ATTRIBUTE BASED DATA MANAGEMENT IN

CRYPT CLOUD

A PROJECT REPORT

Submitted by

P.SATHISH (113115104085)

G.RAJESH (113115104076)

S.BINU GANESH (113115104021)

in partial fulfillment for the award of the degree

of

BACHELOR OF ENGINEERING
IN
COMPUTER SCIENCE AND ENGINEERING

VEL TECH MULTI TECH Dr. RANGARAJAN Dr.

SAKUNTHALA ENGINEERING COLLEGE, ALAMATHI

ROAD, AVADI-62

ANNA UNIVERSITY: CHENNAI 600025

APRIL 2019
 ANNA UNIVERSITY: CHENNAI 600025

BONAFIDE CERTIFICATE

Certified that this project report “ATTRIBUTE BASED DATA MANAGEMENT IN

CRYPT CLOUD” is the bonafide work of P.SATHISH (113115104085), G. RAJESH
(113115104076), S.BINU GANESH (113115104021), who carried out the project work
under my supervision.

SIGNATURE SIGNATURE
Dr.A.RENGARAJAN, Ph.D., Mr.P.SATHISH
KUMAR,M.E.,

HEAD OF THE DEPARTMENT SUPERVISOR

PROFESSOR ASSISTANT PROFESSOR

Department of Computer Science and Department of Computer Science
Engineering and Engineering

Vel Tech Multi Tech Dr. Rangarajan Vel Tech Multi Tech Dr. Rangarajan
Dr. Sakunthala Engineering College, Dr. Sakunthala Engineering College,
Avadi, Chennai-600 062 Avadi, Chennai-600 062
 CERTIFICATE FOR EVALUATION

This is to certify that the project entitled “ATTRIBUTE BASED DATA

MANAGEMENT IN CRYPT CLOUD” is the bonafide record of work done by
following students to carry out the project work under our guidance during the year
2018-2019 in partial fulfillment for the award of Bachelor of Engineering degree in
Computer Science and Engineering conducted by Anna University Chennai.

P.SATHISH (113115104085)

G.RAJESH (113115104076)

S.BINU GANESH (113115104021)

This project report was submitted for viva voce held on ............................. ,

at Vel Tech Multi Tech Dr. Rangarajan Dr. Sakunthala Engineering College.

INTERNAL EXAMINER EXTERNAL EXAMINER

 ACKNOWLEDGEMENT

We wish to express our sincere thanks to almighty and the people who
extended their help during the course of our work.

We are greatly and profoundly thankful to our honourable Chairman, Col.

Prof. Vel. Shri Dr. R. Rangarajan B.E.(Elec), B.E.(MECH), M.S.(AUTO),
D.Sc., & Vice Chairman, Dr. Mrs. Sakunthala Rangarajan MBBS., for
facilitating us with this opportunity.

We take this opportunity to extend our gratefulness to our respectable

Chairperson & Managing Trustee Smt. Mrs. Rangarajan Mahalakshmi Kishore
B.E., M.E., M.B.A., for her continuous encouragement.

Our special thanks to our cherishable Vice- President Mr. K.V.D. Kishore
Kumar B.E., M.B.A., for his attention towards students community.

We also record our sincere thanks to our honourable Principal

Dr.V.Rajamani M.E., Ph.D., for his kind support to take up this project and
complete it successfully.

We would like to express our special thanks to our Head of the Department
Dr. A. Rengarajan Ph.D., Department of Computer Science & Engineering and our
project supervisor Mr.P.SATHISH KUMAR M.E., for their moral support by taking
keen interest on our project work and guided us all along, till the completion of our project
work and also by providing with all the necessary information required for developing a
good system with successful completion of the same..

Further, the acknowledgement would be incomplete if we would not mention

a word of thanks to our most beloved Parents for their continuous support and
encouragement all the way through the course that has led us to pursue the degree
and confidently complete the project work.
 ABSTRACT

Data owners will store their data in public cloud along with encryption and
particular set of attributes to access control on the cloud data. While uploading the
data into public cloud they will assign some attribute set to their data. If any
authorized cloud user wants to download their data they should enter that particular
attribute set to perform further actions on data owner’s data. A cloud user wants to
register their details under cloud organization to access the data owner’s data. Users
want to submit their details as attributes along with their designation. Based on the
user details Semi-Trusted Authority generates decryption keys to get control on
owner’s data. An user can perform a lot of operations over the cloud data. If the user
wants to read the cloud data he needs to be entering some read related attributes, and
if he wants to write the data he needs to be entering write related attributes. For each
and every action user in an organization would be verified with their unique attribute
set. These attributes would be shared by the admins to the authorized users in cloud
organization. These attributes will be stored in the policy files in a cloud. If any user
leaks their unique decryption key to the any malicious user data owners wants to trace
by sending audit request to auditor and auditor will process the data owners request
and concludes that who is the guilty.

