Академический Документы
Профессиональный Документы
Культура Документы
OF
SUBMITTED BY
CERTIFICATE
1
Submitted by
is a bonafide student of this institute and the work has been carried out by him/her under the
supervision of Prof Ms. K .V. Deshpande and it is approved for the partial fulfillment of the
requirement of Savitribai Phule Pune University, for the award of the degree of Bachelor of
Engineering (Computer Engineering).
Guide H. O. D.
Dr. R. K. Jain
Principal,
Place: Pune
Date:
2
Acknowledgement
This is our great pleasure & immense satisfaction to express our deepest sense of
gratitude & thanks to everyone who has directly or indirectly helped us in completing our
project work successfully.
We express our gratitude towards project guide Prof Ms. K. V. Deshpande who
guided & encouraged us in completing the project work in scheduled time.
No words are sufficient to express our gratitude to our parents for their
unwavering encouragement. We also thank all our friends for being a constant source of
support.
We sincerely thank our Head of Department (Computer) Dr. S. V. Kedar for her
reassuring encouragement throughout the preparation of our project.
We are also grateful to our respected Principal Dr. R. K. Jain for his cooperation despite
his busy schedule.
3
Abstract
Authentication is identifying the user, on the basis of its valid username and password.
Honeyword mechanism provides more enhanced way of authetication. This mechanism
generates honeywords (decoy passwords) which is combination of existing user
passwords. These honeywords are used to confuse the attacker ,making him believe that
the honeyword found is the actual password.
Hence, when an adversary tries to enter into the system with a honey word, an alarm is
triggered to notify the administrator about a password leakage.
After Authentication when user logins successfully ,while storing the data we perform
deduplication .Deduplication will check for depulicate files .The duplicated file will then
be not stored in cloud.This deduplication will help in reducing the redundancy which is
crucial in order to save storage space and network bandwidth.
4
TABLE OF CONTENTS
LIST OF ABBREVIATIONS i
LIST OF FIGURES ii
CHAPTER TITLE
PAGE NO.
01 Introduction 7
1.1 Motivation,Challenges 8
1.4 Methodology 11
02 Literature Survey 12
5
3.5 System design 26
04 System dig 27
05 Project Estimate: 30
06 Project implementation 33
6.1 Modules 34
07 Software Testing 38
08 Results 39
8.1 Screenshots 40
9 Conclusion 42
9.2 Application 44
9.3 References 45
6
Introduction
We know how important authentication is in each and every field now-a-days. Here in
this project we are putting forward a honey word mechanism for authentication along
with a deduplication mechanism performed for storing the data file on cloud after
checking it is not the same amongst already present files on cloud .
The honey word mechanism is used to watch a hacker who endeavors to login with
cracked passwords. In Honeyword mechanism we have three main terms i. Sweet-word
(sweet word is the actual main password of username login) , ii.sugarword (sugar words
are three extra words entered by user other than the sweet word) , iii.honeywords ( our
mechanism would now create n number of honeywords by mixing the existing
sugarwords using various techniques).These honeywords are nothing but the fakewords
to confuse the attacker and keep him away from the actual password.Also all these i.e
sweet word , sugarwords and honeywords are stored using a key which adds the XOR bit
to it and then stores it into database.Which then makes the attacker more difficult to make
out the actual honeyword too. So here for every username there is only one sweet word
which will give successful login and others are decoy passwords(honeywords).Hence,
whenever any attacker tries to enter into the system using a honeyword , an alarm is
triggered via gmail to notify the administrator relating the password leakage.
7
MOTIVATION
In this study, we focus on the same issue and deal with fake passwords as
a simple and cost effective solution to detect compromise of passwords.
8
PROBLEM STATEMENT
Objectives:
3.While storing the file we split into many parts and store to provide more
security.
9
PROJECT SCOPE AND LIMITATION
10
METHODOLOGY
Our product is cloud base so it is very important to acquire the cloud services
from the vendor which provide the same requirement as needed. Initially we are choosing
GoDaddy cloud or AWS.
For initially we are going to start with the best IDE known so far that is Eclipse
to build the various modules and for the testing purpose because the time period for the
cloud service should be limited so no waste.
We are going to use the open source platform to host the website for the testing
purpose and after installing done the proper checking of main target i.e. security is
checking by attacking or hacking. The proper notification and feedback is testing then
afterward it is ready for open world.
11
LITERATURE SURVEY
In essence, a literature review identifies, evaluates and synthesizes the relevant literature
within a particular year of research. It illuminates how knowledge has evolved within the
year, highlighting what has already been done, what is generally accepted, what is
emerging and what is the current state of thinking on the topic. In addition, within
research-based texts such as a Doctoral thesis, a literature review identifies a research gap
and articulates how a particular research project addresses this gap.
