INTRODUCTION

1. INTRODUCTION

The access control is one of the fundamental security services in the computer system. It is a

mechanism for constraining the interaction between users and protected resources. File is one of

the important resources of the computer system. That must be protected from the unauthorized

access that it can’t be tempered or stolen by intruders. The file security can enforced using

cryptographic techniques. With the help of these techniques the important files are encrypted and

authorized users are given appropriate cryptographic keys.

The cryptographic techniques can be applied at any level of the storage systems because they

use the layered architecture. The level may be the block or virtual one in the operating system.

Basically, file management is an important task of the computer system. We have designed the

Java File Security System (JFSS) for files on the Windows XP. The suggested file security

system storing encrypted files using Rijndael Algorithm (AES), so an unauthorized user can’t

access the important data. The encryption takes place for the selected files (important ones which

requires the security) only. We are using the concept of on-demand computing which results in

the high performance of the computer system. The proposed system is working properly for all

types of the files. In this paper there are more sections.

Few people use secure network file systems today, despite the fact that attackers can easily

tamper with network traffic. For years, researchers have known how to design and build file

systems that work over untrusted networks (for instance Echo). If such a file system could grow

to span the Internet, it would let people access and share files securely with anyone anywhere.

Unfortunately, no existing file system has realized this goal.

In the file security system we use the key encrypt the file and same key use for

decryption of file because we use the symmetric key for encryption and decryption of file.

Information security is the hot topic of research in the field of computer science and

technology, and the data encryption is one of the most important methods for information

security. Since a new kind of encryption algorithm, i.e. Advanced Encryption Standard (AES),

has been proposed for replacing the previous encryption of Data Encryption Standard (DES) in

2001, more and more applications are starting to use AES instead of DES to protect their

information security in the past ten years. Currently, the implementations of AES are based on

CPU because CPU is regarded as the computing component in the computer system from the

1

traditional point of view. With the rapid growth of information data, more and more applications

require encrypting data with the performance of more and more high speed. The traditional CPU-

based AES implementation shows the poor performance and cannot meet the demands of fast

data encryption. Therefore, how to develop a new method for high performance is a challenging

topic of research, which is interesting more and more researchers in developing new approaches

for fast AES encryption. In recent years, with the rapid development of microelectronics

technology, the computing capability of many general-purpose processors has gone far beyond

CPU. A secure network file system designed to span the Internet. File security system prevents

much vulnerability caused by today’s insecure network file system proto-cols. It makes file

sharing across administrative realms trivial, letting users access files from anywhere and share

files with anyone.

Few people use secure network file systems today, despite the fact that attackers can

easily tamper with network traffic. For years, researchers have known how to design and build

file systems that work over untrusted networks (for instance Echo). If such a file system could

grow to span the Internet, it would let people access and share files securely with anyone

anywhere. Unfortunately, no existing file system has realized this goal.

In the file security system we use the key encrypt the file and same key use for

decryption of file because we use the symmetric key for encryption and decryption of file.

2

2. Review of Literature

(1.) Parallel AES Algorithm for Fast Data Encryption on GPU

Deguang Le, Jinyi Chang, Xingdou Gou, Ankang Zhang, Conglan Lu

Abstract: - With the improvement of cryptanalysis, More and more applications are starting to

use Advanced Encryption Standard (AES) instead of Data Encryption Standard (DES) to protect

their information security. However, current implementations of AES algorithm suffer from huge

CPU resource consumption and low throughput. In this paper, we studied the technologies of

GPU parallel computing and its optimized design for cryptography. Then, we proposed a new

algorithm for AES parallel encryption, and designed and implemented a fast data encryption

system based on GPU. The test proves that our approach can accelerate the speed of AES

encryption significantly.

(2.) Separating key management from file system security

17th ACM Symposium on Operating Systems Principles (SOSP ’99) Published as

Operating Systems Review 34(5):124–139, Dec. 1999

Abstract: - No secure network file system has ever grown to span the Internet. Existing

systems all lack adequate key management for security at a global scale. Given the diversity of

the Internet, any particular mechanism a file system employs to manage keys will fail to support

many types of use. We propose separating key management from file system security, letting the

world share a single global file system no matter how individuals manage keys. We present SFS,

a secure file system that avoids internal key management. While other file systems need key

management to map file names to encryption keys, SFS file names effectively contain public

keys, making them self-certifying pathnames. Key management in SFS occurs outside of the file

system, in whatever procedure users choose to generate file names. Self-certifying pathnames

free SFS clients from any notion of administrative realm, making inter-realm file sharing trivial.

They let users authenticate servers through a number of different techniques. The file namespace

doubles as a key certification namespace, so that people can realize many key management

schemes using only standard file utilities. Finally, with self-certifying pathnames, people can

bootstrap one key management mechanism using another. These properties make SFS more

versatile than any file system with built-in key management.

3

(3.) Encryption and Decryption of Digital Image Using Color

IJCSI International Journal of Computer Science Issues, Vol. 9, Issue 2, No 2, March 2012

ISSN (Online): 1694-0814

Abstract:-This paper aims at improving the level of security and secrecy provided by the digital

color signal-based image encryption. The image encryption and decryption algorithm is designed

and implemented to provide confidentiality and security in transmission of the image based data

as well as in storage. This new proposed encryption algorithm can ensure the lossless of

transmissions of images. The proposed encryption algorithm in this study has been tested on

some images and showed good results.

(4.) Simple Encryption/Decryption Application

This paper presents an Encryption/Decryption application that is able to work with any type

of file; for example: image files, data files, documentation files…etc. The method of encryption

is simple enough yet powerful enough to fit the needs of students and staff in a small institution.

The application uses simple key generation method of random number generation and

combination. The final encryption is a binary one performed through rotation of bits and XOR

operation applied on each block of data in any file using a symmetric decimal key. The key

generation and Encryption are all done by the system itself after clicking the encryption button

with transparency to the user. The same encryption key is also used to decrypt the encrypted

binary file.

(5.) Java File Security System (JFSS) Evaluation Using Software Engineering

Approaches

Volume 2, Issue 1, January 2012 ISSN: 2277 128X International Journal of Advanced

Research in Computer Science and Software Engineering

A Java File Security System (JFSS) has been developed by us. That is an encrypted file system.

