Академический Документы
Профессиональный Документы
Культура Документы
CRYPT CLOUD
A PROJECT REPORT
Submitted by
P.SATHISH (113115104085)
G.RAJESH (113115104076)
of
BACHELOR OF ENGINEERING
IN
APRIL 2019
ANNA UNIVERSITY: CHENNAI 600025
BONAFIDE CERTIFICATE
SIGNATURE SIGNATURE
Dr.A.RENGARAJAN, Ph.D., Mr.P.SATHISH
KUMAR,M.E.,
Vel Tech Multi Tech Dr. Rangarajan Vel Tech Multi Tech Dr.Rangarajan
Dr. Sakunthala Engineering College, Dr. Sakunthala EngineeringCollege,
Avadi, Chennai-600 062 Avadi, Chennai-600 062
CERTIFICATE FOR EVALUATION
P.SATHISH (113115104085)
G.RAJESH (113115104076)
This project report was submitted for viva voce held on .......................... ,
at Vel Tech Multi Tech Dr. Rangarajan Dr. Sakunthala Engineering College.
We wish to express our sincere thanks to almighty and the people who
extended their help during the course of our work.
Data owners will store their data in cloud along with encryption and
particular set of attributes to access control on the cloud data. While uploading
the data into public cloud they will assign some attribute set to their data. If any
authorized cloud user wants to download their data they should enter that
particular attribute set to perform further actions on data owner’s data. A cloud
user wants to register their details under cloud organization to access the data
owner’s data. Users want to submit their details as attributes along with their
designation. Based on the user details Semi-Trusted Authority generates
decryption keys to get control on owner’s data. An user can perform a lot of
operations over the cloud data. If the user wants to read the cloud data he needs
to be entering some read related attributes, and if he wants to write the data he
needs to be entering write related attributes. For each and every action user in an
organization would be verified with their unique attribute set. These attributes
would be shared by the admins to the authorized users in cloud organization.
These attributes will be stored in the policy files in a cloud. If any user leaks their
unique decryption key to the any malicious user data owners wants to trace by
sending audit request to auditor and auditor will process the data owners request
and concludes that who is the guilty.
i
TABLE OF CONTENTS
ABSTRACT i
LIST OF TABLES v
LIST OF FIGURES vi
1. INTRODUCTION 2
1.1. AIM 2
2. SYSTEM ANALYSIS 6
2.1. EXISTING SYSTEM 6
2.1.1. Disadvantages 6
2.2.1. Advantages 7
ii
2.4.3. Operational Feasibility 9
2.4.4. Feasibility Study Report 9
3. SYSTEM IMPLIMENTATION 11
3.1. HARDWARE REQUIREMENTS 11
3.2. SOFTWARE REQUIREMENTS 11
3.3. SOFTWARE DESCRIPTION 11
3.4. ARCHITECHTURE DESIGN 12
4. SYSTEM DESIGN 15
4.1. SYSTEM DESIGN 15
4.3.1. Java 18
4.3.2. Apache Tomcat Server 20
iii
4.5.3. Sequence Diagram 27
4.5.4. Activity Diagram 28
4.6. MODULES DESCRIPTION 29
6. FUTURE ENHANCEMENT 38
APPENDIX-2 SCREENSHOTS
REFERENCES
v
LIST OF TABLES
3.1. HARDWARE 11
REQUIREMENTS
3.2. SOFTWARE 11
REQUIREMENTS
v
LIST OF FIGURES
3.4.1. Architecture
Diagram 12
(Existing System)
3.4.2. Architecture
Diagram 13
(Proposed System)
4.4.1. Symbols used in 23
Data flow
Diagram
vi
LIST OF ABBREVATION
IP Internet Protocol
RSA Rivest-Shamir-Adleman
viii
CHAPTER 1
INTRODUCTION
1
CHAPTER-1
INTRODUCTION
1.1. AIM
1.3. DESCRIPTION
2
In this paper, we investigate the two main cases of access credential
misuse: 3one is on the semi-trusted authority side, and the other is on the side of
cloud user. To mitigate the misuse, we propose the first accountable authority
and revocable CP-ABE based cloud storage system with white-box traceability
and auditing, referred to as Crypt Cloud. We also present the security analysis
and further demonstrate the utility of our system via experiments out at different
levels.
