1.

INTRODUCTION

PUBLIC cloud storage service becomes increasingly popular due to cost reduction and
good data usability for users. This trend has prompted users and corporations to store
(unencrypted) data on public cloud, and share their cloud data with others. Using a cloud for
high-value data requires the user to trust the server to protect the data from unauthorized
disclosures. This trust is often misplaced, because there are many ways in which confidential
data leakage may happen, e.g. these data breaches reported [1], [2], [3], [4], [5], [6]. To
counteract data leakage, one of the most promising approaches is client-side
encryption/decryption. Concretely, client-side encryption allows senders to encrypt data before
transmitting it to clouds, and decrypt the data after downloading from clouds. In this way, clouds
only obtain encrypted data, thus making server-side data exposure more difficult or impossible.
At the same time, as a crucial functionality of cloud storage, flexible file sharing with multiple
users or a group of users must be fully supported. However, existing client-side encryption
solutions suffer from more or less disadvantages in terms of security, efficiency and usability.
Known Client-Side Encryption Solutions. We review existing solutions and point out their
limitations.

Limited support or no support. Many cloud storage providers, including Google Drive and
Drop box, do not provide support for client-side encryption. They adopt server-side encryption
for files stored, TLS for data at transit, and two-factor authentication for user authentication.
Apple I Cloud supports end-to end encryption for sensitive information, e.g., I Cloud Keychain,
Wi-Fi passwords. For other data uploaded to I Cloud, only server encryption is adopted.

1
 Password-Based Solutions. Some products [7], [8], [9] use symmetric encryption (typically
AES) to encrypt users’ data and then upload ciphertexts to clouds. However, in these schemes,
the cryptographic keys are derived from a password/ passphrase or even a 4-digit PIN. Relying
on such low entropy is considered unsafe [10]. Worse still, most password-based solutions only
deal
With case of single-user file encryption and decryption, and do not provide any file sharing
mechanism. Notably, [7] allows users to generate a share link for each password-protected file.
However, users must manually send the share link through one channel, and password to all
receivers through another secure channel, which is inconvenient and brittle.

Hybrid Encryption Scheme. The cloud adopts a key encapsulation mechanism (KEM) and a
data encapsulation mechanism (DEM), so called the KEM-DEM setting. Many public cloud
service providers, including Amazon [11], Tresor it [12], and Mega [13], adopt the RSA-AES
paradigm. Users generate RSA key pairs and apply for certificates from the providers, who build
and maintain a Public Key Infrastructures (PKI). Users encrypt data under fresh sampled AES
keys, which are further encrypted under all recipients’ RSA public keys. This file sharing
mechanism is inflexible and inefficient. A sender needs to obtain and specify the public keys of
all receivers during encryption. Even worse, the size of the cipher text and encryption workload
are proportional to the number of recipients, resulting in greater bandwidth and storage costs and
more user expenditure.

Limitations of the Existing Solutions. Three drawbacks exist in above-mentioned solutions: 1)

comparatively poor security, 2) coarse-grained access control, inflexible and inefficient file
sharing, and 3) poor usability. The first two are easy to see and we now elaborate the usability
issue. Typically, users use different terminals to upload files, including desktop, Web and mobile
applications [14]. However, almost all the existing solutions require additional software or
plugins, thus limiting users’ devices and platforms. When switching to a new device, users need

2
to repeat the boring installation process, which greatly increases users’ burden thus decreases
usability.

1.1 EXISTING SYSTEM

Meanwhile, there are researches in the literature having explored the idea of running
cryptographic algorithms on Web browsers. [29] focused on using Identity-Based Cryptography
for client side security in Web applications and presented a JavaScript implementation of their
scheme. They selected Combined Public Key cryptosystem as the encryption scheme to avoid
complex computations involved in bilinear pairing and elliptic curve. ShadowCrypt [30] allows
users to transparently switch to encrypted input/output for text-based Web applications. It
requires a browser extension, replacing input elements in a page with secure, isolated shadow
inputs and encrypted text with secure, isolated cleartext. [26] implemented several Lattice-based
encryption schemes and showed the speed performance on four common Web browsers on PC.
Their results demonstrated that some of today’s Lattice-based cryptosystems can already have
efficient JavaScript implementations. Recently, [31] constructed an efficient two-level
homomorphic public-key encryption in prime-order bilinear groups and presented a high-
performance implementation usingWebAssembly that allows their scheme to be run very fast on
any popular Web browser, without any plugins required.

Attribute-Based Encryption. Attribute based encryption (ABE) was first introduced by Sahai
and Waters under the name fuzzy identity-based encryption [32]. Goyal et al. [33] extended
fuzzy IBE to ABE. Up to now, there are two forms of ABE: key-policy ABE (KP- ABE) [33],
[34], [35], [36], where the key is assigned to an access policy and the ciphertext to a set of
attributes, and ciphertext-policy ABE (CP-ABE) [17], [37], [38], where the ciphertext is
assigned to an access policy and the key to a set of attributes. A user can decrypt a ciphertext if
the set of attributes satisfies the access policy. In this work, CP-ABE is adopted as a building
block of WebCloud: each file has an access policy to indicate the allowed receivers.

3
The complex pairing and exponentiation operations in ABE are migrated by many works. Green
et al. [19] introduced outsourced decryption into ABE systems such that the complex operations
of decryption can be outsourced to a cloud server, only leaving one exponentiation operation for
a user to recover the plaintext. Further, online/offline ABE [20] was proposed by Hohenberger
and Waters, which splits the original algorithm into two phases: an offline phase which does the
majority of encryption computations before knowing the attributes/access control policy and
generates an intermediate ciphertext, and an online phase which rapidly assembles an ABE
ciphertext with the intermediate ciphertext after the attributes/access control policy is fixed.
Meanwhile, [20] proposed two scenarios about the offline phase: 1) the user does the offline
work on his smartphone. 2) A high-end trusted server helps the user with low-end device do the
offline work.

Disadvantages

1) Comparatively poor security,

2) Coarse-grained access control, inflexible and inefficient file sharing, and poor
reliability.
3) The first two are easy to see and we now elaborate the usability issue. Typically, users
use different terminals to upload files, including desktop, Web and mobile applications.

