Page 1
CHAPTER 1
1. INTRODUCTION
1.1. INTRODUCTION OF PROJECT
Cloud computing is recognized as an alternative to traditional information
technology due to its intrinsic resource-sharing and low-maintenance
characteristics. In cloud computing, the cloud service providers (CSPs), such as
Amazon, are able to deliver various services to cloud users with the help of
powerful datacenters. By migrating the local data management systems into
cloud servers, users can enjoy high-quality services and save significant
investments on their local infrastructures. One of the most fundamental services
offered by cloud providers is data storage. Let us consider a practical data
application. A company allows its staffs in the same group or department to
store and share files in the cloud. By utilizing the cloud, the staffs can be
completely released from the troublesome local data storage and maintenance.
However, it also poses a significant risk to the confidentiality of those stored
files. Specifically, the cloud servers managed by cloud providers are not fully
trusted by users while the data files stored in the cloud may be sensitive and
confidential, such as business plans. To preserve data privacy, a basic solution is
to encrypt data files, and then upload the encrypted data into the cloud .
Unfortunately, designing an efficient and secure data sharing scheme for groups
in the cloud is not an easy task due to the following challenging issues. First,
identity privacy is one of the most significant obstacles for the wide deployment
of cloud computing. Without the guarantee of identity privacy, users may be
unwilling to join in cloud computing systems because their real identities could
be easily disclosed to cloud providers and attackers. On the other hand,
unconditional identity privacy may incur the abuse of privacy. For example, a
misbehaved staff can deceive others in the company by sharing false files
Page 2
without being traceable. Therefore, traceability, which enables the group
manager (e.g., a company manager) to reveal the real identity of a user, is also
highly desirable.
Second, it is highly recommended that any member in a group should be able to
fully enjoy the data storing and sharing services provided by the cloud, which is
defined as the multiple-owner manner. Compared with the single-owner manner
where only the group manager can store and modify data in the cloud, the
multiple-owner manner is more flexible in practical applications. More
concretely, each user in the group is able to not only read data, but also modify
his/ her part of data in the entire data file shared by the company. Last but not
least, groups are normally dynamic in practice, e.g., new staff participation and
current employee revocation in a company. The changes of membership make
secure data sharing extremely difficult.
On one hand, the anonymous system challenges new granted users to learn the
content of data files stored before their participation, because it is impossible for
new granted users to contact with anonymous data owners, and obtain the
corresponding decryption keys. On the other hand, an efficient membership
revocation mechanism without updating the secret keys of the remaining users
is also desired to minimize the complexity of key management.
Cloud Computing :
Cloud computing is all the rage. "It's become the phrase du jour," says Gartner
senior analyst Ben Pring, echoing many of his peers. The problem is that (as
with Web 2.0) everyone seems to have a different definition. As a metaphor for
the Internet, "the cloud" is a familiar cliché, but when combined with
"computing," the meaning gets bigger and fuzzier. Some analysts and vendors
define cloud computing narrowly as an updated version of utility computing:
basically virtual servers available over the Internet. Others go very broad,
Page 3
arguing anything you consume outside the firewall is "in the cloud," including
conventional outsourcing.
Stay on top of the state of the cloud with InfoWorld's "Cloud Computing Deep
Dive" special report. Download it today! | Also check out our "Private Cloud
Deep Dive," our "Cloud Security Deep Dive," our "Cloud Storage Deep Dive,"
and our "Cloud Services Deep Dive." Cloud computing comes into focus only
when you think about what IT always needs: a way to increase capacity or add
capabilities on the fly without investing in new infrastructure, training new
personnel, or licensing new software. Cloud computing encompasses any
subscription-based or pay-per-use service that, in real time over the Internet,
extends IT's existing capabilities.
Cloud computing is at an early stage, with a motley crew of providers large and
small delivering a slew of cloud-based services, from full-blown applications to
storage services to spam filtering. Yes, utility-style infrastructure providers are
part of the mix, but so are SaaS (software as a service) providers such as
Salesforce.com. Today, for the most part, IT must plug into cloud-based services
individually, but cloud computing aggregators and integrators are already
emerging. InfoWorld talked to dozens of vendors, analysts, and IT customers to
tease out the various components of cloud computing. Based on those
discussions, here's a rough breakdown of what cloud computing is all about
1. SaaS
This type of cloud computing delivers a single application through the browser
to thousands of customers using a multitenant architecture. On the customer
side, it means no upfront investment in servers or software licensing; on the
provider side, with just one app to maintain, costs are low compared to
conventional hosting. Salesforce.com is by far the best-known example among
enterprise applications, but SaaS is also common for HR apps and has even
worked its way up the food chain to ERP, with players such as Workday. And
Page 4
who could have predicted the sudden rise of SaaS "desktop" applications, such
as Google Apps and Zoho Office?
2. Utility computing
The idea is not new, but this form of cloud computing is getting new life from
Amazon.com, Sun, IBM, and others who now offer storage and virtual servers
that IT can access on demand. Early enterprise adopters mainly use utility
computing for supplemental, non-mission-critical needs, but one day, they may
replace parts of the datacenter. Other providers offer solutions that help IT
create virtual datacenters from commodity servers, such as 3Tera's AppLogic
and Cohesive Flexible Technologies' Elastic Server on Demand. Liquid
Computing's LiquidQ offers similar capabilities, enabling IT to stitch together
memory, I/O, storage, and computational capacity as a virtualized resource pool
available over the network.
3. Web Services In The Cloud
Closely related to SaaS, Web service providers offer APIs that enable
developers to exploit functionality over the Internet, rather than delivering full-
blown applications. They range from providers offering discrete business
services -- such as Strike Iron and Xignite -- to the full range of APIs offered by
Google Maps, ADP payroll processing, the U.S. Postal Service, Bloomberg, and
even conventional credit card processing services.