[1] Shucheng, YuCong Wang, Kui Ren, “Attribute Based Data Sharing
with Attribute Revocation”
[2] Yong Yua, Liang Xuea, Man Ho Aub, Willy Susilo, Jianbing Ni,
“Cloud data integrity checking with an identity-based auditing mechanism
from RSA”
8
[4] TRUPTI RONGARE, “ENCRYPTED DATA MANAGEMENT WITH
DEDUPLICATION IN CLOUD COMPUTING”
This paper proposes the Secure Data Sharing in Clouds (SeDaSC) methodology
that provides: 1) data confidentiality and integrity; 2) access control; 3) data
sharing (forwarding) without using compute-intensive re encryption; 4) insider
threat security; and 5) forward and backward access control.
8
4
CHAPTER 2
SYSTEM ANALYSIS
5
CHAPTER-2 SYSTEM ANALYSIS
In existing system the CP-ABE method was used and it helps us prevent
security breach from outside attackers.
This method fails to detect attacks which are from inside.
This method cannot guarantee that the user is a true user or not.
2.1.1. Disadvantages
This is the first CP-ABE based cloud storage system that simultaneously
supports white-box traceability, accountable authority, auditing and
effective revocation. Specifically, Crypt Cloud+ allows us to trace and
revoke malicious cloud users (leaking credentials).
Our approach can be also used in the case where the users’ credentials are
redistributed by the semi-trusted authority.
6
2.2.1. Advantages
The semi-Trustable Authority sends the Decryption key to the users based
on their attributes they provided during their joining time.
If any user shares his/her attributes to other user,the other user’s account
gets blocked and we can find the guilty by asking some questions to that
user.
The first step in the system development life cycle is the preliminary
investigation to determine the optimality of the system. The purpose of this
investigation is to evaluate project feedback. Once the feedback is made, the
first system activity, the preliminary investigation begins. It is not a design
study .It is just a analysis of how effectively the protocols is used.
So if we can develop the project easily then it is used for the evaluation of
the proposed. We calculate the cost/benefit analysis and we assume that the
benefit is feasible so we start developing the project. It is an analysis of the cost
to be incurred in the system and benefits the derivable from the system. An
economic Feasibility Study should demonstrate the net benefit of the proposed
course of action in the context of direct and indirect benefits and costs to the
organization and to the public as a whole. It should be required for both pilot
and long-term activities, plan and projects.
8
2.4.3. Operational Feasibility
It determines how acceptable the software is within the organization.
The evaluations must then determine the general attitude and skills. Such
restriction of the job will be acceptable. To the users are enough to run the
proposed budget, hence the system is supposed to the feasible regarding all
except of feasibility. In operational feasibility, we attempt to ensure that every
user can access the system easily. We develop a menu that users can easily
access and we provide shortcut keys. We show a proper error message when any
mistakes are made in the program. We provide help and a guild line menu to
help the user. Changes in the ways individuals are organized into groups may
then be necessary and groups may now compute for economic resources with
the needs of stabilized ones by converting a number in a file in software.
The result of the Feasibility Study provides us with the following facts:
9
CHAPTER 3
SYSTEM IMPLEMENTATION
10
CHAPTER-3
SYSTEM IMPLEMENTATION
Hard disk 1 TB
RAM 4 GB
Database MySQL
Server Tomcat
11
3.4. ARCHITECTURE DESIGN
EXISTING ARCHITECTURE
12
PROPOSED ARCHETECTURE
13
CHAPTER 4
SYSTEM DESIGN
14
CHAPTER-4
SYSTEM DESIGN
4.1. SYSTEM DESIGN
Design is the phase that indicates the final system. In this phase the
following elements were designed namely, dataflow, data stores, processes,
procedures. Firstly the logical design was done where the outputs, inputs and
databases and procedures was formulated in a manner that meet the project
requirements. After logical design physical construction of the system isdone.