Advantages

1. The proposed system focuses on designing and implementing a practical, secure and
cross-platform public cloud storage system. The proposed solution, WebCloud, is a Web-
based client-side encryption solution. Users encrypt and decrypt their data using Web
agents, e.g., Web browsers.
2. The proposed system implemented Multi-Factor Authenticated Key Exchange which
gives more secure and safe

4
 1.2 PROPOSED SYSTEM

We view our contribution as the uniform design, rigorous analysis and efficient implementation
of WebCloud, in particular, it simultaneously achieves the following:

Practical Encryption Solution for Cloud Storage. We introduce WebCloud, a practical client-
side encryption solution for public cloud storage, which effectively combines modern Web
techniques and cryptographic algorithms. WebCloud involves of a key management mechanism,
a dedicated attributebased encryption scheme and a high-speed implementation. More
importantly, WebCloud is cross platform (including major browsers, Android and PC) and
plugin

Fine-Grained Access Control Mechanism with ABE. It is widely-accepted that attribute-based

encryption (ABE) is promising for fine-grained access control of data. However, we find that the
existing ABE schemes suffer from high computational overhead, or some vital missing
functionalities, e.g., inefficient data encryption, robust and immediate user revocation, offline
encryption and outsourced decryption simultaneously. To solve this problem, we propose a
dedicated ciphertext-policy attribute-based access control mechanism. The proposed scheme can
also be used in other scenario.

Rigorous Security Analysis. We present a security model of WebCloud, including the

adversarial models for the Web and the cryptographic scheme simultaneously. The security
analysis is then done in the proposed model, namely, the provable security of the proposed CP-
ABE scheme and the reliability of the key storage in the browser side.

Efficient Operation inside Browsers. We implement WebCloud based on ownCloud [23]. The
functionalities and performances are evaluated in major browsers on many devices, and

5
applications on PC and Android devices. The benchmark result indicates that WebCloud is a
practical solutions

2. LITERATURE SURVEY

2.1 Cipher text-policy attributbased encryption

In several distributed systems a user should only be able to access data if a userposses a certain
set of credentials or attributes. Currently, the only method for enforcing such policies is to
employ a trusted server to store the data and mediate access control. However, if any server
storing the data is compromised, then the confidentiality of the data will be compromised. In
this paper we present a system for realizing complex access control on encrypted data that we
call Cipher text-Policy Attribute-Based Encryption. By using our techniques encrypted data can
be kept confidential even if the storage server is untrusted; moreover, our methods are secure
against collusion attacks. Previous Attribute- Based Encryption systems used attributes to
describe the encrypted data and built policies into user's keys; while in our system attributes are
used to describe a user's credentials, and a party encrypting data determines a policy for who
can decrypt. Thus, our methods are conceptually closer to traditional access control methods
such as Role-Based Access Control (RBAC). In addition, we provide an implementation of our
system and give performance measurements.

2.2 Securing communications between external users and wireless

body area networks

Wireless Body Area Networks (BANs) are expected to play a crucial role in patient-health
monitoring in the near future. Establishing secure communications between BAN sensors and
external users is key to addressing the prevalent security and privacy concerns. In this paper, we
propose the primitive functions to implement a secret-sharing based Ciphertext-Policy Attribute-
Based Encryption (CP_ABE) scheme, which encrypts the data based on an access structure

6
specified by the data source. We also design two protocols to securely retrieve the sensitive
patient data from a BAN and instruct the sensors in a BAN.

Our analysis indicates that the proposed scheme is feasible, can provide message authenticity,
and can counter possible major attacks such as collusion attacks and battery-draining attacks.

2.3 Exploiting prediction to enable secure and reliable routing in

wireless body area networks

In this project, we propose a distributed Prediction-based Secure and Reliable routing framework
(PSR) for emerging Wireless Body Area Networks (WBANs). It can be integrated with a
specific routing protocol to improve the latter's reliability and prevent data injection attacks
during data communication. In PSR, using past link quality measurements, each node predicts
the quality of every incidental link, and thus any change in the neighbor set as well, for the
immediate future. When there are multiple possible next hops for packet forwarding (according
to the routing protocol used), PSR selects the one with the highest predicted link quality among
them. Specially-tailored lightweight source and data authentication methods are employed by
nodes to secure data communication. Further, each node adaptively enables or disables source
authentication according to predicted neighbor set change and prediction accuracy so as to
quickly filter false source authentication requests. We demonstrate that PSR significantly
increases routing reliability and effectively resists data injection attacks through in-depth security
analysis and extensive simulation study.

7
 3.SYSTEM STUDY

3.1 FEASIBILITY STUDY

The feasibility of the project is analyzed in this phase and business

proposal is put forth with a very general plan for the project and some cost

estimates. During system analysis the feasibility study of the proposed system is to

be carried out. This is to ensure that the proposed system is not a burden to the

company. For feasibility analysis, some understanding of the major requirements

for the system is essential.

Three key considerations involved in the feasibility analysis are

 ECONOMICAL FEASIBILITY

 TECHNICAL FEASIBILITY

 SOCIAL FEASIBILITY

 ECONOMICAL FEASIBILITY

This study is carried out to check the economic impact that the system will have on

the organization. The amount of fund that the company can pour into the research and
8
development of the system is limited. The expenditures must be justified. Thus the developed

system as well within the budget and this was achieved because most of the technologies used

are freely available. Only the customized products had to be purchased.

TECHNICAL FEASIBILITY

This study is carried out to check the technical feasibility, that is, the technical

requirements of the system. Any system developed must not have a high demand on the available

technical resources. This will lead to high demands on the available technical resources. This

will lead to high demands being placed on the client. The developed system must have a modest

requirement, as only minimal or null changes are required for implementing this system.

SOCIAL FEASIBILITY

The aspect of study is to check the level of acceptance of the system by the user. This

includes the process of training the user to use the system efficiently. The user must not feel

threatened by the system, instead must accept it as a necessity. The level of acceptance by the

users solely depends on the methods that are employed to educate the user about the system and

to make him familiar with it. His level of confidence must be raised so that he is also able to

make some constructive criticism, which is welcomed, as he is the final user of the system.

