„„Towards Global Technological Excellence‟‟

A User Manual on

Two-Cloud Secure Database for Numeric-Related SQL Range

Queries with Privacy Preserving

For the Degree of Bachelor of Technology

By

Mr. Nitin V. Bahekar (15007007)

Mr. Rohit R. Jamnare (15007041)
Mr. Shubham R. Chaudhari (15007043)
Mr. Lankesh A. Purekar (15007057)

Under the Guidance of

Prof. A. W. Bhade

Department of Information Technology Engineering

Government College of Engineering, Amravati.
(An Autonomous Institute of Government of Maharashtra)
2018-2019
 Government College Of Engineering, Amravati
(An Autonomous Institute of Government of Maharashtra)

CERTIFICATE

This is to certify that project entitled as ,” Two-Cloud Secure Database for

Numeric-Related SQL Range Queries with Privacy Preserving ” has been

completed by following students during the academic year 2018-19 in satisfactory manner .

Submitted by:
Mr. Nitin V. Bahekar (15007007)
Mr. Rohit R. Jamnare (15007041)
Mr. Shubham R. Chaudhari (15007043)
Mr. Lankesh A. Purekar (15007057)

--------------------------- -----------------------
Guide & Head of Department External Examiner
Prof. A. W. Bhade

---------------------------
Principal
Dr. R. S. Dalu
 DECLARATION

We hereby declare that the project entitled, “Two-Cloud Secure Database for

Numeric-Related SQL Range Queries with Privacy Preserving” was carried

out and written under the guidance of Prof A. W. Bhade, Department of Information and
Technology Engineering, Government College of Engineering, Amravati.

Place:
Date:

Nitin V. Bahekar Rohit R. Jamnare

(15007007) (15007041)

Shubham R. Chaudhari Lankesh A. Purekar

(15007043) (15007057)
 ACKNOWLEDGEMENT

We take this opportunity to express our profound gratitude and deep regards to our
guide Prof. A. W. Bhade for her exemplary guidance, monitoring and constant
encouragement throughout the course of this thesis. The blessing, help and guidance given
by her time to time shall carry us a long way in the journey of life on which we are about to
embark.

We are obliged to our Head of the department Prof. A. W. Bhade for giving this great
opportunity. We are grateful for their cooperation during the period of our assignment.

i
 HONOR CODE

We certify that we have properly cited any material taken from other sources and have
obtained permission for any copyrighted material included in this report. We take full
responsibility for any code submitted as part of this project and the contents of this report.

Nitin Bahekar (15007007)

Rohit Jamnare (15007041)

Shubham Chaudhari (15007043)

Lankesh Purekar (15007057)

ii
ABSTRACT:
Industries and individuals outsource database to realize convenient and low-cost applications
and services. In order to provide sufficient functionality for SQL queries, many secure
database schemes have been proposed. However, such schemes are vulnerable to privacy
leakage to cloud server. The main reason is that database is hosted and processed in cloud
server, which is beyond the control of data owners.

For the huge database system, those schemes cannot provide sufficient privacy protection
against practical challenges, e.g, privacy leakage of statistical properties, access pattern.
Furthermore increase in problems in database like data redundancy and lacking in data
integrity will inevitably leak more information to the cloud server. In this project, we
proposed two- cloud architecture for secure database, with a series of intersection protocol. In
the two cloud architecture on cloud is for the storing the keys and other is for the data storing
purpose when we store data on the cloud, it is not on the command of the user all the data is
under the control of the TPA who applies auditing schemes on database. But being a cloud
holder TPA has access to manipulate the data. But in the proposed system we can say that as
the data is stored on one cloud and is encrypted with encryption algorithm, and the keys with
which the data is being encrypted are stored on the other cloud. The TPA have access to the
database but whereas the data is in the encrypted form this makes the more secure database.
TPA can apply auditing on every rows and column.

iii
 INDEX
Acknowledgements i
Honor Code ii
Abstract iii
List of Figures iv
1. INTRODUCTION
1.1 Introduction .......................................................................................................... 1
1.2 Scope .................................................................................................................... 2
1.3 Identification of need ........................................................................................... 4
1.4 Motivation ........................................................................................................... 4
1.5 Aim ...................................................................................................................... 5
1.6 Types of Cloud Computing ................................................................................. 7

2. LITERATURE REVIEW
2.1 Background History ............................................................................................. 10
2.2 Related Work ....................................................................................................... 10
2.3 Pitfalls of Existing System ................................................................................... 12
2.4 Privacy-Preserving Public Auditing for Secure Cloud Storage ........................... 13
2.5 Scalable and Efficient Provable Data Possession ................................................. 15
2.6 Dynamic Provable Data Possession ..................................................................... 15
2.7 Summary and Discussion ..................................................................................... 16
3. SYSTEM DEVELOPMENT
3.1 Software Requirement...........................................................................................17
3.2 Features provided by this project ......................................................................... 17
3.3 Problem Definition ............................................................................................... 17
3.4 Proposed System .................................................................................................. 17
3.5 Plan & Module ..................................................................................................... 18
3.6 Advantages of Proposed System ......................................................................... 20

4. DATA COLLECTION AND TOOLS USED

4.1 Eclipse ................................................................................................................... 21

4.2 MySQL .................................................................................................................. 21

 4.3 Java Development Kit .......................................................................................... 22

5. PERFORMANCE ANALYSIS

5.1 Implementation Details ........................................................................................ 23

5.2 Complexity of Our Proposed Scheme ...................................................................23

6. USER MANUAL ......................................................................................................... 32

7. CONCLUSION

`7.1 Conclusion ........................................................................................................... 34

7.2 Future Scope ........................................................................................................ 34

REFERENCES............................................................................................................. 35
 LIST OF FIGURES

Sr. No Figure Name Figure No. Page No.

1 Share a file in the cloud 1.1 3
2 Types of cloud computing 1.7.1 6
3 The architecture of cloud data storage 2.2.1 12
4 Project Flow 3.4.1 18
5 Data Flow Diagram 3.5.1 19
6 User LOGIN page 5.2.1 24
7 TPA LOGIN Page 5.2.2 24
8 LOGIN page 5.2.3 25
9 ADMIN page 5.2.4 25
10 User Page 5.2.5 26
11 USER database 5.2.6 26
12 Block and Unblock feature 5.2.7 28

13 Allotment of TPA to user. 5.2.8 29

14 TPA dashboard 5.2.9 29
15 Database snapshot- 1 5.2.10 30
16 Database Snapshot- 2 5.2.11 30
17 Encrypted file download the file with 5.2.12 31
different key

v
 1. INTRODUCTION

1.1 Introduction

Cloud computing is a type of internet based computing that provides shared computer
processing resources and data to computers and other devices on demand, and provide the
storage space to the users to store their documents, images, songs etc, can also retrieve
whenever they want. But there is no surety about security of the document.

 Some for accessing shared data from the cloud.