After analyzing the various functions involved in the system the database,
tables and dictionary was designed. Care must be taken to design the input
screen in the most user friendly way so as to help even the novice users make
entries approximately in the right place. All input screens in the system are user
friendly.
The input design is the link between the information system and the user.
It comprises the developing specification and procedures for data preparation
and those steps are necessary to put transaction data in to a usable form for
processing can be achieved by inspecting the computer to read data from a
written or printed document or it can occur by having people keying the data
directly into the system. The design of input focuses on controlling the amount
of input required, controlling the errors, avoiding delay, avoiding extra steps and
keeping the process simple. The input is designed in such a way so that it
provides security and ease of use with retaining the privacy. Input Design
considered the following things:
out manner; the right output must be developed while ensuring that each output
element is designed so that people will find the system can use easily.
16
For developing an efficient database, we will have to fulfill certain
conditions such as:
Control redundancy.
Ease of use.
Data independence.
Accuracy and integrity.
Avoiding inordinate delays.
Recovery from failure.
Privacy and security
Performance.
There are 6 major steps in design process. The first 5 steps are usually done
on paper and finally the design is implemented.
17
4.3. TECHNOLOGIES USED
4.3.1. Java
Java is an object-oriented programming language developed initially by
called Oak (named after the oak trees outside Gosling's office), was
Introduction to Java
Java has been around since 1991, developed by a small team of Sun
that would be used in the consumer electronics industry. The language that the
Star Seven (*7) that consisted of the Oak language, an operating system called
GreenOS, a user interface, and hardware. The name *7 was derived from the
telephone sequence that was used in the team's office and that was dialed in
order to answer any ringing telephone from any other phone in the office.
18
Working of Java
a class will be new to you. Simplistically, a class is the definition for a segment
of code that can contain both data (called attributes) and functions (called
methods).
the name of main, which will sound familiar to C programmers. The main
Programming language
Platform
program runs. The Java platform differs from most other platforms in that it’s a
19
Most other platforms are described as a combination of hardware and operating
system.
We’ve already been introduced to the JVM. It’s the base for the Java platform
compilers can bring Java’s performance close to that of native code without
threatening portability. The World Wide Web, a name applied to the Internet's
million of linked HTML documents was suddenly becoming popular for use by
the masses.
20
now a top level project) is a web container developed at the Apache Software
Foundation. Tomcat implements the servlet and the JavaServer Pages (JSP)
to run in cooperation with a web server. It adds tools for configuration and
management but can also be configured by editing configuration files that are
Environment
Tomcat is a web server that supports servlets and JSPs. Tomcat comes
web server or other web servers. Tomcat can also function as an independent
web server. Earlier in its development, the perception existed that standalone
developers wrote Tomcat in Java,it runs on any operating system that has a
JVM.
21
History:
Duncan Davidson, a software architect at Sun. He later helped make the project
open source and played a key role in its donation by Sun to the Apache
Software Foundation.
The data flow diagram (DFD) is one of the most important modeling
tools. It is used to model the system components. These components are
the system process, the data used by the process, an external entity that
interacts with the system and the information flows in the system.
DFD shows how the information moves through the system and how it is
modified by a series of transformations. It is a graphical technique that
depicts information flow and the transformations that are applied as data
moves from input to output.
22
4.4.1. Symbols Used
Represents database
Level 0:
Level 1:
23
Level 2:
Level 3:
To take into account the scaling factors the inherent to complex and
critical systems.
24
4.5.1. Use Case Diagram
As the most known diagram type of the behavioral UML diagrams, Use
case diagrams give a graphic overview of the actors involved in a system,
different functions needed by those actors and how these different functions are
interacted.
