INTRODUCTION

1. INTRODUCTION
1.1 INTRODUCTION TO CLOUD COMPUTING

Cloud computing is the use of computing resources (hardware and

software) that are delivered as a service over a network (typically the Internet). The
name comes from the common use of a cloud-shaped symbol as an abstraction for the
complex infrastructure it contains in system diagrams. Cloud computing entrusts
remote services with a user's data, software and computation. Cloud computing
consists of hardware and software resources made available on the Internet as
managed third-party services. These services typically provide access to advanced
software applications and high-end networks of server computers.

Structure of cloud computing

How Cloud Computing Works?

The goal of cloud computing is to apply traditional supercomputing, or high-

performance computing power, normally used by military and research facilities, to
perform tens of trillions of computations per second, in consumer-oriented
applications such as financial portfolios, to deliver personalized information, to
provide data storage or to power large, immersive computer games.

1 LITS,CSE
 INTRODUCTION

The cloud computing uses networks of large groups of servers typically

running low-cost consumer PC technology with specialized connections to spread
data-processing chores across them. This shared IT infrastructure contains large pools
of systems that are linked together. Often, virtualization techniques are used to
maximize the power of cloud computing.

1.2 CHARACTERISTICS AND SERVICES MODELS:

The salient characteristics of cloud computing based on the definitions provided

by the National Institute of Standards and Terminology (NIST) are outlined below:

 On-demand self-service: A consumer can unilaterally provision

computing capabilities, such as server time and network storage, as needed
automatically without requiring human interaction with each service’s
provider.
 Broad network access: Capabilities are available over the network and
accessed through standard mechanisms that promote use by heterogeneous
thin or thick client platforms (e.g., mobile phones, laptops, and PDAs).
 Resource pooling: The provider’s computing resources are pooled to serve
multiple consumers using a multi-tenant model, with different physical and
virtual resources dynamically assigned and reassigned according to consumer
demand. There is a sense of location-independence in that the customer
generally has no control or knowledge over the exact location of the provided
resources but may be able to specify location at a higher level of abstraction
(e.g., country, state, or data center). Examples of resources include storage,
processing, memory, network bandwidth, and virtual machines.
 Rapid elasticity: Capabilities can be rapidly and elastically provisioned, in
some cases automatically, to quickly scale out and rapidly released to quickly
scale in. To the consumer, the capabilities available for provisioning often
appear to be unlimited and can be purchased in any quantity at any time.
 Measured service: Cloud systems automatically control and optimize
resource use by leveraging a metering capability at some level of abstraction
appropriate to the type of service (e.g., storage, processing, bandwidth, and

2 LITS,CSE
 INTRODUCTION

active user accounts). Resource usage can be managed, controlled, and

reported providing transparency for both the provider and consumer of the
utilized service.

Characteristics of cloud computing

Services Models:

Cloud Computing comprises three different service models, namely

Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-
Service (SaaS). The three service models or layer are completed by an end user layer
that encapsulates the end user perspective on cloud services. The model is shown in
figure below. If a cloud user accesses services on the infrastructure layer, for instance,
she can run her own applications on the resources of a cloud infrastructure and remain
responsible for the support, maintenance, and security of these applications herself. If
she accesses a service on the application layer, these tasks are normally taken care of
by the cloud service provider.

3 LITS,CSE
 INTRODUCTION

Structure of service models

1.3 BENEFITS OF CLOUD COMPUTING:

1. Achieve economies of scale – increase volume output or productivity

with fewer people. Your cost per unit, project or product plummets.
2. Reduce spending on technology infrastructure. Maintain easy
access to your information with minimal upfront spending. Pay as you go
(weekly, quarterly or yearly), based on demand.
3. Globalize your workforce on the cheap. People worldwide can
access the cloud, provided they have an Internet connection.
4. Streamline processes. Get more work done in less time with less people.

5. Reduce capital costs. There’s no need to spend big money on hardware,

software or licensing fees.
6. Improve accessibility. You have access anytime, anywhere, making your
life so much easier!
7. Monitor projects more effectively. Stay within budget and ahead of
completion cycle times.

4 LITS,CSE
 INTRODUCTION

8. Less personnel training is needed. It takes fewer people to do more

work on a cloud, with a minimal learning curve on hardware and software
issues.
9. Minimize licensing new software. Stretch and grow without the need to
buy expensive software licenses or programs.
10.Improve flexibility. You can change direction without serious “people” or
“financial” issues at stake.

Advantages:

1. Price:Pay for only the resources used.

2. Security: Cloud instances are isolated in the network from other instances
for improved security.
3. Performance: Instances can be added instantly for improved performance.
Clients have access to the total resources of the Cloud’s core hardware.
4. Scalability: Auto-deploy cloud instances when needed.

5. Uptime: Uses multiple servers for maximum redundancies. In case of server

failure, instances can be automatically created on another server.
6. Control: Able to login from any location. Server snapshot and a software
library lets you deploy custom instances.
7. Traffic: Deals with spike in traffic with quick deployment of additional
instances to handle the load.

5 LITS,CSE
 LITERATURE SURVEY

2. LITERATURE SURVEY
1) Security challenges for the public cloud
AUTHORS: K. Ren, C. Wang
Cloud computing represents today's most exciting computing paradigm shift in
information technology. However, security and privacy are perceived as primary
obstacles to its wide adoption. Here, the authors outline several critical security
challenges and motivate further investigation of security solutions for a trustworthy
public cloud environment.

2) Cryptographic cloud storage

AUTHORS: S. Kamara and K. Lauter
We consider the problem of building a secure cloud storage service on top of a
public cloud infrastructure where the service provider is not completely trusted by the
customer. We describe, at a high level, several architectures that combine recent and
non-standard cryptographic primitives in order to achieve our goal. We survey the
benefits such an architecture would provide to both customers and service providers
and give an overview of recent advances in cryptography motivated specifically by
cloud storage.

3) Practical techniques for searches on encrypted data

AUTHORS: D. Song, D. Wagner
It is desirable to store data on data storage servers such as mail servers and file
servers in encrypted form to reduce security and privacy risks. But this usually
implies that one has to sacrifice functionality for security. For example, if a client
wishes to retrieve only documents containing certain words, it was not previously
known how to let the data storage server perform the search and answer the query,
without loss of data confidentiality. We describe our cryptographic schemes for the
problem of searching on encrypted data and provide proofs of security for the
resulting crypto systems. Our techniques have a number of crucial advantages. They
are provably secure: they provide provable secrecy for encryption, in the sense that
the untrusted server cannot learn anything about the plaintext when only given the
ciphertext; they provide query isolation for searches, meaning that the untrusted

6 LITS,CSE
 LITERATURE SURVEY

server cannot learn anything more about the plaintext than the search result; they
provide controlled searching, so that the untrusted server cannot search for an
arbitrary word without the user's authorization; they also support hidden queries, so
that the user may ask the untrusted server to search for a secret word without
revealing the word to the server. The algorithms presented are simple, fast (for a
document of length n, the encryption and search algorithms only need O(n) stream
cipher and block cipher operations), and introduce almost no space and
communication overhead, and hence are practical to use today.

4) Public-key encryption with fuzzy keyword search: A provably

secure scheme under keyword guessing attack
AUTHORS: P. Xu, H. Jin
Public-key encryption with keyword search (PEKS) is a versatile tool. It
allows a third party knowing the search trapdoor of a keyword to search encrypted
documents containing that keyword without decrypting the documents or knowing the
keyword. However, it is shown that the keyword will be compromised by a malicious
third party under a keyword guess attack (KGA) if the keyword space is in a
polynomial size. We address this problem with a keyword privacy enhanced variant
of PEKS referred to as public-key encryption with fuzzy keyword search (PEFKS). In
PEFKS, each keyword corresponds to an exact keyword search trapdoor and a fuzzy
keyword search trapdoor. Two or more keywords share the same fuzzy keyword
trapdoor. To search encrypted documents containing a specific keyword, only the
fuzzy keyword search trapdoor is provided to the third party, i.e., the searcher. Thus,
in PEFKS, a malicious searcher can no longer learn the exact keyword to be searched
even if the keyword space is small. We propose a universal transformation which
converts any anonymous identity-based encryption (IBE) scheme into a secure
PEFKS scheme. Following the generic construction, we instantiate the first PEFKS
scheme proven to be secure under KGA in the case that the keyword space is in a
polynomial size.

