(132450695) EDITED

CHAPTER 1

1. INTRODUCTION

1.1. INTRODUCTION OF PROJECT

Cloud computing is recognized as an alternative to traditional information

technology due to its intrinsic resource-sharing and low-maintenance

characteristics. In cloud computing, the cloud service providers (CSPs), such as

Amazon, are able to deliver various services to cloud users with the help of

powerful datacenters. By migrating the local data management systems into

cloud servers, users can enjoy high-quality services and save significant

investments on their local infrastructures. One of the most fundamental services

offered by cloud providers is data storage. Let us consider a practical data

application. A company allows its staffs in the same group or department to

store and share files in the cloud. By utilizing the cloud, the staffs can be

completely released from the troublesome local data storage and maintenance.

However, it also poses a significant risk to the confidentiality of those stored

files. Specifically, the cloud servers managed by cloud providers are not fully

trusted by users while the data files stored in the cloud may be sensitive and

confidential, such as business plans. To preserve data privacy, a basic solution is

to encrypt data files, and then upload the encrypted data into the cloud .

Unfortunately, designing an efficient and secure data sharing scheme for groups

in the cloud is not an easy task due to the following challenging issues. First,

identity privacy is one of the most significant obstacles for the wide deployment

of cloud computing. Without the guarantee of identity privacy, users may be

unwilling to join in cloud computing systems because their real identities could

be easily disclosed to cloud providers and attackers. On the other hand,

unconditional identity privacy may incur the abuse of privacy. For example, a

misbehaved staff can deceive others in the company by sharing false files

without being traceable. Therefore, traceability, which enables the group

manager (e.g., a company manager) to reveal the real identity of a user, is also

highly desirable.

Second, it is highly recommended that any member in a group should be able to

fully enjoy the data storing and sharing services provided by the cloud, which is

defined as the multiple-owner manner. Compared with the single-owner manner

where only the group manager can store and modify data in the cloud, the

multiple-owner manner is more flexible in practical applications. More

concretely, each user in the group is able to not only read data, but also modify

his/ her part of data in the entire data file shared by the company. Last but not

least, groups are normally dynamic in practice, e.g., new staff participation and

current employee revocation in a company. The changes of membership make

secure data sharing extremely difficult.

On one hand, the anonymous system challenges new granted users to learn the

content of data files stored before their participation, because it is impossible for

new granted users to contact with anonymous data owners, and obtain the

corresponding decryption keys. On the other hand, an efficient membership

revocation mechanism without updating the secret keys of the remaining users

is also desired to minimize the complexity of key management.

Cloud Computing :

Cloud computing is all the rage. "It's become the phrase du jour," says Gartner

senior analyst Ben Pring, echoing many of his peers. The problem is that (as

with Web 2.0) everyone seems to have a different definition. As a metaphor for

the Internet, "the cloud" is a familiar cliché, but when combined with

"computing," the meaning gets bigger and fuzzier. Some analysts and vendors

define cloud computing narrowly as an updated version of utility computing:

basically virtual servers available over the Internet. Others go very broad,

arguing anything you consume outside the firewall is "in the cloud," including

conventional outsourcing.

Stay on top of the state of the cloud with InfoWorld's "Cloud Computing Deep

Dive" special report. Download it today! | Also check out our "Private Cloud

Deep Dive," our "Cloud Security Deep Dive," our "Cloud Storage Deep Dive,"

and our "Cloud Services Deep Dive." Cloud computing comes into focus only

when you think about what IT always needs: a way to increase capacity or add

capabilities on the fly without investing in new infrastructure, training new

personnel, or licensing new software. Cloud computing encompasses any

subscription-based or pay-per-use service that, in real time over the Internet,

extends IT's existing capabilities.

Cloud computing is at an early stage, with a motley crew of providers large and

small delivering a slew of cloud-based services, from full-blown applications to

storage services to spam filtering. Yes, utility-style infrastructure providers are

part of the mix, but so are SaaS (software as a service) providers such as

Salesforce.com. Today, for the most part, IT must plug into cloud-based services

individually, but cloud computing aggregators and integrators are already

emerging. InfoWorld talked to dozens of vendors, analysts, and IT customers to

tease out the various components of cloud computing. Based on those

discussions, here's a rough breakdown of what cloud computing is all about

1. SaaS

This type of cloud computing delivers a single application through the browser

to thousands of customers using a multitenant architecture. On the customer

side, it means no upfront investment in servers or software licensing; on the

provider side, with just one app to maintain, costs are low compared to

conventional hosting. Salesforce.com is by far the best-known example among

enterprise applications, but SaaS is also common for HR apps and has even

worked its way up the food chain to ERP, with players such as Workday. And

who could have predicted the sudden rise of SaaS "desktop" applications, such

as Google Apps and Zoho Office?

2. Utility computing

The idea is not new, but this form of cloud computing is getting new life from

Amazon.com, Sun, IBM, and others who now offer storage and virtual servers

that IT can access on demand. Early enterprise adopters mainly use utility

computing for supplemental, non-mission-critical needs, but one day, they may

replace parts of the datacenter. Other providers offer solutions that help IT

create virtual datacenters from commodity servers, such as 3Tera's AppLogic

and Cohesive Flexible Technologies' Elastic Server on Demand. Liquid

Computing's LiquidQ offers similar capabilities, enabling IT to stitch together

memory, I/O, storage, and computational capacity as a virtualized resource pool

available over the network.

