provide access to
advanced software applications and high-end networks of server computers.
Services Models:
Cloud Computing comprises three different service models, namely
Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-asa-Service (SaaS). The three service models or layer are completed by an end user
layer that encapsulates the end user perspective on cloud services. The model is
shown in figure below. If a cloud user accesses services on the infrastructure layer,
for instance, she can run her own applications on the resources of a cloud
infrastructure and remain responsible for the support, maintenance, and security of
these applications herself. If she accesses a service on the application layer, these
tasks are normally taken care of by the cloud service provider.
4. Streamline processes. Get more work done in less time with less people.
5. Reduce capital costs. Theres no need to spend big money on hardware,
software or licensing fees.
6. Improve accessibility. You have access anytime, anywhere, making your
life so much easier!
7. Monitor projects more effectively. Stay within budget and ahead of
completion cycle times.
8. Less personnel training is needed. It takes fewer people to do more work
on a cloud, with a minimal learning curve on hardware and software issues.
9. Minimize licensing new software. Stretch and grow without the need to
buy expensive software licenses or programs.
10.Improve flexibility. You can change direction without serious people or
financial issues at stake.
Advantages:
1. Price:Pay for only the resources used.
2. Security: Cloud instances are isolated in the network from other instances
for improved security.
3. Performance: Instances can be added instantly for improved performance.
Clients have access to the total resources of the Clouds core hardware.
4. Scalability: Auto-deploy cloud instances when needed.
5. Uptime: Uses multiple servers for maximum redundancies. In case of server
failure, instances can be automatically created on another server.
6. Control: Able to login from any location. Server snapshot and a software
library lets you deploy custom instances.
being traceable. Therefore, traceability, which enables the group manager (e.g., a
company manager) to reveal the real identity of a user, is also highly desirable.
Second, it is highly recommended that any member in a group should be able to
fully enjoy the data storing and sharing services provided by the cloud, which is
defined as the multiple-owner manner. Compared with the single-owner manner
[3], where only the group manager can store and modify data in the cloud, the
multiple-owner manner is more flexible in practical applications. More concretely,
each user in the group is able to not only read data, but also modify his/her part of
data in the entire data file shared by the company. Last but not least, groups are
normally dynamic in practice, e.g., new staff participation and current employee
revocation in a company. The changes of membership make secure data sharing
extremely difficult. On one hand, the anonymous system challenges new granted
users to learn the content of data files stored before their participation, because it is
impossible for new granted users to contact with anonymous data owners, and
obtain the corresponding decryption keys. On the other hand, an efficient
membership revocation mechanism without updating the secret keys of the
remaining users is also desired to minimize the complexity of key management.
LITERATURE SURVEY
1) Plutus: Scalable Secure File Sharing on Untrusted Storage
AUTHORS: M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu
Plutus is a cryptographic storage system that enables secure file sharing without
placing much trust on the file servers. In particular, it makes novel use of
cryptographic primitives to protect and share files. Plutus features highly scalable
key management while allowing individual users to retain direct control over who
gets access to their files. We explain the mechanisms in Plutus to reduce the
number of cryptographic keys exchanged between users by using filegroups,
distinguish file read and write access, handle user revocation efficiently, and allow
an untrusted server to authorize file writes. We have built a prototype of Plutus on
OpenAFS. Measurements of this prototype show that Plutus achieves strong
security with overhead comparable to systems that encrypt all network traffic.
2) Sirius: Securing Remote Untrusted Storage
AUTHORS: E. Goh, H. Shacham, N. Modadugu, and D. Boneh
This paper presents SiRiUS, a secure file system designed to be layered over
insecure network and P2P file systems such as NFS, CIFS, OceanStore, and
Yahoo! Briefcase. SiRiUS assumes the network storage is untrusted and provides
its own read-write cryptographic access control for file level sharing. Key
management and revocation is simple with minimal out-of-band communication.
File system freshness guarantees are supported by SiRiUS using hash tree
constructions. SiRiUS contains a novel method of performing file random access
in a cryptographic file system without the use of a block server. Extensions to
SiRiUS include large scale group sharing using the NNL key revocation
construction. Our implementation of SiRiUS performs well relative to the
underlying file system despite using cryptographic operations.