It is developed by us because there are so many file data breaches in the past and current history

and they are going to increase day by day as the reports by Data Loss DB (Open Security

Foundation) organization, a non-profit organization in US so it is. The JFSS is evaluated

regarding the two software engineering approaches. One of them is size metric that is Lines of

4

Code (LOC) in the software product development. Another approach is the customer oriented

namely User Satisfaction Testing methodology.

Satisfying our customers is an essential element to stay in business in modern world of global

competition. We must satisfy and even delight our customers with the value of our software

products and services to gain their loyalty and repeat business. Customer satisfaction is therefore

a primary goal of process improvement programs as well as quality predictions of our software.

With the help of User Satisfaction Index that is calculated for many parameters regarding the

customer satisfaction. Customer Satisfaction Surveys are the best way to find the satisfaction

level of our product quality.

(6.) A Study of New Trends in Blowfish Algorithm

Gurjeevan Singh, Ashwani Kumar, K. S. Sandha / International Journal of Engineering

Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 1, Issue 2,

pp.321-326

Abstract: - Wired and wireless networks are becoming popular day by day. Due to rapid growth of

networks, information security becomes more important to protect commerce secrecy and

privacy. Encryption algorithm plays a crucial role in information security but securing data also

consumes a significant amount of resources such as CPU time and battery power. In this paper

we try to present a fair comparison between the most common four encryption algorithms

namely; AES, DES, 3DES and Blowfish in terms of security and power consumption.

Experiment results of comparison are carried out over different data types like text, image, audio

and video. This paper briefly describes a new method to enhance the security of Blowfish

algorithm; this can be possible by replacing the pre-defined XOR operation by new operation

‘#’. When we are adding additional key and replacing old XOR by new operation ‘#’, Blowfish

will provides better results against any type of intrusion.

(7.) AN EFFICIENT IMPLEMENTATION OF LRCA SCHEME FOR

ENCRYPTION/DECRYPTION

V MNSSVKR GUPTA, K.V.S. MURTHY, DR.A. YESU BABU, R SHIVA SHANKAR/

International Journal of Engineering Research and Applications (IJERA)

5

Abstract:- Network has become a significant way to transmit information because of the arrival

of information era and the rapid development of Internet. Various multimedia digital products

(such as text, images, videos, sound data, etc.) spread on the net. How to protect the benefit of

the investors and legal rights owners is becoming an upcoming problem to solve. In this couple

of years, the data encryption/decryption (modern cryptography) technique develops rapidly,

which can provide a new effective approach to deal with this problem. In this paper a strong time

efficient cryptosystem is proposed. A novel approach in cellular automata is used in which the

plain text is arranged into layers of binary digital planes and then encrypted based on the rule set

of Automata. This scheme exhibits strength by inheriting the naive properties of Cellular

Automata, unpredictability, homogeneity, parallelism and sensitivity to the initial conditions.

The proposed scheme is analyzed for time efficiency and observed to possess better confusion

and diffusion properties when compared with Advanced Encryption Standard (AES). This

scheme has advantage, that it has variable key size and block size; depending on the size of the

plain text chosen. Simulation results show that the proposed system is on par with AES.

(8.) Hybrid Algorithm with DSA, RSA and MD5 Encryption Algorithm for

wireless devices.

Khushdeep Kaur, Er.Seema / International Journal of Engineering Research and

Applications (IJERA) ISSN: 2248-9622 Vol. 2, Issue 5, September- October 2012

Abstract:- Security is the one of the biggest concern in different type of networks. Due to

diversify nature of network, security breaching became a common issue in different form of

networks. Solutions for network security comes with concepts like cryptography in which

distribution of keys have been done. If you want to send data to some other persons through

network then if you truly want to keep the information secret, you need to agree on some sort of

key that you and he can use to encode/decode messages. But you don’t want to keep using the

same key, or you will make it easier and easier for others to crack your cipher. As Encryption

became a vital tool for preventing the threats to data sharing and tool to preserve the data

integrity so we are focusing on security enhancing by enhancing the level of encryption in

network. This study’s main goal is to reflect the importance of security in network and provide

the better encryption technique for currently implemented encryption techniques. In our research

6

we have proposed a combination of DSA, RSA and MD5as a hybrid link for wireless devices.

We have also considered case study for Manet networks so that we can suggest the applications

of proposed algorithm.

(9.) IT Security Review: Privacy, Protection, Access Control, Assurance and

System Security

International Journal of Multimedia and Ubiquitous Engineering Vol. 2, No. 2, April, 2007

Abstract:-Computer security is a branch of technology known as information security as applied

to computers and networks. The objective of computer security includes protection of

information and property from theft, corruption, or natural disaster, while allowing the

information and property to remain accessible and productive to its intended users. There are

many elements that are disrupting computer security. In this paper, we review the current

strategies and methods related to IT security.

(10.) AN OVERVIEW OF THE SECURITY CONCERNS IN ENTERPRISE

CLOUD COMPUTING

International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.1,

January 2011

Abstract: - Deploying cloud computing in an enterprise infrastructure bring significant security

concerns. Successful implementation of cloud computing in an enterprise requires proper

planning and understanding of emerging risks, threats, vulnerabilities, and possible

countermeasures. We believe enterprise should analyze the company/organization security risks,

threats, and available countermeasures before adopting this technology. In this paper, we have

discussed security risks and concerns in cloud computing and enlightened steps that an enterprise

can take to reduce security risks and protect their resources. We have also explained cloud

computing strengths/benefits, weaknesses, and applicable areas in information risk management.

(11.) Performance Evaluation of Java File Security System (JFSS)

Pelagia Research Library Advances in Applied Science Research, 2011, 2 (6):254-260

7

Abstract: - Security is a critical issue of the modern file and storage systems, it is imperative to

protect the stored data from unauthorized access. We have developed a file security system

named as Java File Security System (JFSS) [1] that guarantee the security to files on the demand

of all users. It has been developed on Java platform. Java has been used as programming

language in order to provide portability, but it enforces some performance limitations. It is

developed in FUSE (File System in User space) [3]. Many efforts have been done over the years

for developing file systems in user space (FUSE). All have their own merits and demerits. In this

paper we have evaluated the performance of Java File Security System (JFSS). Over and over

again, the increased security comes at the expense of user convenience, performance or

compatibility with other systems. JFSS system performance evaluations show that encryption

overheads are modest as compared to security.