3. Web Services In The Cloud

Closely related to SaaS, Web service providers offer APIs that enable

developers to exploit functionality over the Internet, rather than delivering full-

blown applications. They range from providers offering discrete business

services -- such as Strike Iron and Xignite -- to the full range of APIs offered by

Google Maps, ADP payroll processing, the U.S. Postal Service, Bloomberg, and

even conventional credit card processing services.

4. Platform As A Service

Another SaaS variation, this form of cloud computing delivers development

environments as a service. You build your own applications that run on the

provider's infrastructure and are delivered to your users via the Internet from the

provider's servers. Like Legos, these services are constrained by the vendor's

design and capabilities, so you don't get complete freedom, but you do get

predictability and pre-integration. Prime examples include Sales force. com's

Force.com,Coghead and the new Google App Engine. For extremely

http://www.infoworld.com/article/07/09/13/Salesforce-unveils-UI-as-a-service_1.html

http://www.infoworld.com/article/08/01/14/Cogheadflex_1.html

lightweight development, cloud-basedmashup platforms abound, such as Yahoo

Pipes or Dapper.net.

5.Managed Service Providers

One of the oldest forms of cloud computing, a managed service is basically an

application exposed to IT rather than to end-users, such as a virus scanning

service for e-mail or an application monitoring service (which Mercury, among

others, provides). Managed security services delivered by SecureWorks, IBM,

and Verizon fall into this category, as do such cloud-based anti-spam services as

Postini, recently acquired by Google. Other offerings include desktop

management services, such as those offered by CenterBeam or Everdream.

6. Service Commerce Platforms

A hybrid of SaaS and MSP, this cloud computing service offers a service hub

that users interact with. They're most common in trading environments, such as

expense management systems that allow users to order travel or secretarial

services from a common platform that then coordinates the service delivery and

pricing within the specifications set by the user. Think of it as an automated

service bureau. Well-known examples include Rearden Commerce and Ariba.

7. Internet integration

The integration of cloud-based services is in its early days. OpSource, which

mainly concerns itself with serving SaaS providers, recently introduced the

OpSource Services Bus, which employs in-the-cloud integration technology

from a little startup called Boomi. SaaS provider Workday recently acquired

another player in this space, CapeClear, an ESB (enterprise service bus)

provider that was edging toward b-to-b integration. Way ahead of its time,

Grand Central -- which wanted to be a universal "bus in the cloud" to connect

SaaS providers and provide integrated solutions to customers -- flamed out in

2005.

Today, with such cloud-based interconnection seldom in evidence, cloud

computing might be more accurately described as "sky computing," with many

isolated clouds of services which IT customers must plug into individually. On

the other hand, as virtualization and SOA permeate the enterprise, the idea of

loosely coupled services running on an agile, scalable infrastructure should

eventually make every enterprise a node in the cloud. It's a long-running trend

with a far-out horizon. But among big metatrends, cloud computing is the

hardest one to argue with in the long term

CHAPTER 2

2. LITERATURE REVIEW

2.1 Achieving Secure, Scalable, and Fine-grained Data Access Control in

Cloud Computing

Cloud computing is a promising computing paradigm which recently has drawn

extensive attention from both academia and industry. By combining a set of

existing and new techniques from research areas such as Service-Oriented

Architectures (SOA) and virtualization, cloud computing is regarded as such

a computing paradigm in which resources in the computing infrastructure are

provided as services over the Internet. Along with this new paradigm, various

business models are developed, which can be described by terminology of “X as

a service (XaaS)” where X could be software, hardware, data storage, and etc.

Successful examples are Amazon’s EC2 and S3 , Google App Engine , and

Microsoft Azure which provide users with scalable resources in the pay-as-

youuse fashion at relatively low prices. For example, Amazon’s S3 data storage

service just charges $0.12 to $0.15 per giga byte month. As compared to

building their own infrastructures, users are able to save their investments

significantly by migrating businesses into the cloud. With the increasing

development of cloud computing technologies, it is not hard to imagine that in

the near future more and more businesses will be moved into the cloud.

As promising as it is, cloud computing is also facing many challenges that, if

not well resolved, may impede its fast growth. Data security, as it exists in many

other applications, is among these challenges that would raise great concerns

from users when they store sensitive information on cloud servers. These

concerns originate from the fact that cloud servers are usually operated by

commercial providers which are very likely to be outside of the trusted domain

of the users. Data confidential against cloud servers is hence frequently desired

when users outsource data for storage in the cloud. In some practical application

systems, data confidentiality is not only a security/privacy issue, but also of

juristic concerns. For example, in healthcare application scenarios use and

disclosure of protected health information (PHI) should meet the requirements

of Health Insurance Portability and Accountability Act (HIPAA) , and keeping

user data confidential against the storage servers is not just an option, but a

requirement.

Fig 1: An example case in the healthcare scenario

Furthermore, we observe that there are also cases in which cloud users

themselves are content providers. They publish data on cloud servers for sharing

and need fine-grained data access control in terms of which user (data

consumer) has the access privilege to which types of data. In the healthcare

case, for example, a medical center would be the data owner who stores

millions of healthcare records in the cloud. It would allow data consumers such

as doctors, patients, researchers and etc, to access various types of healthcare

records under policies admitted by HIPAA. To enforce these access policies, the

data owners on one hand would like to take advantage of the abundant resources

that the cloud provides for efficiency and economy; on the other hand, they may

want to keep the data contents confidential against cloud servers.

