ATTRIBUTE BASED DATA MANAGEMENT IN

CRYPT CLOUD

A PROJECT REPORT

Submitted by

P.SATHISH (113115104085)

G.RAJESH (113115104076)

S.BINU GANESH (113115104021)

in partial fulfillment for the award of the degree

of

BACHELOR OF ENGINEERING
IN

COMPUTER SCIENCE AND ENGINEERING

VEL TECH MULTI TECH Dr. RANGARAJAN

Dr. SAKUNTHALA ENGINEERING COLLEGE,

ALAMATHI ROAD, AVADI-62

ANNA UNIVERSITY: CHENNAI 600025

APRIL 2019
 ANNA UNIVERSITY: CHENNAI 600025

BONAFIDE CERTIFICATE

Certified that this project report “ATTRIBUTE BASED DATA MANAGEMENT

IN CRYPT CLOUD” is the bonafide work of P.SATHISH (113115104085), G.
RAJESH (113115104076), S.BINU GANESH (113115104021), who carried out
the project work under my supervision.

SIGNATURE SIGNATURE
Dr.A.RENGARAJAN, Ph.D., Mr.P.SATHISH
KUMAR,M.E.,

HEAD OF THE DEPARTMENT SUPERVISOR

PROFESSOR ASSISTANT PROFESSOR

Department of Computer Science and Department of Computer Science

Engineering and Engineering

Vel Tech Multi Tech Dr. Rangarajan Vel Tech Multi Tech Dr.Rangarajan
Dr. Sakunthala Engineering College, Dr. Sakunthala EngineeringCollege,
Avadi, Chennai-600 062 Avadi, Chennai-600 062
 CERTIFICATE FOR EVALUATION

This is to certify that the project entitled “ATTRIBUTE BASED DATA

MANAGEMENT IN CRYPT CLOUD” is the bonafide record of work done by
following students to carry out the project work under our guidance during the year
2018-2019 in partial fulfillment for the award of Bachelor of Engineering degree in
Computer Science and Engineering conducted by Anna University Chennai.

P.SATHISH (113115104085)

G.RAJESH (113115104076)

S.BINU GANESH (113115104021)

This project report was submitted for viva voce held on ............................ ,

at Vel Tech Multi Tech Dr. Rangarajan Dr. Sakunthala Engineering College.

INTERNAL EXAMINER EXTERNAL EXAMINER

 ACKNOWLEDGEMENT

We wish to express our sincere thanks to almighty and the people who
extended their help during the course of our work.

We are greatly and profoundly thankful to our honourable Chairman, Col.

Prof. Vel. Shri Dr. R. Rangarajan B.E.(Elec), B.E.(MECH), M.S.(AUTO),
D.Sc., & Vice Chairman, Dr. Mrs. Sakunthala Rangarajan MBBS., for
facilitating us with this opportunity.

We take this opportunity to extend our gratefulness to our respectable

Chairperson & Managing Trustee Smt. Mrs. Rangarajan Mahalakshmi
Kishore B.E., M.E., M.B.A., for her continuous encouragement.

Our special thanks to our cherishable Vice- President Mr. K.V.D.

Kishore Kumar B.E., M.B.A., for his attention towards students community.

We also record our sincere thanks to our honourable Principal

Dr.V.Rajamani M.E., Ph.D., for his kind support to take up this project and
complete it successfully.

We would like to express our special thanks to our Head of the

Department
Dr. A. Rengarajan Ph.D., Department of Computer Science & Engineering
and our project supervisor Mr.P.SATHISH KUMAR M.E., for their moral
support by taking keen interest on our project work and guided us all along, till
the completion of our project work and also by providing with all the necessary
information required for developing a good system with successful completion
of the same..

Further, the acknowledgement would be incomplete if we would not

mention a word of thanks to our most beloved Parents for their continuous
support and encouragement all the way through the course that has led us to
pursue the degree and confidently complete the project work.
 ABSTRACT

Data owners will store their data in cloud along with encryption and
particular set of attributes to access control on the cloud data. While uploading
the data into public cloud they will assign some attribute set to their data. If any
authorized cloud user wants to download their data they should enter that
particular attribute set to perform further actions on data owner’s data. A cloud
user wants to register their details under cloud organization to access the data
owner’s data. Users want to submit their details as attributes along with their
designation. Based on the user details Semi-Trusted Authority generates
decryption keys to get control on owner’s data. An user can perform a lot of
operations over the cloud data. If the user wants to read the cloud data he needs
to be entering some read related attributes, and if he wants to write the data he
needs to be entering write related attributes. For each and every action user in an
organization would be verified with their unique attribute set. These attributes
would be shared by the admins to the authorized users in cloud organization.
These attributes will be stored in the policy files in a cloud. If any user leaks their
unique decryption key to the any malicious user data owners wants to trace by
sending audit request to auditor and auditor will process the data owners request
and concludes that who is the guilty.
 TABLE OF CONTENTS

CHAPTER NO: TITLE PAGE NO:

ABSTRACT i

LIST OF TABLES v

LIST OF FIGURES vi

LIST OF ABBREVATIONS vii

1. INTRODUCTION 2

1.1. AIM 2

1.2. PROJECT SCOPE 2

1.3. DESCRIPTION 2

1.4. LITERATURE SURVEY 2

2. SYSTEM ANALYSIS 6

2.1. EXISTING SYSTEM 6

2.1.1. Disadvantages 6

2.2. PROPOSED SYSTEM 6

2.2.1. Advantages 6

2.3. PRELIMINARY INVESTIGATION 7

2.4. FEASIBILITY STUDY 7

2.4.1. Technical Feasibility 7

2.4.2. Economical Feasibility 8

2.4.3. Operational Feasibility 9

2.4.4. Feasibility Study Report 9

3. SYSTEM IMPLIMENTATION 11
HARDWARE REQUIREMENTS 11
SOFTWARE REQUIREMENTS 11

SOFTWARE DESCRIPTION 11

ARCHITECHTURE DESIGN 12

4. SYSTEM DESIGN 15
SYSTEM DESIGN 15

Input Design 15

Output Design 16

DATABASE DESIGN 16
TECHNOLOGIES USED 18

Java 18
Apache Tomcat Server 22

DATA FLOW DIAGRAM 22

Symbols Used 23

Levels of Data flow Diagram 23

UML DIAGRAMS 24

Use Case Diagram 25

Class Diagram 26

Sequence Diagram 27
Activity Diagram 28
MODULES DESCRIPTION 29
 Organization Profile Creation 29
& Key Generation

Data Owners File Upload 29

File Permission & Policy 29

File Creation

Tracing who is Guilty 30

ALGORITHMS USED 31
HMAC Algorithm 31
RSA Algorithm 33
5. CONCLUSION 36

6. FUTURE ENHANCEMENT 38

APPENDIX-1 SOURCE CODE

APPENDIX-2 SCREENSHOTS

REFERENCES
 LIST OF TABLES

TABLE TITLE PA
NO. GE
NO.
3.1. HARDWARE 11
REQUIREMENTS
3.2. SOFTWARE 11
REQUIREMENTS
 LIST OF FIGURES

FIGURE TITLE PA
NO. GE
NO.
3.4.1. Architecture
Diagram 12
(Existing System)
3.4.2. Architecture
Diagram 13
(Proposed System)
4.4.1. Symbols used in 23
Data flow
Diagram
Level 0 Data flow
4.4.2.1. Diagram 23
Level 1 Data flow
4.4.2.2. Diagram 23
Level 2 Data flow
4.4.2.3. Diagram 24
Level 3 Data flow
4.4.2.4. Diagram 24
4.5.1. Use Case Diagram
25
Class Diagram
26
Sequence Diagram
27
Activity Diagram
28
 LIST OF ABBREVATION

ABBREVATION FULL FORM

JDK Java Development Toolkit

DEX Dalvik Executables

TCP Transmission Control Protocol

IP Internet Protocol

HTTP Hyper Text Transfer Protocol

ADT Android Development Tool

CP-ABE Ciphertext Policy Attribute Based Encryption

SeDaSC Secure Data Sharing In Clouds

JVM Java Virtual Machine

Java API Java Application Programming Interface

GUI Graphical User Interface

JSP Java Server Pages

HMAC Hash-based Message Authentication Code

RSA Rivest-Shamir-Adleman
DFD Data Flow Diagram

UML Unified Modelling Language

ID-CDIC Identity-based Cloud Data Integrity Checking

ABE Attribute Based Encryption

CGs Conceptual Graphs

MAC Message Authenthication Code

GCHQ Government Communications Headquarters

 CHAPTER 1

INTRODUCTION

1
 CHAPTER-1

INTRODUCTION

AIM

The main aim of this project is to provide integrity of an organization data

which is in cloud.

PROJECT SCOPE

In this work, we have addressed the challenge of credential leakage in

CP-ABE based cloud storage system by designing an accountable authority and
revocable Crypt Cloud which supports white-box traceability and auditing
(referred to as Crypt Cloud+). This is the first CP-ABE based cloud storage
system that simultaneously supports white-box traceability, accountable
authority, auditing and effective revocation. Specifically, Crypt Cloud+ allows
us to trace and revoke malicious cloud users (leaking credentials). Our approach
can be also used in the case where the users’ credentials are redistributed by the
semi-trusted authority.

DESCRIPTION

Secure cloud storage, which is an emerging cloud service, is designed to

protect the confidentiality of outsourced data but also to provide flexible data
access for cloud users whose data is out of physical control. Cipher text Policy
Attribute-Based Encryption (CP-ABE) is regarded as one of the most promising
techniques that may be leveraged to secure the guarantee of the service.
However, the use of CP-ABE may yield an inevitable security breach which is
known as the misuse of access credential (i.e. decryption rights), due to the
intrinsic “all-or-nothing” decryption feature of CP-ABE.

2
 In this paper, we investigate the two main cases of access credential
misuse: 3one is on the semi-trusted authority side, and the other is on the side of
cloud user. To mitigate the misuse, we propose the first accountable authority
and revocable CP-ABE based cloud storage system with white-box traceability
and auditing, referred to as Crypt Cloud. We also present the security analysis
and further demonstrate the utility of our system via experiments out at different
levels.

LITERATURE SURVEY

[1] Shucheng, YuCong Wang, Kui Ren, “Attribute Based Data Sharing
with Attribute Revocation”

It focus on an important issue of attribute revocation which is cumbersome for

CP-ABE schemes. It solve this challenging issue by considering more practical
scenarios in which semi-trustable on-line proxy servers are available.