7 LITS,CSE
 LITERATURE SURVEY

5) Parallel and dynamic searchable symmetric encryption

AUTHORS: S. Kamara and C. Papamanthou
Searchable symmetric encryption (SSE) enables a client to outsource a
collection of encrypted documents in the cloud and retain the ability to perform
keyword searches without revealing information about the contents of the documents
and queries. Although efficient SSE constructions are known, previous solutions are
highly sequential. This is mainly due to the fact that, currently, the only method for
achieving sub-linear time search is the inverted index approach (Curtmola, Garay,
Kamara and Ostrovsky, CCS ’06) which requires the search algorithm to access a
sequence of memory locations, each of which is unpredictable and stored at the
previous location in the sequence. Motivated by advances in multi-core architectures,
we present a new method for constructing sub-linear SSE schemes. Our approach is
highly parallelizable and dynamic. With roughly a logarithmic number of cores in
place, searches for a keyword w in our scheme execute in o(r) parallel time, where r is
the number of documents containing keyword w (with more cores, this bound can go
down to O(logn), i.e., independent of the result size r). Such time complexity
outperforms the optimal Θ(r) sequential search time—a similar bound holds for the
updates. Our scheme also achieves the following important properties: (a) it enjoys a
strong notion of security, namely security against adaptive chosen-keyword attacks;
(b) compared to existing sub-linear dynamic SSE schemes (e.g., Kamara,
Papamanthou, Roeder, CCS ’12), updates in our scheme do not leak any information,
apart from information that can be inferred from previous search tokens; (c) it can be
implemented efficiently in external memory (with logarithmic I/O overhead). Our
technique is simple and uses a red-black tree data structure; its security is proven in
the random oracle model.

8 LITS,CSE
 SOFTWARE ENVIRONMENT

3. SOFTWARE ENVIRONMENT

3.1 JAVA TECHNOLOGY

Java technology is both a programming language and a platform.

The Java Programming Language

The Java programming language is a high-level language that can be
characterized by all of the following buzzwords:
 Simple
 Architecture neutral
 Object oriented
 Portable
 Distributed
 High performance
 Interpreted
 Multithreaded
 Robust
 Dynamic
 Secure

With most programming languages, you either compile or interpret a program

so that you can run it on your computer. The Java programming language is unusual
in that a program is both compiled and interpreted. With the compiler, first you
translate a program into an intermediate language called Java byte codes —the
platform-independent codes interpreted by the interpreter on the Java platform. The
interpreter parses and runs each Java byte code instruction on the computer.
Compilation happens just once; interpretation occurs each time the program is
executed. The following figure illustrates how this works.

9 LITS,CSE
 SOFTWARE ENVIRONMENT

You can think of Java byte codes as the machine code instructions for
the Java Virtual Machine (Java VM). Every Java interpreter, whether it’s a
development tool or a Web browser that can run applets, is an implementation of the
Java VM. Java byte codes help make “write once, run anywhere” possible. You can
compile your program into byte codes on any platform that has a Java compiler. The
byte codes can then be run on any implementation of the Java VM. That means that as
long as a computer has a Java VM, the same program written in the Java
programming language can run on Windows 2000, a Solaris workstation, or on an
iMac.

The Java Platform

A platform is the hardware or software environment in which a program runs.
We’ve already mentioned some of the most popular platforms like Windows 2000,
Linux, Solaris, and MacOS. Most platforms can be described as a combination of the
operating system and hardware. The Java platform differs from most other platforms
in that it’s a software-only platform that runs on top of other hardware-based
platforms.

The Java platform has two components:

 The Java Virtual Machine (Java VM)
 The Java Application Programming Interface (Java API)
You’ve already been introduced to the Java VM. It’s the base for the Java
platform and is ported onto various hardware-based platforms.

10 LITS,CSE
 SOFTWARE ENVIRONMENT

The Java API is a large collection of ready-made software components that

provide many useful capabilities, such as graphical user interface (GUI) widgets. The
Java API is grouped into libraries of related classes and interfaces; these libraries are
known as packages. The next section, What Can Java Technology Do? Highlights
what functionality some of the packages in the Java API provide.
The following figure depicts a program that’s running on the Java platform. As the
figure shows, the Java API and the virtual machine insulate the program from the
hardware.

Native code is code that after you compile it, the compiled code runs on a
specific hardware platform. As a platform-independent environment, the Java
platform can be a bit slower than native code. However, smart compilers, well-tuned
interpreters, and just-in-time byte code compilers can bring performance close to that
of native code without threatening portability.
What Can Java Technology Do?
The most common types of programs written in the Java programming
language are applets and applications. If you’ve surfed the Web, you’re probably
already familiar with applets. An applet is a program that adheres to certain
conventions that allow it to run within a Java-enabled browser.

However, the Java programming language is not just for writing cute,
entertaining applets for the Web. The general-purpose, high-level Java programming
language is also a powerful software platform. Using the generous API, you can write
many types of programs.
An application is a standalone program that runs directly on the Java platform.
A special kind of application known as a server serves and supports clients on a
network. Examples of servers are Web servers, proxy servers, mail servers, and print
servers. Another specialized program is a servlet. A servlet can almost be thought of
as an applet that runs on the server side. Java Servlets are a popular choice for
building interactive web applications, replacing the use of CGI scripts. Servlets are

11 LITS,CSE
 SOFTWARE ENVIRONMENT

similar to applets in that they are runtime extensions of applications. Instead of

working in browsers, though, servlets run within Java Web servers, configuring or
tailoring the server.
How does the API support all these kinds of programs? It does so with packages of
software components that provides a wide range of functionality. Every full
implementation of the Java platform gives you the following features:
 The essentials: Objects, strings, threads, numbers, input and output, data
structures, system properties, date and time, and so on.
 Applets: The set of conventions used by applets.
 Networking: URLs, TCP (Transmission Control Protocol), UDP (User Data
gram Protocol) sockets, and IP (Internet Protocol) addresses.
 Internationalization: Help for writing programs that can be localized for
users worldwide. Programs can automatically adapt to specific locales and be
displayed in the appropriate language.
 Security: Both low level and high level, including electronic signatures, public
and private key management, access control, and certificates.
 Software components: Known as JavaBeansTM, can plug into existing
component architectures.
 Object serialization: Allows lightweight persistence and communication via
Remote Method Invocation (RMI).
 Java Database Connectivity (JDBCTM): Provides uniform access to a
wide range of relational databases.
The Java platform also has APIs for 2D and 3D graphics, accessibility, servers,
collaboration, telephony, speech, animation, and more. The following figure
depicts what is included in the Java 2 SDK.

12 LITS,CSE
 SOFTWARE ENVIRONMENT

How Will Java Technology Change My Life?