2.1 Privacy-Preserving Public Auditing for Secure Cloud Storage

CLOUD Computing has been envisioned as the next-generation information

technology (IT) architecture for enterprises, due to its long list of unprecedented

advantages in the IT history: on-demand self-service, ubiquitous network

access, location independent resource pooling, rapid resource elasticity, usage-

based pricing and transference of risk . As a disruptive technology with

profound implications, Cloud Computing is transforming the very nature of how

businesses use information technology. One fundamental aspect of this

paradigm shifting is that data is being centralized or outsourced to the Cloud.

From users’ perspective, including both individuals and IT enterprises, storing

data remotely to the cloud in a flexible on-demand manner brings appealing

benefits: relief of the burden for storage management, universa data access with

independent geographical locations, and avoidance of capital expenditure on

hardware, software, and personnel maintenances. While Cloud Computing

makes these advantages

more appealing than ever, it also brings new and challenging security threats

towards users’ outsourced data. Since cloud service providers (CSP) are

separate

administrative entities, data outsourcing is actually relinquishing user’s ultimate

control over the fate of their data. As a result, the correctness of the data in the

cloud is being put at risk due to the following reasons. First of all, although the

infrastructures under the cloud are much more powerful and reliable than

personal computing devices, they are still facing the broad range of both

internal and

Fig 2: The architecture of cloud data storage service

external threats for data integrity. Examples of outages and security breaches of

noteworthy cloud services appear from time to time . Secondly, there do exist

various motivations for CSP to behave unfaithfully towards the cloud users

regarding the status of their outsourced data. For examples, CSP might reclaim

storage for monetary reasons by discarding data that has not been or is rarely

accessed, or even hide data loss incidents so as to maintain a reputation .In

short, although outsourcing data to the cloud is economically attractive for long-

term large-scale data storage, it does not immediately offer any guarantee on

data integrity and availability. This problem, if not properly addressed, may

impede the successful deployment of the cloud architecture.

2.3 Verifiable Privacy-Preserving Range Query in Two-Tiered Sensor

Networks

We believe that pervasive computing systems, touching upon every aspect of

our life, will be partially supported by the sensor network infrastructure, which

is involved in two processes: monitoring the environment surrounding us (also

including us), and providing information for us to analyze and respond. Both

processes are exposed to potential risks for information security and privacy

prohibiting the realistic sensor network deployment. On one hand, a sensor

network may leak information about people to an unauthorized party, which

leads to a privacy breaching. On the other hand, it may also lie about the

collected data to a valid query making the network dysfunctional.

In deploying such a realistic sensor network, a fundamental question is how

much we should trust a sensor network and how we prevent, or at least, to

detect the misbehavior of the sensor network. Unfortunately, little research work

has targeted to solve the problem. This paper tries to address the problem in a

setting of network enhanced by some nodes with large storage space and

considers a powerful and typical sensor network operation: range query. The

network setting, we believe, will be a natural enhancement to the future sensor

network. Range query is powerful enough to cover many interesting types of

queries including location based queries.

Thus, our model is generalized enough for us to investigate the trust problem in

a practical and also meaningful environment. We envision that future sensor

network shall be augmented by sparsely deployed special nodes for data

storage. Those storage nodes differ from the regular sensors with a larger

storage space (e.g., with more enriched flash memory). Senso network

generates a large amount of data, and, many times, the collected data has to be

archived for future retrieval. Data can be stored in the sensor nodes or sent back

to the base station, each of which has its limitation.

To store data on the sensor nodes is prohibitive due to the limited storage space

on each sensor node and the difficulty in collecting all the data to a central

repository. Transmitting all the data to the base station, on the other hand, has to

address the limited transmission rate that is especially throttled by the funnel

effect around the base station and attenuated per node transmission bandwidth.

The introduction of the storage nodes helps to alleviate the transmission

bandwidth problem by distributing the local data transmission to the storage

node. This hierarchical structure has been instantiated by the recently popular

star gate device and the memory-enhanced sensor nodes by UC Riverside .

Those special powerful nodes take advantage of their high transmission

capability and storage and even computational capability to alleviate the cursed

bandwidth limitation, and also provide auxiliary support for surrounding

vulnerable sensors for data back-up.

The introduction of the storage node is also spurred by the recent concept of

“data-centric storage”. Data-centric storage deterministically conducts a

mapping between the name of a data (N) to the address associated with a

specific node. All the data with name N generated by the network are

accumulated to the node A and all queries about N go to A too. In this way,

network-wide search for data query is avoided dramatically reducing

communication cost in many scenarios.

For example, a sensor network deployed for plant monitoring may forward

queries about the humidity to a storage sensor directly, and the temperature to

another storage sensor instead of querying the entire network.

2.4 Improved Proxy Re-Encryption Schemes with Applications to

Secure Distributed Storage.

Proxy re-encryption allows a proxy to transform a cipher text computed under

Alice's public key into one that can be opened by Bob's secret key. There are

many useful applications of this primitive. For instance, Alice might wish to

temporarily forward encrypted email to her colleague Bob, without giving him

her secret key. In this case, Alice the delegator could designate a proxy to re-

encrypt her incoming mail into a format that Bob the delegate can decrypt using

his own secret key. Clearly, Alice could provide her secret key to the proxy but

this requires an unrealistic level of trust in the proxy. We present several

efficient proxy re encryption schemes that offer security improvements over

earlier approaches. The primary advantage of our schemes is that they are

unidirectional (i.e., Alice can delegate to Bob without Bob having to delegate to

her) and do not require delegators to reveal their entire secret key to anyone. or

even interact with the delegate . in order to allow a proxy to re-encrypt their

cipher texts. In our schemes, only a limited amount of trust is placed in the

proxy. For example, it is not able to decrypt the cipher texts it re-encrypts and

we prove our schemes secure even when the proxy publishes all the

reencryption information it knows. This enables a number of applications that

would not be practical if the proxy needed to be fully trusted.