4. Platform As A Service
Another SaaS variation, this form of cloud computing delivers development
environments as a service. You build your own applications that run on the
provider's infrastructure and are delivered to your users via the Internet from the
provider's servers. Like Legos, these services are constrained by the vendor's
design and capabilities, so you don't get complete freedom, but you do get
predictability and pre-integration. Prime examples include Sales force. com's
Force.com,Coghead and the new Google App Engine. For extremely
Page 5
lightweight development, cloud-basedmashup platforms abound, such as Yahoo
Pipes or Dapper.net.
5.Managed Service Providers
One of the oldest forms of cloud computing, a managed service is basically an
application exposed to IT rather than to end-users, such as a virus scanning
service for e-mail or an application monitoring service (which Mercury, among
others, provides). Managed security services delivered by SecureWorks, IBM,
and Verizon fall into this category, as do such cloud-based anti-spam services as
Postini, recently acquired by Google. Other offerings include desktop
management services, such as those offered by CenterBeam or Everdream.
6. Service Commerce Platforms
A hybrid of SaaS and MSP, this cloud computing service offers a service hub
that users interact with. They're most common in trading environments, such as
expense management systems that allow users to order travel or secretarial
services from a common platform that then coordinates the service delivery and
pricing within the specifications set by the user. Think of it as an automated
service bureau. Well-known examples include Rearden Commerce and Ariba.
7. Internet integration
The integration of cloud-based services is in its early days. OpSource, which
mainly concerns itself with serving SaaS providers, recently introduced the
OpSource Services Bus, which employs in-the-cloud integration technology
from a little startup called Boomi. SaaS provider Workday recently acquired
another player in this space, CapeClear, an ESB (enterprise service bus)
provider that was edging toward b-to-b integration. Way ahead of its time,
Grand Central -- which wanted to be a universal "bus in the cloud" to connect
SaaS providers and provide integrated solutions to customers -- flamed out in
2005.
Page 6
Today, with such cloud-based interconnection seldom in evidence, cloud
computing might be more accurately described as "sky computing," with many
isolated clouds of services which IT customers must plug into individually. On
the other hand, as virtualization and SOA permeate the enterprise, the idea of
loosely coupled services running on an agile, scalable infrastructure should
eventually make every enterprise a node in the cloud. It's a long-running trend
with a far-out horizon. But among big metatrends, cloud computing is the
hardest one to argue with in the long term
CHAPTER 2
2. LITERATURE REVIEW
Page 7
2.1 Achieving Secure, Scalable, and Fine-grained Data Access Control in
Cloud Computing
Cloud computing is a promising computing paradigm which recently has drawn
extensive attention from both academia and industry. By combining a set of
existing and new techniques from research areas such as Service-Oriented
Architectures (SOA) and virtualization, cloud computing is regarded as such
a computing paradigm in which resources in the computing infrastructure are
provided as services over the Internet. Along with this new paradigm, various
business models are developed, which can be described by terminology of “X as
a service (XaaS)” where X could be software, hardware, data storage, and etc.
Successful examples are Amazon’s EC2 and S3 , Google App Engine , and
Microsoft Azure which provide users with scalable resources in the pay-as-
youuse fashion at relatively low prices. For example, Amazon’s S3 data storage
service just charges $0.12 to $0.15 per giga byte month. As compared to
building their own infrastructures, users are able to save their investments
significantly by migrating businesses into the cloud. With the increasing
development of cloud computing technologies, it is not hard to imagine that in
the near future more and more businesses will be moved into the cloud.
As promising as it is, cloud computing is also facing many challenges that, if
not well resolved, may impede its fast growth. Data security, as it exists in many
other applications, is among these challenges that would raise great concerns
from users when they store sensitive information on cloud servers. These
concerns originate from the fact that cloud servers are usually operated by
commercial providers which are very likely to be outside of the trusted domain
of the users. Data confidential against cloud servers is hence frequently desired
when users outsource data for storage in the cloud. In some practical application
systems, data confidentiality is not only a security/privacy issue, but also of
Page 8
juristic concerns. For example, in healthcare application scenarios use and
disclosure of protected health information (PHI) should meet the requirements
of Health Insurance Portability and Accountability Act (HIPAA) , and keeping
user data confidential against the storage servers is not just an option, but a
requirement.
Fig 1: An example case in the healthcare scenario
Furthermore, we observe that there are also cases in which cloud users
themselves are content providers. They publish data on cloud servers for sharing
and need fine-grained data access control in terms of which user (data
consumer) has the access privilege to which types of data. In the healthcare
case, for example, a medical center would be the data owner who stores
millions of healthcare records in the cloud. It would allow data consumers such
as doctors, patients, researchers and etc, to access various types of healthcare
records under policies admitted by HIPAA. To enforce these access policies, the
data owners on one hand would like to take advantage of the abundant resources
that the cloud provides for efficiency and economy; on the other hand, they may
want to keep the data contents confidential against cloud servers.
Page 9
2.1 Privacy-Preserving Public Auditing for Secure Cloud Storage
CLOUD Computing has been envisioned as the next-generation information
technology (IT) architecture for enterprises, due to its long list of unprecedented
advantages in the IT history: on-demand self-service, ubiquitous network
access, location independent resource pooling, rapid resource elasticity, usage-
based pricing and transference of risk . As a disruptive technology with
profound implications, Cloud Computing is transforming the very nature of how
businesses use information technology. One fundamental aspect of this
paradigm shifting is that data is being centralized or outsourced to the Cloud.