REFERENCE PAPER 1
Title:
Year of publication:
January 2018
Abstract:
Choosing the most effective word-mangling rules to use when performing a dictionary-
based password cracking attack can be a difficult task. In this paper we discuss a new
12
method that generates password structures in highest probability order. We first
automatically create a probabilistic context-free grammar based upon a training set of
previously disclosed passwords. This grammar then allows us to generate word-mangling
rules, and from them, password guesses to be used in password cracking. We will also
show that this approach seems to provide a more effective way to crack passwords as
compared to traditional methods by testing our tools and techniques on real password
sets. In one series of experiments, training on a set of disclosed passwords, our approach
was able to crack 28% to 129% more passwords than John the Ripper, a publicly
available standard password cracking program.
REFERENCE PAPER 2
Title:
Year of publication:
June 2018
Abstract:
Past experiences show us that password breach is still one of the main methods of
attackers to obtain personal or sensitive user data. Basically, assuming they have access
to list of hashed passwords, they apply guessing attacks, i.e., attempt to guess a password
by trying a large number of possibilities. We certainly need to change our way of
thinking and use a novel and creative approach in order to protect our passwords. In fact,
there are already novel attempts to provide password protection. The Honeywords system
of Juels and Rivest is one of them which provides a detection mechanism for password
breaches. Roughly speaking, they propose a method for password-based authentication
systems where fake passwords, i.e., “honeywords” are added into a password file, in
“RSCOE, Department of Computer Engineering 2018-19”
13
order to detect impersonation. Their solution includes an auxiliary secure server called
“honeychecker” which can distinguish a user’s real password among her honeywords and
immediately sets off an alarm whenever a honeyword is used. However, they also pointed
out that their system needs to be improved in various ways by highlighting some open
problems. In this paper, after revisiting the security of their proposal, we specifically
focus on and aim to solve a highlighted open problem, i.e., active attacks where the
adversary modifies the code running on either the login server or the honeychecker.
REFERENCE PAPER 3
Title:
Abstract:
Attribute-based encryption (ABE) has been widely used in cloud computing where a
data provider outsources his/her encrypted data to a cloud service provider, and can share
the data with users possessing specific credentials (or attributes). However, the standard
ABE system does not support secure deduplication, which is crucial for eliminating
duplicate copies of identical data in order to save storage space and network bandwidth.
In this paper, we present an attribute-based storage system with secure deduplication in a
hybrid cloud setting, where a private cloud is responsible for duplicate detection and a
public cloud manages the storage. Compared with the prior data deduplication systems,
our system has two advantages. Firstly, it can be used to confidentially share data with
users by specifying access policies rather than sharing decryption keys. Secondly, it
achieves the standard notion of semantic security for data confidentiality while existing
systems only achieve it by defining a weaker security notion. In addition, we put forth a
14
methodology to modify a ciphertext over one access policy into ciphertexts of the same
plaintext but under other access policies without revealing the underlying plaintext.
REFERENCE PAPER 4
Title:
Abstract:
According to Cloud Security Alliance (CSA), over 70 percent of the world's businesses
now operate on the cloud. However, like any new technology adoption, cloud computing
adoption opens new forms of security risks. This paper explores security issues related to
cloud computing and proposes a cloud-native scalable security solution for the cloud. The
paper investigates some of the key research challenges of cloud security solutions to
secure the dynamic cloud environment and provides a practical solution to overcome the
challenges that the cloud providers and consumers face securing their data and valuable
assets.
REFERENCE PAPER 5:
Title:
15
Year of publication: May 2018
Abstract:
REFERENCE PAPER 6:
Title:
Abstract :
Cloud computing has been evolving with an increasing popularity, which leads to the
rapid adaption of cloud services for various reasons among the individuals and
“RSCOE, Department of Computer Engineering 2018-19”
16
organizations. The main reason for this shift is because of the numerous benefits provided
by cloud services such as low costs, computational power, and storage services over the
Internet. Data recovery is one of the important concepts while dealing with storage
devices which are basically the backbone of the cloud infrastructure. Someone with
access to these servers or devices can use data recovery techniques to reconstruct the
confidential data of customers once the customers have deleted their confidential or
private data from the cloud. Reconstruction of such data leads to a security problem and
privacy concerns for users. Even after some gains access to their data users are not aware
that someone else has access to their data even though it has already deleted in their point
of view from the cloud. In this paper, we look into the security problem which can arise
based on the usage of data recovery tools on cloud infrastructure, once the users have
deleted their data. To address this problem, we have proposed a simple method using
Rename.
17
SOFTWARE REQUIREMENTS SPECIFICATION:
An OS is need to perform the operation and match with the project requirement.
Here Linux and Windows both can be used to develop this project because both contains
the Eclipse IDE. But when it comes to performance and speed we choose Linux.
Eclipse:
Apache Tomcat:
Apache tomcat is an open source web container. It is not an application server like
JBoss, Glassfish, etc. which are basically required for enterprise web applications.