i
 TABLE OF CONTENTS

CHAPTER NO. TITLE PAGE

NO. ABSTRACT i

LIST OF TABLES v

LIST OF FIGURES vi

LIST OF ABBREVATIONS vii

1. INTRODUCTION 2
1.1. AIM 2

1.2. PROJECT SCOPE 2

1.3. DESCRIPTION 2

1.4. LITERATURE SURVEY 2

2. SYSTEM ANALYSIS 6
2.1. EXISTING SYSTEM 6

2.1.1. Disadvantage 6

2.2. PROPOSED SYSTEM 6

2.2.1. Advantages 6

2.3. PREliMINARY INVESTIGATION 7

2.4. FEASIBILITY STUDY 7

2.4.1. Technical feasibility 7

2.4.2. Economical feasibility 8

2.4.3. Behavioural feasibility 8

3. SYSTEM IMPLIMENTATION 11
3.1. HARDWARE REQUIREMENTS 11
3.2. SOFTWARE REQUIREMENTS 11

ii
 3.3. SOFTWARE DESCRIPTION 11

3.4. ARCHITECHTURE DESIGN 12

4. SYSTEM DESIGN 15
4.1. SYSTEM DESIGN 15

4.1.1. Input Design 15

4.1.2. Output Design 16

4.2. DATABASE DESIGN 16

4.3. TECHNOLOGIES USED 18

4.3.1. JAVA 18
4.3.2. APACHE TOMCAT SERVER 22

4.4. DATA FLOW DIAGRAM 22

4.4.1. Symbols Used 23

4.4.2. Levels of Data fow Diagram 23

4.5. UML DIAGRAMS 24

4.5.1. Use Case Diagram 25

4.5.2. Class Diagram 26

4.5.3. Sequence Diagram 27

4.5.4. Activity Diagram 28
4.6. MODULES DESCRIPTION 29

iii
 4.7. ALGORITHMS USED 31
4.7.1. HMAC Algorithm 31
4.7.2. RSA Algorithm 33
5. CONCLUSION 36

6. FUTURE ENHANCEMENT 38

APPENDIX-1 SOURCE

CODE APPENDIX-2

SCREENSHOTS

REFERENCES

iv
 LIST OF TABLES

TABLE NO. TITLE PAGE NO.

3.1. Hardware Requirements 11
3.2. Software Requirements 11

v
 LIST OF FIGURES

FIGURE NO. TITLE PAGE NO.

3.4.1. Architecture Diagram 12
(Existing System)
3.4.2. Architecture Diagram 13
(Proposed System)
4.6.1. Symbols used in Data flow 23
Diagram
4.6.2 . Level 0 Data flow Diagram 23
4.6.3. Level 1 Data flow Diagram 23
4.6.4. Level 2 Data flow Diagram 24
4.6.5. Level 3 Data flow Diagram 24
4.7.1. Use Case Diagram 25
4.7.2. Class Diagrm 26

4.7.3. Sequence Diagram 27

4.7.4. Activity Diagram 28

vi
 LIST OF ABBREVATION

ABBREVATION FULL FORM

JDK Java Development Toolkit

DEX Dalvik Executables

TCP Transmission Control Protocol

IP Internet Protocol

HTTP Hyper Text Transfer Protocol

ADT Android Development Tool

CP-ABE Ciphertext Policy Attribute Based Encryption

vii
 CHAPTER 1

INTRODUCTION
1
 CHAPTER-1

INTRODUCTION

1.1. AIM

The main aim of this project is to provide integrity of an organization data which
is
in public cloud.

1.2. PROJECT SCOPE

In this work,we have addressed the challenge of credential leakage in CP-

ABE based cloud storage system by designing an accountable authority and
revocable Crypt Cloud which supports white-box traceability and auditing
(referred to as Crypt Cloud+). This is the first CP-ABE based cloud storage
system that simultaneously supports white-box traceability, accountable
authority, auditing and effective revocation. Specifically, Crypt Cloud+ allows
us to trace and revoke malicious cloud users (leaking credentials). Our approach
can be also used in the case where the users’ credentials are redistributed by the
semi-trusted authority.

1.3. DESCRIPTION

Secure cloud storage, which is an emerging cloud service, is designed to

protect the confidentiality of outsourced data but also to provide flexible data
access for cloud users whose data is out of physical control. Cipher text Policy
Attribute-Based Encryption (CP-ABE) is regarded as one of the most promising
techniques that may be leveraged to secure the guarantee of the service.
However, the use of CP-ABE may yield an inevitable security breach which is
known as the misuse of access credential (i.e. decryption rights),due to the
intrinsic “all-or-nothing” decryption feature of CP-ABE.
2
 In this paper, we investigate the two main cases of access credential
misuse: 3one is on the semi-trusted authority side, and the other is on the side of
cloud user. To mitigate the misuse, we propose the first accountable authority
and revocable CP-ABE based cloud storage system with white-box traceability
and auditing, referred to as Crypt Cloud. We also present the security analysis
and further demonstrate the utility of our system via experiments out at different
levels.

1.4. LITERATURE SURVEY

[1] Shucheng, YuCong Wang, Kui Ren, “Attribute Based Data Sharing
with Attribute Revocation”

It focus on an important issue of attribute revocation which is cumbersome for

CP-ABE schemes. It solve this challenging issue by considering more practical
scenarios in which semi-trustable on-line proxy servers are available.

[2] Yong Yua, Liang Xuea, Man Ho Aub, Willy Susilo, Jianbing Ni, “Cloud
data integrity checking with an identity-based auditing mechanism from
RSA”

It proposes ID-CDIC, an identity-based cloud data integrity checking protocol

which can eliminate the complex certificate management in traditional cloud
data integrity checking protocols.