9
 4.SYSTEM SPECIFICATIONS

4.1 Software Requirements:

 Operating System - Windows XP

 Coding Language - Java/J2EE(JSP,Servlet)

 Front End - J2EE

 Back End - MySQL

4.2 Hardware Requirements:

➢ Processor - Pentium –IV

➢ RAM - 4 GB (min)

➢ Hard Disk - 20 GB

➢ Key Board - Standard Windows Keyboard

➢ Mouse - Two or Three Button Mouse

➢ Monitor - SVGA

10
 5 .SYSTEM DESIGN

5.1 System Architecture:

11
 Login,

View and Authorize Users,

Architecture Diagram
View and Authorize Owners,

View Files,

View All Search Transactions,

View All File Transactions,

Cloud
Service Provider View All Top Searched,
Browse and enc
and Uploads files View Attackers,

Search Requests,
1) View user Details
2) View Attacker
View Time Delay,
Details
View Throughput.
3) Unblock User

Data
1) Registers & Logins
Owner
PKG

Login, View Files and

Generate Key.
Register and Login,
Attackers,
Upload File,
Register and Login, My Profile,
View Files,
View Files, Search Files, Search
Verify data(Verifiability), Ratio, Top K Search, Req Search
View and Delete Files, Control.
View All Transactions.

User

Fig.1:System Architecture

5.2 FLOW CHART DIAGRAM

 5.2.1Flow Chart : Cloud Server

12
 Fig.2:Cloud server

5.2.2:owner login
Start

Owner Login
13
 Yes No
Login

Send File Download

Username &
Request,Download Permitted
Password Wrong
Files.

Upload Resource,View All My

Uploaded File,Upload Video
Resource

Log Out
View All My Uploaded
Videos,View All My Remaining
Memory

Fig 3: owner login

Flow Chart 5.2.3: User

Start

14
 User Login

Yes No
Login

View My Profile Username &

Password Wrong

Request Secret Key

Log Out
Search Files

Search Videos

Send File Download

Request,Download Permitted Files.

Fig .4:User Login

Flow Chart 5.2.4: Key Server

Start

Key Server
15 Login
 Yes No
Login

View Secret Key Requests. Username &

Password Wrong

Log Out

Fig.5: Key server

5.3.Class Diagrams Fig .6:class diagram

Cloud Service Provider
Data Owner

Register and Login, Attackers, Login, View and Authorize Users, View and
Authorize Owners, View Files, View All Search
Upload File, View Files, Verify 16 Transactions, View All File Transactions, View
data(Verifiability), View and Delete All Top Searched, View Attackers, Search
Files, View All Transactions. Requests, View Time Delay, View Throughput.

ID, File Name, Index, Contents,

 ID, File Name, Index, Contents,

Methods
Methods

Members
Members

Login Register
Register, Reset
Login, Register, Reset Methods
Methods Name, Password, DOB,
Members User Name, Password Gender, Address, City,
Members
Country, Email, Mobile

PKG
User
Login, View Files and
Register and Login, My Generate Key.
Methods Profile, View Files, Search Methods

Files, Search Ratio, Top K

Search, Req Search Control . ID, File Name, Index,
Members Contents, MAC, Rank,
ID, File Name, Index, Members
Contents, MAC, Rank, Date & Time, DATA
Date & Time, DATA OWNER, OWNER, Secret Key.
Secret Key.

17
 5.4 Sequence diagram
Cloud Service
Data Owner PKG user
Provider

Register and Login, Attackers,Upload Meta data

Upload File, View Files,

Request secret key
Verify data(Verifiability),
Gives secret key
View and Delete Files

View All Transactions.

Searching file based on Keyword

Login, View and

Authorize Users,

Search response

Request Access Permission

Access permission Response

View and Authorize Owners, View Files View All Register and
Search Transactions, Login, My Profile,
View Files,

Search response

View All File Login, Search Files,

Transactions, Search Ratio
View All Top View Files and
Searched, View Generate Key.
Attackers,
Top K Search, Req
Search Requests, Search Control.
View Time
Delay, View

Fig .7:sequence diagram

18
5.5Data Flow Diagram

Register and Data Flow Diagram

Login, Attackers, Login, View and
Upload File, View Verify Authorize Users, View
Files data(Verifiability), and Authorize
View and Delete Owners,
Files, View All
Transactions. View Files, View All
Search Transactions,
View All File
Transactions,

Data Encrypted File

Owner Details and upload Cloud Service
to cloud Provider

Login, View Files

Auditing details,
Generate Key.
Register and Login, My
Profile, View Files,
Search Files Search
Ratio, Top K Search, Req
PKG Search Contro l.

Fig.8:Data flow diagaram

USER
19
 6.SYSTEM ENVIRONMENT

Java Technology
Java technology is both a programming language and a platform.

The Java Programming Language

The Java programming language is a high-level language that can be
characterized by all of the following buzzwords:

 Simple
 Architecture neutral
 Object oriented
 Portable
 Distributed
 High performance
 Interpreted
 Multithreaded
 Robust
 Dynamic
 Secure

With most programming languages, you either compile or interpret a

program so that you can run it on your computer. The Java programming language
20
is unusual in that a program is both compiled and interpreted. With the compiler,
first you translate a program into an intermediate language called Java byte codes —
the platform-independent codes interpreted by the interpreter on the Java platform.
The interpreter parses and runs each Java byte code instruction on the computer.
Compilation happens just once; interpretation occurs each time the program is
executed. The following figure illustrates how this works.

Fig.9: Working of Java program

You can think of Java byte codes as the machine code instructions for the
Java Virtual Machine (Java VM). Every Java interpreter, whether it’s a development
tool or a Web browser that can run applets, is an implementation of the Java VM.
Java byte codes help make “write once, run anywhere” possible. You can compile
your program into byte codes on any platform that has a Java compiler. The byte
codes can then be run on any implementation of the Java VM. That means that as
long as a computer has a Java VM, the same program written in the Java
programming language can run on Windows 2000, a Solaris workstation, or on an
iMac.

21
 Fig.10:Java programming language

The Java Platform

A platform is the hardware or software environment in which a program
runs. We’ve already mentioned some of the most popular platforms like
Windows 2000, Linux, Solaris, and MacOS. Most platforms can be
described as a combination of the operating system and hardware. The Java
platform differs from most other platforms in that it’s a software-only
platform that runs on top of other hardware-based platforms.

