Académique Documents
Professionnel Documents
Culture Documents
CRYPT CLOUD
A PROJECT REPORT
Submitted by
P.SATHISH (113115104085)
G.RAJESH (113115104076)
of
BACHELOR OF ENGINEERING
IN
COMPUTER SCIENCE AND ENGINEERING
ROAD, AVADI-62
APRIL 2019
ANNA UNIVERSITY: CHENNAI 600025
BONAFIDE CERTIFICATE
SIGNATURE SIGNATURE
Dr.A.RENGARAJAN, Ph.D., Mr.P.SATHISH
KUMAR,M.E.,
Vel Tech Multi Tech Dr. Rangarajan Vel Tech Multi Tech Dr. Rangarajan
Dr. Sakunthala Engineering College, Dr. Sakunthala Engineering College,
Avadi, Chennai-600 062 Avadi, Chennai-600 062
CERTIFICATE FOR EVALUATION
P.SATHISH (113115104085)
G.RAJESH (113115104076)
This project report was submitted for viva voce held on ............................. ,
at Vel Tech Multi Tech Dr. Rangarajan Dr. Sakunthala Engineering College.
We wish to express our sincere thanks to almighty and the people who
extended their help during the course of our work.
Our special thanks to our cherishable Vice- President Mr. K.V.D. Kishore
Kumar B.E., M.B.A., for his attention towards students community.
We would like to express our special thanks to our Head of the Department
Dr. A. Rengarajan Ph.D., Department of Computer Science & Engineering and our
project supervisor Mr.P.SATHISH KUMAR M.E., for their moral support by taking
keen interest on our project work and guided us all along, till the completion of our project
work and also by providing with all the necessary information required for developing a
good system with successful completion of the same..
Data owners will store their data in public cloud along with encryption and
particular set of attributes to access control on the cloud data. While uploading the
data into public cloud they will assign some attribute set to their data. If any
authorized cloud user wants to download their data they should enter that particular
attribute set to perform further actions on data owner’s data. A cloud user wants to
register their details under cloud organization to access the data owner’s data. Users
want to submit their details as attributes along with their designation. Based on the
user details Semi-Trusted Authority generates decryption keys to get control on
owner’s data. An user can perform a lot of operations over the cloud data. If the user
wants to read the cloud data he needs to be entering some read related attributes, and
if he wants to write the data he needs to be entering write related attributes. For each
and every action user in an organization would be verified with their unique attribute
set. These attributes would be shared by the admins to the authorized users in cloud
organization. These attributes will be stored in the policy files in a cloud. If any user
leaks their unique decryption key to the any malicious user data owners wants to trace
by sending audit request to auditor and auditor will process the data owners request
and concludes that who is the guilty.
i
TABLE OF CONTENTS
NO. ABSTRACT i
LIST OF TABLES v
LIST OF FIGURES vi
1. INTRODUCTION 2
1.1. AIM 2
1.3. DESCRIPTION 2
2. SYSTEM ANALYSIS 6
2.1. EXISTING SYSTEM 6
2.1.1. Disadvantage 6
2.2.1. Advantages 6
3. SYSTEM IMPLIMENTATION 11
3.1. HARDWARE REQUIREMENTS 11
3.2. SOFTWARE REQUIREMENTS 11
ii
3.3. SOFTWARE DESCRIPTION 11
4. SYSTEM DESIGN 15
4.1. SYSTEM DESIGN 15
4.3.1. JAVA 18
4.3.2. APACHE TOMCAT SERVER 22
iii
4.7. ALGORITHMS USED 31
4.7.1. HMAC Algorithm 31
4.7.2. RSA Algorithm 33
5. CONCLUSION 36
6. FUTURE ENHANCEMENT 38
APPENDIX-1 SOURCE
CODE APPENDIX-2
SCREENSHOTS
REFERENCES
iv
LIST OF TABLES
v
LIST OF FIGURES
vi
LIST OF ABBREVATION
IP Internet Protocol
vii
CHAPTER 1
INTRODUCTION
1
CHAPTER-1
INTRODUCTION
1.1. AIM
The main aim of this project is to provide integrity of an organization data which
is
in public cloud.