[3] Zhangjie Fu, Fengxiao Huang, Xingming Sun,Athanasios, “Enabling

Semantic Search based on Conceptual graphs over Encrypted Outsourced
Data ”
This defines and solves the problems of semantic search based on conceptual
graphs(CGs) over encrypted outsourced data in clouding computing (SSCG).
3

8
 [4] TRUPTI RONGARE, “ENCRYPTED DATA MANAGEMENT WITH
DEDUPLICATION IN CLOUD COMPUTING”

This proposes a scheme based on attribute-based encryption (ABE) to

deduplicate encrypted data stored in the cloud while also supporting secure data
access control

[5] YongLi, HuandongWang, DepengJin, LiSu, “Leveraging software

defined networking for Security Policy Enforcement”

This paper focus on taking the advantage of software-defined networking for

security policies enforcement and propose a two layer Open Flows witch
topology designed to implement security policies

[6] Mazhar Ali, Revathi Dhamotharan Eraj Khan, Samee U. Khan,

“SeDaSC: Secure Data Sharing in Clouds”

This paper proposes the Secure Data Sharing in Clouds (SeDaSC) methodology
that provides: 1) data confidentiality and integrity; 2) access control; 3) data
sharing (forwarding) without using compute-intensive re encryption; 4) insider
threat security; and 5) forward and backward access control.

4
 CHAPTER 2

SYSTEM ANALYSIS

5
 CHAPTER-2

SYSTEM

ANALYSIS

2.1. EXISTING SYSTEM

 In existing system the CP-ABE method was used and it helps us prevent
security breach from outside attackers.
 This method fails to detect attacks which are from inside.
 This method cannot guarantee that the user is a true user or not.

2.1.1. Disadvantages of the Existing System

 When an insider of the organization is suspected to commit the “crimes” it cannot

be able to prevent it.
 If a cloud user shares his\her credentials to other user it cant able to find it.

2.2. PROPOSED SYSTEM

 In this work, we have addressed the challenge of credential leakage in

CP-ABE based cloud storage system by designing an accountable
authority and revocable Crypt Cloud which supports white-box
traceability and auditing (referred to as Crypt Cloud+)

 This is the first CP-ABE based cloud storage system that simultaneously
supports white-box traceability, accountable authority, auditing and
effective revocation. Specifically, Crypt Cloud+ allows us to trace and
revoke malicious cloud users (leaking credentials).

 Our approach can be also used in the case where the users’ credentials are
redistributed by the semi-trusted authority.

6
2.2.1. Advantages of the Proposed System

 The semi-Trustable Authority sends the Decryption key to the users based on
their attributes they provided during their joining time.
 If any user shares his/her attributes to other user,the other user’s account gets
blocked and we can find the guilty by asking some questions to that user.

2.3. PRELIMINARY INVESTIGATION

The first step in the system development life cycle is the preliminary
investigation to determine the optimality of the system. The purpose of this
investigation is to evaluate project feedback. Once the feedback is made, the first
system activity, the preliminary investigation begins. It is not a design study .It is
just a analysis of how effectively the protocols is used.

2.4. FEASIBILITY STUDY

A Feasibility Study determines whether a project is worth doing. The

process followed for making this determination is called a Feasibility Study.
This type of study determines whether a project can and should proceed. Once it
has been determined that a project is feasible, the analyst can proceed and
prepare the project specifications that finalize the project specification.

2.4.1. TECHNICAL FEASIBILITY

This is concerned with specifying the equipments and the software to

satisfy the user requirements. The technical needs of the system vary
considerably but might include:

 The facility to produce outputs in a given time.

 Response time under certain conditions. Ability to process a certain
volume of transactions at a specified speed. Facility to communicate
data to a distant location.

7
 Technical feasibility centers on the existing computer system, hardware,
software and to what extent it can support the system. In examining the technical
feasibility, the configuration of the system is given more importance than the
actual hardware. The configuration should provide the complete picture of the
system requirements, for example how many workstations are required and how
these units are interconnected so that they would operate smoothly, etcetera. The
result of the Technical Feasibility Study is the basis for the documents against
which dealer and manufacturer can make bids. Specific hardware and software
products can then be evaluated keeping in view the logical needs.

2.4.2. ECONOMIC FEASIBILITY

Economic analysis is the most frequently used method for evaluating the
effectiveness of a new system. More commonly known as cost/benefit analysis,
the procedure is to determine the benefits and savings that are expected from a
candidate system and compare them with costs. If benefits outweigh costs, then
the decision is made to design and implement the
system. It is not done to analyze the new system. Using a Gantt Chart
schedule and part chart. We assumed that the benefit of the project is greater
than the cost.

So if we can develop the project easily then it is used for the evaluation of
the proposed. We calculate the cost/benefit analysis and we assume that the
benefit is feasible so we start developing the project. It is an analysis of the cost
to be incurred in the system and benefits the derivable from the system. An
economic Feasibility Study should demonstrate the net benefit of the proposed
course of action in the context of direct and indirect benefits and costs to the
organization and to the public as a whole. It should be required for both pilot and
long-term activities, plan and projects.

8
2.4.3. OPERATIONAL FEASIBILITY
It determines how acceptable the software is within the organization.
The evaluations must then determine the general attitude and skills. Such
restriction of the job will be acceptable. To the users are enough to run the
proposed budget, hence the system is supposed to the feasible regarding all
except of feasibility. In operational feasibility, we attempt to ensure that every
user can access the system easily. We develop a menu that users can easily
access and we provide shortcut keys. We show a proper error message when any
mistakes are made in the program. We provide help and a guild line menu to
help the user. Changes in the ways individuals are organized into groups may
then be necessary and groups may now compute for economic resources with the
needs of stabilized ones by converting a number in a file in software.