We can’t promise you fame, fortune, or even a job if you learn the Java
programming language. Still, it is likely to make your programs better and requires
less effort than other languages. We believe that Java technology will help you do the
following:
 Get started quickly: Although the Java programming language is a powerful
object-oriented language, it’s easy to learn, especially for programmers already
familiar with C or C++.
 Write less code: Comparisons of program metrics (class counts, method
counts, and so on) suggest that a program written in the Java programming
language can be four times smaller than the same program in C++.
 Write better code: The Java programming language encourages good coding
practices, and its garbage collection helps you avoid memory leaks. Its object
orientation, its JavaBeans component architecture, and its wide-ranging, easily
extendible API let you reuse other people’s tested code and introduce fewer bugs.
 Develop programs more quickly: Your development time may be as much
as twice as fast versus writing the same program in C++. Why? You write fewer
lines of code and it is a simpler programming language than C++.
 Avoid platform dependencies with 100% Pure Java: You can keep
your program portable by avoiding the use of libraries written in other languages.
The 100% Pure JavaTM Product Certification Program has a repository of
historical process manuals, white papers, brochures, and similar materials online.
 Write once, run anywhere: Because 100% Pure Java programs are
compiled into machine-independent byte codes, they run consistently on any Java
platform.
 Distribute software more easily: You can upgrade applets easily from a
central server. Applets take advantage of the feature of allowing new classes to be
loaded “on the fly,” without recompiling the entire program.
ODBC
Microsoft Open Database Connectivity (ODBC) is a standard programming
interface for application developers and database systems providers. Before ODBC
became a de facto standard for Windows programs to interface with database systems,

13 LITS,CSE
 SOFTWARE ENVIRONMENT

programmers had to use proprietary languages for each database they wanted to
connect to. Now, ODBC has made the choice of the database system almost irrelevant
from a coding perspective, which is as it should be. Application developers have
much more important things to worry about than the syntax that is needed to port their
program from one database to another when business needs suddenly change.
Through the ODBC Administrator in Control Panel, you can specify the
particular database that is associated with a data source that an ODBC application
program is written to use. Think of an ODBC data source as a door with a name on it.
Each door will lead you to a particular database. For example, the data source named
Sales Figures might be a SQL Server database, whereas the Accounts Payable data
source could refer to an Access database. The physical database referred to by a data
source can reside anywhere on the LAN.
The ODBC system files are not installed on your system by Windows 95.
Rather, they are installed when you setup a separate database application, such as
SQL Server Client or Visual Basic 4.0. When the ODBC icon is installed in Control
Panel, it uses a file called ODBCINST.DLL. It is also possible to administer your
ODBC data sources through a stand-alone program called ODBCADM.EXE. There is
a 16-bit and a 32-bit version of this program and each maintains a separate list of
ODBC data sources.
From a programming perspective, the beauty of ODBC is that the application
can be written to use the same set of function calls to interface with any data source,
regardless of the database vendor. The source code of the application doesn’t change
whether it talks to Oracle or SQL Server. We only mention these two as an example.
There are ODBC drivers available for several dozen popular database systems. Even
Excel spreadsheets and plain text files can be turned into data sources. The operating
system uses the Registry information written by ODBC Administrator to determine
which low-level ODBC drivers are needed to talk to the data source (such as the
interface to Oracle or SQL Server). The loading of the ODBC drivers is transparent to
the ODBC application program. In a client/server environment, the ODBC API even
handles many of the network issues for the application programmer.

The advantages of this scheme are so numerous that you are probably thinking
there must be some catch. The only disadvantage of ODBC is that it isn’t as efficient
as talking directly to the native database interface. ODBC has had many detractors

14 LITS,CSE
 SOFTWARE ENVIRONMENT

make the charge that it is too slow. Microsoft has always claimed that the critical
factor in performance is the quality of the driver software that is used. In our humble
opinion, this is true. The availability of good ODBC drivers has improved a great deal
recently. And anyway, the criticism about performance is somewhat analogous to
those who said that compilers would never match the speed of pure assembly
language. Maybe not, but the compiler (or ODBC) gives you the opportunity to write
cleaner programs, which means you finish sooner. Meanwhile, computers get faster
every year.
JDBC
In an effort to set an independent database standard API for Java; Sun
Microsystems developed Java Database Connectivity, or JDBC. JDBC offers a
generic SQL database access mechanism that provides a consistent interface to a
variety of RDBMSs. This consistent interface is achieved through the use of “plug-in”
database connectivity modules, or drivers. If a database vendor wishes to have JDBC
support, he or she must provide the driver for each platform that the database and Java
run on.
To gain a wider acceptance of JDBC, Sun based JDBC’s framework on
ODBC. As you discovered earlier in this chapter, ODBC has widespread support on a
variety of platforms. Basing JDBC on ODBC will allow vendors to bring JDBC
drivers to market much faster than developing a completely new connectivity
solution.
JDBC was announced in March of 1996. It was released for a 90 day public
review that ended June 8, 1996. Because of user input, the final JDBC v1.0
specification was released soon after.
The remainder of this section will cover enough information about JDBC for you to
know what it is about and how to use it effectively. This is by no means a complete
overview of JDBC. That would fill an entire book.
JDBC Goals
Few software packages are designed without goals in mind. JDBC is one that,
because of its many goals, drove the development of the API. These goals, in
conjunction with early reviewer feedback, have finalized the JDBC class library into a
solid framework for building database applications in Java.

15 LITS,CSE
 SOFTWARE ENVIRONMENT

The goals that were set for JDBC are important. They will give you some insight
as to why certain classes and functionalities behave the way they do. The eight design
goals for JDBC are as follows:
1. SQL Level API
The designers felt that their main goal was to define a SQL interface for Java.
Although not the lowest database interface level possible, it is at a low enough level
for higher-level tools and APIs to be created. Conversely, it is at a high enough level
for application programmers to use it confidently. Attaining this goal allows for future
tool vendors to “generate” JDBC code and to hide many of JDBC’s complexities from
the end user.

2. SQL Conformance
SQL syntax varies as you move from database vendor to database vendor. In
an effort to support a wide variety of vendors, JDBC will allow any query statement
to be passed through it to the underlying database driver. This allows the connectivity
module to handle non-standard functionality in a manner that is suitable for its users.

3. JDBC must be implemental on top of common database interfaces

The JDBC SQL API must “sit” on top of other common SQL level APIs. This
goal allows JDBC to use existing ODBC level drivers by the use of a software
interface. This interface would translate JDBC calls to ODBC and vice versa.
4. Provide a Java interface that is consistent with the rest of the Java
system
Because of Java’s acceptance in the user community thus far, the designers feel
that they should not stray from the current design of the core Java system.

5. Keep it simple
This goal probably appears in all software design goal listings. JDBC is no
exception. Sun felt that the design of JDBC should be very simple, allowing for only
one method of completing a task per mechanism. Allowing duplicate functionality
only serves to confuse the users of the API.

16 LITS,CSE
 SOFTWARE ENVIRONMENT

6. Use strong, static typing wherever possible

Strong typing allows for more error checking to be done at compile time; also,
less error appear at runtime.

7. Keep the common cases simple

Because more often than not, the usual SQL calls used by the programmer are
simple SELECT’s, INSERT’s, DELETE’s and UPDATE’s, these queries should be
simple to perform with JDBC. However, more complex SQL statements should also
be possible.

3.2 NETWORKING

TCP/IP stack
The TCP/IP stack is shorter than the OSI one:

TCP is a connection-oriented protocol; UDP (User Datagram Protocol) is a

connectionless protocol.

IP datagram’s

The IP layer provides a connectionless and unreliable delivery system. It considers

each datagram independently of the others. Any association between datagram must
be supplied by the higher layers. The IP layer supplies a checksum that includes its
own header. The header includes the source and destination addresses. The IP layer
handles routing through an Internet. It is also responsible for breaking up large
datagram into smaller ones for transmission and reassembling them at the other end.

17 LITS,CSE
 SOFTWARE ENVIRONMENT

UDP

UDP is also connectionless and unreliable. What it adds to IP is a checksum for

the contents of the datagram and port numbers. These are used to give a client/server
model - see later.

TCP

TCP supplies logic to give a reliable connection-oriented protocol above IP. It

provides a virtual circuit that two processes can use to communicate.

Internet addresses

In order to use a service, you must be able to find it. The Internet uses an address
scheme for machines so that they can be located. The address is a 32 bit integer which
gives the IP address.

Network address

Class A uses 8 bits for the network address with 24 bits left over for other
addressing. Class B uses 16 bit network addressing. Class C uses 24 bit network
addressing and class D uses all 32.

Subnet address

Internally, the UNIX network is divided into sub networks. Building 11 is

currently on one sub network and uses 10-bit addressing, allowing 1024 different
hosts.

Host address

8 bits are finally used for host addresses within our subnet. This places a limit of
256 machines that can be on the subnet.

Total address

18 LITS,CSE
 SOFTWARE ENVIRONMENT

The 32 bit address is usually written as 4 integers separated by dots.