(12.) Cifrar FS – Encrypted File System Using FUSE

Anagha Kulkarni & Vandana Inamdar

Abstract: - This paper describes a file system that enables transparent encryption and

decryption of files by using advanced, standard cryptographic algorithm, Data Encryption

Standard (DES). Any individual, including super user, or program, that doesn't possess the

appropriate passphrase for the directory which contains encrypted files cannot read the encrypted

data. Encrypted files can be protected even from those who gain physical possession of the

computer on which files reside. ‘CifrarFS’, an encrypted file system using ‘File system in USEr

space (FUSE)’ maintains all the files in a specific directory in an encrypted form and decrypts

them on demand. It encodes the file name while storing but decodes it while viewed from the

mount point. We propose an idea of watermark in every encrypted file that is validated before

decryption and also log all the operations on ‘CifrarFS’. It is a stackable file system that operates

on top of ext3. It does not need root privileges.

(13.) Ivy: A Read/Write Peer-to-Peer File System

Athicha Muthitacharoen, Robert Morris, Thomer M. Gil, and Benjie Chen

Abstract: - Ivy is a multi-user read/write peer-to-peer file system. Ivy has no centralized or

dedicated components, and it provides useful integrity properties without requiring users to fully

trust either the underlying peer-to-peer storage system or the other users of the file system. An

8

Ivy file system consists solely of a set of logs, one log per participant. Ivy stores its logs in the

DHash distributed hash table. Each participant finds data by consulting all logs, but performs

modifications by appending only to its own log. This arrangement allows Ivy to maintain meta-

data consistency without locking. Ivy users can choose which other logs to trust, an appropriate

arrangement in a semi-open peer-to-peer system. Ivy presents applications with a conventional

file system interface. When the underlying network is fully connected, Ivy provides NFS-like

semantics, such as close-to-open consistency. Ivy detects conflicting modifications made during

a partition, and provides relevant version information to application-specific conflict resolvers.

Performance measurements on a wide-area network show that Ivy is two to three times slower

than NFS.

(14.) Java File Security System (JFSS)

Global Journal of Computer Science and Technology Network, Web& Security Volume 12

Issue 10 Version 1.0 May 2012 Type: Double Blind Peer Reviewed International Research

Journal Publisher: Global Journals Inc. (USA) Online ISSN: 0975-4172 & Print ISSN:

0975-4350

Abstract: - Nowadays, storage systems are increasingly subject to attacks. So the security

system is quickly becoming mandatory feature of the data storage systems. For the security

purpose we are always dependent on the cryptography techniques. These techniques take the

performance costs for the complete system. So we have proposed the Java File Security System

(JFSS). It is based on the on-demand computing system concept, because of the performance

issues. It is a greater comeback for the system performance. The concept is used because; we are

not always in needing the secure the files, but the selected one only. In this paper, we have

designed a file security system on Windows XP. When we use the operating system, we have to

secure some important data. The date is always stored in the files, so we secure the important

files well. To check the proposed functionality, we experiment the above said system on the

Windows operating system. With these experiments, we have found that the proposed system is

working properly, according to the needs of the users.

(15.) A Windows Based Java File Security System (JFSS)

9

Brijender Kahanwal, Tejinder Pal Singh, 3Dr. R. K. Tuteja IJCST Vol. 2, Issue 3,

September 2011I S SN : 2229 - 4333 ( P r i n t ) | ISSN : 0 9 7 6 - 8 4 9 1

Abstract:-Nowadays, everyone is greatly dependent on computers and networks. It may be a

naïve user or sophisticated one or any type of organization, everyone relies on them. So the

security of computer based data or information is important task for the whole world. For the

same we must pay a kind attention. The files which lies in the system or which are in the way or

the networks must be secure from any type of attack by the intruders. In this paper we gave a

brief analysis of the existing file security systems and view the problems with them. We have

designed a type of virtual file system named Java File Security System (JFSS) for the Windows

operating system. It is a stackable file system in the user space. We added the layer upon the

basic file system which is a transparent encryption and decryption layer. It provides strong

security to the files of any type on the demand and can be mounted at any point in the system.

(16.) Announcing the ADVANCED ENCRYPTION STANDARD (AES)

Federal Information Processing Standards Publication 197 November 26, 2001

Abstract: - This standard specifies the Rijndael algorithm, a symmetric block cipher that can

process data blocks of 128 bits, using cipher keys with lengths of 128, 192, and 256 bits.

Rijndael was designed to handle additional block sizes and key lengths; however they are not

adopted in this standard. Throughout the remainder of this standard, the algorithm specified

herein will be referred to as “the AES algorithm.” The algorithm may be used with the three

different key lengths indicated above, and therefore these different “flavors” may be referred to

as “AES-128”, “AES-192”, and “AES-256.

(17.) Performance Comparison of the AES Submissions

Bruce Schneier John Kelsey Doug Whiting David Wagner Chris Hall Niels Ferguson kVersion 2.0 February 1, 1999

Abstract: - The principal goal guiding the design of any encryption algorithm must be security.

In the real world, however, performance and implementation cost are always of concern. Making

the assumption that the major AES candidates are secure (a big assumption, to be sure, but one

10

that is best dealt with in another paper), the most important properties the algorithms will be

judged on will be the performance and cost of implementation. In this paper, we will completely

ignore security. Instead, we will compare the performance of the leading AES candidates on a

variety of common platforms: 32-bit CPUs, 64-bit CPUs, cheap 8-bit smart-card CPUs, and

dedicated hardware. For each platform, we first make some general observations on the

performance issues for each of the platforms, then compare the various AES candidates, and

finally look at the specific issues for each of the candidates.