2.4.4. FEASIBILITY STUDY REPORT

The result of the Feasibility Study provides us with the following facts:

 The automated system would increase the efficiency of the system.

 The automated system would increase customer's satisfaction.
 The automated system has many requirements such as Efficiency cost
effectiveness, prompt service, Reliability.
 The automated system would add to the security features of the system
 The automated system should be simple to use, incorporate all
necessary services and maintainable.
 This will cause some changes in the organization.

9
 CHAPTER 3

SYSTEM

IMPLEMENTATION

10
 CHAPTER-3

SYSTEM

IMPLEMENTATION

3.1. HARDWARE REQUIREMENTS

System Intel core5

Hard disk 1 TB

RAM 4 GB

TAB.3.1. HARDWARE REQUIREMENTS

3.2. SOFTWARE REQUIREMENTS

Operating system Windows 10

Platform JDK1.7 AND J2EE

Database MySQL

Server Tomcat

Coding Language JAVA

TAB.3.2. SOFTWARE REQUIREMENTS

3.3. SOFTWARE DESCRIPTION

Our project is implemented by using APACHE TOMCAT SERVER ,Java

Development Kit and J2EE.Our project aim is to provide integrity of an
organization data which is in public cloud.It propose the first accountable
authority and revocable CP-ABE based cloud storage system.
11
3.4. ARCHITECTURE DESIGN

 EXISTING ARCHITECTURE

Fig.3.4.1. Architecture Diagram (Existing System)

12
 PROPOSED ARCHETECTURE

Fig.3.4.2. Architecture Diagram (Proposed System)

13
CHAPTER 4

SYSTEM

DESIGN

14
 CHAPTER-4

SYSTEM DESIGN

4.1.SYSTEM DESIGN
Design is the phase that indicates the final system. In this phase the
following elements were designed namely, dataflow, data stores, processes,
procedures. Firstly the logical design was done where the outputs, inputs and
databases and procedures was formulated in a manner that meet the project
requirements. After logical design physical construction of the system is done.

After analyzing the various functions involved in the system the database,
tables and dictionary was designed. Care must be taken to design the input
screen in the most user friendly way so as to help even the novice users make
entries approximately in the right place. All input screens in the system are user
friendly.

4.1.1. Input Design

The input design is the link between the information system and the user.
It comprises the developing specification and procedures for data preparation
and those steps are necessary to put transaction data in to a usable form for
processing can be achieved by inspecting the computer to read data from a
written or printed document or it can occur by having people keying the data
directly into the system. The design of input focuses on controlling the amount
of input required, controlling the errors, avoiding delay, avoiding extra steps and
keeping the process simple. The input is designed in such a way so that it
provides security and ease of use with retaining the privacy. Input Design
considered the following things:

 What data should be given as input?

 How the data should be arranged or coded?
 The dialog to guide the operating personnel in providing input.
15
4.1.2. Output Design
A quality output is one, which meets the requirements of the end user and
presents the information clearly. In any system results of processing are
communicated to the users and to other system through outputs. In output design
it is determined how the information is to be displaced for immediate need and
also the hard copy output. It is the most important and direct source information
to the user. Efficient and intelligent output design improves the system’s
relationship to help user decision-making.

Designing computer output should proceed in an organized, well

thought out manner; the right output must be developed while ensuring that

each output element is designed so that people will find the system can use

easily.

Points to be noted while designing output screen:

 Design output to fit the user.

 Deliver the appropriate quantity of output.
 Assure that output is where it is needed.
 Provide output on time

4.2. DATABASE DESIGN

Database design is required to manage the large bodies of information.
The management of data involves both the definition of structure of the storage
of information and provisions of mechanism for the manipulation of
information. In addition to the database system must provide for the safety of
information handled, despite the system crashes due to attempts art unauthorized
access.
16
 For developing an efficient database, we will have to fulfill certain
conditions such as:

 Control redundancy.
 Ease of use.
 Data independence.
 Accuracy and integrity.
 Avoiding inordinate delays.
 Recovery from failure.
 Privacy and security
 Performance.

There are 6 major steps in design process. The first 5 steps are usually done
on paper and finally the design is implemented.

 Identify the table and relationships.

 Identify the data that is needed for each table and relationship.
 Resolve the relationship.
 Verify the design.
 Implement the design.

17
 4.3. TECHNOLOGIES USED

4.3.1. JAVA
Java is an object-oriented programming language developed initially by James

Gosling and colleagues at Sun Microsystems. The language, initially called Oak (named

after the oak trees outside Gosling's office), was intended to replace C++, although the

feature set.

 INTRODUCTION TO JAVA
Java has been around since 1991, developed by a small team of Sun Microsystems

developers in a project originally called the Green project. The intent of the project was to

develop a platform-independent software technology that would be used in the consumer

electronics industry. The language that the team created was originally called Oak.

The first implementation of Oak was in a PDA-type device called Star Seven (*7)

that consisted of the Oak language, an operating system called GreenOS, a user interface, and

hardware. The name *7 was derived from the telephone sequence that was used in the team's

office and that was dialed in order to answer any ringing telephone from any other phone in the

office.

Around the time the First Person project was floundering in consumer electronics, a new

craze was gaining momentum in America; the craze was called "Web surfing." The World Wide

Web, a name applied to the Internet's millions of linked HTML documents was suddenly

becoming popular for use by the masses. The reason for this was the introduction of a graphical

Webbrowser called Mosaic, developed by ncS.