 To implement public auditing scheme for shared data in the cloud, to maintain the
integrity of data

The growing industry of cloud has provide a service paradigm of storage/computation

outsourcing helps to reduce users’ burden of IT infrastructure maintenance, and reduce the
cost for both the enterprises and individual users [1], [2], [3]. However, due to the privacy
concerns that the cloud service provider is assumed semi-trust (honest - but curious.), it
becomes a critical issue to put sensitive service into the cloud, so encryption or obfuscation
are needed before outsourcing sensitive data - such as database system - to cloud [4], [5], [6].

The typical scenario for outsourced database is described in Figure. 1 as that in CryptDB[7]:
A cloud client, such as an IT enterprise, wants to outsource its database to the cloud, which
contains valuable and sensitive information (e.g. transaction records, account information,
disease information), and then access to the database (e.g. SELECT, UPDATE, etc.) [8], [9],
[10], [11], [12]. Due to the assumption that cloud provider is honest-but-curious [13], [11],
the cloud might try his/her best to obtain private information for his/her own benefits. Even
worse, the cloud could forward such sensitive information to the business competitors for
profit, which is an unacceptable operating risk. The privacy challenge of outsourced database
is two-hold. 1) Sensitive data is stored in cloud, the corresponding private information may
be exposed to cloud servers; 2) Besides data privacy, clients’ frequent queries will inevitably
and gradually reveal some private information on data statistic properties. Thus, data and
queries of the outsourced database should be protected against the cloud service provider.One
straightforward approach to mitigate the security risk of privacy leakage is to encrypt the
private data and hide the query/access patterns.
Unfortunately, as far as we know, few academia researches satisfy both properties so far.
CryptDB [7] is the first attempt to provide a secure remote database application, which
guarantees the basic confidentiality and privacy requirement, and provides diverse SQL
queries over encrypted data as well. CryptDB uses a series of cryptographic tools to achieve
this security functionality. Especially, order preserving encryption [11] is utilized to realize
numeric related range query processes. From the perspective of query functionality, CryptDB
supports most kinds of numerical SQL queries with such cryptology. However, such privacy
leakage hasn’t been well addressed thoroughly, since OPE is relatively weak to provide
sufficient privacy assurance.

1.2 Scope
With the increasing development of cloud computing technologies, it is not hard to imagine
that in the near future more and more businesses will be moved into the cloud and also
demand for the large database to store their information with security and retrieve it only by
the authoriCloud Service Providers (CSP) provide the services to the users and also manage
an enterprise infrastructure class that offers a scalable, reliable and secure environment to the
users, and requires a very low marginal cost to the sharing nature of resources. It is regular
process for users to use cloud storage services to share data with others in team. Current
system believes that sharing data among multiple users is perhaps one of the most engaging
features that motivate cloud storage. A unique problem introduced during the process of
public auditing for shared data in the cloud is how to preserve identity privacy from the TPA,
because the identities of signers on shared data may indicate that a particular user in the
group or a special block in shared data is a higher valuable target than others. For example,
Alice and Bob work together as a group and share a file in the cloud. The shared file is
divided into a number of small blocks, which are independently signed by users. Once a
block in this shared file is modified by a user, this user needs to sign the new block using her
public/private key pair. The TPA needs to know the identity of the signer on each block in
this shared file, so that it is able to audit the integrity of the whole file based on requests from
Alice or Bob
As shown in Figure. 1.1., after performing several auditing tasks, some private and sensitive
information may reveal to the TPA. On one hand, most of the blocks in shared file are signed
by Alice, which may indicate that Alice is a important role in this group, such as a group
leader.
On the other hand, the 8-th block is frequently modified by different users. It means this
block may contain high value data, such as a final bid in an auction that Alice and Bob need
to discuss

Auditing Task 1 B B B

Auditing Task 2 B B B

Auditing Task 3 B B B

A A block signed by Alice B A block signed by Bob

Figure.1.1 Alice and Bob share a file in the cloud

and change it several times. Cloud Computing refers to both the applications delivered as
services over the Internet and the hardware and systems software in the datacenters that
provide those services. The services themselves have long been referred to as Software as a
Service (SaaS). The datacenter hardware and software is what we will call a Cloud. In
general we heard about the public and private cloud. When a Cloud is made available in a
pay-as-you-go manner to the general public, we call it a Public Cloud. We use the term
Private Cloud to refer to internal datacenters of a business or other organization, not made
available to the general public .
The authenticity of data can be emerged as a critical issue while storing data on the
untrusted servers. The data can move from peer-to-peer storage systems, network file system,
web-service object stores, and database systems. These kinds of systems prevents storage
servers from mixed kind of representation and modifying data by analyzing and providing
authenticity to check when accessing the data . The archival storage requires many guarantees
about the authenticity of data during the process of storage. During the process of accessing
the data it is insufficient to detect and modify the data. Due to the storage, the server retains
tremendous amount of data, in which little can be accessed . Since cloud service providers
(CSP) are separate administrative entities, data outsourcing is actually relinquishing user’s
ultimate control over the fate of their data. As a result, the correctness of the data in the cloud
is being put at risk due to the following reasons. First of all, although the infrastructures
under the cloud are much more powerful and reliable than personal computing devices they
are still facing the broad range of both internal and external threats for data integrity. We
formalize the related notion of ring signature schemes. These are simplified group signature
schemes which have only users and no managers (we call such signatures “ring signatures”
instead of “group signatures” since rings are geometric regions with uniform periphery and
no center). Group signatures are useful when the members want to cooperate, while ring
signatures are useful when the members do not want to cooperate.
1.3 Identification of need
Some specific purpose cryptology like order preserving encryption (OPE) will expose some
private information to the cloud service provider naturally: As it is designed to preserve the
order on cipher texts so that it can be used to conduct range queries, the order information of
the data, the statistical properties derived therefrom, such as the data distribution, and the
access pattern will be leaked. Can we design a new database system to provide range queries
with stronger privacy guaranty?

From the work in , the privacy can be preserved against the cloud, if the sensitive knowledge
is partitioned into two parts, and distributed to two non-colluding clouds. In the literature , the
authors also introduce a two-party system to design a secure k query scheme, which enables
the client to query k most similar records from the cloud securely. This divide-and-conquer
mechanism can know any private information from one singe isolated part of the knowledge,
and each of both clouds only knows its own part.

In this project, we introduce a secure two-cloud database service architecture, where two
seperate clouds are used and both of them will perform different task(i.e one cloud for storing
keys and other for storing data). Based on this architecture, we further propose a series of
interaction protocols for a client to conduct numeric-related query over encrypted data from
remote cloud servers. The numeric-related query includes common query statements, such as
greater than, less than, between, etc.

1.4 Motivation
Cloud computing is a computing model in which resources are provided to the users
based on their demand. In cloud computing resources are provided by the cloud service
provider known as CSP. Cloud has a number of users which daily uploading the data, User
can also share the data with other users. So cloud needs a proper way of maintenance and
security. TPA plays a role for maintain and analyzing the cloud properly, so it has motivated
as proposed system can try to provide the privacy to all the documents and data and keep it
secure from the unauthorized users, also maintain the data integrity in cloud. Proposed
system is going to provide security to the data and user can share secured data with team
members who are authenticated to access that data.