(18.) Biclique Cryptanalysis of the Full AES

Andrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger

Abstract:- Since Rijndael was chosen as the Advanced Encryption Standard, improving upon 7-

round attacks on the 128-bit key variant or upon 8-round attacks on the 192/256-bit key variants

has been one of the most difficult challenges in the cryptanalysis of block ciphers for more than a

decade. In this paper we present a novel technique of block cipher cryptanalysis with bicliques,

which leads to the following results:

– The first key recovery attack on the full AES-128 with computational complexity 2126.1.

– The first key recovery attack on the full AES-192 with computational complexity 2189.7.

– The first key recovery attack on the full AES-256 with computational complexity 2254.4.

– Attacks with lower complexity on the reduced-round versions of AES not considered before,

including an attack on 8-round AES-128 with complexity 2124.9. Preimage attacks on

compression functions based on the full AES versions. In contrast to most shortcut attacks on

AES variants, we do not need to assume related-keys. Most of our attacks only need a very small

part of the codebook and have small memory requirements, and are practically verified to a large

extent. As our attacks are of high computational complexity, they do not threaten the practical

use of AES in any way.

(19.) A Newer User Authentication, File encryption and Distributed Server

Based Cloud computing security architecture

(IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 3, No.

10, 2012

11

Abstract: - The cloud computing platform gives people the opportunity for sharing resources,

services and information among the people of the whole world. In private cloud system,

information is shared among the persons who are in that cloud. For this, security or personal

information hiding process hampers. In this paper we have proposed new security architecture

for cloud computing platform. This ensures secure communication system and hiding

information from others. AES based file encryption system and asynchronous key system for

exchanging information or data is included in this model. This structure can be easily applied

with main cloud computing features, e.g. PaaS, SaaS and IaaS. This model also includes onetime

password system for user authentication process. Our work mainly deals with the security system

of the whole cloud computing platform.

12

3. Materials & Methods

3.1 Parallel Technique Available:-For encrypt and decrypt the file multiple technique

available they are following-

1. MD5

2. DES

3. Blowfish

4. RSA

MD5:- The MD5 message-digest algorithm is a widely used cryptographic hash function

producing a 128-bit (16-byte) hash value, typically expressed as a 32 digit hexadecimal number.

MD5 has been utilized in a wide variety of security applications. It is also commonly used to

check data integrity.

MD5 was designed by Ron Rivest in 1991 to replace an earlier hash function, MD4.

In 1996 a flaw was found in the design of MD5. While it was not a clearly fatal weakness,

cryptographers began recommending the use of other algorithms, such as SHA-1—which has

since been found to be vulnerable as well. In 2004 it was shown that MD5 is not collision

resistant; as such, MD5 is not suitable for applications that rely on this property like SSL

certificates or digital signatures. Also in 2004 more serious flaws were discovered in MD5,

making further use of the algorithm for security purposes questionable — specifically, a group of

researchers described how to create a pair of files that share the same MD5 checksum. Further

advances were made in breaking MD5 in 2005, 2006, and 2007. In December 2008, a group of

researchers used this technique to fake SSL certificate validity, and CMU Software Engineering

Institute now says that MD5 "should be considered cryptographically broken and unsuitable for

further use", most U.S. government applications now require the SHA-2 family of hash

functions.

DES: - The Data Encryption Standard (DES) is a previously predominant symmetric-key

algorithm for the encryption of electronic data. It was highly influential in the advancement of

modern cryptography in the academic world. Developed in the early 1970s at IBM and based on

13

an earlier design by Horst Feistel, the algorithm was submitted to the National Bureau of

Standards (NBS) following the agency's invitation to propose a candidate for the protection of

sensitive, unclassified electronic government data. In 1976, after consultation with the National

Security Agency (NSA), the NBS eventually selected a slightly modified version, which was

published as an official Federal Information Processing Standard (FIPS) for the United States in

1977. The publication of an NSA-approved encryption standard simultaneously resulted in its

quick international adoption and widespread academic scrutiny. Controversies arose out of

classified design elements, a relatively short key length of the symmetric-key block cipher

design, and the involvement of the NSA, nourishing suspicions about a backdoor. The intense

academic scrutiny the algorithm received over time led to the modern understanding of block

ciphers and their cryptanalysis.

DES is now considered to be insecure for many applications. This is chiefly due to the 56-bit key

size being too small; in January, 1999, distributed.net and the Electronic Frontier Foundation

collaborated to publicly break a DES key in 22 hours and 15 minutes (see chronology). There are

also some analytical results which demonstrate theoretical weaknesses in the cipher, although

they are infeasible to mount in practice. The algorithm is believed to be practically secure in the

form of Triple DES, although there are theoretical attacks. In recent years, the cipher has been

superseded by the Advanced Encryption Standard (AES). Furthermore, DES has been withdrawn

as a standard by the National Institute of Standards and Technology.

Blowfish: - Blowfish is a symmetric-key block cipher, designed in 1993 by Bruce Schneier and

included in a large number of cipher suites and encryption products. Blowfish provides a good

encryption rate in software and no effective cryptanalysis of it has been found to date. However,

the Advanced Encryption Standard now receives more attention.

Schneier designed Blowfish as a general-purpose algorithm, intended as an alternative to the

aging DES and free of the problems and constraints associated with other algorithms. At the time

Blowfish was released, many other designs were proprietary, encumbered by patents or were

commercial/government secrets. Schneier has stated that, "Blowfish is unpatented, and will

remain so in all countries. The algorithm is hereby placed in the public domain, and can be freely

used by anyone.

14

RSA: - RSA is a cryptosystem, which is known as one of the first practicable public-key

cryptosystems and is yet widely used for secure data transmission. In such a cryptosystem,

the encryption key is public and differs from the decryption key which is kept secret. In RSA,

this asymmetry is based on the practical difficulty of factoring the product of two large prime

numbers, the factoring problem. RSA stands for Ron Rivest, Adi Shamir and Leonard Adleman,

who first publicly described the algorithm in 1977. Clifford Cocks, an English mathematician,

had developed an equivalent system in 1973, but it wasn't declassified until 1997.

A user of RSA creates and then publishes the product of two large prime numbers, along with an

auxiliary value, as their public key. The prime factors must be kept secret. Anyone can use the

public key to encrypt a message, but with currently published methods, if the public key is large

enough, only someone with knowledge of the prime factors can feasibly decode the message.