1.3. DESCRIPTION
[1] Shucheng, YuCong Wang, Kui Ren, “Attribute Based Data Sharing
with Attribute Revocation”
[2] Yong Yua, Liang Xuea, Man Ho Aub, Willy Susilo, Jianbing Ni, “Cloud
data integrity checking with an identity-based auditing mechanism from
RSA”
8
[4] TRUPTI RONGARE, “ENCRYPTED DATA MANAGEMENT WITH
DEDUPLICATION IN CLOUD COMPUTING”
This paper proposes the Secure Data Sharing in Clouds (SeDaSC) methodology
that provides: 1) data confidentiality and integrity; 2) access control; 3) data
sharing (forwarding) without using compute-intensive re encryption; 4) insider
threat security; and 5) forward and backward access control.
4
CHAPTER 2
SYSTEM ANALYSIS
5
CHAPTER-2
SYSTEM
ANALYSIS
In existing system the CP-ABE method was used and it helps us prevent
security breach from outside attackers.
This method fails to detect attacks which are from inside.
This method cannot guarantee that the user is a true user or not.
This is the first CP-ABE based cloud storage system that simultaneously
supports white-box traceability, accountable authority, auditing and
effective revocation. Specifically, Crypt Cloud+ allows us to trace and
revoke malicious cloud users (leaking credentials).
Our approach can be also used in the case where the users’ credentials are
redistributed by the semi-trusted authority.
6
2.2.1. Advantages of the Proposed System
The semi-Trustable Authority sends the Decryption key to the users based on
their attributes they provided during their joining time.
If any user shares his/her attributes to other user,the other user’s account gets
blocked and we can find the guilty by asking some questions to that user.
The first step in the system development life cycle is the preliminary
investigation to determine the optimality of the system. The purpose of this
investigation is to evaluate project feedback. Once the feedback is made, the first
system activity, the preliminary investigation begins. It is not a design study .It is
just a analysis of how effectively the protocols is used.
7
Technical feasibility centers on the existing computer system, hardware,
software and to what extent it can support the system. In examining the technical
feasibility, the configuration of the system is given more importance than the
actual hardware. The configuration should provide the complete picture of the
system requirements, for example how many workstations are required and how
these units are interconnected so that they would operate smoothly, etcetera. The
result of the Technical Feasibility Study is the basis for the documents against
which dealer and manufacturer can make bids. Specific hardware and software
products can then be evaluated keeping in view the logical needs.
So if we can develop the project easily then it is used for the evaluation of
the proposed. We calculate the cost/benefit analysis and we assume that the
benefit is feasible so we start developing the project. It is an analysis of the cost
to be incurred in the system and benefits the derivable from the system. An
economic Feasibility Study should demonstrate the net benefit of the proposed
course of action in the context of direct and indirect benefits and costs to the
organization and to the public as a whole. It should be required for both pilot and
long-term activities, plan and projects.
8
2.4.3. OPERATIONAL FEASIBILITY
It determines how acceptable the software is within the organization.
The evaluations must then determine the general attitude and skills. Such
restriction of the job will be acceptable. To the users are enough to run the
proposed budget, hence the system is supposed to the feasible regarding all
except of feasibility. In operational feasibility, we attempt to ensure that every
user can access the system easily. We develop a menu that users can easily
access and we provide shortcut keys. We show a proper error message when any
mistakes are made in the program. We provide help and a guild line menu to
help the user. Changes in the ways individuals are organized into groups may
then be necessary and groups may now compute for economic resources with the
needs of stabilized ones by converting a number in a file in software.