18
  WORKING OF JAVA

For those who are new to object-oriented programming, the concept of a class will be

new to you. Simplistically, a class is the definition for a segment of code that can contain both

data (called attributes) and functions (called methods).

When the interpreter executes a class, it looks for a particular method by the name of

main, which will sound familiar to C programmers. The main method is passed as a parameter

an array of strings (similar to the argv [] of C), and is declared as a static method.

To output text from the program, we execute the println method of System.out, which is
java’s output stream. UNIX users will appreciate the theory behind such a stream, as it is
actually standard output. For those who are instead used to the Wintel platform, it will write the
string passed to it to the user’s program.

Java consists of two things :

 Programming language
 Platform

 THE JAVA PLATFORM

A platform is the hardware or software environment in which a program runs. The

Java platform differs from most other platforms in that it’s a software-only platform that runs

on top of other, hardware-based platforms. Most other platforms are described as a combination

of hardware and operating system.

19
The Java platform has two components :

a. The Java Virtual Machine (JVM)

b. The Java Application Programming Interface (Java API)

We’ve already been introduced to the JVM. It’s the base for the Java platform and is ported

onto various hardware-based platforms.

c. The Java API is a large collection of ready-made software components

that provide many useful capabilities, such as graphical user interface
(GUI) widgets. The Java API is grouped into libraries (packages) of
related components. The following figure depicts a Java program, such as
an application or applet, that’s running on the Java platform.

As a platform-independent environment, Java can be a bit slower than native code. However,

smart compliers, weel-tuned interpreters, and just-in-time byte compilers can bring Java’s

performance close to that of native code without threatening portability.

20
4.3.2.APACHE TOMCAT SERVER

Apache Tomcat (formerly under the Apache Jakarta Project; Tomcat is now a top level

project) is a web container developed at the Apache Software Foundation. Tomcat implements

the servlet and the JavaServer Pages (JSP) specifications from Sun Microsystems, providing an

environment for Java code to run in cooperation with a web server. It adds tools for

configuration and management but can also be configured by editing configuration files that are

normally XML-formatted. Because Tomcat includes its own HTTP server internally, it is also

considered a standalone web server.

 Environment

Tomcat is a web server that supports servlets and JSPs. Tomcat comes with the Jasper

compiler that compiles JSPs into servlets.

The Tomcat servlet engine is often used in combination with an Apache web server or

other web servers. Tomcat can also function as an independent web server. Earlier in its

development, the perception existed that standalone Tomcat was only suitable for development

environments and other environments with minimal requirements for speed and transaction

handling. However, that perception no longer exists; Tomcat is increasingly used as a

standalone web server in high-traffic, high-availability environments.Since its developers wrote

Tomcat in Java, it runs on any operating system that has a JVM.

21
  History:

Tomcat started off as a servlet specification implementation by James Duncan Davidson,

a software architect at Sun. He later helped make the project open source and played a key role

in its donation by Sun to the Apache Software Foundation.

4.4.DATA FLOW DIAGRAM

 The DFD is also called as bubble chart. It is a simple graphical formalism

that can be used to represent a system in terms of input data to the system,
various processing carried out on this data, and the output data is
generated by this system.

 The data flow diagram (DFD) is one of the most important modeling
tools. It is used to model the system components. These components are
the system process, the data used by the process, an external entity that
interacts with the system and the information flows in the system.

 DFD shows how the information moves through the system and how it is
modified by a series of transformations. It is a graphical technique that
depicts information flow and the transformations that are applied as data
moves from input to output.

 A DFD may be used to represent a system at any level of abstraction.

DFD may be partitioned into levels that represent increasing information
flow and functional detail.

23
4.4.1.Symbols Used

Represents data source or destination

Represents flow of data

Represents database

Fig. 4.4.1. Symbols Used in Data Flow Diagrams

Level 0:

Fig. 4.4.2. LEVEL 0 DATA FLOW DIAGRAM

Level 1:

Fig. 4.4.3. LEVEL 1 DATA FLOW DIAGRAM

23
 Level 2:

Fig. 4.4.4. LEVEL 2 DATA FLOW DIAGRAM

Level 3:

Fig. 4.4.5. LEVEL 3 DATA FLOW DIAGRAM

4.5. UML DIAGRAMS

UML is simply User graphical representation of a common semantic

model. UML provides a comprehensive notation for the full lifecycle of object-
oriented development.

To represent complete systems (instead of only the software portion) using

object oriented concepts. To establish an explicit coupling between concepts and
executable code.

To take into account the scaling factors the inherent to complex and
critical systems.

24
4.5.1.Use Case Diagram
As the most known diagram type of the behavioral UML diagrams, Use
case diagrams give a graphic overview of the actors involved in a system,
different functions needed by those actors and how these different functions are
interacted.

Fig. 4.5.1. Use case diagram

24
4.5.2.Class Diagram
Class diagrams are arguably the most used UML diagram type. It is the
main building block of any object oriented solution. It shows the classes in a
system, attributes and operations of each class and the relationship between each
class.

24
Fig. 4.5.2. Class Diagram

26

24
4.5.3.Sequence Diagram
Sequence diagrams in UML show how objects interact with each
other and the order those interactions occur. It’s important to note that they show
the interactions for a particular scenario. The processes are represented vertically
and interactions are show as arrows.

Fig. 4.5.3. Sequence Diagram

27
4.5.4 . Activity Diagram

Activity diagrams represent workflows in a graphical way. They can be

used to describe business workflow or the operational workflow of any
component in a system.