Port addresses

A service exists on a host, and is identified by its port. This is a 16 bit number. To
send a message to a server, you send it to the port for that service of the host that it is
running on. This is not location transparency! Certain of these ports are "well known".

Sockets

A socket is a data structure maintained by the system to handle network

connections. A socket is created using the call socket. It returns an integer that is like
a file descriptor. In fact, under Windows, this handle can be used with Read File and
Write File functions.

#include <sys/types.h>
#include <sys/socket.h>
int socket(int family, int type, int protocol);

Here "family" will be AF_INET for IP communications, protocol will be zero,

and type will depend on whether TCP or UDP is used. Two processes wishing to
communicate over a network create a socket each. These are similar to two ends of a
pipe - but the actual pipe does not yet exist.

J2ME (Java 2 Micro edition):-

Sun Microsystems defines J2ME as "a highly optimized Java run-time

environment targeting a wide range of consumer products, including pagers, cellular
phones, screen-phones, digital set-top boxes and car navigation systems." Announced
in June 1999 at the JavaOne Developer Conference, J2ME brings the cross-platform
functionality of the Java language to smaller devices, allowing mobile wireless
devices to share applications. With J2ME, Sun has adapted the Java platform for
consumer products that incorporate or are based on small computing devices.

1. General J2ME architecture

19 LITS,CSE
 SOFTWARE ENVIRONMENT

J2ME uses configurations and profiles to customize the Java Runtime

Environment (JRE). As a complete JRE, J2ME is comprised of a configuration, which
determines the JVM used, and a profile, which defines the application by adding
domain-specific classes. The configuration defines the basic run-time environment as
a set of core classes and a specific JVM that run on specific types of devices. We'll
discuss configurations in detail in the The profile defines the application; specifically,
it adds domain-specific classes to the J2ME configuration to define certain uses for
devices. We'll cover profiles in depth in the The following graphic depicts the
relationship between the different virtual machines, configurations, and profiles. It
also draws a parallel with the J2SE API and its Java virtual machine. While the J2SE
virtual machine is generally referred to as a JVM, the J2ME virtual machines, KVM
and CVM, are subsets of JVM. Both KVM and CVM can be thought of as a kind of
Java virtual machine -- it's just that they are shrunken versions of the J2SE JVM and
are specific to J2ME.

2. Developing J2ME applications

Introduction In this section, we will go over some considerations you need to

keep in mind when developing applications for smaller devices. We'll take a look at
the way the compiler is invoked when using J2SE to compile J2ME applications.
Finally, we'll explore packaging and deployment and the role preverification plays in
this process.

20 LITS,CSE
 SOFTWARE ENVIRONMENT

3. Design considerations for small devices

Developing applications for small devices requires you to keep certain

strategies in mind during the design phase. It is best to strategically design an
application for a small device before you begin coding. Correcting the code because
you failed to consider all of the "gotchas" before developing the application can be a
painful process. Here are some design strategies to consider:

* Keep it simple. Remove unnecessary features, possibly making those

features a separate, secondary application.

* Smaller is better. This consideration should be a "no brainer" for all

developers. Smaller applications use less memory on the device and require
shorter installation times. Consider packaging your Java applications as
compressed Java Archive (jar) files.

* Minimize run-time memory use. To minimize the amount of memory used at

run time, use scalar types in place of object types. Also, do not depend on the
garbage collector. You should manage the memory efficiently yourself by
setting object references to null when you are finished with them. Another
way to reduce run-time memory is to use lazy instantiation, only allocating
objects on an as-needed basis. Other ways of reducing overall and peak
memory use on small devices are to release resources quickly, reuse objects,
and avoid exceptions.

4. Configurations overview

The configuration defines the basic run-time environment as a set of core

classes and a specific JVM that run on specific types of devices. Currently, two
configurations exist for J2ME, though others may be defined in the future:

* Connected Limited Device Configuration (CLDC) is used specifically

with the KVM for 16-bit or 32-bit devices with limited amounts of memory.
This is the configuration (and the virtual machine) used for developing small
J2ME applications. Its size limitations make CLDC more interesting and
challenging (from a development point of view) than CDC. CLDC is also the
configuration that we will use for developing our drawing tool application. An
21 LITS,CSE
 SOFTWARE ENVIRONMENT

example of a small wireless device running small applications is a Palm hand-

held computer.

* Connected Device Configuration (CDC) is used with the C virtual

machine (CVM) and is used for 32-bit architectures requiring more than 2 MB
of memory. An example of such a device is a Net TV box.

5. J2ME profiles

What is a J2ME profile?

As we mentioned earlier in this tutorial, a profile defines the type of device

supported. The Mobile Information Device Profile (MIDP), for example, defines
classes for cellular phones. It adds domain-specific classes to the J2ME configuration
to define uses for similar devices. Two profiles have been defined for J2ME and are
built upon CLDC: KJava and MIDP. Both KJava and MIDP are associated with
CLDC and smaller devices.

Profile 1: KJava

KJava is Sun's proprietary profile and contains the KJava API. The KJava
profile is built on top of the CLDC configuration. The KJava virtual machine, KVM,
accepts the same byte codes and class file format as the classic J2SE virtual machine.
KJava contains a Sun-specific API that runs on the Palm OS. The KJava API has a
great deal in common with the J2SE Abstract Windowing Toolkit (AWT). However,
because it is not a standard J2ME package, its main package is com.sun.kjava. We'll
learn more about the KJava API later in this tutorial when we develop some sample
applications.

Profile 2: MIDP

MIDP is geared toward mobile devices such as cellular phones and pagers.
The MIDP, like KJava, is built upon CLDC and provides a standard run-time
environment that allows new applications and services to be deployed dynamically on
end user devices. It is a complete and supported foundation for mobile application
development. MIDP contains the following packages, the first three of which are core
CLDC packages, plus three MIDP-specific packages.

22 LITS,CSE
 SOFTWARE ENVIRONMENT

* java.lang
* java.io
* java.util
* javax.microedition.io
* javax.microedition.lcdui
* javax.microedition.midlet
*javax.microedition.rms

23 LITS,CSE
 SYSTEM REQUIREMENTS

4. SYSTEM REQUIREMENTS

4.1 HARDWARE REQUIREMENTS:

• System : Pentium IV 2.4 GHz.
• Hard Disk : 40 GB.
• Floppy Drive : 1.44 Mb.
• Monitor : 15 VGA Colour.
• Mouse : Logitech.
• Ram : 512 Mb.

4.2 SOFTWARE REQUIREMENTS:

• Operating system : Windows XP/7.
• Coding Language : JAVA/J2EE
• Data Base : MYSQL

24 LITS,CSE
 SYSTEM STUDY

5.SYSTEM STUDY

5.1 FEASIBILITY STUDY

The feasibility of the project is analyzed in this phase and business proposal is
put forth with a very general plan for the project and some cost estimates. During
system analysis the feasibility study of the proposed system is to be carried out. This
is to ensure that the proposed system is not a burden to the company. For feasibility
analysis, some understanding of the major requirements for the system is essential.
Three key considerations involved in the feasibility analysis are

 ECONOMICAL FEASIBILITY
 TECHNICAL FEASIBILITY
 SOCIAL FEASIBILITY
ECONOMICAL FEASIBILITY

This study is carried out to check the economic impact that the system will
have on the organization. The amount of fund that the company can pour into the
research and development of the system is limited. The expenditures must be justified.
Thus the developed system as well within the budget and this was achieved because
most of the technologies used are freely available. Only the customized products had
to be purchased.

TECHNICAL FEASIBILITY
This study is carried out to check the technical feasibility, that is, the
technical requirements of the system. Any system developed must not have a high
demand on the available technical resources. This will lead to high demands on the
available technical resources. This will lead to high demands being placed on the
client. The developed system must have a modest requirement, as only minimal or
null changes are required for implementing this system.