[2] Yong Yua, Liang Xuea, Man Ho Aub, Willy Susilo, Jianbing Ni,
“Cloud data integrity checking with an identity-based auditing mechanism
from RSA”

It proposes ID-CDIC, an identity-based cloud data integrity checking protocol

which can eliminate the complex certificate management in traditional cloud
data integrity checking protocols.

[3] Zhangjie Fu, Fengxiao Huang, Xingming Sun,Athanasios, “Enabling

Semantic Search based on Conceptual graphs over Encrypted Outsourced
Data ”
This defines and solves the problems of semantic search based on conceptual
graphs(CGs) over encrypted outsourced data in clouding computing.
8

3
 [4] TRUPTI RONGARE, “ENCRYPTED DATA MANAGEMENT WITH
DEDUPLICATION IN CLOUD COMPUTING”

This proposes a scheme based on attribute-based encryption (ABE) to

deduplicate encrypted data stored in the cloud while also supporting secure data
access control

[5] YongLi, HuandongWang, DepengJin, LiSu, “Leveraging software

defined networking for Security Policy Enforcement”

This paper focus on taking the advantage of software-defined networking for

security policies enforcement and propose a two layer Open Flows witch
topology designed to implement security policies

[6] Mazhar Ali, Revathi Dhamotharan Eraj Khan, Samee U.

Khan, “SeDaSC: Secure Data Sharing in Clouds”

This paper proposes the Secure Data Sharing in Clouds (SeDaSC) methodology
that provides: 1) data confidentiality and integrity; 2) access control; 3) data
sharing (forwarding) without using compute-intensive re encryption; 4) insider
threat security; and 5) forward and backward access control.

4
 CHAPTER 2

SYSTEM ANALYSIS

5
 CHAPTER-2 SYSTEM ANALYSIS

EXISTING SYSTEM

 In existing system the CP-ABE method was used and it helps us prevent
security breach from outside attackers.
 This method fails to detect attacks which are from inside.
 This method cannot guarantee that the user is a true user or not.

Disadvantages

 When an insider of the organization is suspected to commit the “crimes”

it cannot be able to prevent it.
 If a cloud user shares his\her credentials to other user it cant able to find
it.

PROPOSED SYSTEM

 In this work, we have addressed the challenge of credential leakage in

CP-ABE based cloud storage system by designing an accountable
authority and revocable Crypt Cloud which supports white-box
traceability and auditing (referred to as Crypt Cloud+)

 This is the first CP-ABE based cloud storage system that simultaneously
supports white-box traceability, accountable authority, auditing and
effective revocation. Specifically, Crypt Cloud+ allows us to trace and
revoke malicious cloud users (leaking credentials).

 Our approach can be also used in the case where the users’ credentials are
redistributed by the semi-trusted authority.

6
 Advantages

 The semi-Trustable Authority sends the Decryption key to the users based
on their attributes they provided during their joining time.
 If any user shares his/her attributes to other user,the other user’s account
gets blocked and we can find the guilty by asking some questions to that
user.

PRELIMINARY INVESTIGATION

The first step in the system development life cycle is the preliminary
investigation to determine the optimality of the system. The purpose of this
investigation is to evaluate project feedback. Once the feedback is made, the
first system activity, the preliminary investigation begins. It is not a design
study .It is just a analysis of how effectively the protocols is used.

FEASIBILITY STUDY

A Feasibility Study determines whether a project is worth doing. The

process followed for making this determination is called a Feasibility Study.
This type of study determines whether a project can and should proceed. Once it
has been determined that a project is feasible, the analyst can proceed and
prepare the project specifications that finalize the project specification.

Technical Feasibility

This is concerned with specifying the equipments and the software to

satisfy the user requirements. The technical needs of the system vary
considerably but might include:

 The facility to produce outputs in a given time.

 Response time under certain conditions. Ability to process a certain
volume of transactions at a specified speed. Facility to communicate
7
data to a distant location.

8
 Technical feasibility centers on the existing computer system, hardware,
software and to what extent it can support the system. In examining the
technical feasibility, the configuration of the system is given more importance
than the actual hardware. The configuration should provide the complete picture
of the system requirements, for example how many workstations are required
and how these units are interconnected so that they would operate smoothly,
etcetera. The result of the Technical Feasibility Study is the basis for the
documents against which dealer and manufacturer can make bids. Specific
hardware and software products can then be evaluated keeping in view the
logical needs.

Economic Feasibility
Economic analysis is the most frequently used method for evaluating the
effectiveness of a new system. More commonly known as cost/benefit analysis,
the procedure is to determine the benefits and savings that are expected from a
candidate system and compare them with costs. If benefits outweigh costs, then
the decision is made to design and implement the system. It is not done to
analyze the new system. Using a Gantt Chart schedule and part chart. We
assumed that the benefit of the project is greater than the cost.

So if we can develop the project easily then it is used for the evaluation of
the proposed. We calculate the cost/benefit analysis and we assume that the
benefit is feasible so we start developing the project. It is an analysis of the cost
to be incurred in the system and benefits the derivable from the system. An
economic Feasibility Study should demonstrate the net benefit of the proposed
course of action in the context of direct and indirect benefits and costs to the
organization and to the public as a whole. It should be required for both pilot
and long-term activities, plan and projects.