The result of the Feasibility Study provides us with the following facts:
9
CHAPTER 3
SYSTEM
IMPLEMENTATION
10
CHAPTER-3
SYSTEM
IMPLEMENTATION
Hard disk 1 TB
RAM 4 GB
Database MySQL
Server Tomcat
EXISTING ARCHITECTURE
12
PROPOSED ARCHETECTURE
13
CHAPTER 4
SYSTEM
DESIGN
14
CHAPTER-4
SYSTEM DESIGN
4.1.SYSTEM DESIGN
Design is the phase that indicates the final system. In this phase the
following elements were designed namely, dataflow, data stores, processes,
procedures. Firstly the logical design was done where the outputs, inputs and
databases and procedures was formulated in a manner that meet the project
requirements. After logical design physical construction of the system is done.
After analyzing the various functions involved in the system the database,
tables and dictionary was designed. Care must be taken to design the input
screen in the most user friendly way so as to help even the novice users make
entries approximately in the right place. All input screens in the system are user
friendly.
The input design is the link between the information system and the user.
It comprises the developing specification and procedures for data preparation
and those steps are necessary to put transaction data in to a usable form for
processing can be achieved by inspecting the computer to read data from a
written or printed document or it can occur by having people keying the data
directly into the system. The design of input focuses on controlling the amount
of input required, controlling the errors, avoiding delay, avoiding extra steps and
keeping the process simple. The input is designed in such a way so that it
provides security and ease of use with retaining the privacy. Input Design
considered the following things:
thought out manner; the right output must be developed while ensuring that
each output element is designed so that people will find the system can use
easily.
Control redundancy.
Ease of use.
Data independence.
Accuracy and integrity.
Avoiding inordinate delays.
Recovery from failure.
Privacy and security
Performance.
There are 6 major steps in design process. The first 5 steps are usually done
on paper and finally the design is implemented.
17
4.3. TECHNOLOGIES USED
4.3.1. JAVA
Java is an object-oriented programming language developed initially by James
Gosling and colleagues at Sun Microsystems. The language, initially called Oak (named
after the oak trees outside Gosling's office), was intended to replace C++, although the
feature set.
INTRODUCTION TO JAVA
Java has been around since 1991, developed by a small team of Sun Microsystems
developers in a project originally called the Green project. The intent of the project was to
electronics industry. The language that the team created was originally called Oak.
The first implementation of Oak was in a PDA-type device called Star Seven (*7)
that consisted of the Oak language, an operating system called GreenOS, a user interface, and
hardware. The name *7 was derived from the telephone sequence that was used in the team's
office and that was dialed in order to answer any ringing telephone from any other phone in the
office.
Around the time the First Person project was floundering in consumer electronics, a new
craze was gaining momentum in America; the craze was called "Web surfing." The World Wide
Web, a name applied to the Internet's millions of linked HTML documents was suddenly
becoming popular for use by the masses. The reason for this was the introduction of a graphical
For those who are new to object-oriented programming, the concept of a class will be
new to you. Simplistically, a class is the definition for a segment of code that can contain both
When the interpreter executes a class, it looks for a particular method by the name of
main, which will sound familiar to C programmers. The main method is passed as a parameter
an array of strings (similar to the argv [] of C), and is declared as a static method.
To output text from the program, we execute the println method of System.out, which is
java’s output stream. UNIX users will appreciate the theory behind such a stream, as it is
actually standard output. For those who are instead used to the Wintel platform, it will write the
string passed to it to the user’s program.