From users’ perspective, including both individuals and IT enterprises, storing
data remotely to the cloud in a flexible on-demand manner brings appealing
benefits: relief of the burden for storage management, universa data access with
independent geographical locations, and avoidance of capital expenditure on
hardware, software, and personnel maintenances. While Cloud Computing
makes these advantages
more appealing than ever, it also brings new and challenging security threats
towards users’ outsourced data. Since cloud service providers (CSP) are
separate
administrative entities, data outsourcing is actually relinquishing user’s ultimate
control over the fate of their data. As a result, the correctness of the data in the
cloud is being put at risk due to the following reasons. First of all, although the
infrastructures under the cloud are much more powerful and reliable than
personal computing devices, they are still facing the broad range of both
internal and
Page 10
Fig 2: The architecture of cloud data storage service
external threats for data integrity. Examples of outages and security breaches of
noteworthy cloud services appear from time to time . Secondly, there do exist
various motivations for CSP to behave unfaithfully towards the cloud users
regarding the status of their outsourced data. For examples, CSP might reclaim
storage for monetary reasons by discarding data that has not been or is rarely
accessed, or even hide data loss incidents so as to maintain a reputation .In
short, although outsourcing data to the cloud is economically attractive for long-
term large-scale data storage, it does not immediately offer any guarantee on
data integrity and availability. This problem, if not properly addressed, may
impede the successful deployment of the cloud architecture.
Page 11
2.3 Verifiable Privacy-Preserving Range Query in Two-Tiered Sensor
Networks
We believe that pervasive computing systems, touching upon every aspect of
our life, will be partially supported by the sensor network infrastructure, which
is involved in two processes: monitoring the environment surrounding us (also
including us), and providing information for us to analyze and respond. Both
processes are exposed to potential risks for information security and privacy
prohibiting the realistic sensor network deployment. On one hand, a sensor
network may leak information about people to an unauthorized party, which
leads to a privacy breaching. On the other hand, it may also lie about the
collected data to a valid query making the network dysfunctional.
In deploying such a realistic sensor network, a fundamental question is how
much we should trust a sensor network and how we prevent, or at least, to
detect the misbehavior of the sensor network. Unfortunately, little research work
has targeted to solve the problem. This paper tries to address the problem in a
setting of network enhanced by some nodes with large storage space and
considers a powerful and typical sensor network operation: range query. The
network setting, we believe, will be a natural enhancement to the future sensor
network. Range query is powerful enough to cover many interesting types of
queries including location based queries.
Thus, our model is generalized enough for us to investigate the trust problem in
a practical and also meaningful environment. We envision that future sensor
network shall be augmented by sparsely deployed special nodes for data
storage. Those storage nodes differ from the regular sensors with a larger
storage space (e.g., with more enriched flash memory). Senso network
Page 12
generates a large amount of data, and, many times, the collected data has to be
archived for future retrieval. Data can be stored in the sensor nodes or sent back
to the base station, each of which has its limitation.
To store data on the sensor nodes is prohibitive due to the limited storage space
on each sensor node and the difficulty in collecting all the data to a central
repository. Transmitting all the data to the base station, on the other hand, has to
address the limited transmission rate that is especially throttled by the funnel
effect around the base station and attenuated per node transmission bandwidth.
The introduction of the storage nodes helps to alleviate the transmission
bandwidth problem by distributing the local data transmission to the storage
node. This hierarchical structure has been instantiated by the recently popular
star gate device and the memory-enhanced sensor nodes by UC Riverside .
Those special powerful nodes take advantage of their high transmission
capability and storage and even computational capability to alleviate the cursed
bandwidth limitation, and also provide auxiliary support for surrounding
vulnerable sensors for data back-up.
The introduction of the storage node is also spurred by the recent concept of
“data-centric storage”. Data-centric storage deterministically conducts a
mapping between the name of a data (N) to the address associated with a
specific node. All the data with name N generated by the network are
accumulated to the node A and all queries about N go to A too. In this way,
network-wide search for data query is avoided dramatically reducing
communication cost in many scenarios.
For example, a sensor network deployed for plant monitoring may forward
queries about the humidity to a storage sensor directly, and the temperature to
another storage sensor instead of querying the entire network.
Page 13
2.4 Improved Proxy Re-Encryption Schemes with Applications to
Secure Distributed Storage.
Proxy re-encryption allows a proxy to transform a cipher text computed under
Alice's public key into one that can be opened by Bob's secret key. There are
many useful applications of this primitive. For instance, Alice might wish to
temporarily forward encrypted email to her colleague Bob, without giving him
her secret key. In this case, Alice the delegator could designate a proxy to re-
encrypt her incoming mail into a format that Bob the delegate can decrypt using
his own secret key. Clearly, Alice could provide her secret key to the proxy but
this requires an unrealistic level of trust in the proxy. We present several
efficient proxy re encryption schemes that offer security improvements over
earlier approaches. The primary advantage of our schemes is that they are
unidirectional (i.e., Alice can delegate to Bob without Bob having to delegate to
her) and do not require delegators to reveal their entire secret key to anyone. or
even interact with the delegate . in order to allow a proxy to re-encrypt their
cipher texts. In our schemes, only a limited amount of trust is placed in the
proxy. For example, it is not able to decrypt the cipher texts it re-encrypts and
we prove our schemes secure even when the proxy publishes all the
reencryption information it knows. This enables a number of applications that
would not be practical if the proxy needed to be fully trusted.