9
 Operational Feasibility
It determines how acceptable the software is within the organization.
The evaluations must then determine the general attitude and skills. Such
restriction of the job will be acceptable. To the users are enough to run the
proposed budget, hence the system is supposed to the feasible regarding all
except of feasibility. In operational feasibility, we attempt to ensure that every
user can access the system easily. We develop a menu that users can easily
access and we provide shortcut keys. We show a proper error message when any
mistakes are made in the program. We provide help and a guild line menu to
help the user. Changes in the ways individuals are organized into groups may
then be necessary and groups may now compute for economic resources with
the needs of stabilized ones by converting a number in a file in software.

Feasibility Study Report

The result of the Feasibility Study provides us with the following facts:

 The automated system would increase the efficiency of the system.

 The automated system would increase customer's satisfaction.
 The automated system has many requirements such as Efficiency cost
effectiveness, prompt service, Reliability.
 The automated system would add to the security features of the system
 The automated system should be simple to use, incorporate all
necessary services and maintainable.
 This will cause some changes in the organization.

10
 CHAPTER 3

SYSTEM IMPLEMENTATION

11
 CHAPTER-3

SYSTEM IMPLEMENTATION

HARDWARE REQUIREMENTS

System Intel core5

Hard disk 1 TB

RAM 4 GB

TAB.3.1. HARDWARE REQUIREMENTS

SOFTWARE REQUIREMENTS

Operating system Windows 10

Platform JDK1.7 AND J2EE

Database MySQL

Server Tomcat

Coding Language JAVA

TAB.3.2. SOFTWARE REQUIREMENTS

SOFTWARE DESCRIPTION

Our project is implemented by using APACHE TOMCAT SERVER ,Java

Development Kit and J2EE.Our project aim is to provide integrity of an
organization data which is in cloud.It propose the first accountable authority
and revocable CP-ABE based cloud storage system.

12
ARCHITECTURE DESIGN

 EXISTING ARCHITECTURE

Fig.3.4.1. Architecture Diagram (Existing System)

13
 PROPOSED ARCHETECTURE

Fig.3.4.2. Architecture Diagram (Proposed System)

14
 CHAPTER 4

SYSTEM DESIGN

15
 CHAPTER-4

SYSTEM DESIGN
SYSTEM DESIGN

Design is the phase that indicates the final system. In this phase the
following elements were designed namely, dataflow, data stores, processes,
procedures. Firstly the logical design was done where the outputs, inputs and
databases and procedures was formulated in a manner that meet the project
requirements. After logical design physical construction of the system is done.

After analyzing the various functions involved in the system the database,
tables and dictionary was designed. Care must be taken to design the input
screen in the most user friendly way so as to help even the novice users make
entries approximately in the right place. All input screens in the system are user
friendly.

Input Design

The input design is the link between the information system and the user.
It comprises the developing specification and procedures for data preparation
and those steps are necessary to put transaction data in to a usable form for
processing can be achieved by inspecting the computer to read data from a
written or printed document or it can occur by having people keying the data
directly into the system. The design of input focuses on controlling the amount
of input required, controlling the errors, avoiding delay, avoiding extra steps and
keeping the process simple. The input is designed in such a way so that it
provides security and ease of use with retaining the privacy. Input Design
considered the following things:

 What data should be given as input?

 How the data should be arrange1d6or coded?
16
 The dialog to guide the operating personnel in providing input.

17
 Output Design
A quality output is one, which meets the requirements of the end user and
presents the information clearly. In any system results of processing are
communicated to the users and to other system through outputs. In output
design it is determined how the information is to be displaced for immediate
need and also the hard copy output. It is the most important and direct source
information to the user. Efficient and intelligent output design improves the
system’s relationship to help user decision-making.

Designing computer output should proceed in an organized, well thought

out manner; the right output must be developed while ensuring that each output

element is designed so that people will find the system can use easily.

Points to be noted while designing output screen:

 Design output to fit the user.

 Deliver the appropriate quantity of output.
 Assure that output is where it is needed.
 Provide output on time

DATABASE DESIGN
Database design is required to manage the large bodies of information.
The management of data involves both the definition of structure of the storage
of information and provisions of mechanism for the manipulation of
information. In addition to the database system must provide for the safety of
information handled, despite the system crashes due to attempts art
unauthorized access.

18
 For developing an efficient database, we will have to fulfill certain
conditions such as:

 Control redundancy.
 Ease of use.
 Data independence.
 Accuracy and integrity.
 Avoiding inordinate delays.
 Recovery from failure.
 Privacy and security
 Performance.

There are 6 major steps in design process. The first 5 steps are usually done
on paper and finally the design is implemented.

 Identify the table and relationships.

 Identify the data that is needed for each table and relationship.
 Resolve the relationship.
 Verify the design.
 Implement the design.

19
 TECHNOLOGIES USED

Java
Java is an object-oriented programming language developed initially by

James Gosling and colleagues at Sun Microsystems. The language, initially

called Oak (named after the oak trees outside Gosling's office), was

intended to replace C++, although the feature set.

 Introduction to Java
Java has been around since 1991, developed by a small team of Sun

Microsystems developers in a project originally called the Green project. The

intent of the project was to develop a platform-independent software technology

that would be used in the consumer electronics industry. The language that the

team created was originally called Oak.

The first implementation of Oak was in a PDA-type device called

Star Seven (*7) that consisted of the Oak language, an operating system called

GreenOS, a user interface, and hardware. The name *7 was derived from the

telephone sequence that was used in the team's office and that was dialed in

order to answer any ringing telephone from any other phone in the office.