Whether breaking RSA encryption is as hard as factoring is an open question known as the RSA

problem.

3.2 Technology Used: - So many approaches are applied to solve the problem of

information security. The approaches may be the user space or kernel space or the combined one.

The kernel approach is sensitive to implement because any small mistake done by the

programmer can harm the overall functioning of the system. The user space one is secure and

compatible with the system and the independent one and comfortable in the implementation and

are the highly portable if we are using the best portable platform like Java.

Java: - Java is a computer programming language that is concurrent, class-based, object-

oriented, and specifically designed to have as few implementation dependencies as possible. It is

intended to let application developers "write once, run anywhere" (WORA), meaning that code

that runs on one platform does not need to be recompiled to run on another. Java applications are

typically compiled to byte code (class file) that can run on any Java virtual machine (JVM)

regardless of computer architecture. Java is, as of 2012, one of the most popular programming

languages in use, particularly for client-server web applications, with a reported 9 million

developers. Java was originally developed by James Gosling at Sun Microsystems (which has

since merged into Oracle Corporation) and released in 1995 as a core component of Sun

15

Microsystems' Java platform. The language derives much of its syntax from C and C++, but it

has fewer low-level facilities than either of them.

The original and reference implementation Java compilers, virtual machines, and class libraries

were developed by Sun from 1991 and first released in 1995. As of May 2007, in compliance

with the specifications of the Java Community Process, Sun relicensed most of its Java

technologies under the GNU General Public License. Others have also developed alternative

implementations of these Sun technologies, such as the GNU Compiler for Java (byte code

compiler), GNU Class path (standard libraries), and IcedTea-Web (browser plug-in for applets).

One characteristic of Java is portability, which means that computer programs written in the

Java language must run similarly on any hardware/operating-system platform. This is achieved

by compiling the Java language code to an intermediate representation called Java bytecode,

instead of directly to platform-specific machine code. Java bytecode instructions are analogous

to machine code, but they are intended to be interpreted by a virtual machine (VM) written

specifically for the host hardware. End-users commonly use a Java Runtime Environment (JRE)

installed on their own machine for standalone Java applications, or in a Web browser for Java

applets.

Standardized libraries provide a generic way to access host-specific features such as graphics,

threading, and networking.

A major benefit of using bytecode is porting. However, the overhead of interpretation means that

interpreted programs almost always run more slowly than programs compiled to native

executables would. Just-in-Time (JIT) compilers were introduced from an early stage that

compiles bytecodes to machine code during runtime.

Programs written in Java have a reputation for being slower and requiring more memory than

those written in C++. However, Java programs' execution speed improved significantly with the

introduction of Just-in-time compilation in 1997/1998 for Java 1.1, the addition of language

features supporting better code analysis (such as inner classes, the String Builder class, optional

assertions, etc.), and optimizations in the Java virtual machine itself, such as Hotspot becoming

the default for Sun's JVM in 2000.

16

Some platforms offer direct hardware support for Java; there are microcontrollers that can run

Java in hardware instead of a software Java virtual machine, and ARM based processors can

have hardware support for executing Java bytecode through their Jazelle option.

Java uses an automatic garbage collector to manage memory in the object lifecycle. The

programmer determines when objects are created, and the Java runtime is responsible for

recovering the memory once objects are no longer in use. Once no references to an object

remain, the unreachable memory becomes eligible to be freed automatically by the garbage

collector. Something similar to a memory leak may still occur if a programmer's code holds a

reference to an object that is no longer needed, typically when objects that are no longer needed

are stored in containers that are still in use. If methods for a nonexistent object are called, a "null

pointer exception" is thrown.

One of the ideas behind Java's automatic memory management model is that programmers can

be spared the burden of having to perform manual memory management. In some languages,

memory for the creation of objects is implicitly allocated on the stack, or explicitly allocated and

deallocated from the heap. In the latter case the responsibility of managing memory resides with

the programmer. If the program does not deallocate an object, a memory leak occurs. If the

program attempts to access or deallocate memory that has already been deallocated, the result is

undefined and difficult to predict, and the program is likely to become unstable and/or crash.

This can be partially remedied by the use of smart pointers, but these add overhead and

complexity. Note that garbage collection does not prevent "logical" memory leaks, i.e. those

where the memory is still referenced but never used.

Garbage collection may happen at any time. Ideally, it will occur when a program is idle. It is

guaranteed to be triggered if there is insufficient free memory on the heap to allocate a new

object; this can cause a program to stall momentarily. Explicit memory management is not

possible in Java.

Java does not support C/C++ style pointer arithmetic, where object addresses and unsigned

integers (usually long integers) can be used interchangeably. This allows the garbage collector to

relocate referenced objects and ensures type safety and security.

17

JDBC(Java Database Connectivity):- JDBC is a Java-based data access technology

(Java Standard Edition platform) from Oracle Corporation. This technology is an API for the

Java programming language that defines how a client may access a database. It provides methods

for querying and updating data in a database. JDBC is oriented towards relational databases. A

JDBC-to-ODBC bridge enables connections to any ODBC-accessible data source in the JVM

host environment.

JDBC allows multiple implementations to exist and be used by the same application. The API

provides a mechanism for dynamically loading the correct Java packages and registering them

with the JDBC Driver Manager. The Driver Manager is used as a connection factory for creating

JDBC connections.

JDBC connections support creating and executing statements. These may be update statements

such as SQL's CREATE, INSERT, UPDATE and DELETE, or they may be query statements

such as SELECT. Additionally, stored procedures may be invoked through a JDBC connection.

Oracle: - The Oracle Database (commonly referred to as Oracle RDBMS or simply as Oracle)

is an object-relational database management system produced and marketed by Oracle

Corporation.

An Oracle database system—identified by an alphanumeric system identifier or SID—comprises

at least one instance of the application, along with data storage. An instance—identified

persistently by an instantiation number (or activation id:

SYS.V_$DATABASE.ACTIVATION#)—comprises a set of operating-system processes and

memory-structures that interact with the storage. (Typical processes include PMON (the process

monitor) and SMON (the system monitor).) Oracle documentation can refer to an active database

instance as a "shared memory realm".