We present an application for proxy cryptography in securing distributed _le

systems. Our system uses a centralized access control server to manage access

to encrypted _les stored on distributed, untrusted replicas. We use proxy re

encryption to allow for centrally-managed access control without granting full

decryption rights to the access control server. No experimental implementation

of proxy re-encryption schemes has been provided, to our knowledge, which

makes it dif_cult to argue about the effectiveness of the proxy re-encryption

primitive. In this paper, we provide new protocols with improved security

guarantees (based on bilinear maps) and demonstrate their practicality based on

runtime experiments.

Fig 3: Typical operation of the proxy re-encryption system

The user's client machine fetches encrypted blocks from the block store. Each

block includes a lockbox encrypted under a master public key. The client then

transmits lockboxes to the access control server for re-encryption under the

user's public key. If the access control server possesses the necessary re-

encryption key, it re-encrypts the lockbox and returns the new ciphertext. The

client can then decrypt the re-encrypted block with the user's secret key. Our _le

system uses an untrusted access control server to manage access to encrypted

_les stored on

distributed, untrusted block stores. We use proxy re-encryption to allow for

access control without granting full decryption rights to the access control

server. To our knowledge, we provide the first experimental implementation and

evaluation of a system using proxy re-encryption.

2.5 Above the Clouds: A View of Cloud Computing

Cloud Computing refers to both the applications delivered as services over the

Internet and the hardware and systems software in the datacenters that provide

those services. The services themselves have long been referred to as Software

as a Service (SaaS). The datacenter hardware and software is what we will call a

Cloud. When a Cloud is made available in a pay-as-you-go manner to the

general public, we call it a Public Cloud; the service being sold is Utility

Computing. We use the term Private Cloud to refer to internal datacenters of a

business or other organization, not made available to the general public. Thus,

Cloud Computing

is the sum of SaaS and Utility Computing, but does not include Private Clouds.

People can be users or providers of SaaS, or users or providers of Utility

Computing. We focus on SaaS Providers (Cloud Users) and Cloud Providers,

which have received less attention than SaaS Users. Figure 1 makes provider-

user relationships clear.

Fig 4: Users and Providers of Cloud Computing.

Any application needs a model of computation, a model of storage, and a model

of communication. The statistical multiplexing necessary to achieve elasticity

and the illusion of infinite capacity requires each of these resources to be

virtualized to hide the implementation of how they are multiplexed and shared.

Our view is that different utility computing offerings will be distinguished based

on the programmer’s level of abstraction and the level of management of the

resources.

Amazon EC2 is at one end of the spectrum. An EC2 instance looks much like

physical hardware, and users can control nearly the entire software stack, from

the kernel upwards. This low level makes it inherently difficult for Amazon to

offer automatic scalability and failover, because the semantics associated with

replication and other state management issues are highly application-dependent.

At the other extreme of the spectrum are application domain-specific platforms

such as Google App- Engine. AppEngine is targeted exclusively at traditional

web applications, enforcing an application structure of clean separation between

a stateless computation tier and a stateful storage tier. AppEngine’s impressive

automatic scaling and high-availability mechanisms, and the proprietary

MegaStore data storage available to AppEngine applications, all rely on these

constraints. Applications for Microsoft’s Azure are written using the .NET

libraries, and compiled to the Common Language Runtime, a language-

independent managed environment. Thus, Azure is intermediate between

application frameworks like AppEngine and hardware virtual machines like

EC2.

3 SYSTEM ANALYSES

3.1 Existing System:

Cryptographic storage system that enables secure file sharing on untrusted

servers, named Plutus. By dividing files into file groups and encrypting each

file group with a unique file-block key, the data owner can share the file groups

with others through delivering the corresponding lockbox key, where the

lockbox key is used to encrypt the file-block keys

Each user obtains two keys after the registration: a group signature key and an

attribute key. Thus, any user is able to encrypt a data file using attribute-based

encryption and others in the group can decrypt the encrypted data using their

attribute keys. Meanwhile, the user signs encrypted data with her group

signature key for privacy preserving and traceability.

DisAdvantages:

User revocation is not supported in their scheme.

A heavy key distribution overhead for large-scale file sharing

When a new user joins the group, the private key of each user in an NNL

system needs to be recomputed.

which may limit the application for dynamic groups

3.2 Proposed System:

Propose a secure multi-owner data sharing scheme. It implies that any user in

the group can securely share data with others by the untrusted cloud. the group

manager can store and modify data in the cloud, the multiple-owner manner is

more flexible in practical applications. More concretely, each user

in the group is able to not only read data, but also modify his/ her part of data in

the entire data file shared by the company. Last but not least, groups are

normally dynamic in practice, e.g., new staff participation and current employee

revocation in a company. On the other hand, an efficient membership revocation

mechanism without updating the secret keys of the remaining users is also

desired to minimize the complexity of key management.

Advantages:

Our proposed scheme is able to support dynamic groups efficiently.

Specifically, new granted users can directly decrypt data files uploaded

before their participation without contacting with data owners.

User revocation can be easily achieved through a novel revocation list

without updating the secret keys of the remaining users.

Secure and privacy-preserving access control to users, which guarantees

any member in a group to anonymously utilize the cloud resource.