25 LITS,CSE
 SYSTEM STUDY

SOCIAL FEASIBILITY

The aspect of study is to check the level of acceptance of the system by the
user. This includes the process of training the user to use the system efficiently. The
user must not feel threatened by the system, instead must accept it as a necessity. The
level of acceptance by the users solely depends on the methods that are employed to
educate the user about the system and to make him familiar with it. His level of
confidence must be raised so that he is also able to make some constructive criticism,
which is welcomed, as he is the final user of the system.

26 LITS,CSE
 SYSTEM ANALYSIS

6. SYSTEM ANALYSIS
6.1 EXISTING SYSTEM:
 Recently, with the growing popularity of cloud computing, how to securely
and efficiently search over encrypted cloud data becomes a research focus.
Some approaches have been proposed based on traditional searchable
encryption schemes, which aim to protect data security and query privacies
with better query efficient for cloud computing.
 Wang et al. applied hash chain technique to implement the completeness
verification of query results by embedding the encrypted verification
information into their proposed secure searchable index.
 Sun et al. used encrypted index tree structure to implement secure query
results verification functionality. In this scheme, when the query ends, the
cloud server returns query results along with a minimum encrypted index tree,
then the data user searches this minimum index tree using the same search
algorithm as the cloud server did to finish result verification.
 Zheng et al. constructed a verifiable secure query scheme over encrypted
cloud data based on attribute-based encryption technique (ABE) in the public-
key setting.
 Sun et al. referred to the Merkle hash tree and applied Pairing operations to
implement the correctness and completeness verification of query results for
keyword search over large dynamic encrypted cloud data.
DISADVANTAGES OF EXISTING SYSTEM:
 Encrypted data make effective data retrieval a very challenging task.
 All of these schemes are based on an ideal assumption that the cloud server is
an ”honest-but-curious” entity and keeps robust and secure software/hardware
environments. As a result, correct and complete query results always be
unexceptionally returned from the cloud server when a query ends every time.
However, in practical applications, the cloud server may return erroneous or
incomplete query results once he behaves dishonestly for illegal profits such
as saving computation and communication cost or due to possible
software/hardware failure of the server.
 These verification mechanisms provide a coarse grained verification, i.e., if
the query result set contains all qualified and correct data files, then these
27 LITS,CSE
 SYSTEM ANALYSIS

schemes reply yes, otherwise reply no. Thus, if the verification algorithm
outputs no, a data user has to abort the decryption for all query results despite
only one query result is incorrect.
 These verification mechanisms are generally tightly coupled to corresponding
secure query constructions and have not universality.
6.2 PROPOSED SYSTEM:
 In this paper, we extend and reinforce our work to make it more applicable in
the cloud environment and more secure to against dishonest cloud server. The
main contributions of this paper are
 We formally propose the verifiable secure search system model and threat
model and design a fine grained query results verification scheme for secure
keyword search over encrypted cloud data.
 We propose a short signature technique based on certificateless public-key
cryptography to guarantee the authenticity of the verification objects
themselves.
 We design a novel verification object request technique based on Paillier
Encryption, where the cloud server knows nothing about what the data user is
requesting for and which verification objects are returned to the user.
ADVANTAGES OF PROPOSED SYSTEM:
 We provide the formal security definition and proof and conduct extensive
performance experiments to evaluate the accuracy and efficiency of our
proposed scheme.
 Our scheme can verify the correctness of each encrypted query result or
further accurately find out how many or which qualified data files are returned
by the dishonest cloud server.
 A short signature technique is designed to guarantee the authenticity of
verification object itself.

28 LITS,CSE
 SYSTEM DESIGN

7.SYSTEM DESIGN
7.1 SYSTEM ARCHITECTURE:

7.2 DATA FLOW DIAGRAM:

1. The DFD is also called as bubble chart. It is a simple graphical formalism that
can be used to represent a system in terms of input data to the system, various
processing carried out on this data, and the output data is generated by this
system.
2. The data flow diagram (DFD) is one of the most important modeling tools. It
is used to model the system components. These components are the system
process, the data used by the process, an external entity that interacts with the
system and the information flows in the system.
3. DFD shows how the information moves through the system and how it is
modified by a series of transformations. It is a graphical technique that depicts
information flow and the transformations that are applied as data moves from
input to output.

29 LITS,CSE
 SYSTEM DESIGN

Cloud Server:

Cloud Login

Unauthorized
Check
user

View cloud Files

Edit Files

View Download History

End process

30 LITS,CSE
 SYSTEM DESIGN

Data Owner:

Data Owner

Yes CheckNo Unauthorized

user

Upload Files

View Uploaded Files

Approval

Send Verification Object

End process

31 LITS,CSE
 SYSTEM DESIGN

Data User:

Data User

Yes No
Check Unauthorized
user

Search Files

View Searched File

Send File Request

View Requested Files

Enter Trapdoor

Verify Query Result

Enter Decryption Key

View & Download File

End process

32 LITS,CSE
 SYSTEM DESIGN

7.3 UML DIAGRAMS

UML stands for Unified Modeling Language. UML is a standardized general-
purpose modeling language in the field of object-oriented software engineering. The
standard is managed, and was created by, the Object Management Group.
The goal is for UML to become a common language for creating models of
object oriented computer software. In its current form UML is comprised of two
major components: a Meta-model and a notation. In the future, some form of method
or process may also be added to; or associated with, UML.
The Unified Modeling Language is a standard language for specifying,
Visualization, Constructing and documenting the artifacts of software system, as well
as for business modeling and other non-software systems.
The UML represents a collection of best engineering practices that have
proven successful in the modeling of large and complex systems.
The UML is a very important part of developing objects oriented software
and the software development process. The UML uses mostly graphical notations to
express the design of software projects.
GOALS:
The Primary goals in the design of the UML are as follows:
1. Provide users a ready-to-use, expressive visual modeling Language so that
they can develop and exchange meaningful models.
2. Provide extendibility and specialization mechanisms to extend the core
concepts.
3. Be independent of particular programming languages and development
process.
4. Provide a formal basis for understanding the modeling language.
5. Encourage the growth of OO tools market.
6. Support higher level development concepts such as collaborations,
frameworks, patterns and components.
7. Integrate best practices.

33 LITS,CSE
 SYSTEM DESIGN

USE CASE DIAGRAM:

A use case diagram in the Unified Modeling Language (UML) is a type of
behavioral diagram defined by and created from a Use-case analysis. Its purpose is to
present a graphical overview of the functionality provided by a system in terms of
actors, their goals (represented as use cases), and any dependencies between those use
cases. The main purpose of a use case diagram is to show what system functions are
performed for which actor. Roles of the actors in the system can be depicted.

Registration

Login

Upload File

View Uploaded Files Details

Data File Request Data User

Owner
Response Request of User

View uploaded file by Data

Owners
Edit Cloud Files

View Requested File

Enter Trapdoor & Verify Result

Verify key and Download

Cloud
Logout

34 LITS,CSE
 SYSTEM DESIGN

CLASS DIAGRAM:
In software engineering, a class diagram in the Unified Modeling Language
(UML) is a type of static structure diagram that describes the structure of a system by
showing the system's classes, their attributes, operations (or methods), and the
relationships among the classes. It explains which class contains information.

Data User
Data
Owner
Login Login

View Files uploaded by Data

Upload Files ()
Owners()
Search Files ()
View Uploaded Files ()
Send File Request ()
View File Request by Users ()
Verify key Sent by data Owner
Approve File Request () ()

Send verification object () View requested File()

View Files uploaded by Data

Owners ()

Verify Query Result ()

View requested File ()

Cloud

Login
View User Details ()
View File Details ()
View Owners Details ()
Edit Cloud Files ()
View Uploaded Files on Cloud
View Uploaded Files on Cloud
Server()
Server()

35 LITS,CSE
 SYSTEM DESIGN

SEQUENCE DIAGRAM:
A sequence diagram in Unified Modeling Language (UML) is a kind of
interaction diagram that shows how processes operate with one another and in what
order. It is a construct of a Message Sequence Chart.