Fig.4.5.4 . Activity Diagram

28
4.6.MODULES DESCRIPTION

 Organization profile creation & Key Generation

 Data Owners File Upload
 File Permission & Policy File Creation
 Tracing who is guilty

4.6.1 Organization profile creation & Key Generation

User has an initial level Registration Process at the web end. The users provide their own
personal information for this process. The server in turn stores the information in its database.
Now the Accountable STA (semi-trusted Authority) generates decryption keys to the users
based on their Attributes Set (e.g. name, mail-id, contact number etc..,). User gets the
provenance to access the Organization data after getting decryption keys from Accountable
STA.

4.6.2 Data Owners File Upload

In this module data owners create their accounts under the public cloud and upload their
data into public cloud. While uploading the files into public cloud data owners will encrypt their
data using RSA Encryption algorithm and generates public key and secret key. And also
generates one unique file access permission key for the users under the organization to access
their data.

29
4.6.3 File Permission & Policy File Creation
Different data owners will generate different file permission keys to their files and issues
those keys to users under the organization to access their files. And also generates policy files to
their data that who can access their data. Policy File will split the key for read the file, write the
file, download the file and delete the file.

4.6.4 Tracing who is guilty

Authorized DUs are able to access (e.g. read, write, download, delete and decrypt) the
outsourced data. Here file permission keys are issued to the employees in the organization based
on their experience and position. Senior Employees have all the permission to access the files
(read, write, delete, & download). Fresher’s only having the permission to read the files. Some
Employees have the permission to read and write. And some employees have all the
permissions except delete the data. If any Senior Employee leaks or shares their secret
permission keys to their junior employees they will request to download or delete the Data
Owners Data. While entering the key system will generate attribute set for their role in
background validate that the user has all rights to access the data. If the attributes set is not
matched to the Data Owners policy files they will be claimed as guilty. If we ask them we will
find who leaked the key to the junior employees.

30
4.7.ALGORITHM USED

4.7.1.HMAC ALGORITHM
In cryptography, HMAC (Hash-based Message Authentication Code), is a specific
construction for calculating a message authentication code (MAC) involving a cryptographic
hash function in combination with a secret key. As with any MAC, it may be used to
simultaneously verify both the data integrity and the authenticity of a message. Any
cryptographic hash function, such as MD5 or SHA-1, may be used in the calculation of an
HMAC; the resulting MAC algorithm is termed HMAC-MD5 or HMAC-SHA1 accordingly.
The cryptographic strength of the HMAC depends upon the cryptographic strength of the
underlying hash function, the size of its hash output length in bits and on the size and quality of
the cryptographic key. An iterative hash function breaks up a message into blocks of a fixed
size and iterates over them with a compression function. For example, MD5 and SHA-1 operate
on 512-bit blocks.
 Implementation:
The following pseudocode demonstrates how HMAC may be implemented. Blocksize
is 64 (bytes) when using one of the following hash functions: SHA-1, MD5, RIPEMD-128/160.

function hmac (key, message) {

if (length(key) > blocksize) {
key = hash(key) // keys longer than blocksize are shortened

31
 }
if (length(key) < blocksize) {
// keys shorter than blocksize are zero-padded (where ∥ is concatenation)
key = key ∥ [0x00 * (blocksize - length(key))] // Where * is repetition.
}
o_key_pad = [0x5c * blocksize] ⊕ key // Where blocksize is that of the underlying hash
function
i_key_pad = [0x36 * blocksize] ⊕ key // Where ⊕ is exclusive or (XOR)
return hash(o_key_pad ∥ hash(i_key_pad ∥ message)) // Where ∥ is concatenation
}
 Design principles:

The design of the HMAC specification was motivated by the existence of attacks on
more trivial mechanisms for combining a key with a hash function. For example, one might
assume the same security that HMAC provides could be achieved with MAC = H(key ∥
message). However, this method suffers from a serious flaw: with most hash functions, it is
easy to append data to the message without knowing the key and obtain another valid MAC
("length-extension attack"). The alternative, appending the key using MAC = H(message ∥
key), suffers from the problem that an attacker who can find collision in the (unkeyed) hash
function has a collision in the MAC (as two messages m1 and m2 yielding the same hash will
provide the same start condition to the hash function before the appended key is hashed, hence
the final hash will be the same). Using MAC = H(key ∥ message ∥ key) is better, but various
security papers have suggested
vulnerabilities with this approach, even when two different keys are used. No known extensions
attacks have been found against the current HMAC specification which is defined as H(key ∥
H(key ∥ message)) because the outer application of the hash function masks the intermediate
result of the internal hash. The values of ipad and opad are not critical to the security of the
32
algorithm, but were defined in such a way to have a large Hamming distance from each other
and so the inner and outer keys will have fewer bits in common. The security reduction of
HMAC does require them to be different in at least one bit.
The Keccak hash function, that was selected by NIST as the SHA-3 competition winner, doesn't
need this nested approach and can be used to generate a MAC by simply prepending the key to
the message, as it is not susceptible to length-extension-attacks.