The Java platform has two components:

 The Java Virtual Machine (Java VM)
 The Java Application Programming Interface (Java API)
You’ve already been introduced to the Java VM. It’s the base for the Java
platform and is ported onto various hardware-based platforms.

The Java API is a large collection of ready-made software components

that provide many useful capabilities, such as graphical user interface (GUI)
widgets. The Java API is grouped into libraries of related classes and
interfaces; these libraries are known as packages. The next section, What Can

22
 Java Technology Do? Highlights what functionality some of the packages in
the Java API provide.
The following figure depicts a program that’s running on the Java
platform. As the figure shows, the Java API and the virtual machine insulate
the program from the hardware.

Fig.11:Java platform

Native code is code that after you compile it, the compiled code runs
on a specific hardware platform. As a platform-independent environment,
the Java platform can be a bit slower than native code. However, smart
compilers, well-tuned interpreters, and just-in-time byte code compilers can
bring performance close to that of native code without threatening
portability.

What Can Java Technology Do?

The most common types of programs written in the Java programming
language are applets and applications. If you’ve surfed the Web, you’re
probably already familiar with applets. An applet is a program that adheres
to certain conventions that allow it to run within a Java-enabled browser.

However, the Java programming language is not just for writing cute,
entertaining applets for the Web. The general-purpose, high-level Java

23
programming language is also a powerful software platform. Using the
generous API, you can write many types of programs.
An application is a standalone program that runs directly on the Java
platform. A special kind of application known as a server serves and supports
clients on a network. Examples of servers are Web servers, proxy servers,
mail servers, and print servers. Another specialized program is a servlet. A
servlet can almost be thought of as an applet that runs on the server side.
Java Servlets are a popular choice for building interactive web applications,
replacing the use of CGI scripts. Servlets are similar to applets in that they
are runtime extensions of applications. Instead of working in browsers,
though, servlets run within Java Web servers, configuring or tailoring the
server.
How does the API support all these kinds of programs? It does so with
packages of software components that provides a wide range of
functionality. Every full implementation of the Java platform gives you the
following features:
 The essentials: Objects, strings, threads, numbers, input and output,
data structures, system properties, date and time, and so on.
 Applets: The set of conventions used by applets.
 Networking: URLs, TCP (Transmission Control Protocol), UDP
(User Data gram Protocol) sockets, and IP (Internet Protocol)
addresses.
 Internationalization: Help for writing programs that can be localized
for users worldwide. Programs can automatically adapt to specific
locales and be displayed in the appropriate language.

24
  Security: Both low level and high level, including electronic
signatures, public and private key management, access control, and
certificates.
 Software components: Known as JavaBeansTM, can plug into existing
component architectures.
 Object serialization: Allows lightweight persistence and
communication via Remote Method Invocation (RMI).
 Java Database Connectivity (JDBCTM): Provides uniform access to
a wide range of relational databases.
The Java platform also has APIs for 2D and 3D graphics, accessibility,
servers, collaboration, telephony, speech, animation, and more. The
following figure depicts what is included in the Java 2 SDK.

Fig.12:java 2 SDK
How Will Java Technology Change My Life?

We can’t promise you fame, fortune, or even a job if you learn the Java
programming language. Still, it is likely to make your programs better and

25
requires less effort than other languages. We believe that Java technology
will help you do the following:

 Get started quickly: Although the Java programming language is a

powerful object-oriented language, it’s easy to learn, especially for
programmers already familiar with C or C++.
 Write less code: Comparisons of program metrics (class counts,
method counts, and so on) suggest that a program written in the Java
programming language can be four times smaller than the same
program in C++.
 Write better code: The Java programming language encourages good
coding practices, and its garbage collection helps you avoid memory
leaks. Its object orientation, its JavaBeans component architecture,
and its wide-ranging, easily extendible API let you reuse other
people’s tested code and introduce fewer bugs.
 Develop programs more quickly: Your development time may be as
much as twice as fast versus writing the same program in C++. Why?
You write fewer lines of code and it is a simpler programming
language than C++.
 Avoid platform dependencies with 100% Pure Java: You can keep
your program portable by avoiding the use of libraries written in other
languages. The 100% Pure JavaTM Product Certification Program has a
repository of historical process manuals, white papers, brochures, and
similar materials online.
 Write once, run anywhere: Because 100% Pure Java programs are
compiled into machine-independent byte codes, they run consistently
on any Java platform.
26
Distribute software more easily: You can upgrade applets easily from a central
server. Applets take advantage of the feature of allowing new classes to be loaded
“on the fly,” without recompiling the entire program.
ODBC
Microsoft Open Database Connectivity (ODBC) is a standard programming
interface for application developers and database systems providers. Before ODBC
became a de facto standard for Windows programs to interface with database
systems, programmers had to use proprietary languages for each database they
wanted to connect to. Now, ODBC has made the choice of the database system
almost irrelevant from a coding perspective, which is as it should be. Application
developers have much more important things to worry about than the syntax that is
needed to port their program from one database to another when business needs
suddenly change
Through the ODBC Administrator in Control Panel, you can specify the
particular database that is associated with a data source that an ODBC application
program is written to use. Think of an ODBC data source as a door with a name on
it. Each door will lead you to a particular database. For example, the data source
named Sales Figures might be a SQL Server database, whereas the Accounts
Payable data source could refer to an Access database. The physical database
referred to by a data source can reside anywhere on the LAN.
The ODBC system files are not installed on your system by Windows 95.
Rather, they are installed when you setup a separate database application, such as
SQL Server Client or Visual Basic 4.0. When the ODBC icon is installed in
Control Panel, it uses a file called ODBCINST.DLL. It is also possible to
administer your ODBC data sources through a stand-alone program called

27
ODBCADM.EXE. There is a 16-bit and a 32-bit version of this program and each
maintains a separate list of ODBC

From a programming perspective, the beauty of ODBC is that the

application can be written to use the same set of function calls to interface with any
data source, regardless of the database vendor. The source code of the application
doesn’t change whether it talks to Oracle or SQL Server. We only mention these
two as an example. There are ODBC drivers available for several dozen popular
database systems. Even Excel spreadsheets and plain text files can be turned into
data sources. The operating system uses the Registry information written by
ODBC Administrator to determine which low-level ODBC drivers are needed to
talk to the data source (such as the interface to Oracle or SQL Server). The loading
of the ODBC drivers is transparent to the ODBC application program. In a
client/server environment, the ODBC API even handles many of the network
issues for the application programmer.
The advantages of this scheme are so numerous that you are probably
thinking there must be some catch. The only disadvantage of ODBC is that it isn’t
as efficient as talking directly to the native database interface. ODBC has had
many detractors make the charge that it is too slow. Microsoft has always claimed
that the critical factor in performance is the quality of the driver software that is
used. In our humble opinion, this is true. The availability of good ODBC drivers
has improved a great deal recently. And anyway, the criticism about performance
is somewhat analogous to those who said that compilers would never match the
speed of pure assembly language. Maybe not, but the compiler (or ODBC) gives
you the opportunity to write cleaner programs, which means you finish sooner.
Meanwhile, computers get faster every year.