4 SYSTEM DESIGN

Group Manager

Group Member

New User

Cloud

Join To Group

DataUpdate

Shared Data

Join/Leave

KeyDistribution

Shared Data Shared

Data

Group Manager

Update

Group Member

Key Distribution

Join/Leave

Join To Group

Data

Request

Secure Forward Data

New User

4.1 ARCHITECTURAL DESIGN

4.2 Use case Diagram:

Login

download the file

Group Manager

Group Member

Get Revocation List

Manage the Revcation List

Upload the File

Cloud

Key Sharing

4.3 Sequence Diagram:

Group MemberGroup Member LoginLogin Get RLGet RL CloudCloud Group ManagerGroup Manager

1: valid user login

2: login valid

3: Request the Revocation List

4: Get the Revocation List

5: Share the File

6: Download the File

7: Manage the Revocation List

4.4 Collaboration Diagram:

Group Member

Login Get RL

CloudGroup

Manager

1: valid user login 2: login valid

3: Request the Revocation List

4: Get the Revocation List6: Download the File

5: Share the File

7: Manage the Revocation List

4.5 Class Diagram:

Group Member

User NamePasswordPrivate KeyPublic Key

Get the Revocation List()...Encrypt & Upload file()share the key()Download the file()

Cloud

Revocation ListKeyFile

Store & share Revocation List()...store & share File()

Group Manager

Revocation Listkey

Manage the Revocation List()...Manage the File()

4.6 Activity Diagram:

Login

Get Revocation List in Cloud

Encrypt the File

Download & decrypt the File

Share the File in cloud

Share the Key

4.7 Data Flow Diagram:

5 MODULES DESCRIPTION

Modules:

1. System Initialization.

2. Dynamic user Registration and Revocation.

3. Group Signature Generation.

4. File Generation and Deletion

5. Dynamic Broadcast Encryption.

6. User Anonymity And Traceability .

5.1. System Initialization.

In this modules we initialize the cloud and group Manger . Group manager takes

charge of system parameters generation, user registration, user revocation, and

revealing the real identity of a dispute data owner. the group manager is acted by

the administrator of the company. Therefore, we assume that the group

manager is fully trusted by the other parties.

User

Request GroupManager

Generate Signature

Update in Revocation list

5.2. Dynamic user Registration and Revocation.

For the registration of user i with identity ID, the group manager randomly

selects a number. Then, the group manager adds ID into the group user list,

which will be used in the traceability phase. After the registration, user i obtains

a private key, which will be used for group signature generation and file

decryption.

User revocation is performed by the group manager via a public

available revocation list , based on which group members can encrypt their data

files and ensure the confidentiality against the revoked users.

User

New User

For Revocation

Group Manager

Update the Revocation

List

Database

Register in database

Allocate the Group

Generate Group ID

Request

Generate value For User

5.3. Group Signature Generation.

A group signature scheme allows any member of the group to sign messages

while keeping the identity secret from verifiers. Besides, the designated group

manager can reveal the identity of the signature’s originator when a dispute

occurs, which is denoted as traceability.

Group Manager

Allocate the Group

Get The Group ID

Generate Group

Signature

Send To User

5.4. File Generation and Deletion

File stored in the cloud can be deleted by either the group manager or

the data owner the member who uploaded the file into the server.

User

Select File Encrypt The File

Up lode The Cloud Server

Delete The File Update the Revocation List

.

5.5. Dynamic Broadcast Encryption.

Broadcast encryption enables a broadcaster to transmit encrypted data to a set

of users so that only a privileged subset of users can decrypt the data. Besides

the above characteristics, dynamic broadcast encryption also allows the group

manager to dynamically include new members while preserving previously

computed information, i.e., user decryption keys need not be recomputed, the

morphology and size of cipher texts are unchanged and the group encryption

key requires no modification.

User

Generate Group ID

Generate Data ID Encrypt The

Data

Set Current Time

Create Signature

Select a File

Up Load File

5.6. User Anonymity And Traceability .

When a data dispute occurs, the tracing operation is performed by the group

manager to identify the real identity of the data owner. the cloud, a user needs to

compute a group signature for his/her authentication. The employed group

signature scheme can be regarded as a variant of the short group signature ,

which inherits the inherent unforgeability property, anonymous authentication,

and tracking capability

Group Manager

Check Signature

Valid the Signature

Forward

Trace the user Delete the

User Information

True

False

6 CHAPTERS

Conclusion

we design a secure data sharing scheme, Mona, for dynamic groups in an

untrusted cloud. In Mona, a user is able to share data with others in the group

without revealing identity privacy to the cloud. Additionally, Mona supports

efficient user revocation and new user joining. More specially, efficient user

revocation can be achieved through a public revocation list without updating the

private keys of the remaining users, and new users can directly decrypt files

stored in the cloud before their participation. Moreover, the storage overhead

and the encryption computation cost are constant. Extensive analyses show that

our proposed scheme satisfies the desired security requirements and guarantees

efficiency as well.

FUTURE ENHANCEMENT

In future we sharing the information one to other groups and assigns the

priority based on some condition to access the other group files.

7 References:

1.B. Waters, “Ciphertext-Policy Attribute-Based Encryption: An Expressive,

Efficient, and Provably Secure Realization,” Proc. Int’l Conf. Practice and

Theory in Public Key Cryptography Conf. Public Key Cryptography,

http://eprint.iacr.org/2008/290.pdf, 2008.

2.C. Wang, Q. Wang, K. Ren, and W. Lou, “Privacy-Preserving Public Auditing

for Data Storage Security in Cloud Computing,” Proc. IEEE INFOCOM, pp.

525-533, 2010.

3.S. Kamara and K. Lauter, “Cryptographic Cloud Storage,” Proc. Int’l Conf.