Page 14
We present an application for proxy cryptography in securing distributed _le
systems. Our system uses a centralized access control server to manage access
to encrypted _les stored on distributed, untrusted replicas. We use proxy re
encryption to allow for centrally-managed access control without granting full
decryption rights to the access control server. No experimental implementation
of proxy re-encryption schemes has been provided, to our knowledge, which
makes it dif_cult to argue about the effectiveness of the proxy re-encryption
primitive. In this paper, we provide new protocols with improved security
guarantees (based on bilinear maps) and demonstrate their practicality based on
runtime experiments.
Fig 3: Typical operation of the proxy re-encryption system
The user's client machine fetches encrypted blocks from the block store. Each
block includes a lockbox encrypted under a master public key. The client then
transmits lockboxes to the access control server for re-encryption under the
user's public key. If the access control server possesses the necessary re-
encryption key, it re-encrypts the lockbox and returns the new ciphertext. The
client can then decrypt the re-encrypted block with the user's secret key. Our _le
system uses an untrusted access control server to manage access to encrypted
_les stored on
distributed, untrusted block stores. We use proxy re-encryption to allow for
access control without granting full decryption rights to the access control
Page 15
server. To our knowledge, we provide the first experimental implementation and
evaluation of a system using proxy re-encryption.
2.5 Above the Clouds: A View of Cloud Computing
Cloud Computing refers to both the applications delivered as services over the
Internet and the hardware and systems software in the datacenters that provide
those services. The services themselves have long been referred to as Software
as a Service (SaaS). The datacenter hardware and software is what we will call a
Cloud. When a Cloud is made available in a pay-as-you-go manner to the
general public, we call it a Public Cloud; the service being sold is Utility
Computing. We use the term Private Cloud to refer to internal datacenters of a
business or other organization, not made available to the general public. Thus,
Cloud Computing
is the sum of SaaS and Utility Computing, but does not include Private Clouds.
People can be users or providers of SaaS, or users or providers of Utility
Computing. We focus on SaaS Providers (Cloud Users) and Cloud Providers,
which have received less attention than SaaS Users. Figure 1 makes provider-
user relationships clear.
Page 16
Fig 4: Users and Providers of Cloud Computing.
Any application needs a model of computation, a model of storage, and a model
of communication. The statistical multiplexing necessary to achieve elasticity
and the illusion of infinite capacity requires each of these resources to be
virtualized to hide the implementation of how they are multiplexed and shared.
Our view is that different utility computing offerings will be distinguished based
on the programmer’s level of abstraction and the level of management of the
resources.
Amazon EC2 is at one end of the spectrum. An EC2 instance looks much like
physical hardware, and users can control nearly the entire software stack, from
the kernel upwards. This low level makes it inherently difficult for Amazon to
offer automatic scalability and failover, because the semantics associated with
replication and other state management issues are highly application-dependent.
At the other extreme of the spectrum are application domain-specific platforms
such as Google App- Engine. AppEngine is targeted exclusively at traditional
web applications, enforcing an application structure of clean separation between
a stateless computation tier and a stateful storage tier. AppEngine’s impressive
automatic scaling and high-availability mechanisms, and the proprietary
MegaStore data storage available to AppEngine applications, all rely on these
constraints. Applications for Microsoft’s Azure are written using the .NET
libraries, and compiled to the Common Language Runtime, a language-
independent managed environment. Thus, Azure is intermediate between
application frameworks like AppEngine and hardware virtual machines like
EC2.
Page 17
3 SYSTEM ANALYSES
3.1 Existing System:
Cryptographic storage system that enables secure file sharing on untrusted
servers, named Plutus. By dividing files into file groups and encrypting each
file group with a unique file-block key, the data owner can share the file groups
with others through delivering the corresponding lockbox key, where the
lockbox key is used to encrypt the file-block keys
Each user obtains two keys after the registration: a group signature key and an
attribute key. Thus, any user is able to encrypt a data file using attribute-based
encryption and others in the group can decrypt the encrypted data using their
attribute keys. Meanwhile, the user signs encrypted data with her group
signature key for privacy preserving and traceability.
DisAdvantages:
User revocation is not supported in their scheme.
A heavy key distribution overhead for large-scale file sharing
When a new user joins the group, the private key of each user in an NNL
system needs to be recomputed.
which may limit the application for dynamic groups
Page 18
3.2 Proposed System:
Propose a secure multi-owner data sharing scheme. It implies that any user in
the group can securely share data with others by the untrusted cloud. the group
manager can store and modify data in the cloud, the multiple-owner manner is
more flexible in practical applications. More concretely, each user
in the group is able to not only read data, but also modify his/ her part of data in
the entire data file shared by the company. Last but not least, groups are
normally dynamic in practice, e.g., new staff participation and current employee
revocation in a company. On the other hand, an efficient membership revocation
mechanism without updating the secret keys of the remaining users is also
desired to minimize the complexity of key management.
Advantages:
Our proposed scheme is able to support dynamic groups efficiently.
Specifically, new granted users can directly decrypt data files uploaded
before their participation without contacting with data owners.
User revocation can be easily achieved through a novel revocation list
without updating the secret keys of the remaining users.
Secure and privacy-preserving access control to users, which guarantees
any member in a group to anonymously utilize the cloud resource.