Typically consisting of EJBs and other heavy J2EE components.
18
PhpMyAdmin:
XAMPP :
XAMPP stands for Cross-Platform (X), Apache (A), MySQL (M), PHP (P) and
Perl (P). It is a simple, lightweight Apache distribution that makes it extremely easy for
developers to create a local web server for testing purposes.
19
HARDWARE REQUIREMENTS:
● Mouse : Any
● Keyboard : Any
● Monitor : Any
● RAM : 4 GB
20
SOFTWARE REQUIREMENTS:
● XAMPP
● Apache Tomcat
● PhpMyAdmin
● Eclipse
21
NON FUNCTIONAL REQUIREMENTS:
Performance:
Powerful CPU
Safety:
Security:
22
SOFTWARE QUALITY ATTRIBUTES:
● Performance
23
SYSTEM DESIGN:
24
ANALYSIS MODEL: SDLC MODEL TO BE APPLIED
SDLC MODEL:
25
AGILE METHODOLOGY:
26
SYSTEM IMPLEMENTATION PLAN:
Planning is the process of thinking about the activities required to achieve a desired goal.
Login Portal Actual Login portal Create login portal Employee login Team
using web portal
language
Database Handle Database connectivity Database for user Database for Team
authentication employee
Cloud storage Buy cloud storage Cloud for storage Cloud storage for Team
module file of employee
File handling File upload module Text and pdf file File handling Team
module upload portal
Dedeplication Dedeplication Dedeplication File is already on Team
module successful check cloud or not
Admin permission Send request to admin Admin permission File authorization Team
for file authorized from admin
27
SYSTEM DIAGRAM
28
UML DIAGRAM:
ER DIAGRAM:
29
“RSCOE, Department of Computer Engineering 2018-19”
30
CLASS DIAGRAM:
31
COMPONENT DIAGRAM:
32
SEQUENCE DIAGRAM:
33
USE CASE DIAGRAM:
34
STATE DIAGRAM
35
PACKAGE DIAGRAM:
36
MODULES:
37
ALGORITHMS:
38
MODULE 1:
LOGIN PORTAL
MODULE 2:
MODULE 3:
FILE UPLOAD
39
▪ Create portal for file upload
MODULE 4:
DEDUPLICATION OF FILE
40
SOFTWARE TESTING
41
MANUAL TESTING:
Manual testing is the process of using the functions and features of an application
as an end-user would in order to verify the software is working as required. With manual
testing, a tester manually conducts tests on the software by following a set of predefined
test cases. Let's take a close look at how this is done.
Manual testing requires a lot of effort. It’s easy to just say “let's skip it” or “let’s
automate it”. But the truth is, it is imperative to building software because automated
testing can’t cover everything.
After all, humans will be using your software, therefore humans should be
involved in testing your software. Manual testing is more likely to find and solve real
usability issues than automated testing. It allows the tester to be flexible during the test
and try different things on the fly.
This isn’t to say automated testing is useless. Automated testing has its own
benefits and provides value in some areas where manual testing does not. But we’ll save
that for another post.
42
RESULTS
SCREENSHOT:
43
Figure: User Registration
44
Figure: User Login
45
Figure: Admin Login
46
Figure: Honeword Generation
47
Figure: Password Protection
48
Figure: Activation Of Blocked User
49
Figure: Request for User Activation
50
Figure: Login Successfully
51
Figure: Upload File
52
Figure: Dublication of File
53
Figure: Login Information Sent On Mail
54
CONCLUSION AND FUTURE WORK:
Hence we have studied the Honeyword mechanism and various techniques like chaffing
with toughnut, chaffing with tail, chaffing with password model to generate the
honeywords. And then performed Authentication of user with the help of these
honeywords generated. If any malpractice found or any kind of attack detected then
system would notify the user regarding the same. If there is no attack or authentic user
tries to login with correct username and correct password then, he would be able to
successfully login to the system. After successful login we would now allow the user to
access the cloud . When user wants to upload a file to cloud the file is checked if
duplicate.We know if same files, same data is stored again and again on cloud it would
ultimately increase the redundancy. To avoid redundancy, deduplication is performed.
File is first split and then stored. This splitting provides more security as the file contents
are not present at one loctaion, but at various so if any non-authorised person tries to
fetch a specific file he won’t get the complete file, neither at one location. So overall idea
is to provide security. Security while login, security while storing.
In future we can apply the same system and try login with QR codes.
Also the dublication of file can be checked on content maching above 70%.
55
APPLICATIONS:
56
REFERENCES:
• A. Vance, “If your password is 123456, just make it hackme,” New York Times,
Jan. 2010.
57
“RSCOE, Department of Computer Engineering 2018-19”
58
“RSCOE, Department of Computer Engineering 2018-19”
59