Around the time the First Person project was floundering in

consumer electronics, a new craze was gaining momentum in America; the craze

20
was called "Web surfing." The World Wide Web, a name applied to the

Internet's millions of linked HTML documents was suddenly becoming popular

for use by the masses. The reason for this was the introduction of a graphical

Web browser which will be called Mosaic, developed by ncS.

21
  Working of Java

For those who are new to object-oriented programming, the concept of

a class will be new to you. Simplistically, a class is the definition for a segment

of code that can contain both data (called attributes) and functions (called

methods).

When the interpreter executes a class, it looks for a particular method by

the name of main, which will sound familiar to C programmers. The main

method is passed as a parameter an array of strings (similar to the argv [] of C),

and is declared as a static method.

To output text from the program, we execute the println method of

System.out, which is java’s output stream. UNIX users will appreciate the
theory behind such a stream, as it is actually standard output. For those who are
instead used to the Wintel platform, it will write the string passed to it to the
user’s program.

Java consists of two things :

 Programming language
 Platform

 The Java Platform

A platform is the hardware or software environment in which a

program runs. The Java platform differs from most other platforms in that it’s a

22
software-only platform that runs on top of other, hardware-based platforms.

23
 Most other platforms are described as a combination of hardware and operating

system.

The Java platform has two components :

a. The Java Virtual Machine (JVM)

b. The Java Application Programming Interface (Java API)

We’ve already been introduced to the JVM. It’s the base for the Java platform

and is ported onto various hardware-based platforms.

c. The Java API is a large collection of ready-made software components

that provide many useful capabilities, such as graphical user interface
(GUI) widgets. The Java API is grouped into libraries (packages) of
related components. The following figure depicts a Java program, such as
an application or applet, that’s running on the Java platform.

As a platform-independent environment, Java can be a bit slower than native

code. However, smart compliers, weel-tuned interpreters, and just-in-time byte

compilers can bring Java’s performance close to that of native code without

threatening portability.

Apache Tomcat Server

24
Apache Tomcat (formerly under the Apache Jakarta Project; Tomcat is

25
now a top level project) is a web container developed at the Apache Software

Foundation. Tomcat implements the servlet and the JavaServer Pages (JSP)

specifications from Sun Microsystems, providing an environment for Java code

to run in cooperation with a web server. It adds tools for configuration and

management but can also be configured by editing configuration files that are

normally XML-formatted. Because Tomcat includes its own HTTP server

internally, it is also considered a standalone web server.

 Environment

Tomcat is a web server that supports servlets and JSPs. Tomcat comes

with the Jasper compiler that compiles JSPs into servlets.

The Tomcat servlet engine is often used in combination with an Apache

web server or other web servers. Tomcat can also function as an independent

web server. Earlier in its development, the perception existed that standalone

Tomcat was only suitable for development environments and other

environments with minimal requirements for speed and transaction handling.

However, that perception no longer exists; Tomcat is increasingly used as a

standalone web server in high-traffic, high-availability environments.Since its

developers wrote Tomcat in Java,it runs on any operating system that has a

JVM.

26
  History:

Tomcat started off as a servlet specification implementation by James

Duncan Davidson, a software architect at Sun. He later helped make the project

open source and played a key role in its donation by Sun to the Apache

Software Foundation.

DATA FLOW DIAGRAM

 The DFD is also called as bubble chart. It is a simple graphical formalism

that can be used to represent a system in terms of input data to the system,
various processing carried out on this data, and the output data is
generated by this system.

 The data flow diagram (DFD) is one of the most important modeling
tools. It is used to model the system components. These components are
the system process, the data used by the process, an external entity that
interacts with the system and the information flows in the system.

 DFD shows how the information moves through the system and how it is
modified by a series of transformations. It is a graphical technique that
depicts information flow and the transformations that are applied as data
moves from input to output.

 A DFD may be used to represent a system at any level of abstraction.

DFD may be partitioned into levels that represent increasing information
flow and functional detail.

27
 Symbols Used

Represents data source or destination

Represents flow of data

Represents database

Fig. 4.4.1. Symbols Used in Data Flow Diagrams

Levels of Data Flow Diagram

Level 0:

Fig. 4.4.2.1. Level 0 Data Flow Diagram

Level 1:

Fig. 4.4.2.2. Level 1 Data Flow Diagram

28
 Level 2:

Fig. 4.4.2.3 Level 2 Data Flow Diagram

Level 3:

Fig. 4.4.2.4. Level 3 Data Flow Diagram

UML DIAGRAMS

UML(Unified Modelling Language) is simply User graphical

representation of a common semantic model. UML provides a comprehensive
notation for the full lifecycle of object-oriented development.

To represent complete systems (instead of only the software portion)

using object oriented concepts. To establish an explicit coupling between
concepts and executable code.

To take into account the scaling factors the inherent to complex and
critical systems.

29
 Use Case Diagram
As the most known diagram type of the behavioral UML diagrams, Use
case diagrams give a graphic overview of the actors involved in a system,
different functions needed by those actors and how these different functions are
interacted.

Fig. 4.5.1. Use case diagram

30
 Class Diagram
Class diagrams are arguably the most used UML diagram type. It is the
main building block of any object oriented solution. It shows the classes in a
system, attributes and operations of each class and the relationship between each
class.

Fig. 4.5.2. Class Diagram

31
 Sequence Diagram
Sequence diagrams in UML show how objects interact with each
other and the order those interactions occur. It’s important to note that they
show the interactions for a particular scenario. The processes are represented
vertically and interactions are show as arrows.