3)
Distributed Storage
AUTHORS: G. Ateniese, K. Fu, M. Green, and S. Hohenberger
In 1998, Blaze, Bleumer, and Strauss (BBS) proposed an application called atomic
proxy re-encryption, in which a semitrusted proxy converts a ciphertext for Alice
into a ciphertext for Bob without seeing the underlying plaintext. We predict that
fast and secure re-encryption will become increasingly popular as a method for
managing encrypted file systems. Although efficiently computable, the widespread adoption of BBS re-encryption has been hindered by considerable security
risks. Following recent work of Dodis and Ivan, we present new re-encryption
schemes that realize a stronger notion of security and demonstrate the usefulness of
proxy re-encryption as a method of adding access control to a secure file system.
Performance measurements of our experimental file system demonstrate that proxy
re-encryption can work effectively in practice.
(CP-ABE)
under
concrete
and
noninteractive
cryptographic
assumptions in the standard model. Our solutions allow any encryptor to specify
access control in terms of any access formula over the attributes in the system. In
our most efficient system, ciphertext size, encryption, and decryption time scales
linearly with the complexity of the access formula. The only previous work to
achieve these parameters was limited to a proof in the generic group model.
We present three constructions within our framework. Our first system is proven
selectively secure under a assumption that we call the decisional Parallel Bilinear
Diffie-Hellman Exponent (PBDHE) assumption which can be viewed as a
generalization of the BDHE assumption. Our next two constructions provide
performance tradeoffs to achieve provable security respectively under the (weaker)
decisional Bilinear-Diffie-Hellman Exponent and decisional Bilinear DiffieHellman assumptions.
SYSTEM ANALYSIS
EXISTING SYSTEM:
To preserve data privacy, a basic solution is to encrypt data files, and then upload
the encrypted data into the cloud. Unfortunately, designing an efficient and secure
data sharing scheme for groups in the cloud is not an easy task.
In the existing System data owners store the encrypted data files in untrusted
storage and distribute the corresponding decryption keys only to authorized users.
Thus, unauthorized users as well as storage servers cannot learn the content of the
data files because they have no knowledge of the decryption keys. However, the
complexities of user participation and revocation in these schemes are linearly
increasing with the number of data owners and the number of revoked users,
respectively.
DISADVANTAGES OF EXISTING SYSTEM:
In the existing Systems, identity privacy is one of the most significant
obstacles for the wide deployment of cloud computing. Without the
guarantee of identity privacy, users may be unwilling to join in cloud
computing systems because their real identities could be easily disclosed to
cloud providers and attackers. On the other hand, unconditional identity
privacy may incur the abuse of privacy. For example, a misbehaved staff can
deceive others in the company by sharing false files without being traceable.
Only the group manager can store and modify data in the cloud
The changes of membership make secure data sharing extremely difficult the
issue of user revocation is not addressed
PROPOSED SYSTEM:
1. We propose a secure multi-owner data sharing scheme. It implies that any user
in the group can securely share data with others by the untrusted cloud.
2. Our proposed scheme is able to support dynamic groups efficiently. Specifically,
new granted users can directly decrypt data files uploaded before their participation
without contacting with data owners. User revocation can be easily achieved
through a novel revocation list without updating the secret keys of the remaining
users. The size and computation overhead of encryption are constant and
independent with the number of revoked users.
3. We provide secure and privacy-preserving access control to users, which
guarantees any member in a group to anonymously utilize the cloud resource.
Moreover, the real identities of data owners can be revealed by the group manager
when disputes occur.
4. We provide rigorous security analysis, and perform extensive simulations to
demonstrate the efficiency of our scheme in terms of storage and computation
overhead.
ADVANTAGES OF PROPOSED SYSTEM:
Any user in the group can store and share data files with others by the cloud.
The encryption complexity and size of ciphertexts are independent with the
number of revoked users in the system.
User revocation can be achieved without updating the private keys of the
remaining users.
A new user can directly decrypt the files stored in the cloud before his
participation.
SYSTEM REQUIREMENTS:
HARDWARE REQUIREMENTS:
System
Hard Disk
Monitor
Mouse
Ram
Keyboard
SOFTWARE REQUIREMENTS:
Operating System : Windows XP.
Coding Language : ASP.NET, C#.Net.