28
JDBC
In an effort to set an independent database standard API for Java; Sun
Microsystems developed Java Database Connectivity, or JDBC. JDBC offers a
generic SQL database access mechanism that provides a consistent interface to a
variety of RDBMSs. This consistent interface is achieved through the use of “plug-
in” database connectivity modules, or drivers. If a database vendor wishes to have
JDBC support, he or she must provide the driver for each platform that the
database and Java run on.
To gain a wider acceptance of JDBC, Sun based JDBC’s framework on
ODBC. As you discovered earlier in this chapter, ODBC has widespread support
on a variety of platforms. Basing JDBC on ODBC will allow vendors to bring
JDBC drivers to market much faster than developing a completely new
connectivity solution.
JDBC was announced in March of 1996. It was released for a 90 day public
review that ended June 8, 1996. Because of user input, the final JDBC v1.0
specification was released soon after.
The remainder of this section will cover enough information about JDBC for you
to know what it is about and how to use it effectively. This is by no means a
complete overview of JDBC. That would fill an entire book.

JDBC Goals

Few software packages are designed without goals in mind. JDBC is one
that, because of its many goals, drove the development of the API. These goals, in
conjunction with early reviewer feedback, have finalized the JDBC class library
into a solid framework for building database applications in Java.
29
 The goals that were set for JDBC are important. They will give you some
insight as to why certain classes and functionalities behave the way they do. The
eight design goals for JDBC are as follows:

1. SQL Level API

The designers felt that their main goal was to define a SQL interface for
Java. Although not the lowest database interface level possible, it is at a low
enough level for higher-level tools and APIs to be created. Conversely, it is at a
high enough level for application programmers to use it confidently. Attaining
this goal allows for future tool vendors to “generate” JDBC code and to hide
many of JDBC’s complexities from the end user.

2. SQL Conformance
SQL syntax varies as you move from database vendor to database vendor. In
an effort to support a wide variety of vendors, JDBC will allow any query
statement to be passed through it to the underlying database driver. This allows
the connectivity module to handle non-standard functionality in a manner that is
suitable for its users.

3. JDBC must be implemental on top of common database interfaces

The JDBC SQL API must “sit” on top of other common SQL level APIs.
This goal allows JDBC to use existing ODBC level drivers by the use of a
software interface. This interface would translate JDBC calls to ODBC and
vice versa.
4. Provide a Java interface that is consistent with the rest of the Java system

30
 Because of Java’s acceptance in the user community thus far, the designers
feel that they should not stray from the current design of the core Java system.

5. Keep it simple
This goal probably appears in all software design goal listings. JDBC is no
exception. Sun felt that the design of JDBC should be very simple, allowing for
only one method of completing a task per mechanism. Allowing duplicate
functionality only serves to confuse the users of the API.

6. Use strong, static typing wherever possible

Strong typing allows for more error checking to be done at compile time;
also, less error appear at runtime.

7. Keep the common cases simple

Because more often than not, the usual SQL calls used by the programmer
are simple SELECT’s, INSERT’s, DELETE’s and UPDATE’s, these queries
should be simple to perform with JDBC. However, more complex SQL
statements should also be possible.

Finally we decided to proceed the implementation using Java Networking.And

for dynamically updating the cache table we go for MS Access database. Java
ha two things: a programming language and a platform.

Java is a high-level programming language that is all of the following

Simple Architecture-neutral
Object-oriented Portable
Distributed High-performance
Interpreted multithreaded
Robust Dynamic
31
 Secure
Java is also unusual in that each Java program is both
compiled and interpreted. With a compile you translate a Java program
into an intermediate language called Java byte codes the platform-
independent code instruction is passed and run on the computer.

Compilation happens just once; interpretation occurs each time the

program is executed. The figure illustrates how this works

Java Program Interpreter

Compilers My Program

Fig.13:JDBC goals

You can think of Java byte codes as the machine code instructions for
the Java Virtual Machine (Java VM). Every Java interpreter, whether it’s
a Java development tool or a Web browser that can run Java applets, is an
implementation of the Java VM. The Java VM can also be implemented
in hardware.

Java byte codes help make “write once, run anywhere” possible. You
can compile your Java program into byte codes on my platform that has a
Java compiler. The byte codes can then be run any implementation of the

32
 Java VM. For example, the same Java program can run Windows NT,
Solaris, and Macintosh.

Networking

TCP/IP stack

The TCP/IP stack is shorter than the OSI one:

Fig.14:TCP/IP stack

TCP is a connection-oriented protocol; UDP (User Datagram Protocol)

is a connectionless protocol.

33
 IP datagram’s

The IP layer provides a connectionless and unreliable delivery system.

It considers each datagram independently of the others. Any association
between datagram must be supplied by the higher layers. The IP layer
supplies a checksum that includes its own header. The header includes the
source and destination addresses. The IP layer handles routing through an
Internet. It is also responsible for breaking up large datagram into smaller
ones for transmission and reassembling them at the other end.

UDP

UDP is also connectionless and unreliable. What it adds to IP is a checksum for the
contents of the datagram and port numbers. These are used to give a client/server
model - see later.

TCP

TCP supplies logic to give a reliable connection-oriented protocol above IP. It

provides a virtual circuit that two processes can use to communicate.

Internet addresses

In order to use a service, you must be able to find it. The Internet uses an address
scheme for machines so that they can be located. The address is a 32 bit integer
which gives the IP address. This encodes a network ID and more addressing. The
network ID falls into various classes according to the size of the network address.