Programming language
Platform
Java platform differs from most other platforms in that it’s a software-only platform that runs
on top of other, hardware-based platforms. Most other platforms are described as a combination
19
The Java platform has two components :
We’ve already been introduced to the JVM. It’s the base for the Java platform and is ported
As a platform-independent environment, Java can be a bit slower than native code. However,
smart compliers, weel-tuned interpreters, and just-in-time byte compilers can bring Java’s
20
4.3.2.APACHE TOMCAT SERVER
Apache Tomcat (formerly under the Apache Jakarta Project; Tomcat is now a top level
project) is a web container developed at the Apache Software Foundation. Tomcat implements
the servlet and the JavaServer Pages (JSP) specifications from Sun Microsystems, providing an
environment for Java code to run in cooperation with a web server. It adds tools for
configuration and management but can also be configured by editing configuration files that are
normally XML-formatted. Because Tomcat includes its own HTTP server internally, it is also
Environment
Tomcat is a web server that supports servlets and JSPs. Tomcat comes with the Jasper
The Tomcat servlet engine is often used in combination with an Apache web server or
other web servers. Tomcat can also function as an independent web server. Earlier in its
development, the perception existed that standalone Tomcat was only suitable for development
environments and other environments with minimal requirements for speed and transaction
21
History:
a software architect at Sun. He later helped make the project open source and played a key role
The data flow diagram (DFD) is one of the most important modeling
tools. It is used to model the system components. These components are
the system process, the data used by the process, an external entity that
interacts with the system and the information flows in the system.
DFD shows how the information moves through the system and how it is
modified by a series of transformations. It is a graphical technique that
depicts information flow and the transformations that are applied as data
moves from input to output.
23
4.4.1.Symbols Used
Represents database
Level 0:
Level 1:
23
Level 2:
Level 3:
To take into account the scaling factors the inherent to complex and
critical systems.
24
4.5.1.Use Case Diagram
As the most known diagram type of the behavioral UML diagrams, Use
case diagrams give a graphic overview of the actors involved in a system,
different functions needed by those actors and how these different functions are
interacted.
24
4.5.2.Class Diagram
Class diagrams are arguably the most used UML diagram type. It is the
main building block of any object oriented solution. It shows the classes in a
system, attributes and operations of each class and the relationship between each
class.
24
Fig. 4.5.2. Class Diagram
26
24
4.5.3.Sequence Diagram
Sequence diagrams in UML show how objects interact with each
other and the order those interactions occur. It’s important to note that they show
the interactions for a particular scenario. The processes are represented vertically
and interactions are show as arrows.
27
4.5.4 . Activity Diagram
29
4.6.3 File Permission & Policy File Creation
Different data owners will generate different file permission keys to their files and issues
those keys to users under the organization to access their files. And also generates policy files to
their data that who can access their data. Policy File will split the key for read the file, write the
file, download the file and delete the file.
30
4.7.ALGORITHM USED
4.7.1.HMAC ALGORITHM
In cryptography, HMAC (Hash-based Message Authentication Code), is a specific
construction for calculating a message authentication code (MAC) involving a cryptographic
hash function in combination with a secret key. As with any MAC, it may be used to
simultaneously verify both the data integrity and the authenticity of a message. Any
cryptographic hash function, such as MD5 or SHA-1, may be used in the calculation of an
HMAC; the resulting MAC algorithm is termed HMAC-MD5 or HMAC-SHA1 accordingly.
The cryptographic strength of the HMAC depends upon the cryptographic strength of the
underlying hash function, the size of its hash output length in bits and on the size and quality of
the cryptographic key. An iterative hash function breaks up a message into blocks of a fixed
size and iterates over them with a compression function. For example, MD5 and SHA-1 operate
on 512-bit blocks.
Implementation:
The following pseudocode demonstrates how HMAC may be implemented. Blocksize
is 64 (bytes) when using one of the following hash functions: SHA-1, MD5, RIPEMD-128/160.
31
}
if (length(key) < blocksize) {
// keys shorter than blocksize are zero-padded (where ∥ is concatenation)
key = key ∥ [0x00 * (blocksize - length(key))] // Where * is repetition.