Database
: SQL Server 2005
SYSTEM STUDY
FEASIBILITY STUDY
ECONOMICAL FEASIBILITY
TECHNICAL FEASIBILITY
SOCIAL FEASIBILITY
ECONOMICAL FEASIBILITY
This study is carried out to check the economic impact that the system will
have on the organization. The amount of fund that the company can pour into the
research and development of the system is limited. The expenditures must be
justified. Thus the developed system as well within the budget and this was
achieved because most of the technologies used are freely available. Only the
customized products had to be purchased.
TECHNICAL FEASIBILITY
This study is carried out to check the technical feasibility, that is, the
technical requirements of the system. Any system developed must not have a high
demand on the available technical resources. This will lead to high demands on the
available technical resources. This will lead to high demands being placed on the
client. The developed system must have a modest requirement, as only minimal or
null changes are required for implementing this system.
SOCIAL FEASIBILITY
The aspect of study is to check the level of acceptance of the system by the
user. This includes the process of training the user to use the system efficiently.
The user must not feel threatened by the system, instead must accept it as a
necessity. The level of acceptance by the users solely depends on the methods that
are employed to educate the user about the system and to make him familiar with
it. His level of confidence must be raised so that he is also able to make some
constructive criticism, which is welcomed, as he is the final user of the system.
SYSTEM DESIGN
SYSTEM ARCHITECTURE:
CLOUD
Group Member
Login
success
Group Signature
Verification
success
Group Manager
error
Login
Login Failed
success
Group Member
Account Activate
error
Signature failed
Group details
File Upload
File Details
File Download
File Delete
File Edit and Save
Account Revoke
End
error
Login Failed
UseCase Diagram:
Registration
View Group
File Upload
File Edit
Group Manager
Group Members
File Download
File Delete
Account Revoke
Class Diagram:
Group Manager
Group Member
Register
File Upload
File Edit
File Download
A/c Revoke
A/c Activate
view Group
File Delete
A/c Revoke
File Upload()
File Encryption()
File Download()
File Edit()
A/c Revoke()
File Delete()
A/c Activate()
A/c Revoke()
Cloud
provide Services
Storage()
Sequence Diagram:
Server
Cloud
Client
Register
File Upload
Account Revoke
File Edit
File Delete
File Delete
A/ c Revoke
A/ c Revoke
Database
Activity Diagram:
CLOUD
Group Member
Login
success
Group Signature
Verification
success
Group Manager
error
Login
Login Failed
success
Group Member
Account Activate
error
Signature failed
Group details
File Upload
File Details
File Download
File Delete
File Edit and Save
A
Account Revoke
error
Login Failed
IMPLEMENTATION
MODULES:
1.Cloud Module
2.Group Manager Module
3.Group Member Module
4.File Security Module
5.Group Signature Module
6. User Revocation Module .
MODULES DESCRIPTION:
1.Cloud Module :
In this module, we create a local Cloud and provide priced abundant storage
services. The users can upload their data in the cloud. We develop this module,
where the cloud storage can be made secure. However, the cloud is not fully
trusted by users since the CSPs are very likely to be outside of the cloud users
trusted domain. Similar to we assume that the cloud server is honest but curious.
That is, the cloud server will not maliciously delete or modify user data due to the
protection of data auditing schemes, but will try to learn the content of the stored
data and the identities of cloud users.
2. File stored in the cloud can be deleted by either the group manager or the
data owner.
(i.e., the member who uploaded the file into the server).
5.Group Signature Module :
A group signature scheme allows any member of the group to sign messages
while keeping the identity secret from verifiers. Besides, the designated group
manager can reveal the identity of the signatures originator when a dispute occurs,
which is denoted as traceability.
6. User Revocation Module :
User revocation is performed by the group manager via a public available
revocation list (RL), based on which group members can encrypt their data files
and ensure the confidentiality against the revoked users.
INPUT DESIGN
The input design is the link between the information system and the user. It
comprises the developing specification and procedures for data preparation and
those steps are necessary to put transaction data in to a usable form for processing
can be achieved by inspecting the computer to read data from a written or printed
document or it can occur by having people keying the data directly into the system.
The design of input focuses on controlling the amount of input required,
controlling the errors, avoiding delay, avoiding extra steps and keeping the process
simple. The input is designed in such a way so that it provides security and ease of
use with retaining the privacy. Input Design considered the following things:
What data should be given as input?
How the data should be arranged or coded?
The dialog to guide the operating personnel in providing input.