1.5 Aim

To provide security of data on cloud computing by using Two cloud Architecture in

which one cloud is for storing the data and another cloud is for storing key data
information. Also perform auditing scheme on database to maintain the integrity of
data.

1.6 Objectives
Current dissertation is dedicated to achieve some of the following objectives.
 To achieve data privacy over the shared cloud environment to maintain confidentiality
of user sensitive data.
 To identify & analyze the corrupted block of data in cloud via TPA.
 To implement secured data sharing by using ring signature.
 To build a secure mechanized user whenever it required.
Data confidential against cloud servers is hence frequently desired when users
outsource data for storage in the cloud. It has the large scope for the enterprises, academics
and private sectors also to store their data on the cloud with security.

 Characteristics
Cloud computing has a variety of characteristics, which are given below.
 Shared Infrastructure:- Uses a virtualized software model, enabling the sharing of
physical services, storage, and networking capabilities. The cloud infrastructure,
regardless of deployment model, seeks to make the most of the available
infrastructure across a number of users.
 Dynamic Provisioning:- Allows for the provision of services based on current
demand requirements. This is done automatically using software automation, enabling
the expansion and contraction of service capability, as needed. This dynamic scaling
needs to be done while maintaining high levels of reliability and security.
  Network Access:- Needs to be accessed across the internet from a broad range of
devices such as PCs, laptops, and mobile devices, using standards-based APIs (for
example, ones based on HTTP) Deployments of services in the cloud include
everything from using business applications to the latest application on the newest
smart phones.
 Managed Metering:- Uses metering for managing and optimizing the service and to
provide reporting and billing information. In this way, consumers are billed for
services according to how much they have actually used during the billing period.
 Broad network access:- Your team can access using their smart phones, tablets,
laptops, and office computers. They can use these devices wherever they are located
with a simple online access point. This mobility is particularly attractive for
businesses so that during business hours or on off-times, employees can stay on top of
projects, contracts, and customers whether they are on the road or in the office. Broad
network access includes private clouds that operate within a company’s firewall,
public clouds, or a hybrid deployment.
 Resource pooling:- The cloud enables your employees to enter and use data within
the business management software hosted in the cloud at the same time, from any
location, and at any time. This is an attractive feature for multiple business offices and
field service or sales teams that are usually outside the office.
 Rapid elasticity:- If anything, the cloud is flexible and scalable to suit your
immediate business needs. You can quickly and easily add or remove users, software
features, and other resources.
 Measured service:- Going back to the affordable nature of the cloud, you only pay
for what you use. You and your cloud provider can measure storage levels, processing,
bandwidth, and the number of user accounts and you are billed appropriately. The amount of
resources that you may use can be monitored and controlled from both your side and your
cloud provider’s side which provides transparency.
1.7 Types of Cloud Computing:
As shown in above figure 1.7.1. there are several types of cloud computing which are
as follows.We are discussing here four types of models Public,Private,hybrid and
community.
 Figure 1.7.1. Types of cloud computing

Public Model:

Public clouds are made available to the general public by a service provider who hosts
the cloud infrastructure. Generally, public cloud providers like Amazon AWS, Microsoft and
Google own and operate the infrastructure and offer access over the Internet. With this
model, customers have no visibility or control over where the infrastructure is located. It is
important to note that all customers on public clouds share the same infrastructure pool with
limited configuration, security protections and availability variances.Public Cloud customers
benefit from economies of scale, because infrastructure costs are spread across all users,
allowing each individual client to operate on a lowcost, “pay-as-you-go” model. Another
advantage of public cloud infrastructures is that they are typically larger in scale than an in-
house enterprise cloud, which provides clients with seamless, on-demand scalability. These
clouds offer the greatest level of efficiency in shared resources; however, they are also more
vulnerable than private clouds. A public cloud is the obvious choice when .
 Your standardized workload for applications is used by lots ofpeople, such as email.
 You need to test and develop application code.
 You’re doing collaboration projects.
 Private Model:

Private cloud is cloud infrastructure dedicated to a particular organization. Private

clouds allow businesses to host applications in the cloud, while addressing concerns
regarding data security and control, which is often lacking in a public cloud environment. It is
not shared with other organizations, whether managed internally or by a third-party, and it
can be hosted internally or externally.
There are two variations of private clouds .
 On-Premise Private Cloud:This type of cloud is hosted within an organization’s own
facility. A businesses IT department would incur the capital and operational costs for the
physical resources with this model. On-Premise Private Clouds are best used for applications
that require complete control and configurability of the infrastructure and security.
 Externally Hosted Private Cloud: Externally hosted private clouds are also exclusively
used by one organization, but are hosted by a third party specializing in cloud infrastructure.
The service provider facilitates an exclusive cloud environment with full guarantee of
privacy. This format is recommended for organizations that prefer not to use a public cloud
infrastructure due to the risks associated with the sharing of physical resources. When is a
Private Cloud for you?
 You need data sovereignty but want cloud efficiencies
 You want consistency across services
 You have more server capacity than your organization can use
 Your data center must become more efficient
 You want to provide private cloud services

Hybrid Model:

Hybrid Clouds are a composition of two or more clouds (private, community or

public) that remain unique entities but are bound together offering the advantages of multiple
deployment models. In a hybrid cloud, you can leverage third party cloud providers in either
a full or partial manner; increasing the flexibility of computing. Augmenting a traditional
private cloud with the resources of a public cloud can be used to manage any unexpected
surges in workload. Hybrid cloud architecture requires both on-premise resources and off-site
server based cloud infrastructure.By spreading things out over a hybrid cloud, you keep each
aspect of your business in the most efficient environment possible. The downside is that you
have to keep track of multiple cloud security platforms and ensure that all aspects of your
business can communicate with each other. Here are a couple of situations where a hybrid
environment is best .
 Your company wants to use a SaaS application but is concerned about security. Your
company offers services that are tailored for different vertical markets. You can use a public
cloud to interact with the clients but keep their data secured within a private cloud.
 You can provide public cloud to your customers while using a private cloud for
internal IT.
Community Model:
A community cloud is a multi-tenant cloud service model that is shared among
several or organizations and that is governed, managed and secured commonly by all the
participating organizations or a third party managed service provider. Community clouds are
a hybrid form of private clouds built and operated specifically for a targeted group. These
communities have similar cloud requirements and their ultimate goal is to work together to
achieve their business objectives. The goal of community clouds is to have participating
organizations realize the benefits of a public cloud with the added level of privacy, security,
and policy compliance usually associated with a private cloud. Community clouds can be
either on-premise or off-premise. Here are a couple of situations where a community cloud
environment is best .
 Government organizations within a state that need to share resource
 A private HIPAA compliant cloud for a group of hospitals or clinics
 Telco community cloud for telco DR to meet specific FCC regulations
 CHAPTER 2
LITERATURE REVIEW