}
o_key_pad = [0x5c * blocksize] ⊕ key // Where blocksize is that of the underlying hash
function
i_key_pad = [0x36 * blocksize] ⊕ key // Where ⊕ is exclusive or (XOR)
return hash(o_key_pad ∥ hash(i_key_pad ∥ message)) // Where ∥ is concatenation
}
Design principles:
The design of the HMAC specification was motivated by the existence of attacks on
more trivial mechanisms for combining a key with a hash function. For example, one might
assume the same security that HMAC provides could be achieved with MAC = H(key ∥
message). However, this method suffers from a serious flaw: with most hash functions, it is
easy to append data to the message without knowing the key and obtain another valid MAC
("length-extension attack"). The alternative, appending the key using MAC = H(message ∥
key), suffers from the problem that an attacker who can find collision in the (unkeyed) hash
function has a collision in the MAC (as two messages m1 and m2 yielding the same hash will
provide the same start condition to the hash function before the appended key is hashed, hence
the final hash will be the same). Using MAC = H(key ∥ message ∥ key) is better, but various
security papers have suggested
vulnerabilities with this approach, even when two different keys are used. No known extensions
attacks have been found against the current HMAC specification which is defined as H(key ∥
H(key ∥ message)) because the outer application of the hash function masks the intermediate
result of the internal hash. The values of ipad and opad are not critical to the security of the
32
algorithm, but were defined in such a way to have a large Hamming distance from each other
and so the inner and outer keys will have fewer bits in common. The security reduction of
HMAC does require them to be different in at least one bit.
The Keccak hash function, that was selected by NIST as the SHA-3 competition winner, doesn't
need this nested approach and can be used to generate a MAC by simply prepending the key to
the message, as it is not susceptible to length-extension-attacks.
33
4.7.2.RSA ALGORITHM
RSA (Rivest–Shamir–Adleman) is one of the first public-key cryptosystems and is widely used
for secure data transmission. In such a cryptosystem, the encryption key is public and it is
different from the decryption key which is kept secret (private). In RSA, this asymmetry is
based on the practical difficulty of the factorization of the product of two large prime numbers,
the "factoring problem". The acronym RSA is made of the initial letters of the surnames of Ron
Rivest, Adi Shamir, and Leonard Adleman, who first publicly described the algorithm in 1978.
Clifford Cocks, an English mathematician working for the British intelligence agency
Government Communications Headquarters (GCHQ), had developed an equivalent system in
1973, but this was not declassified until 1997.[1]
A user of RSA creates and then publishes a public key based on two large prime numbers, along
with an auxiliary value. The prime numbers must be kept secret. Anyone can use the public key
to encrypt a message, but with currently published methods, and if the public key is large
enough, only someone with knowledge of the prime numbers can decode the message
feasibly.[2] Breaking RSA encryption is known as the RSA problem. Whether it is as difficult
as the factoring problem remains an open question.
RSA is a relatively slow algorithm, and because of this, it is less commonly used to directly
encrypt user data. More often, RSA passes encrypted shared keys for symmetric key
cryptography which in turn can perform bulk encryption-decryption operations at much higher
speed.
RSA derives its security from the difficulty of factoring large integers that are the product of
two large prime numbers. Multiplying these two numbers is easy, but determining the original
prime numbers from the total -- or factoring -- is considered infeasible due to the time it would
take using even today's supercomputers.
The public and private key generation algorithm is the most complex part of RSA cryptography.
Two large prime numbers, p and q, are generated using the Rabin-Miller primality test
algorithm. A modulus, n, is calculated by multiplying p and q. This number is used by both the
public and private keys and provides the link between them. Its length, usually expressed in
34
bits, is called the keylength.
35
OPERATION
The RSA algorithm involves four steps: key generation, key distribution, encryption and
decryption.A basic principle behind RSA is the observation that it is practical to find three very
large positive integers e, d and n such that with modular exponentiation for all integers m (with
0 ≤ m < n):
RSA involves a public key and a private key. The public key can be known by everyone, and it
is used for encrypting messages. The intention is that messages encrypted with the public key
can only be decrypted in a reasonable amount of time by using the private key.