SERVICE

cloud
DO DU
Upload File Search
Files
View Files Details
View Upload File Send File Request
Details

Request Approval &

send verification Edit Files
object Enter trapdoor key &
verify query result

View Requested File

Download Requested
File
View downloaded
files

DATA BASE

36 LITS,CSE
 SYSTEM DESIGN

ACTIVITY DIAGRAM:
Activity diagrams are graphical representations of workflows of stepwise
activities and actions with support for choice, iteration and concurrency. In the
Unified Modeling Language, activity diagrams can be used to describe the business
and operational step-by-step workflows of components in a system. An activity
diagram shows the overall flow of control.

Star
t

DO DU Cloud

LOGIN LOGIN LOGIN

Upload Files ,View Search files, View View Uploaded Files

Uploaded Files Searched files, View on Cloud Server,
,Response Request Files uploaded by edit or modify cloud
to the Users, send Data Owners, Send files, view
verification object & File Request ,receive downloaded files
decryption key trapdoor key, Verify
key Sent by data
Owner, View
requested File ,
download

37 LITS,CSE
 IMPLEMENTATION

8. IMPLEMENTATION
MODULES:
 System Framework
 Data Owner
 Data User
 Cloud Server

MODULES DESCRIPTION:
SYSTEM FRAMEWORK:
In this framework, we design a secure, easily integrated, and fine-grained
query results verification mechanism, by which, given an encrypted query results set,
the query user not only can verify the correctness of each data file in the set but also
can further check how many or which qualified data files are not returned if the set is
incomplete before decryption. The verification scheme is loose-coupling to concrete
secure search techniques and can be very easily integrated into any secure query
scheme. We achieve the goal by constructing secure verification object for encrypted
cloud data. Furthermore, a short signature technique with extremely small storage cost
is proposed to guarantee the authenticity of verification object and a verification
object request technique is presented to allow the query user to securely obtain the
desired verification object. Performance evaluation shows that the proposed schemes
are practical and efficient. Here we implement some modules they are Data Owner,
Data User and Cloud Server.

DATA OWNER:
In Data Owner module, Initially Data Owner must have to register their detail.
After successful registration data owner can login and upload files into cloud server
with encrypted keywords and hashing algorithms. He/she can view the files that are
uploaded in cloud. Data Owner can approve or reject the file request sent by data
users. After request approval data owner will send the trapdoor key and verification
object through mail.

38 LITS,CSE
 IMPLEMENTATION

DATA USER:
In Data User module, Initially Data Users must have to register their detail and
after login he/she has to verify their login through secret key. Data Users can search
all the files upload by data owners. He/she can send request to the files and then
request will send to the data owners. If data owner approve the request then he/she
will receive trapdoor, verification object and decryption key in registered mail.

CLOUD SERVER:
In Cloud Server module, Cloud Provider can view all files details. Cloud can
edit the files and update and also cloud server can view the download history.

39 LITS,CSE
 INPUT DESIGN AND OUTPUT DESIGN

9. INPUT DESIGN AND OUTPUT DESIGN

9.1 INPUT DESIGN:

The input design is the link between the information system and the user. It comprises
the developing specification and procedures for data preparation and those steps are
necessary to put transaction data in to a usable form for processing can be achieved by
inspecting the computer to read data from a written or printed document or it can
occur by having people keying the data directly into the system. The design of input
focuses on controlling the amount of input required, controlling the errors, avoiding
delay, avoiding extra steps and keeping the process simple. The input is designed in
such a way so that it provides security and ease of use with retaining the privacy.
Input Design considered the following things:

 What data should be given as input?

 How the data should be arranged or coded?
 The dialog to guide the operating personnel in providing input.
 Methods for preparing input validations and steps to follow when error
occur.
OBJECTIVES:

1. Input Design is the process of converting a user-oriented description of the input

into a computer-based system. This design is important to avoid errors in the data
input process and show the correct direction to the management for getting correct
information from the computerized system.

2. It is achieved by creating user-friendly screens for the data entry to handle large
volume of data. The goal of designing input is to make data entry easier and to be free
from errors. The data entry screen is designed in such a way that all the data
manipulates can be performed. It also provides record viewing facilities.

3. When the data is entered it will check for its validity. Data can be entered with the
help of screens. Appropriate messages are provided as when needed so that the user
will not be in maize of instant. Thus the objective of input design is to create an input
layout that is easy to follow

40 LITS,CSE
 INPUT DESIGN AND OUTPUT DESIGN

9.2 OUTPUT DESIGN:

A quality output is one, which meets the requirements of the end user and presents the
information clearly. In any system results of processing are communicated to the
users and to other system through outputs. In output design it is determined how the
information is to be displaced for immediate need and also the hard copy output. It is
the most important and direct source information to the user. Efficient and intelligent
output design improves the system’s relationship to help user decision-making.

1. Designing computer output should proceed in an organized, well thought out

manner; the right output must be developed while ensuring that each output element is
designed so that people will find the system can use easily and effectively. When
analysis design computer output, they should Identify the specific output that is
needed to meet the requirements.

2. Select methods for presenting information.

3. Create document, report, or other formats that contain information produced by the
system.

The output form of an information system should accomplish one or more of the
following objectives.

 Convey information about past activities, current status or projections of the

 Future.
 Signal important events, opportunities, problems, or warnings.
 Trigger an action.
 Confirm an action.

41 LITS,CSE
 SAMPLE CODE

10.SAMPLE CODE
DATA OWNER HOME PAGE:

<!DOCTYPE html>

<%@page contentType="text/html" pageEncoding="UTF-8"%>

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta charset="utf-8" />

<meta name="viewport" content="width=device-width, initial-scale=1,

maximum-scale=1" />

<meta name="description" content="" />

<meta name="author" content="" />

<title>Achieving secure-query results verification</title>

<!-- BOOTSTRAP CORE STYLE -->

<link href="assets/css/bootstrap.css" rel="stylesheet" />

<!-- FONT AWESOME STYLE -->

<link href="assets/css/font-awesome.css" rel="stylesheet" />

<!-- ANIMATE STYLE -->

<link href="assets/css/animate.css" rel="stylesheet" />

<!-- FLEXSLIDER STYLE -->

<link href="assets/css/flexslider.css" rel="stylesheet" />

<!-- CUSTOM STYLE -->

<link href="assets/css/style.css" rel="stylesheet" />

<!-- GOOGLE FONTS -->

42 LITS,CSE
 SAMPLE CODE

<link href="assets/css/font.css" rel='stylesheet' type='text/css' />

<link href="assets/css/font1.css" rel='stylesheet' type='text/css' />

<link href="assets/css/font2.css" rel='stylesheet' type='text/css' />

</head>

<body>

<section class="menu-section" style="background-color: #01a2a6">

<div class="container" >

<div class="row " >

<div class="col-md-12">

<div class="navbar-collapse collapse " >

<ul id="menu-top" class="nav navbar-nav navbar-right">

<li><a href="DO_home.jsp" >Home</a></li>

<li><a href="fileupload.jsp">Upload file</a></li>

<li><a href="DO_files.jsp" >My Files</a></li>

<li><a href="requestedfiles.jsp" >Requested Files</a></li>

<li><a href="index.jsp">Logout</a></li>

</ul>

</div>

</div>

</div>

</div>

</section>

<div class="just-sec" style="background-color: steelblue">

43 LITS,CSE
 SAMPLE CODE

<div class="container">

<center></center>

<img src="assets/img/data.jpg" height="400px" width="1140px">

</div> </div>

<!--FOOTER SECTION END-->

<!-- WE PUT SCRIPTS AT THE END TO LOAD PAGE FASTER-->

<!--CORE SCRIPTS PLUGIN-->

<script src="assets/js/jquery-1.11.1.min.js"></script>

<!--BOOTSTRAP SCRIPTS PLUGIN-->

<script src="assets/js/bootstrap.js"></script>

<!--WOW SCRIPTS PLUGIN-->

<script src="assets/js/wow.js"></script>

<!--FLEXSLIDER SCRIPTS PLUGIN-->

<script src="assets/js/jquery.flexslider.js"></script>

<!--CUSTOM SCRIPTS -->

<script src="assets/js/custom.js"></script>

</body>

</html>

DATA USER HOME PAGE:

<!DOCTYPE html>

<%@page contentType="text/html" pageEncoding="UTF-8"%>

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

44 LITS,CSE
 SAMPLE CODE

<meta charset="utf-8" />

<meta name="viewport" content="width=device-width, initial-scale=1,

maximum-scale=1" />

<meta name="description" content="" />

<meta name="author" content="" />

<title>Achieving secure-query results verification</title>

<!-- BOOTSTRAP CORE STYLE -->

<link href="assets/css/bootstrap.css" rel="stylesheet" />

<!-- FONT AWESOME STYLE -->

<link href="assets/css/font-awesome.css" rel="stylesheet" />

<!-- ANIMATE STYLE -->

<link href="assets/css/animate.css" rel="stylesheet" />

<!-- FLEXSLIDER STYLE -->

<link href="assets/css/flexslider.css" rel="stylesheet" />

<!-- CUSTOM STYLE -->

<link href="assets/css/style.css" rel="stylesheet" />

<!-- GOOGLE FONTS -->

<link href="assets/css/font.css" rel='stylesheet' type='text/css' />

<link href="assets/css/font1.css" rel='stylesheet' type='text/css' />

<link href="assets/css/font2.css" rel='stylesheet' type='text/css' />

</head>

<body>

<section class="menu-section" style="background-color: #01a2a6">

45 LITS,CSE
 SAMPLE CODE

<div class="container" >

<div class="row " >

<div class="col-md-12">

<div class="navbar-collapse collapse " >

<ul id="menu-top" class="nav navbar-nav navbar-right">

<li><a href="DU_home.jsp" >Data User</a></li>

<li><a href="query_search.jsp" >Search Files</a></li>

<li><a href="approvedfiles.jsp" >Requested Files</a></li>

<li><a href="index.jsp">Logout</a></li>

</ul>

</div>

</div>

</div>

</div>

</section>

<div class="just-sec" style="background-color: steelblue">

<div class="container">

<img src="assets/img/cloud-computing.Forbes..jpg" height="500px"

width="1150px">

</div>

</div>

<!--FOOTER SECTION END-->

<!-- WE PUT SCRIPTS AT THE END TO LOAD PAGE FASTER-->

46 LITS,CSE
 SAMPLE CODE

<!--CORE SCRIPTS PLUGIN-->

<script src="assets/js/jquery-1.11.1.min.js"></script>

<!--BOOTSTRAP SCRIPTS PLUGIN-->

<script src="assets/js/bootstrap.js"></script>

<!--WOW SCRIPTS PLUGIN-->

<script src="assets/js/wow.js"></script>

<!--FLEXSLIDER SCRIPTS PLUGIN-->

<script src="assets/js/jquery.flexslider.js"></script>

<!--CUSTOM SCRIPTS -->

<script src="assets/js/custom.js"></script>

</body>

</html>

UPLOAD FILES PAGE:

<!DOCTYPE html>

<%@page contentType="text/html" pageEncoding="UTF-8"%>

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta charset="utf-8" />

<meta name="viewport" content="width=device-width, initial-scale=1,

maximum-scale=1" />

<meta name="description" content="" />

<meta name="author" content="" />

<title>Achieving secure-query results verification</title>

47 LITS,CSE
 SAMPLE CODE

<!-- BOOTSTRAP CORE STYLE -->

<link href="assets/css/bootstrap.css" rel="stylesheet" />

<!-- FONT AWESOME STYLE -->

<link href="assets/css/font-awesome.css" rel="stylesheet" />

<!-- ANIMATE STYLE -->

<link href="assets/css/animate.css" rel="stylesheet" />

<!-- FLEXSLIDER STYLE -->

<link href="assets/css/flexslider.css" rel="stylesheet" />

<!-- CUSTOM STYLE -->

<link href="assets/css/style.css" rel="stylesheet" />

<!-- GOOGLE FONTS -->

<link href="assets/css/font.css" rel='stylesheet' type='text/css' />

<link href="assets/css/font1.css" rel='stylesheet' type='text/css' />

<link href="assets/css/font2.css" rel='stylesheet' type='text/css' />

</head>

<body>

<section class="menu-section" style="background-color: #01a2a6">

<div class="container" >

<div class="row " >

<div class="col-md-12">

<div class="navbar-collapse collapse " >

<ul id="menu-top" class="nav navbar-nav navbar-right">

<li><a href="DO_home.jsp" >Home</a></li>

48 LITS,CSE
 SAMPLE CODE

<li><a href="fileupload.jsp">Upload file</a></li>

<li><a href="DO_files.jsp" >My Files</a></li>

<li><a href="index.jsp">Logout</a></li>

</ul>

</div>

</div>

</div>

</div>

</section>

<div class="just-sec" style="background-color: steelblue">

<div class="container">

<h1>File Upload</h1>

<div class="row">

<div class="col-lg-6 col-md-6 col-sm-6 col-xs-12">

<div class="just-txt-div">

<img src="assets/img/upload-cloud1.png" height="400px"

width="550px">

</div>

</div>

<div class="col-lg-6 col-md-6 col-sm-6 col-xs-12">

<div class="just-txt-div">

<form action="Upload" method="post" enctype="multipart/form-

data">

49 LITS,CSE
 SAMPLE CODE

<div class="form-group">

<label>File Name</label>

<input class="form-control" type="text" name="fname" />

</div>

<div class="form-group">

<label>Select file</label>

<input class="form-control" type="file" name="file" />

</div>

<div class="form-group">

<label>keywords</label>

<input class="form-control" type="text" name="kword" />

</div>

<button type="submit" class="btn btn-success btn-

lg">Upload</button>

</form>

</div>

</div>

</div>

</div>

</div>

</div>

</center>

</div>

50 LITS,CSE
 SAMPLE CODE

<!--FOOTER SECTION END-->

<!-- WE PUT SCRIPTS AT THE END TO LOAD PAGE FASTER-->

<!--CORE SCRIPTS PLUGIN-->

<script src="assets/js/jquery-1.11.1.min.js"></script>

<!--BOOTSTRAP SCRIPTS PLUGIN-->

<script src="assets/js/bootstrap.js"></script>

<!--WOW SCRIPTS PLUGIN-->

<script src="assets/js/wow.js"></script>

<!--FLEXSLIDER SCRIPTS PLUGIN-->

<script src="assets/js/jquery.flexslider.js"></script>

<!--CUSTOM SCRIPTS -->

<script src="assets/js/custom.js"></script>

</body></html>

51 LITS,CSE
 SYSTEM TESTING

11.SCREENSHOTS

HOME PAGE:

CLOUD LOGIN PAGE:

52 LITS,CSE
 SYSTEM TESTING

DATA OWNER LOGIN PAGE:

DATA USER LOGIN PAGE:

53 LITS,CSE
 SYSTEM TESTING

DATA OWNER REGISTRATION PAGE:

DATA USER REGISTRATION PAGE:

54 LITS,CSE
 SYSTEM TESTING

DATA OWNER HOME PAGE:

FILE UPLOAD PAGE:

55 LITS,CSE
 SYSTEM TESTING

MY FILES PAGE:

MAIL:

56 LITS,CSE
 SYSTEM TESTING

DATA USER HOME PAGE:

SEARCH FILES PAGE:

57 LITS,CSE
 SYSTEM TESTING

12.SYSTEM TESTING
The purpose of testing is to discover errors. Testing is the process of trying to
discover every conceivable fault or weakness in a work product. It provides a way to
check the functionality of components, sub assemblies, assemblies and/or a finished
product It is the process of exercising software with the intent of ensuring that the

Software system meets its requirements and user expectations and does not
fail in an unacceptable manner. There are various types of test. Each test type
addresses a specific testing requirement.

12.1 TYPES OF TESTS

Unit testing
Unit testing involves the design of test cases that validate that the internal
program logic is functioning properly, and that program inputs produce valid outputs.
All decision branches and internal code flow should be validated. It is the testing of
individual software units of the application .it is done after the completion of an
individual unit before integration. This is a structural testing, that relies on knowledge
of its construction and is invasive. Unit tests perform basic tests at component level
and test a specific business process, application, and/or system configuration. Unit
tests ensure that each unique path of a business process performs accurately to the
documented specifications and contains clearly defined inputs and expected results.