Page 19
4 SYSTEM DESIGN
Group Manager
Group Member
New User
Cloud
Join To Group
DataUpdate
Shared Data
Join/Leave
KeyDistribution
Shared Data Shared
Data
Group Manager
Update
Group Member
Key Distribution
Join/Leave
Join To Group
Data
Request
Secure Forward Data
New User
4.1 ARCHITECTURAL DESIGN
Page 20
4.2 Use case Diagram:
Login
download the file
Group Manager
Group Member
Get Revocation List
Manage the Revcation List
Upload the File
Cloud
Key Sharing
Page 21
4.3 Sequence Diagram:
Group MemberGroup Member LoginLogin Get RLGet RL CloudCloud Group ManagerGroup Manager
1: valid user login
2: login valid
3: Request the Revocation List
4: Get the Revocation List
5: Share the File
6: Download the File
7: Manage the Revocation List
Page 22
4.4 Collaboration Diagram:
Group Member
Login Get RL
CloudGroup
Manager
1: valid user login 2: login valid
3: Request the Revocation List
4: Get the Revocation List6: Download the File
5: Share the File
7: Manage the Revocation List
4.5 Class Diagram:
Group Member
User NamePasswordPrivate KeyPublic Key
Get the Revocation List()...Encrypt & Upload file()share the key()Download the file()
Cloud
Revocation ListKeyFile
Store & share Revocation List()...store & share File()
Group Manager
Revocation Listkey
Manage the Revocation List()...Manage the File()
Page 23
4.6 Activity Diagram:
Login
Get Revocation List in Cloud
Encrypt the File
Download & decrypt the File
Share the File in cloud
Share the Key
Page 24
4.7 Data Flow Diagram:
Page 25
5 MODULES DESCRIPTION
Modules:
1. System Initialization.
2. Dynamic user Registration and Revocation.
3. Group Signature Generation.
4. File Generation and Deletion
5. Dynamic Broadcast Encryption.
6. User Anonymity And Traceability .
5.1. System Initialization.
In this modules we initialize the cloud and group Manger . Group manager takes
charge of system parameters generation, user registration, user revocation, and
revealing the real identity of a dispute data owner. the group manager is acted by
the administrator of the company. Therefore, we assume that the group
manager is fully trusted by the other parties.
Page 26
User
Request GroupManager
Generate Signature
Update in Revocation list
5.2. Dynamic user Registration and Revocation.
For the registration of user i with identity ID, the group manager randomly
selects a number. Then, the group manager adds ID into the group user list,
which will be used in the traceability phase. After the registration, user i obtains
a private key, which will be used for group signature generation and file
decryption.
User revocation is performed by the group manager via a public
available revocation list , based on which group members can encrypt their data
files and ensure the confidentiality against the revoked users.
Page 27
User
New User
For Revocation
Group Manager
Update the Revocation
List
Database
Register in database
Allocate the Group
Generate Group ID
Request
Generate value For User
5.3. Group Signature Generation.
A group signature scheme allows any member of the group to sign messages
while keeping the identity secret from verifiers. Besides, the designated group
manager can reveal the identity of the signature’s originator when a dispute
occurs, which is denoted as traceability.
Group Manager
Allocate the Group
Get The Group ID
Generate Group
Signature
Send To User
Page 28
5.4. File Generation and Deletion
File stored in the cloud can be deleted by either the group manager or
the data owner the member who uploaded the file into the server.
User
Select File Encrypt The File
Up lode The Cloud Server
Delete The File Update the Revocation List
.
5.5. Dynamic Broadcast Encryption.
Broadcast encryption enables a broadcaster to transmit encrypted data to a set
of users so that only a privileged subset of users can decrypt the data. Besides
the above characteristics, dynamic broadcast encryption also allows the group
manager to dynamically include new members while preserving previously
computed information, i.e., user decryption keys need not be recomputed, the
morphology and size of cipher texts are unchanged and the group encryption
key requires no modification.
Page 29
User
Generate Group ID
Generate Data ID Encrypt The
Data
Set Current Time
Create Signature
Select a File
Up Load File
5.6. User Anonymity And Traceability .
When a data dispute occurs, the tracing operation is performed by the group
manager to identify the real identity of the data owner. the cloud, a user needs to
compute a group signature for his/her authentication. The employed group
signature scheme can be regarded as a variant of the short group signature ,
which inherits the inherent unforgeability property, anonymous authentication,
and tracking capability
Page 30
Group Manager
Check Signature
Valid the Signature
Forward
Trace the user Delete the
User Information
True
False
Page 31
6 CHAPTERS
Conclusion
we design a secure data sharing scheme, Mona, for dynamic groups in an
untrusted cloud. In Mona, a user is able to share data with others in the group
without revealing identity privacy to the cloud. Additionally, Mona supports
efficient user revocation and new user joining. More specially, efficient user
revocation can be achieved through a public revocation list without updating the
private keys of the remaining users, and new users can directly decrypt files
stored in the cloud before their participation. Moreover, the storage overhead
and the encryption computation cost are constant. Extensive analyses show that
our proposed scheme satisfies the desired security requirements and guarantees
efficiency as well.
FUTURE ENHANCEMENT
In future we sharing the information one to other groups and assigns the
priority based on some condition to access the other group files.
Page 32
7 References:
1.B. Waters, “Ciphertext-Policy Attribute-Based Encryption: An Expressive,
Efficient, and Provably Secure Realization,” Proc. Int’l Conf. Practice and
Theory in Public Key Cryptography Conf. Public Key Cryptography,
http://eprint.iacr.org/2008/290.pdf, 2008.
2.C. Wang, Q. Wang, K. Ren, and W. Lou, “Privacy-Preserving Public Auditing
for Data Storage Security in Cloud Computing,” Proc. IEEE INFOCOM, pp.
525-533, 2010.
3.S. Kamara and K. Lauter, “Cryptographic Cloud Storage,” Proc. Int’l Conf.
Financial Cryptography and Data Security (FC), pp. 136- 149, Jan. 2010.
4.S. Yu, C. Wang, K. Ren, and W. Lou, “Achieving Secure, Scalable, and Fine-
Grained Data Access Control in Cloud Computing,” Proc. IEEE INFOCOM, pp.
534-542, 2010.