The keys for the RSA algorithm are generated the following way:
The public key consists of the modulus n and the public (or encryption) exponent e. The private
key consists of the private (or decryption) exponent d, which must be kept secret. p, q, and λ(n)
must also be kept secret because they can be used to calculate d.
34
CHAPTER 5
CONCLUSION
35
CHAPTER-5
CONCLUSION
Thus concluding our project, we have addressed the challenge of credential leakage in CP-
ABE based cloud storage system by designing an accountable authority and revocable
This is the first CP-ABE based cloud storage system that simultaneously supports white-box
allows us to trace and revoke malicious cloud users (leaking credentials). Our approach can be
also used in the case where the users’ credentials are redistributed by the semi-trusted authority.
36
CHAPTER 6
FUTURE
ENHANCEMENT
37
CHAPTER-6
FUTURE
ENHANCEMENT
In future work, we plan to implement a black-box traceability and auditing
very easily. Hence there is a wide scope for this project in future.
38
APPENDIX-1
SAMPLE
CODE
AUTHENTICATION CODE
AccountabilityPojo.java
package logics;
39
public String getQustion1() {
return qustion1;
}
41
}
return question4;
}
41
41
public String getAnswer4() {
return answer4;
}
Decrypt.java
package logics;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;
import com.sun.org.apache.xerces.internal.impl.dv.util.Base64;
public class Decrypt
{
42
43
private static String passWord1="";
private static SecretKeyFactory keyFactory ;
desCipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
//sensitive information 44
45
byte[] textEncrypted = cipher.getBytes();
46
47
{
passWord1+='@';
counter++;
}
}
}
EmpChanges.java
package logics;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.http.servlet.HttpsServlet;
response.setContentType("text/html");
PrintWriter out = response.getWriter();
45
String name=request.getParameter("name");
String email=request.getParameter("email");
String hemail=request.getParameter("hemail");
String desig=request.getParameter("desig");
String mobile=request.getParameter("mobile");
rd.forward(request, response);
}
else
{
System.out.println("Employee details not changed in a database");
46
APPENDIX-2
SCREEN
SHOTS
47
Registration page for all the Cloud users.
48
Semi-Trustable Authority generates Decryption keys to Cloud Users.
49
Data owners registration page.
50
Data Owners assigning the Policy Setup to the Employees.
51
Data owner’s Home page.
52
Data owners assigning File policy to the files they upload.
53
Properties of the file such as Read ,Write , Download , Delete.
54
When any Cloud Users try to Commit Key Theft.
55
Questions asked to the cloud user who committed a Key Theft.
56
REFERENCES
[1] Mazhar Ali, Revathi Dhamotharan, Eraj Khan, Samee U. Khan, Athanasios V. Vasilakos,
Keqin Li, and Albert Y. Zomaya. Sedasc: Secure data sharing in clouds. IEEE Systems Journal,
11(2):395–404, 2017.
[2] Mazhar Ali, Samee U. Khan, and Athanasios V. Vasilakos. Security in cloud computing:
[3] Michael Armbrust, Armando Fox, R ean Griffith, Anthony D Joseph, Randy Katz, Andy
Konwinski, Gunho Lee, David Patterson, Ariel Rabkin, Ion Stoica, et al. A view of cloud
direct/indirect revocation modes. In Cryptography and Coding, pages 278–300. Springer, 2009.
[5] Amos Beimel. Secure schemes for secret sharing and key distribution. PhD thesis, PhD
[6] Mihir Bellare and Oded Goldreich. On defining proofs of knowledge. In Advances in
[7] Dan Boneh and Xavier Boyen. Short signatures without random oracles. In EUROCRYPT -
[8] Hongming Cai, Boyi Xu, Lihong Jiang, and Athanasios V. Vasilakos. Iot-based big data
storage systems in cloud computing: Perspectives and challenges. IEEE Internet of Things