Methods for preparing input validations and steps to follow when error
occur.
OBJECTIVES
2. It is achieved by creating user-friendly screens for the data entry to handle large
volume of data. The goal of designing input is to make data entry easier and to be
free from errors. The data entry screen is designed in such a way that all the data
manipulates can be performed. It also provides record viewing facilities.
3.When the data is entered it will check for its validity. Data can be entered with
the help of screens. Appropriate messages are provided as when needed so that the
user
will not be in maize of instant. Thus the objective of input design is to create an
input layout that is easy to follow
OUTPUT DESIGN
A quality output is one, which meets the requirements of the end user and presents
the information clearly. In any system results of processing are communicated to
the users and to other system through outputs. In output design it is determined
how the information is to be displaced for immediate need and also the hard copy
output. It is the most important and direct source information to the user. Efficient
and intelligent output design improves the systems relationship to help user
decision-making.
1. Designing computer output should proceed in an organized, well thought out
manner; the right output must be developed while ensuring that each output
element is designed so that people will find the system can use easily and
effectively. When analysis design computer output, they should Identify the
specific output that is needed to meet the requirements.
2.Select methods for presenting information.
Software Environment
4.1 FEATURES OF. NET
Microsoft
.NET
is
set
of
Microsoft
software
Microsoft
Windows-based
applications,
and
Web
management,
notably
including
garbage
collection.
Checking and enforcing security restrictions on the
running code.
Loading and executing programs, with version control
and other such features.
The following features of the .NET framework are also
worth description:
Managed Code
Managed Data
With Managed Code comes Managed Data. CLR
provides memory allocation and Deal location facilities, and
garbage collection. Some .NET languages use Managed Data by
default, such as C#, Visual Basic.NET and JScript.NET, whereas
others, namely C++, do not. Targeting CLR can, depending on the
language youre using, impose certain constraints on the features
available. As with managed and unmanaged code, one can have
both managed and unmanaged data in .NET applications - data
that doesnt get garbage collected but instead is looked after by
unmanaged code.
CLR
provides
built-in
support
for
language
The
.NET
framework
supports
new
versions
of
Microsofts old favorites Visual Basic and C++ (as VB.NET and
Managed C++), but there are also a number of new additions to
the family.
Extensions
for
C++
and
attributed
FORTRAN
COBOL
Eiffel
ASP.NET
Windows
Forms
XML
WEB
SERVICES
Base Class Libraries
Common Language Runtime
Operating System
sub finalize procedure is used to complete the tasks that must be performed
when an object is destroyed. The sub finalize procedure is called automatically
when an object is destroyed. In addition, the sub finalize procedure can be
called only from the class it belongs to or from derived classes.
GARBAGE COLLECTION
Garbage Collection is another new feature in C#.NET. The .NET Framework
monitors allocated resources, such as objects and variables. In addition, the
.NET Framework automatically releases memory for reuse by destroying
objects that are no longer in use.
In C#.NET, the garbage collector checks for the objects that are not currently in
use by applications. When the garbage collector comes across an object that is
marked for garbage collection, it releases the memory occupied by the object.
OVERLOADING
Overloading is another feature in C#. Overloading enables us to define multiple
procedures with the same name, where each procedure has a different set of
arguments. Besides using overloading for procedures, we can use it for
constructors and properties in a class.
MULTITHREADING:
C#.NET also supports multithreading. An application that supports
multithreading can handle multiple tasks simultaneously, we can use
TABLE:
A database is a collection of data about a specific
topic.
VIEWS OF TABLE:
We can work with a table in two types,
1. Design View
2. Datasheet View
Design View
To build or modify the structure of a table we
work in the table design view. We can specify what kind of data
will be hold.
Datasheet View
To add, edit or analyses the data itself we work
in tables datasheet view mode.
QUERY:
A query is a question that has to be asked the data. Access
gathers data that answers the question from one or more table.
The data that make up the answer is either dynaset (if you edit it)
or a snapshot (it cannot be edited).Each time we run query, we
get latest information in the dynaset. Access either displays the
dynaset or snapshot for us to view or perform an action on it,
such as deleting or updating.