2.1 Background History

Cloud computing is becoming powerful network architecture to perform large- scale
and complex computing. Cloud computing is the delivery of computing as a service rather
than a product. The idea of providing a centralized computing service dates back to the
1960s, In 1966, Canadian engineer Douglass Parkhill published his book The Challenge of
the Computer Utility, in which he describes the idea of computing as a public utility sharing
mechanism effectively utilized computing resources and provided acceptable performance to
users; however, mainframes were difficult to scale and provision up because of increasingly
high hardware costs. Accordingly, users didn’t have full control over the performance of
mainframe applications because it depended on how many users utilized the mainframe at a
given moment. As such, with the introduction of personal computers users loved the idea of
having full control of their computing resources, even though these resources are not as
effectively utilized [7]. Consider Public auditability in their defined “provable data
possession” (PDP) model for ensuring possession of data files on untrusted storages. Their
scheme utilizes the RSA based homomorphic linear authenticators for auditing outsourced
data and suggests randomly sampling a few blocks of the file. However, the public
auditability in their scheme demands the linear combination of sampled blocks exposed to
external auditor. When used directly, their protocol is not provably privacy preserving, and
thus may leak user data information to the auditor. [5].

2.2 Related Work

The first provable data possession (PDP) mechanism to perform public auditing is
designed to check the correctness of data stored in an untrusted server, without retrieving the
entire data. Moving a step forward, (referred to as WWRL) is designed to construct a public
auditing mechanism for cloud data, so that during public auditing, the content of private data
belonging to a personal user is not disclosed to the third party auditor [1]. Construct an
aggregate signature scheme based on a recent short signature due to Boneh, Lynn, and
Shacham (BLS) [8]. Recent visions of "cloud computing" and software as a service call for
data, both personal and business, to be stored by third parties, but deployment has lagged [9].
Existing work introduced a dynamic audit service for integrity verification of untrusted and
outsourced storages. Audit system can support dynamic data operations and timely anomaly
detection with the help of several effective techniques, such as fragment structure, random
sampling, and index-hash table (IHT) [10]. Specifically, the data owner encrypts blocks of
content with symmetric content keys. The content keys are all encrypted with a master public
key, which can only be decrypted by the master private key kept by the data owner. The data
owner uses his master private key and user’s public key to generate proxy re-encryption keys
[11]. Digital signatures are the most important cryptographic primitive for the daily life.
Short signature is a variant of digital signature which can provide a high security level with
relatively shorter signature length [12]. Homomorphic signature schemes have been initially
designed to establish authentication in network coding and to address pollution attacks.
However, since they allow for computations on authenticated data, they are also a useful
primitive for many other applications [13]. Homomorphic authenticators (also called
homomorphic verifiable tags) are basic tools to construct data auditing mechanisms. Besides
unforgeability (only a user with a private key can generate valid signatures), a homomorphic
authenticable signature scheme, which denotes a homomorphic authenticator based on
signatures [1]. A ring signature scheme allows a signer to sign a message on behalf of a set of
users which include the signer herself in such a way that a verifier is convinced that the signer
is one of the ring members, but he cannot tell which member is the actual signer . A ring
signature scheme is set-up free: The signer does not need the knowledge, consent, or
assistance of the other ring members to put them in the ring - all he needs is knowledge of
their regular public keys. Different members can use different independent public key
signature schemes, with different key and signature sizes. Verification must satisfy the usual
soundness and completeness conditions, but in addition we want the signatures to be signer-
ambiguous in the sense that the verifier should be unable to determine the identity of the
actual signer in a ring of size r with probability greater than 1/r [6]. Common to the existing
techniques is the fact that they employ a trusted server that stores the data in clear. Access
control relies on software checks to ensure that a user can access a piece of data only if he is
authorized to do so [10]. Consider public auditability in their “Provable Data Possession”
(PDP) model for ensuring possession of data files on untrusted storages. They utilize the
RSA-based homomorphic linear authenticators for auditing outsourced data and suggest
randomly sampling a few blocks of the file. However, among their two proposed schemes,
the one with public auditability exposes the linear combination of sampled blocks to external
auditor. When used directly, their protocol is not provably privacy preserving, and thus may
leak user data information to the external auditor [6]. As part of pre-processing, the client
may alter the file to be stored at the server. The client may expand the file or include
additional metadata to be stored at the server. Before deleting its local copy of the file, the
client may execute a data possession challenge to make sure the server has successfully
stored the file Clients may encrypt a file prior to out-sourcing the storage. [4].

Figure 2.2.1. The architecture of cloud data storage

In cloud data storage system as shown in figure 2.2.1., users store their data in the cloud and
no longer possess the data locally. Thus, the correctness and availability of the data files
being stored on the distributed cloud servers must be guaranteed. One of the key issues is to
effectively detect any unauthorized data modification and corruption, possibly due to server
compromise. A special entity is considered to ensure the security and dependability of the
Cloud Server referred to as Adversary Model. [10].
2.3 Pitfalls of Existing System
In “Cloud computing: implementation, management, and security”,published in 2016 by
J.W. Ritting house and J.F. Ransome. Various comparison study held from 2013-16 this was
published as shown below.
Ideally, this cloud software would be Open Source. Many pundits are anxious about
Things being used to help spread viruses, aiding in denial of service attacks and other
dastardly goings-on. Making sure the Thing software is Open Source means that the source
code is available to fix the inevitable problems of rampant Things far into the future. Of
course, all software and networking the Thing uses should also include good encryption and
authorization. While peer-to-peer cloud software is exceptional for IoT, it is also useful in
client/server cloud functions. By setting up clouds internal to your own organization or
community, you make more efficient use of existing hardware. Using peer-to-peer clouds in
conjunction with Big Cloud vendors can reduce the costs of the cloud software overall. This
is called a hybrid cloud.
Sr. Paper Title Authors Year Of Methods Used Limitations
No. publishing
1 Privacy- Cong Wang, 2013 public auditability do not
consider the privacy
Preserving Sherman S.-
protection of users’
Public Auditing M. Chow, data against
for Qian Wang, external auditors.
Indeed, they may
Secure Cloud Kui Ren, and
potentially reveal
Storage[5] Wenjing Lou, user data information
to the auditors.
2 Oruta: Privacy- Boyang 2014 Homomorphic Signature schemes do
Preserving Wang, authenticable not support blockless
verification. Without
Public Auditing Baochun Li, , signatures, not blockless verification,
for Shared Data and Hui Li, homomorphic the TPA has to
download the whole
in the Cloud [1] signatures.
data file to verify the
correctness of shared
data, which takes long
verification times.
3 Dynamic Audit Devi Parvathy 2014 fragment structure, It must requires
Services for Mohan, random sampling, external TPA
Outsourced K.J.Jagdish and index-hash monitoring.
Storages in table (IHT) Not Secure
Clouds [10]
4 Provable data S.Karthikeyan 2015 Provable Data The provable data
possession for , J.praveen Possession (PDP) possession is not
securing the And Author capable for the source
data from Mrs. Sumathy authentication
untrusted server technique. PDP is
[3] restricted form of the
memory checking.