Users of Oracle databases refer to the server-side memory-structure as the SGA (System Global

Area). The SGA typically holds cache information such as data-buffers, SQL commands, and

user information. In addition to storage, the database consists of online redo logs (or logs), which

hold transactional history. Processes can in turn archive the online redo logs into archive logs

18

(offline redo logs), which provide the basis (if necessary) for data recovery and for the physical-

standby forms of data replication using Oracle Data Guard.

If the Oracle database administrator has implemented Oracle RAC (Real Application Clusters),

then multiple instances, usually on different servers, attach to a central storage array. This

scenario offers advantages such as better performance, scalability and redundancy. However,

support becomes more complex, and many sites do not use RAC. In version 10g, grid computing

introduced shared resources where an instance can use (for example) CPU resources from

another node (computer) in the grid.

The Oracle DBMS can store and execute stored procedures and functions within itself. PL/SQL

(Oracle Corporation's proprietary procedural extension to SQL), or the object-oriented language

Java can invoke such code objects and/or provide the programming structures for writing them.

The Oracle RDBMS stores data logically in the form of table spaces and physically in the form

of data files ("data files"). Table spaces can contain various types of memory segments, such as

Data Segments, Index Segments, etc. Segments in turn comprise one or more extents. Extents

comprise groups of contiguous data blocks. Data blocks from the basic units of data storage.

A DBA can impose maximum quotas on storage per user within each table space.

Newer versions of the database can also include a partitioning feature: this allows the

partitioning of tables based on different set of keys. Specific partitions can then be easily added

or dropped to help manage large data sets.

Oracle database management tracks its computer data storage with the help of information stored

in the SYSTEM table space. The SYSTEM table space contains the data dictionary and often (by

default) indexes and clusters. A data dictionary consists of a special collection of tables that

contains information about all user-objects in the database. Since version 8i, the Oracle RDBMS

also supports "locally managed" table spaces which can store space management information in

bitmaps in their own headers rather than in the SYSTEM table space (as happens with the default

"dictionary-managed" table spaces). Version 10g and later introduced the SYSAUX table space

19

which contains some of the tables formerly stored in the SYSTEM table space, along with objects

for other tools such as OEM which previously required its own table space.

20

4. Plan Of Work

4.1 Problem Definition: – The field covers all the processes and mechanisms by which

computer-based equipment, information and services are protected from unintended or

unauthorized access, change or destruction

In this the main problem is that anybody can read the file due to this the security is being broken.

If a file sends to another user upon internet then unauthorized user can access or hack to that file

then he can easily read to them.

Feasibility Study:-Feasibility issue is a process to check possibilities of system development.

It is a method to check various different requirements and availability of financial & technical

resource. Before starting the process various parameter must be checked like:

Estimated finance is there or not?

The man power to operate the work is there or not?

The man power trained or not?

All the above conditional must be satisfied then we can start the work. This is why in depth

analysis of feasibility is carried out. There are three ways for check the feasibility:

1) Economical feasibility.

2) Technical feasibility.

3) Operational feasibility

Economical Feasibility :-Economical feasibility, analysis of coast of the is carried out.

The system should be only developed if it is going to give returned the current manual

system user can get the price only by purchasing the news papers. In addition if he/she

wants to see archive of particular quality then he has to refer to all the old newspapers.

For research report he has to buy another magazine so instead of buying number of

magazine user has to just go online and with a single click he can get whatever

information we wants so our project of online share news passes the test of economical

feasibility.

Technical Feasibility : - It is basically used to see existing computer, hardware and

software etc, weather it is efficient or additional equipment are required? Minimum

system requirement is such that it can be affordable by of the user who is having

21

computer. All the user requires is computable java framework install so our system fully

technical feasible.

Operational Feasibility :-once the system is design there must be trained and expert

operator. If there not trained they should given training according to the needs of the

system. From the user’s perspective our system fully operational feasible has it just

requires some knowledge on computer operators only need at daily prices of various

equilities and there are enough validation available so operator does not require any

special technical knowledge. So our system also passes the test of operational feasibility.

4.2 Solution about Problem: - The Advanced Encryption Standard (AES) is a

specification for the encryption of electronic data established by the U.S. National Institute of

Standards and Technology (NIST) in 2001. It is based on the Rijndael cipher developed by two

Belgian cryptographers, Joan Daemen and Vincent Rijmen, who submitted a proposal to NIST

during the AES selection process. Rijndael is a family of ciphers with different key and block

sizes. For AES, NIST selected three members of the Rijndael family, each with a block size of

128 bits, but three different key lengths: 128, 192 and 256 bits.

AES has been adopted by the U.S. government and is now used worldwide. It supersedes the

Data Encryption Standard (DES), which was published in 1977. The algorithm described by

AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and

decrypting the data.

In the United States, AES was announced by the NIST as U.S. FIPS PUB 197 (FIPS 197) on

November 26, 2001. This announcement followed a five-year standardization process in which

fifteen competing designs were presented and evaluated, before the Rijndael cipher was selected

as the most suitable (see Advanced Encryption Standard process for more details). It became

effective as a federal government standard on May 26, 2002 after approval by the Secretary of

Commerce. AES is included in the ISO/IEC 18033-3 standard. AES is available in many

different encryption packages, and is the first publicly accessible and open cipher approved by

the National Security Agency (NSA) for top secret information when used in an NSA approved

cryptographic module (Security of AES).

22

AES is based on a design principle known as a substitution-permutation network, and is fast in

both software and hardware. Unlike its predecessor DES, AES does not use a Feistel network.

AES is a variant of Rijndael which has a fixed block size of 128 bits, and a key size of 128, 192,

or 256 bits. By contrast, the Rijndael specification per se is specified with block and key sizes

that may be any multiple of 32 bits, both with a minimum of 128 and a maximum of 256 bits.

AES operates on a 4×4 column-major order matrix of bytes, termed the state, although some

versions of Rijndael have a larger block size and have additional columns in the state. Most AES

calculations are done in a special finite field.