33
4.7.2.RSA ALGORITHM

RSA (Rivest–Shamir–Adleman) is one of the first public-key cryptosystems and is widely used
for secure data transmission. In such a cryptosystem, the encryption key is public and it is
different from the decryption key which is kept secret (private). In RSA, this asymmetry is
based on the practical difficulty of the factorization of the product of two large prime numbers,
the "factoring problem". The acronym RSA is made of the initial letters of the surnames of Ron
Rivest, Adi Shamir, and Leonard Adleman, who first publicly described the algorithm in 1978.
Clifford Cocks, an English mathematician working for the British intelligence agency
Government Communications Headquarters (GCHQ), had developed an equivalent system in
1973, but this was not declassified until 1997.[1]

A user of RSA creates and then publishes a public key based on two large prime numbers, along
with an auxiliary value. The prime numbers must be kept secret. Anyone can use the public key
to encrypt a message, but with currently published methods, and if the public key is large
enough, only someone with knowledge of the prime numbers can decode the message
feasibly.[2] Breaking RSA encryption is known as the RSA problem. Whether it is as difficult
as the factoring problem remains an open question.

RSA is a relatively slow algorithm, and because of this, it is less commonly used to directly
encrypt user data. More often, RSA passes encrypted shared keys for symmetric key
cryptography which in turn can perform bulk encryption-decryption operations at much higher
speed.
RSA derives its security from the difficulty of factoring large integers that are the product of
two large prime numbers. Multiplying these two numbers is easy, but determining the original
prime numbers from the total -- or factoring -- is considered infeasible due to the time it would
take using even today's supercomputers.

The public and private key generation algorithm is the most complex part of RSA cryptography.
Two large prime numbers, p and q, are generated using the Rabin-Miller primality test
algorithm. A modulus, n, is calculated by multiplying p and q. This number is used by both the
public and private keys and provides the link between them. Its length, usually expressed in
34
bits, is called the keylength.

35
  OPERATION

The RSA algorithm involves four steps: key generation, key distribution, encryption and
decryption.A basic principle behind RSA is the observation that it is practical to find three very
large positive integers e, d and n such that with modular exponentiation for all integers m (with
0 ≤ m < n):

RSA involves a public key and a private key. The public key can be known by everyone, and it
is used for encrypting messages. The intention is that messages encrypted with the public key
can only be decrypted in a reasonable amount of time by using the private key.

The keys for the RSA algorithm are generated the following way:

 Choose two distinct prime numbers p and q.

 For security purposes, the integers p and q should be chosen at random, and should be
similar in magnitude but differ in length by a few digits to make factoring harder.[2]
Prime integers can be efficiently found using a primality test.
 Compute n = pq.
 n is used as the modulus for both the public and private keys. Its length, usually
expressed in bits, is the key length.
 Compute λ(n) = lcm(φ(p), φ(q)) = lcm(p − 1, q − 1), where λ is Carmichael's totient
function. This value is kept private.
 Choose an integer e such that 1 < e < λ(n) and gcd(e, λ(n)) = 1; i.e., e and λ(n) are
coprime.
 Determine d as d ≡ e−1 (mod λ(n)); i.e., d is the modular multiplicative inverse of e
modulo λ(n).

 e is released as the public key exponent.

 d is kept as the private key exponent.

The public key consists of the modulus n and the public (or encryption) exponent e. The private
key consists of the private (or decryption) exponent d, which must be kept secret. p, q, and λ(n)
must also be kept secret because they can be used to calculate d.

34
CHAPTER 5

CONCLUSION

35
 CHAPTER-5

CONCLUSION

Thus concluding our project, we have addressed the challenge of credential leakage in CP-

ABE based cloud storage system by designing an accountable authority and revocable

CryptCloud which supports white-box traceability and auditing (referred to as CryptCloud+).

This is the first CP-ABE based cloud storage system that simultaneously supports white-box

traceability, accountable authority, auditing and effective revocation.Specifically, CryptCloud+

allows us to trace and revoke malicious cloud users (leaking credentials). Our approach can be

also used in the case where the users’ credentials are redistributed by the semi-trusted authority.

36
 CHAPTER 6

FUTURE

ENHANCEMENT

37
 CHAPTER-6
FUTURE
ENHANCEMENT
In future work, we plan to implement a black-box traceability and auditing

which is a stronger notion (compared to white-box traceability), in

CryptCloud.Our future work also includes extending CryptCloud+ to provide

“partial” and fully public traceability without compromising on

performance.This project helps in tracing the malicious users in an organisation

very easily. Hence there is a wide scope for this project in future.

38
 APPENDIX-1
SAMPLE
CODE
AUTHENTICATION CODE
AccountabilityPojo.java
package logics;

public class AccountabilityPojo {

privateString
email,qustion1,answer1,question2,answer2,question3,answer3,question4,
answer4,owner;

public String getOwner() {

return owner;
}

public void setOwner(String owner) {

this.owner = owner;
}

public String getEmail() {

return email;
}

public void setEmail(String email) {

this.email = email;
}

39
public String getQustion1() {
return qustion1;
}

public void setQustion1(String qustion1) {

this.qustion1 = qustion1;
}

public String getAnswer1() {

return answer1;
}

public void setAnswer1(String answer1) {

this.answer1 = answer1;
}

public String getQuestion2() {

return question2;
}

public void setQuestion2(String question2) {

this.question2 = question2;
}

public String getAnswer2() {

return answer2;

public void setAnswer2(String answer2) {

40
this.answer2 = answer2;