2.4 Privacy-Preserving Public Auditing for Secure Cloud Storage:

Using Cloud Storage, users can remotely store their data and enjoy the on-demand high
quality applications and services from a shared pool of configurable computing resources,
without the burden of local data storage and maintenance. However, the fact that users no
longer have physical possession of the outsourced data makes the data integrity protection in
Cloud Computing a formidable task, especially for users with constrained computing
resources. Moreover, users should be able to just use the cloud storage as if it is local, without
worrying about the need to verify its integrity. Thus, enabling public auditability for cloud
storage is of critical importance so that users can resort to a third party auditor (TPA) to
check the integrity of outsourced data and be worry-free. To securely introduce an effective
TPA, the auditing process should bring in no new vulnerabilities towards user data privacy,
and introduce no additional online burden to user. It propose a secure cloud storage system
supporting privacy-preserving public auditing. We further extend result to enable the TPA to
perform audits for multiple users simultaneously and efficiently. Extensive security and
performance analysis show the proposed schemes are provably secure and highly efficient.
To address these problems, work utilizes the technique of public key based homomorphic
linear authenticator (or HLA for short), which enables TPA to perform the auditing without
demanding the local copy of data and thus drastically reduces the communication and
computation overhead as compared to the straightforward data auditing approaches [10].

BAF: An Efficient Publicly Verifiable Secure Audit Logging Scheme for Distributed
Systems:

Audit logs, providing information about the current and past states of systems, are one of the
most important parts of modern computer systems. Providing security for audit logs on an
untrusted machine in a large distributed system is a challenging task, especially in the
presence of active adversaries. In such a system, it is critical to have forward security such
that when an adversary compromises a machine, she cannot modify or forge the log entries
accumulated before the compromise. Unfortunately, existing secure audit logging schemes
have significant limitations that make them impractical for real-life applications: Existing
Public Key Cryptography (PKC) based schemes are computationally expensive for logging in
task intensive or resource-constrained systems, while existing symmetric schemes are not
publicly verifiable and incur significant storage and communication overheads. In this paper,
we propose a novel forward secure and aggregate logging scheme called Blind-Aggregate-
Forward (BAF) logging scheme, which is suitable for large distributed systems. BAF can
produce publicly verifiable forward secure and aggregate signatures with near-zero
computational, storage, and communication costs for the loggers, without requiring any
online Trusted Third Party (TTP) support. We prove that BAF is secure under appropriate
computational assumptions, and demonstrate that BAF is significantly more efficient and
scalable than the previous schemes. Therefore, BAF is an ideal solution for secure logging in
both task intensive and resource-constrained systems. To address the above problems, a set
of cryptographic countermeasures have been proposed to enable secure logging on untrusted
machines, without assuming a tamper-resistant hardware or continuous real-time log verifier
In order to fulfill this requirement, we propose a novel forward secure and aggregate logging
scheme for secure audit logging in distributed systems, which we call Blind Aggregate-
Forward (BAF) logging scheme. BAF can address all the aforementioned limitations of the
existing approaches simultaneously [10].

2.5 Scalable and Efficient Provable Data Possession:

Storage outsourcing is a rising trend which prompts a number of interesting security issues,
many of which have been extensively investigated in the past. However, Provable Data
Possession (PDP) is a topic that has only recently appeared in the research literature. The
main issue is how to frequently, efficiently and securely verify that a storage server is
faithfully storing its client’s (potentially very large) outsourced data. The storage server is
assumed to be untrusted in terms of both security and reliability [10]. PDP uses RSA-based
scheme for security. A publicly available version of PDP is also available which enables any
one to verify the data. It also causes problems when data owners are separated from data
users. These schemes are proved to be insecure against replay attacks. Moreover, they are not
suitable for multi cloud storage environment. Other PDP schemes such as dynamic PDP and
scalable PDP [10].

2.6 Dynamic Provable Data Possession:

Today many services outsource their storage to remote servers or the cloud, which can
include web services, blogs, and other applications in which there is a need for multiple users
to access and update the data, and modifications to the stored data are common. For example,
many subscribers of a popular blog hosted by a cloud-based server are allowed to upload,
edit, or remove blog content ranging from a short commentary to a large video clip. This
demands support for multiple user access while maintaining data consistency and integrity,
which current schemes do not provide [13]. The client preprocesses the data and then sends it
to an untrusted server for storage, while keeping a small amount of meta-data. The client later
asks the server to prove that the stored data has not been tampered with or deleted (without
downloading the actual data). However, the original PDP scheme applies only to static (or
append-only) files. We present a definitional framework and efficient constructions for
dynamic provable data possession (DPDP), which extends the PDP model to support
provable updates to stored data [10]. A dynamic scheme was presented which integrate MHT
and Compact POR into DPDP Later many POR schemes came into existence [8]. Dynamic
data has also attracted attentions in the recent literature on efficiently providing the integrity
guarantee of remotely-stored data. Ateniese et al is the first to propose a partially dynamic
version of the prior PDP scheme, using only symmetric key cryptography but with a bounded
number of audits [10]. An effective and flexible distributed scheme with explicit dynamic
data support to ensure the correctness of users’ data in the cloud was proposed by C. Wang,
Q. Wang, K. Ren, and W. Lou in July 2009. To ensure file integrity across multiple
distributed servers, using erasure-coding and block-level file integrity checks was proposed
by T. S. J. Schwarz and E. L. Miller in 2009 . In cloud data storage system, users store their
data and do not possess longer data locally. Due to which, the correctness and availability of
the data files which being stored on the distributed cloud servers must be guaranteed. The
most important issue is to effectively detect any unauthorized data modification and
corruption [12]. Provable data allows a verifier to check the correctness of a client’s data
stored at an untrusted server. The verifier is able to publicly audit the integrity of data without
retrieving the entire data by utilizing RSA-based homomorphic authenticators and sampling
strategies, which is referred as a public auditing [13].

2.7 Summary and Discussion:

In existing system on cloud computing is a traditional one in which only used for data
storage. In that security of data problem occur. Some cloud are public and some are private so
in public cloud computing security of data or information can be leaked easily by the hackers
by applying his own logic. When we try to apply different types of security algorithm like
symmetric key or Asymmetric key algorithm then the retrieval of data becomes very slow.
Also there is problem while performing auditing scheme because all data is in encrypted
form. Whenever user wants to communicate with each other the main problem is key sharing,
because key may be hacked by middle intruders.

In our system we design a cloud computing with data security. For providing the data
security of data on cloud computing by using Two cloud Architecture in which one cloud is
for storing the data and another cloud is for storing key data information. Also perform
auditing scheme on database to maintain the integrity of data.
 CHAPTER 3
SYSTEM DEVELOPMENT

Systems development is the process of defining, designing, testing and implementing

a new software application or program. It can include the internal development of customized
systems, the creation of database systems or the acquisition of third party developed software.
The most effective way to protect information and information systems is to integrate
security into every step of the systems development process, from the initiation of a project to
developing a system to its disposition. Written standards and procedures must guide all
information systems processing functions. The organization’s management must define and
implement standards and adopt an appropriate system development life cycle methodology
governing the process of developing, acquiring, implementing, and maintaining computerized
information systems and related technology.