5.M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu, “Plutus:
Scalable Secure File Sharing on Untrusted Storage,” Proc. USENIX Conf. File
and Storage Technologies, pp. 29-42, 2003.
Page 33
APPENDIX-1
SOURCE CODE
package com.cloud.siddhi.cloudServer;
import java.awt.EventQueue;
import java.awt.Font;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.Statement;
import javax.swing.ImageIcon;
import javax.swing.JButton;
import javax.swing.JFrame;
import javax.swing.JLabel;
import javax.swing.JOptionPane;
import javax.swing.JPanel;
import javax.swing.JProgressBar;
import javax.swing.JRadioButton;
import javax.swing.JScrollPane;
import javax.swing.JSeparator;
import javax.swing.JTextArea;
import javax.swing.JTextField;
import javax.swing.border.EmptyBorder;
import com.cloud.siddhi.utility.CloudServerStart;
import com.cloud.siddhi.utility.DBConnection;
import java.awt.event.ActionListener;
import java.awt.event.ActionEvent;
Page 34
import java.awt.Color;
public class CloudFrame extends JFrame implements Runnable
{
private static final long serialVersionUID = 1L;
private JPanel contentPane;
public static JTextField ReceivedReq_TextField;
public static JTextField Selected_TextField;
public static String myAddress,myName="Server";
public static JProgressBar ProgressBar;
public static JTextArea CurrentProcessing_TextArea ;
public static int myPort;
public Thread obj;
public static DBConnection dbc;
public static Connection con;
public static Statement st;
public static ResultSet rs;
public static void main(String[] args) {
EventQueue.invokeLater(new Runnable() {
public void run() {
try {
CloudFrame frame = new CloudFrame("localhost",9090);
frame.setVisible(true);
} catch (Exception e) {
e.printStackTrace();
}
}
});
Page 35
}
/**
* Create the frame.
*/
public CloudFrame(String add,int port)
{
myAddress=add;
myPort=port;
obj=new Thread(this);
obj.start();
upDateServerDetails();
setResizable(false);
setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
setBounds(100, 100, 1042, 474);
contentPane = new JPanel();
contentPane.setBorder(new EmptyBorder(5, 5, 5, 5));
setContentPane(contentPane);
contentPane.setLayout(null);
JLabel lblNewLabel = new JLabel("MONA : Cloud Server");
lblNewLabel.setFont(new Font("Times New Roman", Font.BOLD, 25));
lblNewLabel.setBounds(427, 12, 248, 55);
contentPane.add(lblNewLabel);
JSeparator separator = new JSeparator();
separator.setBounds(6, 79, 1024, 2);
contentPane.add(separator);
Page 36
JSeparator separator_1 = new JSeparator();
separator_1.setBounds(6, 395, 1024, 10);
contentPane.add(separator_1);
JLabel lblNewLabel_1 = new JLabel("Cloud User Request Info :");
lblNewLabel_1.setIcon(new
ImageIcon("D:\\IMAGE\\Shooping\\basket_put.png"));
lblNewLabel_1.setFont(new Font("Times New Roman", Font.PLAIN, 16));
lblNewLabel_1.setBounds(37, 141, 199, 54);
contentPane.add(lblNewLabel_1);
ReceivedReq_TextField = new JTextField();
ReceivedReq_TextField.setFont(new Font("Times New Roman", Font.PLAIN,
16));
ReceivedReq_TextField.setBounds(244, 155, 185, 28);
contentPane.add(ReceivedReq_TextField);
ReceivedReq_TextField.setColumns(10);
JButton btnNewButton = new JButton("Request Processing ..");
btnNewButton.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent e)
{
String msg=ReceivedReq_TextField.getText().trim();
if(msg.equals("Group Registration"))
{
new GroupRegistrationProcess();
}
}
});
Page 37
btnNewButton.setIcon(new ImageIcon("D:\\IMAGE\\select
path\\select_by_color.png"));
btnNewButton.setFont(new Font("Times New Roman", Font.PLAIN, 16));
btnNewButton.setBounds(116, 223, 225, 40);
contentPane.add(btnNewButton);
JLabel label = new JLabel("");
label.setIcon(new ImageIcon("D:\\IMAGE\\Administrator\\people.png"));
label.setFont(new Font("Times New Roman", Font.PLAIN, 16));
label.setBounds(480, 130, 64, 88);
contentPane.add(label);
JLabel lblNewLabel_2 = new JLabel("");
lblNewLabel_2.setIcon(new ImageIcon("D:\\IMAGE\\Cloud\\cloud.png"));
lblNewLabel_2.setBounds(334, 12, 119, 73);
contentPane.add(lblNewLabel_2);
JLabel lblNoGroups = new JLabel("Groups");
lblNoGroups.setFont(new Font("Times New Roman", Font.PLAIN, 16));
lblNoGroups.setBounds(490, 204, 50, 34);
contentPane.add(lblNoGroups);
JLabel label_1 = new JLabel("");
label_1.setIcon(new ImageIcon("D:\\IMAGE\\Data
Set\\saved_data_utility.png"));
label_1.setFont(new Font("Times New Roman", Font.PLAIN, 16));
label_1.setBounds(479, 301, 77, 64);
contentPane.add(label_1);
Page 38
JLabel lblFiles = new JLabel("Files");
lblFiles.setFont(new Font("Times New Roman", Font.PLAIN, 16));