41
 }

public String getQuestion3() {

return question3;
}

public void setQuestion3(String question3) {

this.question3 = question3;
}

public String getAnswer3() {

return answer3;
}

public void setAnswer3(String answer3) {

this.answer3 = answer3;
}

public String getQuestion4() {

return question4;
}

public void setQuestion4(String question4) {

this.question4 = question4;
}

41
41
public String getAnswer4() {
return answer4;
}

public void setAnswer4(String answer4) {

this.answer4 = answer4;
}

Decrypt.java

package logics;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;

import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;

import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;
import com.sun.org.apache.xerces.internal.impl.dv.util.Base64;
public class Decrypt
{
42
43
private static String passWord1="";
private static SecretKeyFactory keyFactory ;

private static byte[] passByte;

Cipher desCipher;
SecretKey myDesKey ;
public String decrypt(String cipher,String passWord1) throws
InvalidKeySpecException, NoSuchAlgorithmException, NoSuchPaddingException,
IOException
{
String dec="";
this.passWord1=passWord1;
try
{
manageKeystrengthMethod();
keyFactory = SecretKeyFactory.getInstance("DES");
passByte=this.passWord1.getBytes();
DESKeySpec dspec= new DESKeySpec(passByte);
SecretKey myDesKey = keyFactory.generateSecret(dspec);
Cipher desCipher;

// Create the cipher

desCipher = Cipher.getInstance("DES/ECB/PKCS5Padding");

// Initialize the cipher for encryption

desCipher.init(Cipher.DECRYPT_MODE, myDesKey);

//sensitive information 44
45
 byte[] textEncrypted = cipher.getBytes();

// System.out.println("Text [Byte Format] : " + text);

//System.out.println("Cipher to be decrypted : " + new String(textEncrypted));

// Decrypt the text

Base64 bs=new Base64();
byte[] textDecrypted = desCipher.doFinal(bs.decode(cipher));

//System.out.println("Text Decryted : " + new String(textDecrypted));

dec=new String(textDecrypted);
}catch(InvalidKeyException e){
e.printStackTrace();
}catch(IllegalBlockSizeException e){
e.printStackTrace();
}catch(BadPaddingException e){
}
return dec;
}
private void manageKeystrengthMethod()
{
if(passWord1.length()<8)
{
int counter=passWord1.length();

46
47
{
passWord1+='@';
counter++;
}
}
}
EmpChanges.java
package logics;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.http.servlet.HttpsServlet;

public class EmpChanges extends HttpsServlet {

public void doPost(HttpServletRequest request, HttpServletResponse response)

throws ServletException, IOException {

response.setContentType("text/html");
PrintWriter out = response.getWriter();

45
 String name=request.getParameter("name");
String email=request.getParameter("email");
String hemail=request.getParameter("hemail");
String desig=request.getParameter("desig");
String mobile=request.getParameter("mobile");

int status=FileDao.editEmployee(name, email, desig, mobile, hemail);

if(status>0)
{
System.out.println("Employee details changed in a database");
request.setAttribute("msg", "Employee details changed in a database");
RequestDispatcher rd=request.getRequestDispatcher("employees.jsp");

rd.forward(request, response);
}
else
{
System.out.println("Employee details not changed in a database");

request.setAttribute("msg", "Employee details not changed in a database");

RequestDispatcher rd=request.getRequestDispatcher("employees.jsp");
rd.forward(request, response);
}
out.close();
}

46
 APPENDIX-2

SCREEN

SHOTS

Login page for Cloud users and Semi-Trustable Authority.

47
Registration page for all the Cloud users.

48
Semi-Trustable Authority generates Decryption keys to Cloud Users.

49
Data owners registration page.

50
Data Owners assigning the Policy Setup to the Employees.

51
Data owner’s Home page.

52
Data owners assigning File policy to the files they upload.

53
Properties of the file such as Read ,Write , Download , Delete.

54
When any Cloud Users try to Commit Key Theft.

55
Questions asked to the cloud user who committed a Key Theft.
 56

REFERENCES

[1] Mazhar Ali, Revathi Dhamotharan, Eraj Khan, Samee U. Khan, Athanasios V. Vasilakos,

Keqin Li, and Albert Y. Zomaya. Sedasc: Secure data sharing in clouds. IEEE Systems Journal,

11(2):395–404, 2017.

[2] Mazhar Ali, Samee U. Khan, and Athanasios V. Vasilakos. Security in cloud computing:

Opportunities and challenges. Inf. Sci., 305:357–383, 2015.

[3] Michael Armbrust, Armando Fox, R ean Griffith, Anthony D Joseph, Randy Katz, Andy

Konwinski, Gunho Lee, David Patterson, Ariel Rabkin, Ion Stoica, et al. A view of cloud

computing. Communications of the ACM, 53(4):50–58, 2010.

[4] Nuttapong Attrapadung and Hideki Imai. Attribute-based encryption supporting

direct/indirect revocation modes. In Cryptography and Coding, pages 278–300. Springer, 2009.

[5] Amos Beimel. Secure schemes for secret sharing and key distribution. PhD thesis, PhD

thesis, Israel Institute of Technology, Technion, Haifa, Israel, 1996.

[6] Mihir Bellare and Oded Goldreich. On defining proofs of knowledge. In Advances in

Cryptology-CRYPTO’92, pages 390–420. Springer, 1993.

[7] Dan Boneh and Xavier Boyen. Short signatures without random oracles. In EUROCRYPT -

2004, pages 56–73, 2004.

[8] Hongming Cai, Boyi Xu, Lihong Jiang, and Athanasios V. Vasilakos. Iot-based big data

storage systems in cloud computing: Perspectives and challenges. IEEE Internet of Things

Journal, 4(1):75–87, 2017.

57