Financial Cryptography and Data Security (FC), pp. 136- 149, Jan. 2010.

4.S. Yu, C. Wang, K. Ren, and W. Lou, “Achieving Secure, Scalable, and Fine-

Grained Data Access Control in Cloud Computing,” Proc. IEEE INFOCOM, pp.

534-542, 2010.

5.M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu, “Plutus:

Scalable Secure File Sharing on Untrusted Storage,” Proc. USENIX Conf. File

and Storage Technologies, pp. 29-42, 2003.

APPENDIX-1

SOURCE CODE

package com.cloud.siddhi.cloudServer;

import java.awt.EventQueue;

import java.awt.Font;

import java.sql.Connection;

import java.sql.ResultSet;

import java.sql.Statement;

import javax.swing.ImageIcon;

import javax.swing.JButton;

import javax.swing.JFrame;

import javax.swing.JLabel;

import javax.swing.JOptionPane;

import javax.swing.JPanel;

import javax.swing.JProgressBar;

import javax.swing.JRadioButton;

import javax.swing.JScrollPane;

import javax.swing.JSeparator;

import javax.swing.JTextArea;

import javax.swing.JTextField;

import javax.swing.border.EmptyBorder;

import com.cloud.siddhi.utility.CloudServerStart;

import com.cloud.siddhi.utility.DBConnection;

import java.awt.event.ActionListener;

import java.awt.event.ActionEvent;

import java.awt.Color;

public class CloudFrame extends JFrame implements Runnable

{

private static final long serialVersionUID = 1L;

private JPanel contentPane;

public static JTextField ReceivedReq_TextField;

public static JTextField Selected_TextField;

public static String myAddress,myName="Server";

public static JProgressBar ProgressBar;

public static JTextArea CurrentProcessing_TextArea ;

public static int myPort;

public Thread obj;

public static DBConnection dbc;

public static Connection con;

public static Statement st;

public static ResultSet rs;

public static void main(String[] args) {

EventQueue.invokeLater(new Runnable() {

public void run() {

try {

CloudFrame frame = new CloudFrame("localhost",9090);

frame.setVisible(true);

} catch (Exception e) {

e.printStackTrace();

}

}

});

}

/**

* Create the frame.

*/

public CloudFrame(String add,int port)

{

myAddress=add;

myPort=port;

obj=new Thread(this);

obj.start();

upDateServerDetails();

setResizable(false);

setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);

setBounds(100, 100, 1042, 474);

contentPane = new JPanel();

contentPane.setBorder(new EmptyBorder(5, 5, 5, 5));

setContentPane(contentPane);

contentPane.setLayout(null);

JLabel lblNewLabel = new JLabel("MONA : Cloud Server");

lblNewLabel.setFont(new Font("Times New Roman", Font.BOLD, 25));

lblNewLabel.setBounds(427, 12, 248, 55);

contentPane.add(lblNewLabel);

JSeparator separator = new JSeparator();

separator.setBounds(6, 79, 1024, 2);

contentPane.add(separator);

JSeparator separator_1 = new JSeparator();

separator_1.setBounds(6, 395, 1024, 10);

contentPane.add(separator_1);

JLabel lblNewLabel_1 = new JLabel("Cloud User Request Info :");

lblNewLabel_1.setIcon(new

ImageIcon("D:\\IMAGE\\Shooping\\basket_put.png"));

lblNewLabel_1.setFont(new Font("Times New Roman", Font.PLAIN, 16));

lblNewLabel_1.setBounds(37, 141, 199, 54);

contentPane.add(lblNewLabel_1);

ReceivedReq_TextField = new JTextField();

ReceivedReq_TextField.setFont(new Font("Times New Roman", Font.PLAIN,

16));

ReceivedReq_TextField.setBounds(244, 155, 185, 28);

contentPane.add(ReceivedReq_TextField);

ReceivedReq_TextField.setColumns(10);

JButton btnNewButton = new JButton("Request Processing ..");

btnNewButton.addActionListener(new ActionListener() {

public void actionPerformed(ActionEvent e)

{

String msg=ReceivedReq_TextField.getText().trim();

if(msg.equals("Group Registration"))

{

new GroupRegistrationProcess();

}

}

});

btnNewButton.setIcon(new ImageIcon("D:\\IMAGE\\select

path\\select_by_color.png"));

btnNewButton.setFont(new Font("Times New Roman", Font.PLAIN, 16));

btnNewButton.setBounds(116, 223, 225, 40);

contentPane.add(btnNewButton);

JLabel label = new JLabel("");

label.setIcon(new ImageIcon("D:\\IMAGE\\Administrator\\people.png"));

label.setFont(new Font("Times New Roman", Font.PLAIN, 16));

label.setBounds(480, 130, 64, 88);

contentPane.add(label);

JLabel lblNewLabel_2 = new JLabel("");

lblNewLabel_2.setIcon(new ImageIcon("D:\\IMAGE\\Cloud\\cloud.png"));

lblNewLabel_2.setBounds(334, 12, 119, 73);

contentPane.add(lblNewLabel_2);

JLabel lblNoGroups = new JLabel("Groups");

lblNoGroups.setFont(new Font("Times New Roman", Font.PLAIN, 16));

lblNoGroups.setBounds(490, 204, 50, 34);

contentPane.add(lblNoGroups);

JLabel label_1 = new JLabel("");

label_1.setIcon(new ImageIcon("D:\\IMAGE\\Data

Set\\saved_data_utility.png"));

label_1.setFont(new Font("Times New Roman", Font.PLAIN, 16));

label_1.setBounds(479, 301, 77, 64);

contentPane.add(label_1);