3.1 Software Requirement:

 OS
o Linux
o Windows
o Mac OS
 Excel file reader
o MS Excel
o Libre Calc
 Command Prompt / Terminal
 Eclipse IDE
 MySql

3.2 Features provided by this project are:

 Cloud based security

 Privacy preservation on outsourced encrypted database.

3.3 Problem Definition:

In cloud, data can be store in large scale and which can be shared as well it means that
a single database can be controlled or access by single or multiple users at same instance. The
data can be accessed by user or group of user as well. The data owner plays an important role
in these things that is owner will decide the access of data to TPA. The owner of the data will
send the key with data to access the data, this key is visible to the users only and not to the
TPA. Sharing of key is main problem whenever user wants to communicate with each other,
to solve this problem Diffie Hellmann Key exchange algorithm is used. In such system, for
TPA it’s necessary to maintain the security and integrity of data. So that system is going to
perform the privacy preserving on to the all data which is shared in group or with TPA for
auditing this will help to maintain data integrity for auditor and security over shared data.

3.4 Proposed System:

The proposed system implementing various auto signature generation techniques over
each and every file uploaded or share document by user with privacy preserving over cloud.
As shown in figure 3.4.1. How the Architecture look like, In this TPA is able to maintain the
auditing on the shared data and also check for data integrity without any information about
user by using above techniques we can efficiently achieve followings.
(1) Public Auditing: The third party auditor is able to verify the integrity of shared data for a
group of users without retrieving the entire data.
(2) Correctness: The third party auditor is able to correctly detect whether there is any
corrupted block in shared data.
(3) Unforgeability: Only a user in the group can generate valid verification information on
shared data.
(4) Identity Privacy: During auditing, the TPA cannot distinguish the identity of the signer on
each block in shared data.

Figure 3.4.1: Project Flow

3.5 Plan & Module:
Proposed system has some modules which are as given below:
 Data Owner: it is the user which is going to store their data on to the cloud
and can share with the group members and access whenever its required.
 TPA: TPA (Third Party Auditor) is used to perform the public auditing on
cloud based data and check the integrity and confidentiality of the user’s data
without accessing the entire file of data and generate auditing report for the
data owner to know which group member access her file.
 Cloud: As we all know cloud is used to store the data in the same way we are
going to not only store the data onto the cloud but also preserve the privacy of
user’s data by using privacy preserving system and user can access that data
with specific authentication.

Figure 3.5.1: Data Flow Diagram

Stepwise working of the Proposed System in the figure 3.5.1:

 Data owner login the system with his generated signature and upload the documents
on the cloud.
 Data owner can also modify the data after uploading the document and can share with
other users or group members if he wants to share the data.
 Provide security to the documents with the user signature and documents signature.
  Update signature to the cloud server and by using TPA maintain the privacy of all
documents.
 TPA can access only the document information like size, no uses time, modification
done by the user if any, last update etc, not the data.
 User can access the document if and only if he has the valid verified signature
provided by the data owner.
 Maintain the data integrity and apply privacy preserving on the cloud storage.

3.6 Advantages of Proposed System:

• Unauthorized user can’t get access to the data

• Authorized user can easily modify, upload, and share their data

• TPA Perform auditing without retrieving the entire copy of data

• It does not reveal the users confidential information

• TPA maintain the data integrity over the cloud

 CHAPTER 4

DATA COLLECTION AND TOOLS USED

It is important for an android app to successfully stored data in order to perform

different operations on it. For this purpose different data collection strategies are
implemented along with that tools like android sdk are used.

4.1 Eclipse

Eclipse is an integrated development environment (IDE) used in computer programming, and

is the most widely used Java IDE.[6] It contains a base workspace and an extensible plug-in
system for customizing the environment. Eclipse is written mostly in Java and its primary use
is for developing Java applications, but it may also be used to develop applications in other
programming languages via plug-ins, including Ada, ABAP, C, C++, C#, COBOL, D,
Fortran, Haskell, JavaScript, Julia,[7] Lasso, Lua, NATURAL, Perl, PHP, Prolog, Python, R,
Ruby (including Ruby on Rails framework), Rust, Scala, Clojure, Groovy, Scheme, and
Erlang. It can also be used to develop documents with LaTeX (via a TeXlipse plug-in) and
packages for the software Mathematica. Development environments include the Eclipse Java
development tools (JDT) for Java and Scala, Eclipse CDT for C/C++, and Eclipse PDT for
PHP, among others.
4.2 MySQL

MySQL is an open-source relational database management system (RDBMS).[6] Its

name is a combination of "My", the name of co-founder Wideness’s daughter,[7] and "SQL",
the abbreviation for Structured Query Language. The MySQL development project has made
its source code available under the terms of the GNU General Public License, as well as
under a variety of proprietary agreements. MySQL was owned and sponsored by a single for-
profit firm, the Swedish company MySQL AB, now owned by Oracle Corporation.[8] For
proprietary use, several paid editions are available, and offer additional functionality.

4.3 Java Development Kit (JDK)

The Java Development Kit (JDK) is an implementation of either one of the Java
Platform, Standard Edition, Java Platform, Enterprise Edition, or Java Platform, Micro
Edition platforms released by Oracle Corporation in the form of a binary product aimed
at Java developers on Solaris, Linux, macOS or Windows. The JDK includes a private JVM
and a few other resources to finish the development of a Java Application.

In addition to the most widely used JDK discussed in this article, there are other
JDKs commonly available for a variety of platforms, some of which started from the Sun
JDK source and some that did not. All adhere to the basic Java specifications, but often differ
in explicitly unspecified areas, such as garbage collection, compilation strategies, and
optimization techniques.

4.4 JSP,Servlet

A servlet is a Java class which is used to extend the capabilities of servers that host
applications accessed by means of a request-response model. Servlets are mainly used to
extend the applications hosted by webs servers, however, they can respond to other types of
requests too. For such applications, HTTP-specific servlet classes are defined by Java Servlet
technology.

A JSP is a text document which contains two types of text: static data and dynamic data. The
static data can be expressed in any text-based format (like HTML, XML, SVG and WML),
and the dynamic content can be expressed by JSP elements. A servlet is a Java programming
language class that is used to extend the capabilities of servers that host applications accessed
by means of a request-response programming model. Although servlets can respond to any
type of request, they are commonly used to extend the applications hosted by web servers.
For such applications, Java Servlet technology defines HTTP-specific servlet classes.