34
Network address

Class A uses 8 bits for the network address with 24 bits left over for
other addressing. Class B uses 16 bit network addressing. Class C uses 24
bit network addressing and class D uses all 32.

Subnet address

Internally, the UNIX network is divided into sub networks. Building 11

is currently on one sub network and uses 10-bit addressing, allowing 1024
different hosts.

Host address

8 bits are finally used for host addresses within our subnet.
This places a limit of 256 machines that can be on the subnet.

Total address

The 32 bit address is usually written as 4 integers separated by dots.

Fg.15:Total Address

35
 Port addresses

A service exists on a host, and is identified by its port. This is a 16 bit

number. To send a message to a server, you send it to the port for that
service of the host that it is running on. This is not location transparency!
Certain of these ports are "well known".

Sockets

A socket is a data structure maintained by the system to handle network

connections. A socket is created using the call socket. It returns an integer that is
like a file descriptor. In fact, under Windows, this handle can be used with Read
File and Write File functions.

#include <sys/types.h>
#include <sys/socket.h>
int socket(int family, int type, int protocol);

Here "family" will be AF_INET for IP communications, protocol will

be zero, and type will depend on whether TCP or UDP is used. Two
processes wishing to communicate over a network create a socket each.
These are similar to two ends of a pipe - but the actual pipe does not yet
exist.

JFree Chart

JFreeChart is a free 100% Java chart library that makes it easy for
developers to display professional quality charts in their applications.
JFreeChart's extensive feature set includes:

36
 A consistent and well-documented API, supporting a wide range of
chart types;

A flexible design that is easy to extend, and targets both server-side

and client-side applications;

Support for many output types, including Swing components, image

files (including PNG and JPEG), and vector graphics file formats (including
PDF, EPS and SVG);

JFreeChart is "open source" or, more specifically, free software. It is

distributed under the terms of the GNU Lesser General Public Licence
(LGPL), which permits use in proprietary applications.

1. Map Visualizations
Charts showing values that relate to geographical areas. Some
examples include: (a) population density in each state of the United States,
(b) income per capita for each country in Europe, (c) life expectancy in each
country of the world. The tasks in this project include:

Sourcing freely redistributable vector outlines for the countries of the

world, states/provinces in particular countries (USA in particular, but also
other areas);

Creating an appropriate dataset interface (plus default

implementation), a rendered, and integrating this with the existing XYPlot
class in JFreeChart;

Testing, documenting, testing some more, documenting some more.

37
 2Time Series Chart Interactivity
Implement a new (to JFreeChart) feature for interactive time series
charts --- to display a separate control that shows a small version of ALL
the time series data, with a sliding "view" rectangle that allows you to
select the subset of the time series data to display in the main chart.

3. Dashboards
There is currently a lot of interest in dashboard displays. Create a flexible
dashboard mechanism that supports a subset of JFreeChart chart types (dials,
pies, thermometers, bars, and lines/time series) that can be delivered easily via
both Java Web Start and an applet.

4. Property Editors

The property editor mechanism in JFreeChart only handles a small

subset of the properties that can be set for charts. Extend (or reimplement)
this mechanism to provide greater end-user control over the appearance of
the charts.

J2ME (Java 2 Micro edition):-

Sun Microsystems defines J2ME as "a highly optimized Java run-time

environment targeting a wide range of consumer products, including pagers,
cellular phones, screen-phones, digital set-top boxes and car navigation systems."
Announced in June 1999 at the JavaOne Developer Conference, J2ME brings the
cross-platform functionality of the Java language to smaller devices, allowing
mobile wireless devices to share applications. With J2ME, Sun has adapted the

38
Java platform for consumer products that incorporate or are based on small
computing devices.

1. General J2ME architecture

Fig.15:General J2ME Architecture

J2ME uses configurations and profiles to customize the Java Runtime Environment
(JRE). As a complete JRE, J2ME is comprised of a configuration, which
determines the JVM used, and a profile, which defines the application by adding
domain-specific classes. The configuration defines the basic run-time environment
as a set of core classes and a specific JVM that run on specific types of devices.
We'll discuss configurations in detail in the The profile defines the application;

39
specifically, it adds domain-specific classes to the J2ME configuration to define
certain uses for devices. We'll cover profiles in depth in the The following graphic
depicts the relationship between the different virtual machines, configurations, and
profiles. It also draws a parallel with the J2SE API and its Java virtual machine.
While the J2SE virtual machine is generally referred to as a JVM, the J2ME virtual
machines, KVM and CVM, are subsets of JVM. Both KVM and CVM can be
thought of as a kind of Java virtual machine -- it's just that they are shrunken
versions of the J2SE JVM and are specific to J2ME.

2.Developing J2ME applications

Introduction In this section, we will go over some considerations you need to keep
in mind when developing applications for smaller devices. We'll take a look at the
way the compiler is invoked when using J2SE to compile J2ME applications.
Finally, we'll explore packaging and deployment and the role preverification plays
in this process.

3.Design considerations for small devices

Developing applications for small devices requires you to keep certain strategies in
mind during the design phase. It is best to strategically design an application for a
small device before you begin coding. Correcting the code because you failed to
consider all of the "gotchas" before developing the application can be a painful
process. Here are some design strategies to consider:

* Keep it simple. Remove unnecessary features, possibly making those features a

separate, secondary application.

40
* Smaller is better. This consideration should be a "no brainer" for all developers.
Smaller applications use less memory on the device and require shorter installation
times. Consider packaging your Java applications as compressed Java Archive (jar)
files.

* Minimize run-time memory use. To minimize the amount of memory used at run
time, use scalar types in place of object types. Also, do not depend on the garbage
collector. You should manage the memory efficiently yourself by setting object
references to null when you are finished with them. Another way to reduce run-
time memory is to use lazy instantiation, only allocating objects on an as-needed
basis. Other ways of reducing overall and peak memory use on small devices are to
release resources quickly, reuse objects, and avoid exceptions.