JLabel lblFiles = new JLabel("Files");

lblFiles.setFont(new Font("Times New Roman", Font.PLAIN, 16));

lblFiles.setBounds(489, 349, 50, 34);

contentPane.add(lblFiles);

ProgressBar = new JProgressBar();

ProgressBar.setBounds(246, 413, 544, 25);

contentPane.add(ProgressBar);

JScrollPane scrollPane = new JScrollPane();

scrollPane.setBounds(556, 141, 235, 91);

contentPane.add(scrollPane);

JTextArea ListGroups_TextArea = new JTextArea();

scrollPane.setViewportView(ListGroups_TextArea);

JScrollPane scrollPane_1 = new JScrollPane();

scrollPane_1.setBounds(556, 292, 235, 91);

contentPane.add(scrollPane_1);

JTextArea ListFiles_TextArea = new JTextArea();

scrollPane_1.setViewportView(ListFiles_TextArea);

JScrollPane scrollPane_2 = new JScrollPane();

scrollPane_2.setBounds(37, 292, 392, 89);

contentPane.add(scrollPane_2);

CurrentProcessing_TextArea = new JTextArea();

CurrentProcessing_TextArea.setForeground(new Color(100, 149, 237));

scrollPane_2.setViewportView(CurrentProcessing_TextArea);

JLabel lblListOfGroups = new JLabel("List of Groups");

lblListOfGroups.setIcon(new ImageIcon("D:\\IMAGE\\Data

Set\\computer_data.png"));

lblListOfGroups.setFont(new Font("Times New Roman", Font.PLAIN, 16));

lblListOfGroups.setBounds(599, 79, 144, 61);

contentPane.add(lblListOfGroups);

JLabel lblListOfFiles = new JLabel("List of Files");

lblListOfFiles.setIcon(new ImageIcon("D:\\IMAGE\\Data

Set\\data_transfer.png"));

lblListOfFiles.setFont(new Font("Times New Roman", Font.PLAIN, 16));

lblListOfFiles.setBounds(599, 236, 144, 61);

contentPane.add(lblListOfFiles);

Selected_TextField = new JTextField();

Selected_TextField.setFont(new Font("Times New Roman", Font.PLAIN, 16));

Selected_TextField.setColumns(10);

Selected_TextField.setBounds(837, 186, 185, 28);

contentPane.add(Selected_TextField);

JLabel lblSelectedInfo = new JLabel("Selected Info...");

lblSelectedInfo.setIcon(new ImageIcon("D:\\IMAGE\\mail search\\E-

mail.png"));

lblSelectedInfo.setFont(new Font("Times New Roman", Font.PLAIN, 16));

lblSelectedInfo.setBounds(823, 130, 199, 54);

contentPane.add(lblSelectedInfo);

JRadioButton rdbtnNewRadioButton = new JRadioButton("View User

Details..");

rdbtnNewRadioButton.setFont(new Font("Times New Roman", Font.PLAIN,

16));

rdbtnNewRadioButton.setBounds(847, 236, 157, 25);

contentPane.add(rdbtnNewRadioButton);

JRadioButton rdbtnViewUserFile = new JRadioButton("View File Details..");

rdbtnViewUserFile.setFont(new Font("Times New Roman", Font.PLAIN, 16));

rdbtnViewUserFile.setBounds(847, 288, 157, 25);

contentPane.add(rdbtnViewUserFile);

JButton btnView = new JButton("View..");

btnView.setIcon(new ImageIcon("D:\\IMAGE\\mail

search\\newspaper_search.png"));

btnView.setFont(new Font("Times New Roman", Font.PLAIN, 16));

btnView.setBounds(869, 346, 144, 40);

contentPane.add(btnView);

}

public static void defaultconnection()

{

try

{

dbc=new DBConnection();

con=dbc.getConnection();

st=con.createStatement();

}

catch (Exception e)

{


}

}

private void upDateServerDetails()

{

defaultconnection();

try

{

int i=st.executeUpdate("UPDATE Server_Details SET

ServerAddress='"+myAddress+"',ServerPort='"+myPort+"'WHERE

ServerName='"+myName+"'");

if(i==1)

{

JOptionPane.showMessageDialog(contentPane, "Server Successfully

Started","WARNING",JOptionPane.WARNING_MESSAGE);

dispose();

}

else

{

JOptionPane.showMessageDialog(null, "Save

Failed","WARNING",JOptionPane.WARNING_MESSAGE);

}

st.close();

con.close();

}

catch (Exception e)

{


}

}

public void run()

{

new CloudServerStart(myPort);

}

}

package com.cloud.siddhi.groupManager;

import java.awt.Color;

import java.awt.EventQueue;

import java.awt.Font;

import java.awt.Toolkit;

import javax.swing.ImageIcon;

import javax.swing.JButton;

import javax.swing.JFrame;

import javax.swing.JLabel;

import javax.swing.JPanel;

import javax.swing.JProgressBar;

import javax.swing.JScrollPane;

import javax.swing.JTabbedPane;

import javax.swing.JTextArea;

import javax.swing.JTextField;

import javax.swing.SwingConstants;

import javax.swing.UIManager;

import javax.swing.border.EmptyBorder;

public class GroupManager extends JFrame {

/**

*

*/

private static final long serialVersionUID = 1L;

private JPanel contentPane;

private JTextField textField;

private JTextField textField_1;



/**

* Launch the application.