The key size used for an AES cipher specifies the number of repetitions of transformation rounds

that convert the input, called the plaintext, into the final output, called the ciphertext. The

number of cycles of repetition are as follows:

10 cycles of repetition for 128-bit keys.

12 cycles of repetition for 192-bit keys.

14 cycles of repetition for 256-bit keys.

Each round consists of several processing steps, each containing four similar but different stages,

including one that depends on the encryption key itself. A set of reverse rounds are applied to

transform cipher text back into the original plaintext using the same encryption key.

Description of Algorithm: - KeyExpansion—round keys are derived from the cipher key

using Rijndael's key schedule. AES requires a separate 128-bit round key block for each

round plus one more.

1. InitialRound

1. AddRoundKey—each byte of the state is combined with a block of the round key

using bitwise XOR.

2. Rounds

1. SubBytes—a non-linear substitution step where each byte is replaced with another

according to a lookup table.

23

2. ShiftRows—a transposition step where each row of the state is shifted cyclically a

certain number of steps.

3. MixColumns—a mixing operation which operates on the columns of the state,

combining the four bytes in each column.

4. AddRoundKey

3. Final Round (no MixColumns)

1. SubBytes

2. ShiftRows

3. AddRoundKey.

The SubBytes step

In the SubBytes step, each byte in the state is replaced with its entry in a fixed 8-bit lookup table,

S ; b ij = S(a ij) .

In the SubBytes step, each byte in the state matrix is replaced with a SubByte using

an 8-bit substitution box, the Rijndael S-box. This operation provides the non-linearity in the

cipher. The S-box used is derived from the multiplicative inverse over GF(28), known to have

good non-linearity properties. To avoid attacks based on simple algebraic properties, the S-box is

constructed by combining the inverse function with an invertible affine transformation. The S-

24

box is also chosen to avoid any fixed points (and so is a derangement), i.e., , and

also any opposite fixed points, i.e., .

The ShiftRows step :-

In the ShiftRows step, bytes in each row of the state are shifted cyclically to the left. The number of

places each byte is shifted differs for each row.

The ShiftRows step operates on the rows of the state; it cyclically shifts the bytes in each row by

a certain offset. For AES, the first row is left unchanged. Each byte of the second row is shifted

one to the left. Similarly, the third and fourth rows are shifted by offsets of two and three

respectively. For blocks of sizes 128 bits and 192 bits, the shifting pattern is the same. Row n is

shifted left circular by n-1 bytes. In this way, each column of the output state of the ShiftRows

step is composed of bytes from each column of the input state. (Rijndael variants with a larger

block size have slightly different offsets). For a 256-bit block, the first row is unchanged and the

shifting for the second, third and fourth row is 1 byte, 3 bytes and 4 bytes respectively—this

change only applies for the Rijndael cipher when used with a 256-bit block, as AES does not use

256-bit blocks. The importance of this step is to avoid the columns being linearly independent, in

which case, AES degenerates into four independent block ciphers.

25

The MixColumns step :-

In the MixColumns step, each column of the state is multiplied with a fixed polynomial c(x) .

In the MixColumns step, the four bytes of each column of the state are combined using an

invertible linear transformation. The MixColumns function takes four bytes as input and outputs

four bytes, where each input byte affects all four output bytes. Together with ShiftRows,

MixColumns provides diffusion in the cipher.

During this operation, each column is multiplied by the known matrix that for the 128-bit key is:

The multiplication operation is defined as: multiplication by 1 means no change, multiplication

by 2 means shifting to the left, and multiplication by 3 means shifting to the left and then

performing XOR with the initial unshifted value. After shifting, a conditional XOR with 0x1B

should be performed if the shifted value is larger than 0xFF.

In more general sense, each column is treated as a polynomial over GF(28) and is then multiplied

modulo x4+1 with a fixed polynomial c(x) = 0x03 · x3 + x2 + x + 0x02. The coefficients are

displayed in their hexadecimal equivalent of the binary representation of bit polynomials from

GF (2) [x]. The MixColumns step can also be viewed as a multiplication by a particular MDS

matrix in a finite field. This process is described further in the article Rijndael mix columns.

26

The AddRoundKey step :-

In the AddRoundKey step, each byte of the state is combined with a byte of the round subkey using the

XOR operation ( ⊕ ).

In the AddRoundKey step, the subkey is combined with the state. For each round, a subkey is

derived from the main key using Rijndael's key schedule; each subkey is the same size as the

state. The subkey is added by combining each byte of the state with the corresponding byte of the

subkey using bitwise XOR.

27

4.3 Software Requirement Specification

4.3.1. Hardware and Software Requirement:-

Software:-The Software used in file security system are as follows:-

Operating System

Windows NT/2000 (Client/Server)

Front-end: Java JDK 1.4, J2Sdk 1.1.4, Swings.

Net-Beans 7.3.1

Hardware:-The hardware used are as follows:-

Pentium IV Processor with 1.9 GHz Clock Speed

512 MB RAM, 20 GB HDD, 32 Bit PCI Ethernet Card

28

4.3.2. Data Flow Chart:-

29

4.3.3. 0Level Data Flow Diagram:-

Input file output file from

For encrypt encryption process

Fig: - 0Level DFD

30

Symmetric key Storage for decrpt fileMemory or Data Base for storage the file

5. CONCLUSION:-

We have contributed in the designing and development of a user space cryptographic file system.

We have balanced the design goals like security, performance, convenient and in dependability

of the system. We have achieved the high security by including the support of the Rijndeal

Algorithm (AES) and we have saved the keys on the portable smart cards for the documents

which are important.

The performance is achieved with the help of on-demand computing concept which is that we

are not going to encrypt all the files on the computer system, but we are going to encrypt only the

important documents only. It saves the performance overhead of the system.

The system is very convenient to the users as described in the study done in the reference. And

the in dependability is achieved with the help of the Java technology which is highly portable. So

the complete system is a highly independent of the configuration.

1. Project Goal

The goal of this project was to create a system to secure the file from unauthorized user.