4.Configurations overview

The configuration defines the basic run-time environment as a set of core classes
and a specific JVM that run on specific types of devices. Currently, two
configurations exist for J2ME, though others may be defined in the future:

* Connected Limited Device Configuration (CLDC) is used specifically with

the KVM for 16-bit or 32-bit devices with limited amounts of memory. This is the
configuration (and the virtual machine) used for developing small J2ME
applications. Its size limitations make CLDC more interesting and challenging
(from a development point of view) than CDC. CLDC is also the configuration that
we will use for developing our drawing tool application. An example of a small
wireless device running small applications is a Palm hand-held computer.

41
* Connected Device Configuration (CDC) is used with the C virtual machine
(CVM) and is used for 32-bit architectures requiring more than 2 MB of memory.
An example of such a device is a Net TV box.

5.J2ME profiles

What is a J2ME profile?

As we mentioned earlier in this tutorial, a profile defines the type of device

supported. The Mobile Information Device Profile (MIDP), for example, defines
classes for cellular phones. It adds domain-specific classes to the J2ME
configuration to define uses for similar devices. Two profiles have been defined for
J2ME and are built upon CLDC: KJava and MIDP. Both KJava and MIDP are
associated with CLDC and smaller devices. Profiles are built on top of
configurations. Because profiles are specific to the size of the device (amount of
memory) on which an application runs, certain profiles are associated with certain
configurations.

A skeleton profile upon which you can create your own profile, the Foundation
Profile, is available for CDC.

Profile 1: KJava

42
KJava is Sun's proprietary profile and contains the KJava API. The KJava profile is
built on top of the CLDC configuration. The KJava virtual machine, KVM, accepts
the same byte codes and class file format as the classic J2SE virtual machine.
KJava contains a Sun-specific API that runs on the Palm OS. The KJava API has a
great deal in common with the J2SE Abstract Windowing Toolkit (AWT).
However, because it is not a standard J2ME package, its main package is
com.sun.kjava. We'll learn more about the KJava API later in this tutorial when we
develop some sample applications.

Profile 2: MIDP

MIDP is geared toward mobile devices such as cellular phones and pagers. The
MIDP, like KJava, is built upon CLDC and provides a standard run-time
environment that allows new applications and services to be deployed dynamically
on end user devices. MIDP is a common, industry-standard profile for mobile
devices that is not dependent on a specific vendor. It is a complete and supported
foundation for mobile application

development. MIDP contains the following packages, the first three of which are
core CLDC packages, plus three MIDP-specific packages.

* java.lang

* java.io

* java.util

* javax.microedition.io

43
* javax.microedition.lcdui

* javax.microedition.midlet

* javax.microedition.rms

7.SAMPLE CODE

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<title>HOME PAGE</title>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<link href="css/style.css" rel="stylesheet" type="text/css" />

<link rel="stylesheet" type="text/css" href="css/coin-slider.css" />

<script type="text/javascript" src="js/cufon-yui.js"></script>

<script type="text/javascript" src="js/cufon-titillium-250.js"></script>

<script type="text/javascript" src="js/jquery-1.4.2.min.js"></script>

<script type="text/javascript" src="js/script.js"></script>

44
<script type="text/javascript" src="js/coin-slider.min.js"></script>

<style type="text/css">

<!--

.style1 {

font-size: 24px;

color: #FF0000;

.style2 {

font-size: 18px;

color: #FF0000;

.style3 {

color: #FF0000;

font-weight: bold;

.style4 {color: #FF0000}

.style5 {font-size: 36px}

-->

</style>

</head>

<body>
45
<div class="main">

<div class="header">

<div class="header_resize">

<div class="logo">

<h1><a href="index.html" class="style1 style5">WebCloud Web Based Cloud Storage for

Secure Data Sharing across Platforms</a></h1>

</div>

<div class="menu_nav">

<ul>

<li class="active"><a href="index.html"><span>Home </span></a></li>

<li class="active"><a href="DO_Login.jsp"><span>DATA OWNER</span></a></li>

<li class="active"><a href="DU_Login.jsp">END USER </a><a

href="about.html"></a></li>

<li class="active"><a href="C_Login.jsp"><span>CLOUD SERVICE

PROVIDERS</span></a></li>

<li class="active"><a href="PKG_Login.jsp"><span>PKG</span></a></li>

<li><a href=""></a></li>

</ul>

</div>

<div class="clr"></div>

<div class="slider">

46
 <div id="coin-slider"> <a href="#"><img src="images/slide1.jpg" width="960"
height="360" alt="" /></a> <a href="#"><img src="images/slide2.jpg" width="960"
height="360" alt="" /></a> <a href="#"><img src="images/slide3.jpg" width="960"
height="360" alt="" /></a> </div>

<div class="clr"></div>

</div>

<div class="clr"></div>

</div></div>

<div class="content">

</div>

</div>

<div class="sidebar">

<div class="gadget">

<h2 class="star">Menu</h2>

<div class="clr"></div>

<ul class="sb_menu">

<li class="style3"><a href="index.html">Home</a></li>

<li class="style3"><a href="C_Login.jsp">CLOUD SERVICE PROVIDERS</a></li>

<li class="style3"><a href="DU_Login.jsp">END DATA OWNER </a></li>

<li class="style3"><a href="DO_Login.jsp">DATA OWNER</a></li>

<li><span class="style3"><a href="PKG_Login.jsp">PKG</a></span></li>

</ul>
47
 </div>

<div class="gadget">

<h2 class="star"><span>Concepts</span></h2>

<div class="clr"></div>

<div align="center"><span class="style4">Web-Based Cloud Storage, Secure Data

Sharing, Cross-Platform Encryption/Decryption Solution, Attribute-Based
Encryption.</span></div>

</div>

</div>

<div class="clr"></div>

</div>

</div>

<div class="fbg">

<div class="fbg_resize">

<div class="clr style2">WebCloud Web Based Cloud Storage for Secure Data Sharing across
Platforms</div>

</div>

</div>

<div class="footer">

<div class="footer_resize">

<p class="lf">&nbsp;</p>

<p class="rf">&nbsp;</p>
48
 <div style="clear:both;"></div>

</div>

</div>

</div>

<div align=center></div>

</body></html>

8.SYSTEM TESTING

The purpose of testing is to discover errors. Testing is the process of trying to

discover every conceivable fault or weakness in a work product. It provides a way
to check the functionality of components, sub assemblies, assemblies and/or a
finished product It is the process of exercising software with the intent of ensuring
that the

Software system meets its requirements and user expectations and does not fail in
an unacceptable manner. There are various types of test. Each test type addresses a
specific testing requirement.