Fig. 4.5.3. Sequence Diagram

32
4.5.4 . Activity Diagram
Activity diagrams represent workflows in a graphical way. They can be
used to describe business workflow or the operational workflow of any
component in a system.

Fig.4.5.4 . Activity Diagram

33
 MODULES DESCRIPTION

 Organization profile creation & Key Generation

 Data Owners File Upload
 File Permission & Policy File Creation
 Tracing who is guilty

Organization profile creation & Key Generation

User has an initial level Registration Process at the web end. The users
provide their own personal information for this process. The server in turn stores
the information in its database. Now the Accountable STA (semi-trusted
Authority) generates decryption keys to the users based on their Attributes Set (e.g.
name, mail-id, contact number etc..,). User gets the provenance to access the
Organization data after getting decryption keys from Accountable STA.

Data Owners File Upload

In this module data owners create their accounts under the cloud and upload their
data into cloud. While uploading the files into cloud data owners will encrypt their
data using RSA Encryption algorithm and generates public key and secret key.
And also generates one unique file access permission key for the users under the
organization to access their data.

File Permission & Policy File Creation

Different data owners will generate different file permission keys to their files and
issues those keys to users under the organization to access their files. And also

34
generates policy files to their data that who can access their data. Policy File will
split the key for read the file, write the file, download the file and delete the file.
Tracing who is Guilty

Authorized DUs are able to access (e.g. read, write, download, delete and decrypt)
the outsourced data. Here file permission keys are issued to the employees in the
organization based on their experience and position. Senior Employees have all the
permission to access the files (read, write, delete, & download). Fresher’s only
having the permission to read the files. Some Employees have the permission to
read and write. And some employees have all the permissions except delete the
data. If any Senior Employee leaks or shares their secret permission keys to their
junior employees they will request to download or delete the Data Owners Data.
While entering the key system will generate attribute set for their role in
background validate that the user has all rights to access the data. If the attributes
set is not matched to the Data Owners policy files they will be claimed as guilty. If
we ask them we will find who leaked the key to the junior employees.

35
 ALGORITHM USED

HMAC Algorithm
In cryptography, HMAC (Hash-based Message Authentication Code), is
a specific construction for calculating a message authentication code (MAC)
involving a cryptographic hash function in combination with a secret key. As with
any MAC, it may be used to simultaneously verify both the data integrity and the
authenticity of a message. Any cryptographic hash function, such as MD5 or SHA-
1, may be used in the calculation of an HMAC; the resulting MAC algorithm is
termed HMAC-MD5 or HMAC-SHA1 accordingly. The cryptographic strength of
the HMAC depends upon the cryptographic strength of the underlying hash
function, the size of its hash output length in bits and on the size and quality of the
cryptographic key. An iterative hash function breaks up a message into blocks of a
fixed size and iterates over them with a compression function. For example, MD5
and SHA-1 operate on 512-bit blocks.
 Implementation:
The following pseudocode demonstrates how HMAC may be
implemented. Blocksize is 64 (bytes) when using one of the following hash
functions: SHA-1, MD5, RIPEMD-128/160.

function hmac (key, message) {

if (length(key) > blocksize) {
key = hash(key) // keys longer than blocksize are shortened
}
if (length(key) < blocksize) {
// keys shorter than blocksize are zero-padded (where ∥ is concatenation)
key = key ∥ [0x00 * (blocksize - length(key))] // Where * is repetition.
}

36
 o_key_pad = [0x5c * blocksize] ⊕ key // Where blocksize is that of the underlying
hash function
i_key_pad = [0x36 * blocksize] ⊕ key // Where ⊕ is exclusive or (XOR)
return hash(o_key_pad ∥ hash(i_key_pad ∥ message)) // Where ∥ is concatenation
}
 Design principles:

The design of the HMAC specification was motivated by the existence of

attacks on more trivial mechanisms for combining a key with a hash function. For
example, one might assume the same security that HMAC provides could be
achieved with MAC = H(key ∥ message). However, this method suffers from a
serious flaw: with most hash functions, it is easy to append data to the message
without knowing the key and obtain another valid MAC ("length-extension attack").
The alternative, appending the key using MAC = H(message ∥ key), suffers from the
problem that an attacker who can find collision in the (unkeyed) hash function has a
collision in the MAC (as two messages m1 and m2 yielding the same hash will
provide the same start condition to the hash function before the appended key is
hashed, hence the final hash will be the same). Using MAC = H(key ∥ message ∥
key) is better, but various security papers have suggested
vulnerabilities with this approach, even when two different keys are used. No known
extensions attacks have been found against the current HMAC specification which is
defined as H(key ∥ H(key ∥ message)) because the outer application of the hash
function masks the intermediate result of the internal hash. The values of ipad and
opad are not critical to the security of the algorithm, but were defined in such a way
to have a large Hamming distance from each other and so the inner and outer keys
will have fewer bits in common. The security reduction of HMAC does require them
to be different in at least one bit.

37
The Keccak hash function, that was selected by NIST as the SHA-3 competition
winner, doesn't need this nested approach and can be used to generate a MAC by
simply prepending the key to the message, as it is not susceptible to length-
extension-attacks.