25
4.5.2. Class Diagram
Class diagrams are arguably the most used UML diagram type. It is the
main building block of any object oriented solution. It shows the classes in a
system, attributes and operations of each class and the relationship between each
class.
26
4.5.3. Sequence Diagram
27
4.5.4 . Activity Diagram
Activity diagrams represent workflows in a graphical way. They can be
used to describe business workflow or the operational workflow of any
component in a system.
28
4.6. MODULES DESCRIPTION
In this module data owners create their accounts under the cloud and upload their
data into cloud. While uploading the files into cloud data owners will encrypt their
data using RSA Encryption algorithm and generates public key and secret key.
And also generates one unique file access permission key for the users under the
organization to access their data.
Different data owners will generate different file permission keys to their files and
issues those keys to users under the organization to access their files. And also
29
generates policy files to their data that who can access their data. Policy File will
split the key for read the file, write the file, download the file and delete the file.
4.6.4 Tracing who is Guilty
Authorized DUs are able to access (e.g. read, write, download, delete and decrypt)
the outsourced data. Here file permission keys are issued to the employees in the
organization based on their experience and position. Senior Employees have all the
permission to access the files (read, write, delete, & download). Fresher’s only
having the permission to read the files. Some Employees have the permission to
read and write. And some employees have all the permissions except delete the
data. If any Senior Employee leaks or shares their secret permission keys to their
junior employees they will request to download or delete the Data Owners Data.
While entering the key system will generate attribute set for their role in
background validate that the user has all rights to access the data. If the attributes
set is not matched to the Data Owners policy files they will be claimed as guilty. If
we ask them we will find who leaked the key to the junior employees.
30
4.7. ALGORITHM USED
31
o_key_pad = [0x5c * blocksize] ⊕ key // Where blocksize is that of the underlying
hash function
i_key_pad = [0x36 * blocksize] ⊕ key // Where ⊕ is exclusive or (XOR)
return hash(o_key_pad ∥ hash(i_key_pad ∥ message)) // Where ∥ is concatenation
}
Design principles:
32
4.7.2. RSA Algorithm
RSA (Rivest–Shamir–Adleman) is one of the first public-key cryptosystems and
is widely used for secure data transmission. In such a cryptosystem, the encryption
key is public and it is different from the decryption key which is kept secret
(private). In RSA, this asymmetry is based on the practical difficulty of the
factorization of the product of two large prime numbers, the "factoring problem".
The acronym RSA is made of the initial letters of the surnames of Ron Rivest, Adi
Shamir, and Leonard Adleman, who first publicly described the algorithm in 1978.
Clifford Cocks, an English mathematician working for the British intelligence
agency Government Communications Headquarters (GCHQ), had developed an
equivalent system in 1973, but this was not declassified until 1997.[1]
A user of RSA creates and then publishes a public key based on two large prime
numbers, along with an auxiliary value. The prime numbers must be kept secret.
Anyone can use the public key to encrypt a message, but with currently published
methods, and if the public key is large enough, only someone with knowledge of the
prime numbers can decode the message feasibly.[2] Breaking RSA encryption is
known as the RSA problem. Whether it is as difficult as the factoring problem
remains an open question.
RSA is a relatively slow algorithm, and because of this, it is less commonly used to
directly encrypt user data. More often, RSA passes encrypted shared keys for
symmetric key cryptography which in turn can perform bulk encryption-decryption
operations at much higher speed.
RSA derives its security from the difficulty of factoring large integers that are the
product of two large prime numbers. Multiplying these two numbers is easy, but
determining the original prime numbers from the total -- or factoring -- is considered
infeasible due to the time it would take using even today's supercomputers.
The public and private key generation algorithm is the most complex part of RSA
cryptography. Two large prime numbers, p and q, are generated using the Rabin-
Miller primality test algorithm. A modulus, n, is calculated by multiplying p and q.