2. Further Work

There are so many implementations in the literature review and everyone has their advantages

and disadvantages with them. Best Crypt, is designed as a loopback device driver which creates

a raw block device with a single file. The single file acts as a container (the backing store). There

is an associated cipher key for each container. Cryptographic File System (CFS) [8], provides a

transparent UNIX file system interface to directory hierarchies that are automatically encrypted

with user supplied keys. It is implemented as a user level NFS server. User needs to create an

encrypted directory and assign its key which is required for cryptographic transformations, when

the directory is created for the first time. Transparent Cryptographic File System (TCFS), works

as a layer under the Virtual File System (VFS) layer, making it completely transparent to the

application.

31

6. REFERENCES:-

1. NVIDIA. High Performance Computing GPU [EB/OL].(2010-01-09).

http://www.nvidia.cn/object/tesla_computing_solutions_cn.html.

2. Niels Provos and David Mazi`eres. A future-adaptable password scheme. In Proceedings

of the 1999 USENIX, Freenix track (the on-line version), Monterey, CA, June 1999.

USENIX. from http: // www.usenix .org/events/ unsenix99/ provous.html.

3. Sara Tedmori, Nijad Al-Najdawi ” Lossless Image Cryptography Algorithm Based on

Discrete Cosine Transform” IAJIT First Online Publication vol.3,2011.

4. Al-Ataby A. and Al-Naima F., “A Modified High Capacity Image Steganography

Technique Based on Wavelet Transform,” The International ArabJournal of Information

Technology, vol. 7, no. 4,pp. 358-364, 2010.

5. Dariusz Stanislawek , “Free Software copyright 1997 - 2006 ”

http://members.ozemail.com.au/~nulifetv/freezip/freeware

6. Vivek Thakur , “NeekProtect”, http://neekprotect.sourceforge.net , 2006.

7. Brijender Kahanwal, T. P. Singh, and R. K. Tuteja. ―Performance Evaluation of Java

File Security System (JFSS)‖, Pelagia Research Library—Advances in Applied Science

Research(ISSN: 0976-9610),Volume 2, Issue 6, PP- 254-260, 2011.

8. Brijender Kahanwal, T. P. Singh, and R. K. Tuteja. ―Towards the Framework of the File

Systems Performance Evaluation Techniques and the Taxonomy of Replay Traces‖,

International Journal of Advanced Research in Computer Science (IJARCS ISSN: 0976-

5697), Vol.2, Issue 6, pp224-229, 2011.

9. Afaf M. Ali Al-Neaimi, Rehab F. Hassan, New Approach for Modifying Blowfish

Algorithm Using 4-States keys, The 5th International Conference on Information

Technology, 2011.

10. Diaa Salama Abdul Elminaam, Hatem Abdul Kader and Mohie Mohamed Hadhoud,

Performance Evaluation of Symmetric Encryption Algorithms, International Journal of

Computer Science and Network Security, VOL.8 No.12, pp. 280-286, December 2008.

11. F. Maleki, A. Bijari, A. Mohades and M. E. Shiri,―Rule Discovery for Pseudorandom

Number Generator Based on Cellular Automata‖, IEEE, pp.739-744,2010.

32

12. Samir Kumar Bandyopadhyay and Somaditya Roy, ―Cryptosystem for Information

Security‖, International Journal on Computer Science and Engineering, pp.1419-1422,

2010.

13. U. Somani, K. Lakhani, M. Mundra “Implementing Digital Signature with RSA

Encryption Algorithm to Enhance the Data Security of Cloud in Cloud Computing”. 1st

International Conference on Parallel, Distributed and Grid Computing (PDGC - 2010)

978-1-4244-7674-9/10/©2010 IEEE.

14. FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION,“ Digital

Signature Standard (DSS)”, june 2009, Information Technology Laboratory National

Institute of Standards and Technology, Gaithersburg, MD 20899-8900.

15. Sung Ki Kim, Byoung Joon Min, Jin Chul Jung, and Seung Hwan Yoo, "Cooperative

Security Management Enhancing Survivability Against DDoS Attacks", O. Gervasi et al.

(Eds.): ICCSA 2005, LNCS 3481.

16. Hyang-Chang Choi, Yong-Hoon Yi, Jae-Hyun Seo, Bong-Nam Noh, and Hyung-Hyo

Lee, "A Privacy Protection Model in ID Management Using Access Control", O. Gervasi

et al. (Eds.): ICCSA 2005, LNCS 3481.

17. Armbrust, M. Fox, A, Griffith, R. Joseph, D. A. Katz, R. Konwinski, A. et al. (2009,

February). Above the clouds: A Berkeley View of cloud computing. Retrieved on March

10, 2010 from http://d1smfj0g31qzek.cloudfront.net/abovetheclouds.pdf

18. Brandl D. (2010, January). Don't cloud your compliance data. Control Engineering,

57(1), 23. CloudTweeks. (2010, January). Plugging into the cloud. Retrieved from

http://www.cloudtweaks.com/cloud-diagrams.

19. HweeHwa Pang, Kian-Lee Tan and Xuan Zhou. “StegFS: Steganographic F System”,

IEEE International Conference on Data Engineering, Mar 2003.

20. S.Quinlan and S. Dorward. Venti: a new approach to archival storage. In Proc. of

the Conference on File and Storage Technologies (FAST), January 2002.

21. B. Zhao, J. Kubiatowicz, and A. Joseph. Tapestry: An infrastructure for fault-tolerant

wide-area location and routing. Technical Report UCB/CSD-01-1141, Computer Science

Division, U. C. Berkeley, April 2001.

22. B. Kahanwal, and T. P. Singh, “Towards the Framework of Information Security”,

Journal of Current Engineering Research (2012), Vol. 2, No. 2, pp. 31-34.

33

23. B. Kahanwal, T. P. Singh, and R. K. Tuteja, “Java File Security System (JFSS) Evaluation

Using Software Engineering Approaches”, International Journal of Advanced Research in

Computer Science & Software Engineering (2012), Vol. 2, No. 1, pp. 132-137.

24. AES page available via http://www.nist.gov/CryptoToolkit

25. R. Rivest, M. Robshaw, R. Sidney, and Y.L. Yin, \The RC6 Block Cipher," NIST AES Proposal,

jun 98.

34