38
 RSA Algorithm
RSA (Rivest–Shamir–Adleman) is one of the first public-key cryptosystems and
is widely used for secure data transmission. In such a cryptosystem, the encryption
key is public and it is different from the decryption key which is kept secret
(private). In RSA, this asymmetry is based on the practical difficulty of the
factorization of the product of two large prime numbers, the "factoring problem".
The acronym RSA is made of the initial letters of the surnames of Ron Rivest, Adi
Shamir, and Leonard Adleman, who first publicly described the algorithm in 1978.
Clifford Cocks, an English mathematician working for the British intelligence
agency Government Communications Headquarters (GCHQ), had developed an
equivalent system in 1973, but this was not declassified until 1997.[1]

A user of RSA creates and then publishes a public key based on two large prime
numbers, along with an auxiliary value. The prime numbers must be kept secret.
Anyone can use the public key to encrypt a message, but with currently published
methods, and if the public key is large enough, only someone with knowledge of the
prime numbers can decode the message feasibly.[2] Breaking RSA encryption is
known as the RSA problem. Whether it is as difficult as the factoring problem
remains an open question.

RSA is a relatively slow algorithm, and because of this, it is less commonly used to
directly encrypt user data. More often, RSA passes encrypted shared keys for
symmetric key cryptography which in turn can perform bulk encryption-decryption
operations at much higher speed.
RSA derives its security from the difficulty of factoring large integers that are the
product of two large prime numbers. Multiplying these two numbers is easy, but
determining the original prime numbers from the total -- or factoring -- is considered
infeasible due to the time it would take using even today's supercomputers.

The public and private key generation algorithm is the most complex part of RSA
cryptography. Two large prime numbers, p and q, are generated using the Rabin-
Miller primality test algorithm. A modulus, n, is calculated by multiplying p and q.

39
This number is used by both the public and private keys and provides the link
between them. In supercomputers, the key usually expressed in bits, is called the key
length.

40
 OPERATION

The RSA algorithm involves four steps: key generation, key distribution,
encryption and decryption.A basic principle behind RSA is the observation that it
is practical to find three very large positive integers e, d and n such that with
modular exponentiation for all integers m (with 0 ≤ m < n):

RSA involves a public key and a private key. The public key can be known by
everyone, and it is used for encrypting messages. The intention is that messages
encrypted with the public key can only be decrypted in a reasonable amount of
time by using the private key.

The keys for the RSA algorithm are generated the following way:

 C
hoose two distinct prime numbers p and q.
 For security purposes, the integers p and q should be chosen at random, and
should be similar in magnitude but differ in length by a few digits to make
factoring harder.[2] Prime integers can be efficiently found using a primality test.
 Compute n = pq.
 n is used as the modulus for both the public and private keys. Its length, usually
expressed in bits, is the key length.
 Compute λ(n) = lcm(φ(p), φ(q)) = lcm(p − 1, q − 1), where λ is Carmichael's
totient function. This value is kept private.
 Choose an integer e such that 1 < e < λ(n) and gcd(e, λ(n)) = 1; i.e., e and λ(n) are
coprime.
 Determine d as d ≡ e−1 (mod λ(n)); i.e., d is the modular multiplicative inverse of
e modulo λ(n).

 e is released as the public key exponent.

 d is kept as the private key exponent.

The public key consists of the modulus n and the public (or encryption) exponent e.
The private key consists of the private (or decryption) exponent d, which must be
kept secret. p, q, and λ(n) must also be kept secret because they can be used to
calculate d.

41
CHAPTER 5

CONCLUSION

42
 CHAPTER-5 CONCLUSION

Thus concluding our project, we have addressed the challenge of credential

leakage in CP-ABE based cloud storage system by designing an accountable

authority and revocable CryptCloud which supports white-box traceability and

auditing (referred to as CryptCloud+). This is the first CP-ABE based cloud storage

system that simultaneously supports white-box traceability, accountable authority,

auditing and effective revocation.Specifically, CryptCloud+ allows us to trace and

revoke malicious cloud users (leaking credentials).Our approach can be also used in

the case where the users’ credentials are redistributed by the semi-trusted

authority.

43
 CHAPTER 6

FUTURE ENHANCEMENT

44
 CHAPTER-6
FUTURE ENHANCEMENT
In future work, we plan to implement a black-box traceability and auditing

which is a stronger notion (compared to white-box traceability), in

CryptCloud.Our future work also includes extending CryptCloud+ to provide

“partial” and fully public traceability without compromising on

performance.This project helps in tracing the malicious users in an organisation

very easily. Hence there is a wide scope for this project in future.

45
 APPENDIX-1 SOURCE CODE
AUTHENTICATION CODE

AccountabilityPojo.java
package logics;
public class AccountabilityPojo {
privateString
email,qustion1,answer1,question2,answer2,question3,answer3,question4,
answer4,owner;
public String getOwner()
{
return owner;
}
public void setOwner(String owner) {
this.owner = owner;
}
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
public String getQustion1() {
return qustion1;
}
public void setQustion1(String qustion1) {
this.qustion1 = qustion1;
}

46
public String getAnswer1()
{
return answer1;
}
public void setAnswer1(String answer1)
{
this.answer1 = answer1;
}
public String getQuestion2()
{
return question2;
}
public void setQuestion2(String question2)
{
this.question2 = question2;
}
public String getAnswer2()
{
return answer2;
public void setAnswer2(String answer2)
{
this.answer2 = answer2;

47
public String getQuestion3() {
return question3;
}
public void setQuestion3(String question3) {
this.question3 = question3;
}
public String getAnswer3() {
return answer3;
}
public void setAnswer3(String answer3) {
this.answer3 = answer3;
}
public String getQuestion4() {

return question4;
}
public void setQuestion4(String question4) {
this.question4 = question4;
}