33
This number is used by both the public and private keys and provides the link
between them. In supercomputers, the key usually expressed in bits, is called the key
length.
OPERATION
The RSA algorithm involves four steps: key generation, key distribution,
encryption and decryption.A basic principle behind RSA is the observation that it
is practical to find three very large positive integers e, d and n such that with
modular exponentiation for all integers m (with 0 ≤ m < n):
RSA involves a public key and a private key. The public key can be known by
everyone, and it is used for encrypting messages. The intention is that messages
encrypted with the public key can only be decrypted in a reasonable amount of
time by using the private key.
The keys for the RSA algorithm are generated the following way:
The public key consists of the modulus n and the public (or encryption) exponent e.
The private key consists of the private (or decryption) exponent d, which must be
kept secret. p, q, and λ(n) must also be kept secret because they can be used to
calculate d.
34
CHAPTER 5
CONCLUSION
35
CHAPTER-5 CONCLUSION
auditing (referred to as CryptCloud+). This is the first CP-ABE based cloud storage
revoke malicious cloud users (leaking credentials).Our approach can be also used in
the case where the users’ credentials are redistributed by the semi-trusted
authority.
36
CHAPTER 6
FUTURE ENHANCEMENT
37
CHAPTER-6
FUTURE ENHANCEMENT
In future work, we plan to implement a black-box traceability and auditing
very easily. Hence there is a wide scope for this project in future.
38
APPENDIX-1 SOURCE CODE
AUTHENTICATION CODE
AccountabilityPojo.java
package logics;
public class AccountabilityPojo {
privateString
email,qustion1,answer1,question2,answer2,question3,answer3,question4,
answer4,owner;
public String getOwner()
{
return owner;
}
public void setOwner(String owner) {
this.owner = owner;
}
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
public String getQustion1() {
return qustion1;
}
public void setQustion1(String qustion1) {
this.qustion1 = qustion1;
}
39
public String getAnswer1()
{
return answer1;
}
public void setAnswer1(String answer1)
{
this.answer1 = answer1;
}
public String getQuestion2()
{
return question2;
}
public void setQuestion2(String question2)
{
this.question2 = question2;
}
public String getAnswer2()
{
return answer2;
public void setAnswer2(String answer2)
{
this.answer2 = answer2;
40
public String getQuestion3() {
return question3;
}
public void setQuestion3(String question3) {
this.question3 = question3;
}
public String getAnswer3() {
return answer3;
}
public void setAnswer3(String answer3) {
this.answer3 = answer3;
}
public String getQuestion4() {
return question4;
}
public void setQuestion4(String question4) {
this.question4 = question4;
}
41
public String getAnswer4() {
return answer4;
}
public void setAnswer4(String answer4) {
this.answer4 = answer4;
}
}
Decrypt.java
package logics;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;
import com.sun.org.apache.xerces.internal.impl.dv.util.Base64;
public class Decrypt
{
42
private static String passWord1="";
private static SecretKeyFactory keyFactory ;
private static byte[] passByte;
Cipher desCipher;
SecretKey myDesKey ;
public String decrypt(String cipher,String passWord1)
throws
InvalidKeySpecException, NoSuchAlgorithmException,
NoSuchPaddingException, IOException
{
String dec="";
this.passWord1=passWord1;
try
{
manageKeystrengthMethod();
keyFactory = SecretKeyFactory.getInstance("DES");
passByte=this.passWord1.getBytes();
DESKeySpec dspec= new DESKeySpec(passByte);
SecretKey myDesKey =
keyFactory.generateSecret(dspec);
Cipher desCipher;
// Create the cipher
desCipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
// Initialize the cipher for encryption