TYPES OF TESTS

Unit testing
Unit testing involves the design of test cases that validate that the internal
program logic is functioning properly, and that program inputs produce valid
outputs. All decision branches and internal code flow should be validated. It is the
testing of individual software units of the application .it is done after the
49
completion of an individual unit before integration. This is a structural testing, that
relies on knowledge of its construction and is invasive. Unit tests perform basic
tests at component level and test a specific business process, application, and/or
system configuration. Unit tests ensure that each unique path of a business process
performs accurately to the documented specifications and contains clearly defined
inputs and expected results

Integration testing
Integration tests are designed to test integrated software components to determine
if they actually run as one program. Testing is event driven and is more concerned
with the basic outcome of screens or fields. Integration tests demonstrate that
although the components were individually satisfaction, as shown by successfully
unit testing, the combination of components is correct and consistent. Integration
testing is specifically aimed at exposing the problems that arise from the
combination of components.

Functional test
Functional tests provide systematic demonstrations that functions tested are
available as specified by the business and technical requirements, systems
documentation, and user manuals.

Functional testing is centered on the following items:

Valid Input : identified classes of valid input must be accepted.

Invalid Input : identified classes of invalid input must be rejected.

Functions : identified functions must be exercised.

Output : identified classes of application outputs must be exercised.

50
Systems/Procedures: interfacing systems or procedures must be invoked.

Organization and preparation of functional tests is focused on requirements, key

functions, or special test cases. In addition, systematic coverage pertaining
tidentify Business process flows; data fields, predefined processes, and successive
processes must be considered for testing. Before functional testing is complete,
additional tests are identified and the effective value of current tests is determined.

System Test

System testing ensures that the entire integrated software system meets
requirements. It tests a configuration to ensure known and predictable results. An
example of system testing is the configuration oriented system integration test.
System testing is based on process descriptions and flows, emphasizing pre-driven
process links and integration points.

White Box Testing

White Box Testing is a testing in which in which the software tester has
knowledge of the inner workings, structure and language of the software, or at least
its purpose. It is purpose. It is used to test areas that cannot be reached from a black
box level.

Black Box Testing

Black Box Testing is testing the software without any knowledge of the inner
workings, structure or language of the module being tested. Black box tests, as
most other kinds of tests, must be written from a definitive source document, such
as specification or requirements document, such as specification or requirements

51
document. It is a testing in which the software under test is treated, as blck cannot
“see” into it. The test provides inputs and responds to outputs without considering
how the software works.

9.SCREENSHOTS

Before you run a project import the database to establish the connection

Fig1 :open XAMPP control panel,start APACHE and MYSQL server and click enter

52
Fig 2:Run on Server

Fig 3:Home page

53
Fig 4:Login cloud service provider

Fig 5:open cloud server page

54
 Fig 6: Register the owners

Fig 7:verifiy the authorized owners

55
Fig 8: verify the profile

Fig 9:Upload a file

56
 Fig 10:see the uploaded files

Fig 11:Data uploaded successfully

Fig 12:Data file is secured

57
Fig 13:view files and generate key

Fig 14:End user login

58
 Fig 15:search the files

Fig 16:Grant search control request

59
 Fig 17:Download the file

10.FUTURE SCOPE

The Future scope of the project "Web Cloud: Web Based Cloud Storage for Secure
Data Sharing across Platforms" is to develop a robust and user-friendly web
application that enables individuals and organizations to store their data securely
on the cloud and share it seamlessly across different platforms. This project aims to
address the growing need for reliable and accessible cloud storage solutions while
prioritizing gdata security and ease of use .Web Cloud will provide users with a
web-based interface where they can securely upload, store, manage, and share their
files and documents. The application will ever age advanced encryption techniques
to ensure that user data remains confidential and protected from unauthorized
access. Additionally, it will implement secure authentication mechanisms to

60
safeguard user accounts from potential breaches. One of the key objectives of Web
Cloud is to offer seamless data sharing across various platforms. Users will be able
to share files with others, regardless of the operating system or device they are
using. This cross-platform compatibility will enable efficient collaboration and
communication among individuals and teams, eliminating barriers posed by
different software and hardware environments. The project will also focus on
providing a user-friendly experience. The web interface will be intuitive and
responsive, allowing users to navigate through their files, folders, and sharing
options with ease. The application will support various file formats and provide
features such as file preview, version control, and real-time collaboration,
enhancing productivity and convenience for users.

11.CONCLUSION

We propose Web Cloud, a practical client-side encryption solution for public cloud
storage in the Web setting, where users do cryptography with only browsers. We
analyze the security of Web Cloud and implement Web Cloud based on own Cloud
and conduct a comprehensive performance evaluation. The experimental results
show that our solution is practical. As an interesting by-product, the design of
Web- Cloud naturally embodies a dedicated CP-AB-KEM scheme, which is useful
in many other applications.

61
 12.BIBLIOGRAPHY

[1] “Vulnearability and threat in 2018,” Skybox Security, Tech.Rep., 2018.

[Online]. Available:https://lp.skyboxsecurity.com/WICD-2018-02-Report-
Vulnerability-Threat-18 Asset.html
[2] D. Lewis, “icloud data breach: Hacking and celebrityphotos,” Duo Security,
Tech. Rep., September 2014. [Online].
Available: https://www.forbes.com/sites/davelewis/2014/09/02/icloud-data-breach-
hacking-and-nude-celebrity-photos

62
[3] T. Hunt, “Hacked dropbox login data of 68 million users is now for sale on the
dark web,” Tech. Rep., September 2016. [Online]. Available:
https://www.troyhunt.com/the-dropbox-hack-is-real/
[4] “Amazon data leak,” ElevenPaths, Tech. Rep., November2018. [Online].
Available: https://www.elevenpaths.com/amazon-data-leak/index.html
[5] K. Korosec, “Data breach exposes trade secrets of carmakersgm, ford, tesla,
toyota,” TechCrunch, Tech. Rep., July2018. [Online]. Available:
https://techcrunch.com/2018/07/20/
data-breach-level-one-automakers/

63