*/

public static void main(String[] args) {

EventQueue.invokeLater(new Runnable() {

public void run() {

try {

GroupManager frame = new GroupManager();

frame.setVisible(true);

} catch (Exception e) {


}

}

});

}

/**

* Create the frame.

*/

public GroupManager() {

setIconImage(Toolkit.getDefaultToolkit().getImage("D:\\IMAGE\\Account\\acc

ount_balances.png"));

setTitle("Group Manager");

setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);

setBounds(100, 100, 808, 445);

contentPane = new JPanel();

contentPane.setBorder(new EmptyBorder(5, 5, 5, 5));

setContentPane(contentPane);

contentPane.setLayout(null);

JLabel label = new JLabel("MONA : Secure Data Sharing in the Cloud");

label.setForeground(UIManager.getColor("InternalFrame.activeTitleBackgroun

d"));

label.setBounds(76, 14, 459, 29);

label.setFont(new Font("Times New Roman", Font.BOLD, 25));

contentPane.add(label);

JTabbedPane tabbedPane = new JTabbedPane(JTabbedPane.TOP);

tabbedPane.setFont(new Font("Times New Roman", Font.PLAIN, 14));

tabbedPane.setBounds(6, 52, 780, 348);

contentPane.add(tabbedPane);

JPanel panel = new JPanel();

tabbedPane.addTab("User Registration", null, panel, null);

panel.setLayout(null);

JLabel lblUserRequest = new JLabel("Msg From");

lblUserRequest.setIcon(new

ImageIcon("D:\\IMAGE\\Account\\reseller_accountd.png"));

lblUserRequest.setBounds(19, 95, 107, 35);

panel.add(lblUserRequest);

lblUserRequest.setFont(new Font("Times New Roman", Font.PLAIN, 16));

textField = new JTextField();

textField.setBounds(138, 102, 157, 28);

panel.add(textField);

textField.setHorizontalAlignment(SwingConstants.CENTER);

textField.setFont(new Font("Times New Roman", Font.PLAIN, 14));

textField.setColumns(10);

JButton btnSave = new JButton("Save");

btnSave.setIcon(new ImageIcon("D:\\IMAGE\\Account\\stock_save-

template.png"));

btnSave.setBounds(420, 164, 125, 40);

panel.add(btnSave);

btnSave.setFont(new Font("Times New Roman", Font.PLAIN, 14));

textField_1 = new JTextField();

textField_1.setHorizontalAlignment(SwingConstants.CENTER);

textField_1.setFont(new Font("Times New Roman", Font.PLAIN, 14));

textField_1.setColumns(10);

textField_1.setBounds(138, 171, 157, 28);

panel.add(textField_1);

JLabel lblAddress = new JLabel("Address :");

lblAddress.setIcon(new

ImageIcon("D:\\IMAGE\\Account\\reseller_account_template.png"));

lblAddress.setFont(new Font("Times New Roman", Font.PLAIN, 16));

lblAddress.setBounds(19, 164, 107, 40);

panel.add(lblAddress);






panel.add(textField_2);

JLabel lblPortNo = new JLabel("Port No :");

lblPortNo.setIcon(new

ImageIcon("D:\\IMAGE\\Account\\reseller_accountd.png"));

lblPortNo.setFont(new Font("Times New Roman", Font.PLAIN, 16));

lblPortNo.setBounds(318, 95, 93, 40);

panel.add(lblPortNo);

JLabel lblNewUserJoin = new JLabel("New User Join");

lblNewUserJoin.setIcon(new ImageIcon("D:\\IMAGE\\Icons\\user_male_add

(1).png"));

lblNewUserJoin.setForeground(Color.BLACK);

lblNewUserJoin.setFont(new Font("Times New Roman", Font.BOLD, 20));

lblNewUserJoin.setBounds(217, 34, 165, 40);

panel.add(lblNewUserJoin);

JPanel panel_1 = new JPanel();

tabbedPane.addTab("Group Signature", null, panel_1, null);

panel_1.setLayout(null);

JLabel lblUserName = new JLabel("User Name :");

lblUserName.setBounds(40, 88, 102, 24);

lblUserName.setFont(new Font("Times New Roman", Font.PLAIN, 16));

panel_1.add(lblUserName);

JLabel lblSignatureGeneration = new JLabel("Signature Generation");

lblSignatureGeneration.setBounds(203, 33, 193, 24);

lblSignatureGeneration.setForeground(Color.BLACK);

lblSignatureGeneration.setFont(new Font("Times New Roman", Font.BOLD,

20));

panel_1.add(lblSignatureGeneration);






panel_1.add(textField_3);

JButton btnGenerate = new JButton("Generate..!");

btnGenerate.setBounds(122, 185, 112, 28);

btnGenerate.setFont(new Font("Times New Roman", Font.PLAIN, 14));

panel_1.add(btnGenerate);

JProgressBar progressBar = new JProgressBar();

progressBar.setBounds(39, 144, 288, 22);

panel_1.add(progressBar);

JLabel lblCompleted = new JLabel("Completed 0...");

lblCompleted.setFont(new Font("Times New Roman", Font.PLAIN, 16));

lblCompleted.setBounds(40, 120, 222, 24);

panel_1.add(lblCompleted);

JScrollPane scrollPane = new JScrollPane();

scrollPane.setBounds(372, 93, 202, 91);

panel_1.add(scrollPane);

JTextArea textArea = new JTextArea();

scrollPane.setViewportView(textArea);

JPanel panel_2 = new JPanel();

tabbedPane.addTab("User Revocation", null, panel_2, null);

}

}

(132450695) EDITED

Documents