lblFiles.setBounds(489, 349, 50, 34);
contentPane.add(lblFiles);
ProgressBar = new JProgressBar();
ProgressBar.setBounds(246, 413, 544, 25);
contentPane.add(ProgressBar);
JScrollPane scrollPane = new JScrollPane();
scrollPane.setBounds(556, 141, 235, 91);
contentPane.add(scrollPane);
JTextArea ListGroups_TextArea = new JTextArea();
scrollPane.setViewportView(ListGroups_TextArea);
JScrollPane scrollPane_1 = new JScrollPane();
scrollPane_1.setBounds(556, 292, 235, 91);
contentPane.add(scrollPane_1);
JTextArea ListFiles_TextArea = new JTextArea();
scrollPane_1.setViewportView(ListFiles_TextArea);
JScrollPane scrollPane_2 = new JScrollPane();
scrollPane_2.setBounds(37, 292, 392, 89);
contentPane.add(scrollPane_2);
CurrentProcessing_TextArea = new JTextArea();
CurrentProcessing_TextArea.setForeground(new Color(100, 149, 237));
Page 39
scrollPane_2.setViewportView(CurrentProcessing_TextArea);
JLabel lblListOfGroups = new JLabel("List of Groups");
lblListOfGroups.setIcon(new ImageIcon("D:\\IMAGE\\Data
Set\\computer_data.png"));
lblListOfGroups.setFont(new Font("Times New Roman", Font.PLAIN, 16));
lblListOfGroups.setBounds(599, 79, 144, 61);
contentPane.add(lblListOfGroups);
JLabel lblListOfFiles = new JLabel("List of Files");
lblListOfFiles.setIcon(new ImageIcon("D:\\IMAGE\\Data
Set\\data_transfer.png"));
lblListOfFiles.setFont(new Font("Times New Roman", Font.PLAIN, 16));
lblListOfFiles.setBounds(599, 236, 144, 61);
contentPane.add(lblListOfFiles);
Selected_TextField = new JTextField();
Selected_TextField.setFont(new Font("Times New Roman", Font.PLAIN, 16));
Selected_TextField.setColumns(10);
Selected_TextField.setBounds(837, 186, 185, 28);
contentPane.add(Selected_TextField);
JLabel lblSelectedInfo = new JLabel("Selected Info...");
lblSelectedInfo.setIcon(new ImageIcon("D:\\IMAGE\\mail search\\E-
mail.png"));
lblSelectedInfo.setFont(new Font("Times New Roman", Font.PLAIN, 16));
lblSelectedInfo.setBounds(823, 130, 199, 54);
contentPane.add(lblSelectedInfo);
Page 40
JRadioButton rdbtnNewRadioButton = new JRadioButton("View User
Details..");
rdbtnNewRadioButton.setFont(new Font("Times New Roman", Font.PLAIN,
16));
rdbtnNewRadioButton.setBounds(847, 236, 157, 25);
contentPane.add(rdbtnNewRadioButton);
JRadioButton rdbtnViewUserFile = new JRadioButton("View File Details..");
rdbtnViewUserFile.setFont(new Font("Times New Roman", Font.PLAIN, 16));
rdbtnViewUserFile.setBounds(847, 288, 157, 25);
contentPane.add(rdbtnViewUserFile);
JButton btnView = new JButton("View..");
btnView.setIcon(new ImageIcon("D:\\IMAGE\\mail
search\\newspaper_search.png"));
btnView.setFont(new Font("Times New Roman", Font.PLAIN, 16));
btnView.setBounds(869, 346, 144, 40);
contentPane.add(btnView);
}
public static void defaultconnection()
{
try
{
dbc=new DBConnection();
con=dbc.getConnection();
st=con.createStatement();
}
catch (Exception e)
{
Page 41
e.printStackTrace();
}
}
private void upDateServerDetails()
{
defaultconnection();
try
{
int i=st.executeUpdate("UPDATE Server_Details SET
ServerAddress='"+myAddress+"',ServerPort='"+myPort+"'WHERE
ServerName='"+myName+"'");
if(i==1)
{
JOptionPane.showMessageDialog(contentPane, "Server Successfully
Started","WARNING",JOptionPane.WARNING_MESSAGE);
dispose();
}
else
{
JOptionPane.showMessageDialog(null, "Save
Failed","WARNING",JOptionPane.WARNING_MESSAGE);
}
st.close();
con.close();
}
catch (Exception e)
{
e.printStackTrace();
}
Page 42
}
public void run()
{
new CloudServerStart(myPort);
}
}
package com.cloud.siddhi.groupManager;
import java.awt.Color;
import java.awt.EventQueue;
import java.awt.Font;
import java.awt.Toolkit;
import javax.swing.ImageIcon;
import javax.swing.JButton;
import javax.swing.JFrame;
import javax.swing.JLabel;
import javax.swing.JPanel;
import javax.swing.JProgressBar;
import javax.swing.JScrollPane;
import javax.swing.JTabbedPane;
import javax.swing.JTextArea;
import javax.swing.JTextField;
import javax.swing.SwingConstants;
import javax.swing.UIManager;
import javax.swing.border.EmptyBorder;
public class GroupManager extends JFrame {
Page 43
/**
*
*/
private static final long serialVersionUID = 1L;
private JPanel contentPane;
private JTextField textField;
private JTextField textField_1;
private JTextField textField_2;
private JTextField textField_3;
/**
* Launch the application.
*/
public static void main(String[] args) {
EventQueue.invokeLater(new Runnable() {
public void run() {
try {
GroupManager frame = new GroupManager();
frame.setVisible(true);
} catch (Exception e) {
e.printStackTrace();
}
}
});
}
/**
* Create the frame.