The javax.servlet and javax.servlet.http packages provide interfaces and classes for writing
servlets. All servlets must implement the Servlet interface, which defines life-cycle methods.
When implementing a generic service, you can use or extend the GenericServlet class
provided with the Java Servlet API. The HttpServlet class provides methods, such
as doGet and doPost, for handling HTTP-specific services.
 CHAPTER 5

PERFORMANCE ANALYSIS

5.1 Implementation Details:

In this section, we firstly give an overview of our proposed two-cloud scheme, and
then present the detailed interaction protocols to realize range query with privacy
preservation on outsourced encrypted database.

5.2 Existing System performance:

In the existing system, small scale organization could not continuously run their own
website on their server so they allot TPA for this process handling, so our database is also
available in their server. So there may be a chance of data leaking and data malfunctioning. If
we try to encrypt the data for security purpose then it consume more cost in terms of retrieval
time. Unnecessary encryption scheme can slow down the performance.
When some user trying to share his database to another user then this sharing is done
though cloud but the intruders can also access the file from cloud by firing some fuzzy query.
As cloud service providers take care of a number of clients each day, they can become
overwhelmed and may even come up against technical outages. This can lead to your
business processes being temporarily suspended. Additionally, if your internet connection is
offline, you will not be able to access any of your applications, server or data from the cloud.
Although cloud service providers implement the best security standards and industry
certifications, storing data and important files on external service providers always opens up
risks. Using cloud-powered technologies means you need to provide your service provider
with access to important business data. Meanwhile, being a public service opens up cloud
service providers to security challenges on a routine basis. The ease in procuring and
accessing cloud services can also give nefarious users the ability to scan, identify and exploit
loopholes and vulnerabilities within a system. For instance, in a multi-tenant cloud
architecture where multiple users are hosted on the same server, a hacker might try to break
into the data of other users hosted and stored on the same server. However, such exploits and
loopholes are not likely to surface, and the likelihood of a compromise is not great. Since the
cloud infrastructure is entirely owned, managed and monitored by the service provider, it
transfers minimal control over to the customer. The customer can only control and manage
the applications, data and services operated on top of that, not the backend infrastructure
itself. Key administrative tasks such as server shell access, updating and firmware
management may not be passed to the customer or end user.
5.3 Proposed System performance:
In our proposed scheme, both stored data and query logic are partitioned into two parts. This
improves the privacy preservation of range query, while the complexity increases, too. In
fact, the complexity of client is no significant increase compared with common OPES
schemes, such as for a query, the client in these schemes needs to send a query request, and
then receive and decrypt the response to get the results. The client in our scenario also only
needs a round trip communication to perform a query.

As for the clouds, the communication overhead between two clouds does not exist in single
cloud schemes. However, as mentioned in Section 5.1 in [12], the two clouds are in fact two
different clouds (e.g. Amazon and Azure), the communication latency between the clouds is
relative low. What is more, during a query, only one interaction is required for both clouds in
our scheme. In total, our system does increase complexity to some extent, but it is acceptable,
as the increase in overhead is small and the security has been greatly improved.

The frontend developed contains three Actors in the use case analysis i.e, USER, TPA,
ADMIN. The first page consist of the login page which is individual login to these actors.
Each login process will have its separate login Id and login password that will be generated at
the time of registration. After each registration the admin is first login takes the charge to add
the user and allot the TPA. User register on the portal and then the user is being added by the
admin, the user have privileges to access the facilities of the cloud such as upload a file or
download a file. Similarly, when the user are added Admin a lot the TPA to each user and the
data of the user is sent for the auditing to the TPA. The beauty of the project is that when the
data is sent for the auditing the data is in the encrypted format. If at all TPA download the
data but could not read the information.
 Figure 5.2.3 LOGIN page.

LOGIN page Figure 5.2.3:-This page has three types of login ADMIN login, USER login,
TPA login.

There are two credentials to login 1) Username 2) Password. The password required is in the
form high security that contains character and the numeric values.

Figure 5.2.1 User Dashboard page

USER:- In the Figure 5.2.1 shown USER can register to the database through the user login..
User have the privilege to create the database, add table, add file to cloud manages the files
from the cloud. User can share the file which is in the database, while sharing the file it is
confirmed that the file is shared with the claimed user or not.

Figure 5.2.2 TPA LOGIN Page

TPA LOGIN:- In the Figure 5.2.2 shown TPA can login through this Page. TPA have access
to database of all the user, TPA can download the files but will be in encrypted form. TPA is
the developer so TPA has knowledge of the database so fires the query onto the database for
auditing purposes .Permission to TPA is not granted because the data is in the encrypted
format and the key is shared among the claimed sender and the receiver only.

Figure 5.2.4 ADMIN page.

ADMIN:- In the Figure 5.2.4 shown Admin has privilege to add TPA, to add user, confirm
TPA and User. Admin tales the supervision over the overall process. When the details are
checked by the admin the information of the registered user are stored in the log files and
when any case kind of intrusion in the database these log files are checked.

Figure 5.2.5 User Page

USER database:- In the Figure 5.2.5 shown User can manage the data on cloud. User can
download the data, Upload the data, and can share the data. The data stored on the cloud has
access to only the user and when the data is downloaded, stored in the secondary memory.
There are some functionalities provided to the user that is the viewing the details of the file
and inserting the new file or add the details.

User databases are the databases that someone like us create. In one of these databases is
affected by some issue the overall SQL server will still keep functioning bit any applications
using that particular database will be unavailable. These databases collectively maintain and
manage lot of information about the SQL server system like logins , databases , linked
servers , jobs , schedules , reports , report data sources etc.
 Figure 5.2.6 USER database.

USER Table:- In the Figure 5.2.6 shown user can create the database and fire some queries to
manage the database, and perform some action on the database. Table name is set by the user
and the data in the table is also feed by the user.

Figure 5.2.7 Block and Unblock feature

As shown in Figure 5.2.7 Admin has facility that he can block a particular user. User who
trying to register himself but Admin doesn’t want to do that, because there are many reasons.
Like the users entry may get full or he is illegal user. Block user can also be unblock .
 Figure 5.2.8 Allotment of TPA to user.

As shown in Figure 5.2.8 Admin can allot TPA to users. Different users can have different
TPA.so depending upon needs Admin can allot required TPA to each user.

Figure 5.2.9 TPA dashboard

As shown in figure 5.2.9 TPA which holds the database of his own users can see the metadata
of the user’s database. He can apply auditing scheme to each database to check integrity of
data. When users are trying to upload data in cloud then first of all these database will be
confirm by TPA.
 Figure 5.2.10 Database snapshot- 1

In figure 5.2.10 the database that is required to create in this development is shown. The
number of tables available is listed by using commands in MySQL command line.also the
users that are available in userdata table is also listed. These are the users who register
themselves in cloud storage. User confirmed by TPA is shown by entry 1.

Figure 5.2.11 Database Snapshot- 2

Figure 5.2.11 shows the database snapshot shows the total TPA who are registered in cloud.
Whenever new TPA is trying to register the first of all it is confirmed by admin then the entry
is stored in database. The second table is showing data in the form of various file format.
Different files from different users are uploaded in cloud. These files are first confirmed by
TPA then only entry is made about that file.