desCipher.init(Cipher.DECRYPT_MODE, myDesKey);
//sensitive information
43
byte[] textEncrypted = cipher.getBytes();
// System.out.println("Text [Byte Format] : " + text);
//System.out.println("Cipher to be decrypted : " + new
String(textEncrypted));
// Decrypt the text
Base64 bs=new Base64();
byte[] textDecrypted = desCipher.doFinal(bs.decode(cipher));
//System.out.println("Text Decryted : " + new
String(textDecrypted));
dec=new String(textDecrypted);
}catch(InvalidKeyException e){
e.printStackTrace();
}catch(IllegalBlockSizeException e){
e.printStackTrace();
}catch(BadPaddingException e){
}
return dec;
}
private void manageKeystrengthMethod()
{
if(passWord1.length()<8)
{
int counter=passWord1.length();
44
{
passWord1+='@';
counter++;
}
}
}
EmpChanges.java
package logics;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.http.servlet.HttpsServlet;
public class EmpChanges extends HttpsServlet
{
public void doPost(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException
{
response.setContentType("text/html");
PrintWriter out = response.getWriter();
45
String name=request.getParameter("name");
String email=request.getParameter("email");
String hemail=request.getParameter("hemail");
String desig=request.getParameter("desig");
String mobile=request.getParameter("mobile");
int status=FileDao.editEmployee(name, email, desig,
mobile, hemail);
if(status>0)
{
System.out.println("Employee details changed in a database");
request.setAttribute("msg", "Employee details changed in a
database");
RequestDispatcher
rd=request.getRequestDispatcher("employees.jsp");
rd.forward(request, response);
}
else
{
System.out.println("Employee details not changed in a
database");
46
}
}
47
APPENDIX-2 SCREENSHOTS
48
Registration page for all the Cloud users.
49
Semi-Trustable Authority generates Decryption keys to Cloud Users.
50
Data owners registration page.
51
Data Owners assigning the Policy Setup to the Employees.
52
Data owner’s Home page.
53
Data owners assigning File policy to the files they upload.
54
Properties of the file such as Read ,Write , Download , Delete.
55
When any Cloud Users try to Commit Key Theft.
56
Questions asked to the cloud user who committed a Key Theft.
57
REFERENCES
[1] Shucheng Yu, Cong Wang, Kui Ren, and Wenjing Lou. Attribute based data
sharing with attribute revocation. In Proceedings of the 5th ACM Symposium
on Information, Computer and Communications Security, pages 261–270.
ACM, 2010.
[2] Yong Yu, Liang Xue, Man Ho Au, Willy Susilo, Jianbing Ni, Yafang Zhang,
Athanasios V. Vasilakos, and Jian Shen. Cloud data integrity checking with an
identity-based auditing mechanism from RSA. Future Generation Comp. Syst.,
62:85–91, 2016.
[3] Zhangjie Fu, Fengxiao Huang, Xingming Sun, Athanasios Vasilakos, and
Ching-Nung Yang. Enabling semantic search based
on conceptual graphs over encrypted outsourced data. IEEE Transactions on
Services Computing, 2016.
[4] Trupti Rongare, “Encrypted Data Management with Deduplication in Cloud
Computing”in Engineering Sciences International Research Journal : Volume 4
Issue 2 (2016):299-306.
[5] Jiaqiang Liu, Yong Li, Huandong Wang, Depeng Jin, Li Su, Lieguang Zeng,
and Thanos Vasilakos. Leveraging software defined Networking for security
policy enforcement.Inf.Sci.,327:288–299, 2016.
58
[6] Mazhar Ali, Revathi Dhamotharan, Eraj Khan, Samee U. Khan, Athanasios
V. Vasilakos, Keqin Li, and Albert Y. Zomaya. Sedasc: Secure data sharing in
clouds. IEEE Systems Journal, 11(2):395–404, 2017.
[7] Amos Beimel. Secure schemes for secret sharing and key distribution.PhD
thesis,Israel Institute of Technology, Technion, Haifa,Israel, 1996.
[8] Mihir Bellare and Oded Goldreich. On defining proofs of knowledge.In
Advances in Cryptology-CRYPTO’92, pages 390–420. Springer, 1993.
59