*/
Page 44
public GroupManager() {
setIconImage(Toolkit.getDefaultToolkit().getImage("D:\\IMAGE\\Account\\acc
ount_balances.png"));
setTitle("Group Manager");
setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
setBounds(100, 100, 808, 445);
contentPane = new JPanel();
contentPane.setBorder(new EmptyBorder(5, 5, 5, 5));
setContentPane(contentPane);
contentPane.setLayout(null);
JLabel label = new JLabel("MONA : Secure Data Sharing in the Cloud");
label.setForeground(UIManager.getColor("InternalFrame.activeTitleBackgroun
d"));
label.setBounds(76, 14, 459, 29);
label.setFont(new Font("Times New Roman", Font.BOLD, 25));
contentPane.add(label);
JTabbedPane tabbedPane = new JTabbedPane(JTabbedPane.TOP);
tabbedPane.setFont(new Font("Times New Roman", Font.PLAIN, 14));
tabbedPane.setBounds(6, 52, 780, 348);
contentPane.add(tabbedPane);
JPanel panel = new JPanel();
tabbedPane.addTab("User Registration", null, panel, null);
panel.setLayout(null);
JLabel lblUserRequest = new JLabel("Msg From");
Page 45
lblUserRequest.setIcon(new
ImageIcon("D:\\IMAGE\\Account\\reseller_accountd.png"));
lblUserRequest.setBounds(19, 95, 107, 35);
panel.add(lblUserRequest);
lblUserRequest.setFont(new Font("Times New Roman", Font.PLAIN, 16));
textField = new JTextField();
textField.setBounds(138, 102, 157, 28);
panel.add(textField);
textField.setHorizontalAlignment(SwingConstants.CENTER);
textField.setFont(new Font("Times New Roman", Font.PLAIN, 14));
textField.setColumns(10);
JButton btnSave = new JButton("Save");
btnSave.setIcon(new ImageIcon("D:\\IMAGE\\Account\\stock_save-
template.png"));
btnSave.setBounds(420, 164, 125, 40);
panel.add(btnSave);
btnSave.setFont(new Font("Times New Roman", Font.PLAIN, 14));
textField_1 = new JTextField();
textField_1.setHorizontalAlignment(SwingConstants.CENTER);
textField_1.setFont(new Font("Times New Roman", Font.PLAIN, 14));
textField_1.setColumns(10);
textField_1.setBounds(138, 171, 157, 28);
panel.add(textField_1);
JLabel lblAddress = new JLabel("Address :");
Page 46
lblAddress.setIcon(new
ImageIcon("D:\\IMAGE\\Account\\reseller_account_template.png"));
lblAddress.setFont(new Font("Times New Roman", Font.PLAIN, 16));
lblAddress.setBounds(19, 164, 107, 40);
panel.add(lblAddress);
textField_2 = new JTextField();
textField_2.setHorizontalAlignment(SwingConstants.CENTER);
textField_2.setFont(new Font("Times New Roman", Font.PLAIN, 14));
textField_2.setColumns(10);
textField_2.setBounds(414, 102, 157, 28);
panel.add(textField_2);
JLabel lblPortNo = new JLabel("Port No :");
lblPortNo.setIcon(new
ImageIcon("D:\\IMAGE\\Account\\reseller_accountd.png"));
lblPortNo.setFont(new Font("Times New Roman", Font.PLAIN, 16));
lblPortNo.setBounds(318, 95, 93, 40);
panel.add(lblPortNo);
JLabel lblNewUserJoin = new JLabel("New User Join");
lblNewUserJoin.setIcon(new ImageIcon("D:\\IMAGE\\Icons\\user_male_add
(1).png"));
lblNewUserJoin.setForeground(Color.BLACK);
lblNewUserJoin.setFont(new Font("Times New Roman", Font.BOLD, 20));
lblNewUserJoin.setBounds(217, 34, 165, 40);
panel.add(lblNewUserJoin);
JPanel panel_1 = new JPanel();
Page 47
tabbedPane.addTab("Group Signature", null, panel_1, null);
panel_1.setLayout(null);
JLabel lblUserName = new JLabel("User Name :");
lblUserName.setBounds(40, 88, 102, 24);
lblUserName.setFont(new Font("Times New Roman", Font.PLAIN, 16));
panel_1.add(lblUserName);
JLabel lblSignatureGeneration = new JLabel("Signature Generation");
lblSignatureGeneration.setBounds(203, 33, 193, 24);
lblSignatureGeneration.setForeground(Color.BLACK);
lblSignatureGeneration.setFont(new Font("Times New Roman", Font.BOLD,
20));
panel_1.add(lblSignatureGeneration);
textField_3 = new JTextField();
textField_3.setBounds(154, 88, 173, 28);
textField_3.setHorizontalAlignment(SwingConstants.CENTER);
textField_3.setFont(new Font("Times New Roman", Font.PLAIN, 14));
textField_3.setColumns(10);
panel_1.add(textField_3);
JButton btnGenerate = new JButton("Generate..!");
btnGenerate.setBounds(122, 185, 112, 28);
btnGenerate.setFont(new Font("Times New Roman", Font.PLAIN, 14));
panel_1.add(btnGenerate);
JProgressBar progressBar = new JProgressBar();
progressBar.setBounds(39, 144, 288, 22);
Page 48
panel_1.add(progressBar);
JLabel lblCompleted = new JLabel("Completed 0...");
lblCompleted.setFont(new Font("Times New Roman", Font.PLAIN, 16));
lblCompleted.setBounds(40, 120, 222, 24);
panel_1.add(lblCompleted);
JScrollPane scrollPane = new JScrollPane();
scrollPane.setBounds(372, 93, 202, 91);
panel_1.add(scrollPane);
JTextArea textArea = new JTextArea();
scrollPane.setViewportView(textArea);
JPanel panel_2 = new JPanel();
tabbedPane.addTab("User Revocation", null, panel_2, null);
}
}