Figure 5.2.12 Encrypted file download the file with different key

As shown in figure 5.2.12 whenever user try to download the file from cloud then it required
the particular key whatever is available for that file. If user entered worng key then file will
open but it is in encrypted form.
 CHAPTER 6
USER MANUAL

Consumer who wants to store huge data on cloud then this two cloud architecture is best for

them for security purpose.

Step 1: First user has to install MySQL database, and also has setup for JDK with installed

Eclipse IDE neon version. A browser is required is to run the project. User must be friendly

with database and JAVA technology.

Step 2: Before storing database in cloud, first user has to register him to the admin. After the

registration admin allots user one single TPA for each user. After registration admin will

confirm each user to get access for cloud.

Step 3: After registration user can login with his valid credentials and can access the cloud.

User can upload the file by clicking the upload file button also can store database in cloud in

MySQL queries. User has an option to share file just by clicking single option. Also, when

the registration process is taken into consideration users can be registered by two ways: one

when the user fills the information and requests the admin to accept the request so user gets

registered. Other way is directly the admin himself can add the user according to his need
Step 4: User when logged in has options such as Upload Files, View Upload Files, Received

Files from Cloud, Search in File from Cloud. When he chooses Upload Files he has access to

all the media files and word files. He chooses the appropriate file to send and uploads it over

the cloud for a desired specific user.

Step 5: When the first user sends the file to the other user the file needs to be verified by the

TPA, when the TPA verifies the file, if the file is authenticate then he confirms the file, else

the file can’t be viewed or accessed by the second user.

Step 6: After sharing the file the cloud fetches file from TPA, TPA confirms the shared file

and allow the access to claimed user. The claimed user decrypts the file using the shared key.

The key must be known by the user to fetch the file or the file won’t be decrypted.

Step 7: When the TPA receives the files he not only can confirm the file but also can apply

auditing on the database which they have been allocated to them by the Admin.
Step 8: TPA has access of cloud database, even TPA can download the files but could not

access it. Because files are in encrypted form. TPA also has view of key cloud which is also

in encrypted form.
 CONCLUSION

7.1 Conclusion:

In this project, we presented two-cloud architecture with a series of interaction protocols for
outsourced database service, which ensures the privacy preservation of data contents. At the
same time, with the support of two cloud architecture it was possible to maintain the integrity
in the database range, it not only protects the confidentiality of static data, but also addresses
potential privacy leakage in statistical properties. Security requirements shows that when the
scheme applied on the huge database content the scheme worked very efficiently. This was
noticed that it was not cost affordable to maintain the scheme for the small databases, because
maintain another cloud specially for the keys storing purposes make take Security analysis
shows that our scheme can meet the privacy-preservation requirements. Furthermore,
performance evaluation result shows that our proposed scheme is efficient.

7.2 Future Scope:

In future this application will be available for all platforms. This application can go
live with web application where user can save their records in cloud. It will establish
transparency and accountability and thereby will help to reduce turnaround time, and
processing delays of files.

In our future work, we will consider to further enhance the security while ensuring
practicality, and we will extend our proposed scheme to support more operations, such as
“SUM/AVG”. Taking the view of increasing database continuity and overload the database
contain the huge amount of secure and precise as well as distributed data we can use this
technique to maintain the integrity and security over high extent, because there is separate
cloud for the key distribution and using the separate cloud for the small database makes it
costly and it does not make sense.

So this algorithm or technique is applied on the highly secret data which want high security
and data which have high priority than anything then in two cloud secure architecture is the
most secure to use for security and the data hiding.

One more to the present technology is that when we store our database to Gmail cloud and
we want to share it with another people in that scenario we can use this secure architecture.
 8. REFERENCES

[1] Kaiping Xue , Shaohua Li, Jianan Hong, Yingjie Xue “Two-Cloud Secure Database for
Numeric-Related SQL Range Queries with Privacy Preserving” IEEE Transactions on
Information Forensics and Security ( Volume: 12 , Issue: 7 , July 2017).

[2] M. Armbrust, A. Fox, R. Griffith, A. D. Joseph et al., “A view of cloud computing,”

Communications of the ACM, vol. 53, no. 4, pp. 50–58, 2010.

[3]S. Benabbas, R. Gennaro, and Y. Vahlis, “Verifiable delegation of computation over large
datasets,” in Annual Cryptology Conference. Springer, 2011, pp. 111–131.

[4] R. A. Popa, C. Redfield, N. Zeldovich, and H. Balakrishnan, “CryptDB: protecting

confidentiality with encrypted query processing,” in Proceedings of the 23rd ACM
Symposium on Operating Systems Principles. ACM, 2011, pp. 85–100.

[5] C. Wang, Q. Wang, K. Ren, N. Cao, and W. Lou, “Toward secure and dependable storage
services in cloud computing,” IEEE Transactions on Services Computing, vol. 5, no. 2, pp.
220–232, 2012.

[6] D. Zissis and D. Lekkas, “Addressing cloud computing security issues,” Future
Generation Computer Systems, vol. 28, no. 3, pp. 583–592, 2012.

[7] H. T. Dinh, C. Lee, D. Niyato, and P. Wang, “A survey of mobile cloud computing:
architecture, applications, and approaches,” Wireless Communications and
8obileComputing,vol.13,no.18,pp.1587–1611, 2013.

[8] K. Xue and P. Hong, “A dynamic secure group sharing framework in public cloud
computing,” IEEE Transactions on Cloud Computing, vol. 2, no. 4, pp. 459–470, 2014.

[9] C. Curino, E. P. Jones, R. A. Popa, N. Malviya et al., “Relational cloud: A database-as-a-

service for the cloud,” 2011, http://hdl.handle.net/1721. 1/62241. [9] D. Boneh, D. Gupta, I.
Mironov, and A. Sahai, “Hosting services on an untrusted cloud,” in Advances in
Cryptology-EUROCRYPT 2015. Springer, 2015, pp. 404–436.

[10] X. Chen, J. Li, X. Huang, J. Ma, and W. Lou, “New publicly verifiable databases with
efficient updates,” IEEE Transactions on Dependable and Secure Computing, vol. 12, no. 5,
pp. 546–556, 2015.
[11] J.W. Ritting house and J.F. Ransome, Cloud computing: implementation, management,
and security. CRC press, 2016.

[12] X. Chen, J. Li, J. Weng, J. Ma, and W. Lou, “Verifiable computation over large database
with incremental updates,” IEEE Transactions on Computers, vol. 65, no. 10, pp. 3184–3195,
2016.

[13]W. Li, K. Xue, Y. Xue, and J. Hong, “TMACS: A robust and verifiable threshold multi-
authority access control system in public cloud storage,” IEEE Transactions on Parallel &
Distributed Systems, vol. 27, no. 5, pp. 1484–1496, 2016.

[14]https://www.levelcloud.net/why-levelcloud/cloud-education-center/advantages-and-
disadvantages-of-cloud-computing/