48
public String getAnswer4() {
return answer4;
}
public void setAnswer4(String answer4) {
this.answer4 = answer4;
}
}
Decrypt.java

package logics;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;
import com.sun.org.apache.xerces.internal.impl.dv.util.Base64;
public class Decrypt
{

49
 private static String passWord1="";
private static SecretKeyFactory keyFactory ;
private static byte[] passByte;
Cipher desCipher;
SecretKey myDesKey ;
public String decrypt(String cipher,String passWord1)
throws
InvalidKeySpecException, NoSuchAlgorithmException,
NoSuchPaddingException, IOException
{
String dec="";
this.passWord1=passWord1;
try
{
manageKeystrengthMethod();
keyFactory = SecretKeyFactory.getInstance("DES");
passByte=this.passWord1.getBytes();
DESKeySpec dspec= new DESKeySpec(passByte);
SecretKey myDesKey =
keyFactory.generateSecret(dspec);
Cipher desCipher;
// Create the cipher
desCipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
// Initialize the cipher for encryption
desCipher.init(Cipher.DECRYPT_MODE, myDesKey);
//sensitive information

50
 byte[] textEncrypted = cipher.getBytes();
// System.out.println("Text [Byte Format] : " + text);
//System.out.println("Cipher to be decrypted : " + new
String(textEncrypted));
// Decrypt the text
Base64 bs=new Base64();
byte[] textDecrypted = desCipher.doFinal(bs.decode(cipher));
//System.out.println("Text Decryted : " + new
String(textDecrypted));
dec=new String(textDecrypted);
}catch(InvalidKeyException e){
e.printStackTrace();
}catch(IllegalBlockSizeException e){
e.printStackTrace();
}catch(BadPaddingException e){
}
return dec;
}
private void manageKeystrengthMethod()
{
if(passWord1.length()<8)
{
int counter=passWord1.length();

51
{
passWord1+='@';
counter++;
}
}
}
EmpChanges.java
package logics;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.http.servlet.HttpsServlet;
public class EmpChanges extends HttpsServlet
{
public void doPost(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException
{
response.setContentType("text/html");
PrintWriter out = response.getWriter();

52
 String name=request.getParameter("name");
String email=request.getParameter("email");
String hemail=request.getParameter("hemail");
String desig=request.getParameter("desig");
String mobile=request.getParameter("mobile");
int status=FileDao.editEmployee(name, email, desig,
mobile, hemail);
if(status>0)
{
System.out.println("Employee details changed in a database");
request.setAttribute("msg", "Employee details changed in a
database");
RequestDispatcher
rd=request.getRequestDispatcher("employees.jsp");

rd.forward(request, response);
}
else
{
System.out.println("Employee details not changed in a
database");

request.setAttribute("msg", "Employee details not changed in

a database");
RequestDispatcher
rd=request.getRequestDispatcher("employees.jsp");
rd.forward(request, response);
}
out.close();

53
}
}

54
 APPENDIX-2 SCREENSHOTS

Login page for Cloud users and Semi-Trustable Authority.

55
Registration page for all the Cloud users.

56
Semi-Trustable Authority generates Decryption keys to Cloud Users.

57
Data owners registration page.

58
Data Owners assigning the Policy Setup to the Employees.

59
Data owner’s Home page.

60
Data owners assigning File policy to the files they upload.

61
Properties of the file such as Read ,Write , Download , Delete.

62
When any Cloud Users try to Commit Key Theft.

63
Questions asked to the cloud user who committed a Key Theft.

64
REFERENCES

[1] Mazhar Ali, Revathi Dhamotharan, Eraj Khan, Samee U. Khan, Athanasios V.

Vasilakos, Keqin Li, and Albert Y. Zomaya. Sedasc: Secure data sharing in clouds.

IEEE Systems Journal, 11(2):395–404, 2017.

[2] Mazhar Ali, Samee U. Khan, and Athanasios V. Vasilakos. Security in cloud

computing: Opportunities and challenges. Inf. Sci., 305:357–383, 2015.

[3] Michael Armbrust, Armando Fox, R ean Griffith, Anthony D Joseph, Randy

Katz, Andy Konwinski, Gunho Lee, David Patterson, Ariel Rabkin, Ion Stoica, et al.

A view of cloud computing. Communications of the ACM, 53(4):50–58, 2010.

[4] Nuttapong Attrapadung and Hideki Imai. Attribute-based encryption supporting

direct/indirect revocation modes. In Cryptography and Coding, pages 278–300.

Springer, 2009.

[5] Amos Beimel. Secure schemes for secret sharing and key distribution. PhD

thesis, PhD thesis, Israel Institute of Technology, Technion, Haifa, Israel, 1996.

[6] Mihir Bellare and Oded Goldreich. On defining proofs of knowledge. In

Advances in Cryptology-CRYPTO’92, pages 390–420. Springer, 1993.

[7] Dan Boneh and Xavier Boyen. Short signatures without random oracles. In

EUROCRYPT - 2004, pages 56–73, 2004.

[8] Hongming Cai, Boyi Xu, Lihong Jiang, and Athanasios V. Vasilakos. Iot-based

big data storage systems in cloud computing: Perspectives and challenges. IEEE

Internet of Things Journal, 4(1):75–87, 2017.

65