SYSTEM TESTING
TYPES OF TESTS
Unit testing
Unit testing involves the design of test cases that validate that the internal
program logic is functioning properly, and that program inputs produce valid
outputs. All decision branches and internal code flow should be validated. It is the
testing of individual software units of the application .it is done after the
completion of an individual unit before integration. This is a structural testing, that
relies on knowledge of its construction and is invasive. Unit tests perform basic
tests at component level and test a specific business process, application, and/or
system configuration. Unit tests ensure that each unique path of a business process
performs accurately to the documented specifications and contains clearly defined
inputs and expected results.
Integration testing
Functional test
Invalid Input
Functions
Output
Test Results: All the test cases mentioned above passed successfully. No defects
encountered.
Test Results: All the test cases mentioned above passed successfully. No defects
encountered.
Screen Shorts
CONCLUSION
In this paper, we design a secure data sharing scheme, Mona, for dynamic groups
in an untrusted cloud. In Mona, a user is able to share data with others in the group
without revealing identity privacy to the cloud. Additionally, Mona supports
efficient user revocation and new user joining. More specially, efficient user
revocation can be achieved through a public revocation list without updating the
private keys of the remaining users, and new users can directly decrypt files stored
in the cloud before their participation. Moreover, the storage overhead and the
encryption computation cost are constant. Extensive analyses show that our
proposed scheme satisfies the desired security requirements and guarantees
efficiency as well.
REFERENCES
[1] M. Armbrust, A. Fox, R. Griffith, A.D. Joseph, R.H. Katz, A. Konwinski, G.
Lee, D.A. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, A View of Cloud
Computing, Comm. ACM, vol. 53, no. 4, pp. 50-58, Apr. 2010.
[2] S. Kamara and K. Lauter, Cryptographic Cloud Storage, Proc. Intl Conf.
Financial Cryptography and Data Security (FC), pp. 136-149, Jan. 2010.
[3] S. Yu, C. Wang, K. Ren, and W. Lou, Achieving Secure, Scalable, and FineGrained Data Access Control in Cloud Computing, Proc. IEEE INFOCOM, pp.
534-542, 2010.
[4] M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu, Plutus:
Scalable Secure File Sharing on Untrusted Storage, Proc. USENIX Conf. File and
Storage Technologies, pp. 29-42, 2003.
[5] E. Goh, H. Shacham, N. Modadugu, and D. Boneh, Sirius: Securing Remote
Untrusted Storage, Proc. Network and Distributed Systems Security Symp.
(NDSS), pp. 131-145, 2003.
[6] G. Ateniese, K. Fu, M. Green, and S. Hohenberger, Improved Proxy ReEncryption Schemes with Applications to Secure Distributed Storage, Proc.
Network and Distributed Systems Security Symp. (NDSS), pp. 29-43, 2005.
[7] R. Lu, X. Lin, X. Liang, and X. Shen, Secure Provenance: The Essential of
Bread and Butter of Data Forensics in Cloud Computing, Proc. ACM Symp.
Information, Computer and Comm. Security, pp. 282-292, 2010.
Public
Key
Cryptography
Conf.
Public
Key
Cryptography,
http://eprint.iacr.org/2008/290.pdf, 2008.
[9] V. Goyal, O. Pandey, A. Sahai, and B. Waters, Attribute-Based Encryption for
Fine-Grained Access Control of Encrypted Data, Proc. ACM Conf. Computer and
Comm. Security (CCS), pp. 89-98, 2006.
[10] D. Naor, M. Naor, and J.B. Lotspiech, Revocation and Tracing Schemes for
Stateless Receivers, Proc. Ann. Intl Cryptology Conf. Advances in Cryptology
(CRYPTO), pp. 41-62, 2001.
[11] D. Boneh and M. Franklin, Identity-Based Encryption from the Weil
Pairing, Proc. Intl Cryptology Conf. Advances in Cryptology (CRYPTO), pp.
213-229, 2001.
[12] D. Boneh, X. Boyen, and H. Shacham, Short Group Signature, Proc. Intl
Cryptology Conf. Advances in Cryptology (CRYPTO), pp. 41-55, 2004.
[13] D. Boneh, X. Boyen, and E. Goh, Hierarchical Identity Based Encryption
with Constant Size Ciphertext, Proc. Ann. Intl Conf. Theory and Applications of
Cryptographic Techniques (EUROCRYPT), pp. 440-456, 2005.
The
Pairing-Based
Cryptography
http://crypto.stanford.edu/pbc/howto.html, 2013.
Library
(PBC),