Integration testing
Integration tests are designed to test integrated software components to
determine if they actually run as one program. Testing is event driven and is more
concerned with the basic outcome of screens or fields. Integration tests demonstrate
that although the components were individually satisfaction, as shown by successfully
unit testing, the combination of components is correct and consistent. Integration
testing is specifically aimed at exposing the problems that arise from the combination
of components.

Functional test

58 LITS,CSE
 SYSTEM TESTING

Functional tests provide systematic demonstrations that functions tested are

available as specified by the business and technical requirements, system
documentation, and user manuals.

Functional testing is centered on the following items:

Valid Input : identified classes of valid input must be accepted.

Invalid Input : identified classes of invalid input must be rejected.

Functions : identified functions must be exercised.

Output : identified classes of application outputs must be exercised.

Systems/Procedures: interfacing systems or procedures must be invoked.

Organization and preparation of functional tests is focused on requirements, key

functions, or special test cases. In addition, systematic coverage pertaining to identify
Business process flows; data fields, predefined processes, and successive processes
must be considered for testing. Before functional testing is complete, additional tests
are identified and the effective value of current tests is determined.

System Test
System testing ensures that the entire integrated software system meets
requirements. It tests a configuration to ensure known and predictable results. An
example of system testing is the configuration oriented system integration test.
System testing is based on process descriptions and flows, emphasizing pre-driven
process links and integration points.

White Box Testing

White Box Testing is a testing in which in which the software tester has
knowledge of the inner workings, structure and language of the software, or at least its
purpose. It is purpose. It is used to test areas that cannot be reached from a black box
level.

Black Box Testing

Black Box Testing is testing the software without any knowledge of the inner
workings, structure or language of the module being tested. Black box tests, as most

59 LITS,CSE
 SYSTEM TESTING

other kinds of tests, must be written from a definitive source document, such as
specification or requirements document, such as specification or requirements
document. It is a testing in which the software under test is treated, as a black box
.you cannot “see” into it. The test provides inputs and responds to outputs without
considering how the software works.

6.1 Unit Testing:

Unit testing is usually conducted as part of a combined code and unit test
phase of the software lifecycle, although it is not uncommon for coding and unit
testing to be conducted as two distinct phases.

Test strategy and approach

Field testing will be performed manually and functional tests will be written in
detail.
Test objectives
 All field entries must work properly.
 Pages must be activated from the identified link.
 The entry screen, messages and responses must not be delayed.

Features to be tested
 Verify that the entries are of the correct format
 No duplicate entries should be allowed
 All links should take the user to the correct page.
6.2 Integration Testing
Software integration testing is the incremental integration testing of two or
more integrated software components on a single platform to produce failures caused
by interface defects.

The task of the integration test is to check that components or software

applications, e.g. components in a software system or – one step up – software
applications at the company level – interact without error

Test Results: All the test cases mentioned above passed successfully. No defects
encountered.

60 LITS,CSE
 SYSTEM TESTING

6.3 Acceptance Testing

User Acceptance Testing is a critical phase of any project and requires
significant participation by the end user. It also ensures that the system meets the
functional requirements.

Test Results: All the test cases mentioned above passed successfully. No defects
encountered.

61 LITS,CSE
 CONCLUSION

13.CONCLUSION
In this paper, we propose a secure, easily integrated, and fine-grained query
results verification scheme for secure search over encrypted cloud data. Different
from previous works, our scheme can verify the correctness of each encrypted query
result or further accurately find out how many or which qualified data files are
returned by the dishonest cloud server. A short signature technique is designed to
guarantee the authenticity of verification object itself. Moreover, we design a secure
verification object request technique, by which the cloud server knows nothing about
which verification object is requested by the data user and actually returned by the
cloud server. Performance and accuracy experiments demonstrate the validity and
efficiency of our proposed scheme.

62 LITS,CSE
 BIBILOGRAPHY

14.BIBILOGRAPHY

[1] P. Mell and T. Grance, “The nist definition of cloud computing,”

http://dx.doi.org/10.602/NIST.SP.800-145.

[2] K. Ren, C. Wang, and Q. Wang, “Security challenges for the public cloud,” IEEE
Internet Computing, vol. 16, no. 1, pp. 69–73, 2012.

[3] S. Kamara and K. Lauter, “Cryptographic cloud storage,” in Springer RLCPS,

January 2010.

[4] D. Song, D. Wagner, and A. Perrig, “Practical techniques for searches on

encrypted data,” in IEEE Symposiumon Security and Privacy, vol. 8, 2000, pp. 44–
55.

[5] E.-J.Goh, “Secure indexes,” IACR ePrint Cryptography Archive,

http://eprint.iacr.org/2003/216, Tech. Rep., 2003.

[6] D. Boneh, G. D. Crescenzo, R. Ostrovsky, and G. Persiano, “Public-key

encryption with keyword search,” in EUROCRYPR, 2004, pp. 506–522.

[7] R. Curtmola, J. Garay, S. Kamara, and R. Ostrovsky, “Searchable symmetric

encryption: improved deinitions and efficient constructions,” in ACM CCS, vol. 19,
2006, pp. 79–88.

[8] M. Bellare, A. Boldyreva, and A. O’Neill, “Deterministic and efficiently

searchable encryption,” in Springer CRYPTO, 2007.

[9] K. Kurosawa and Y. Ohtaki, “Uc-secure searchable symmetric encryption,”

Lecture Notes in Computer Science, vol. 7397, pp. 258–274, 2012.

63 LITS,CSE
 BIBILOGRAPHY

[10] P. Xu, H. Jin, Q. Wu, and W. Wang, “Public-key encryption with fuzzy keyword
search: A provably secure scheme under keyword guessing attack,” IEEE
Transactions on Computers, vol. 62, no. 11, pp. 2266–2277, 2013.

[11] S. Kamara and C. Papamanthou, “Parallel and dynamic searchable symmetric

encryption,” in Financial Cryptography and Data Security. Springer Berlin
Heidelberg, 2013, pp. 258–274.

[12] M. Naveed, M. Prabhakaran, and C. A. Gunter, “Dynamic searchable encryption

via blind storage,” in IEEE S&P, May 2014, pp. 639–654.

[13] C. Wang, N. Cao, J. Li, K. Ren, and W. Lou, “Secure ranked keyword search
over encrypted cloud data,” in IEEE ICDCS, 2010, pp. 253–262.

[14] N. Cao, C. Wang, M. Li, K. Ren, and W. Lou, “Privacy-preserving multi-

keyword ranked search over encrypted cloud data,” in IEEE INFOCOM, 2011, pp.
829–837.

[15] W. Sun, B. Wang, N. Cao, M. Li, W. Lou, Y. T. Hou, and H. Li, “Privacy-
preserving multi-keyword text search in the cloud supporting similarity-based
ranking,” in ACM ASIACCS, 2013.

[16] B. Wang, S. Yu, W. Lou, and Y. T. Hou, “Privacy-preserving multi-keyword

fuzzy search over encrypted data in the cloud,” in IEEE INFOCOM, 2014, pp. 2112–
2120.

[17] W. Zhang, S.Xiao, Y. Lin, J. Wu, and S. Zhou, “Privacy preserving ranked multi-
keyword search for multiple data owners in cloud computing,” IEEE Transactions on
Computers, vol. 65, no. 5, pp. 1566–1577, May 2016.

[18] Z. Xia, X. Wang, X. Sun, and Q. Wang, “A secure and dynamic multi-keyword
ranked search scheme over encrypted cloud data,” IEEE Transactions on Parallel and
Distributed System, vol. 27, no. 2, pp. 340–352, 2015.

64 LITS,CSE
 BIBILOGRAPHY

[19] Z. Fu, X. Sun, Q. Liu, L. Zhou, and J. Shu, “Achieving efficient cloud search
services: Multi-keyword ranked search over encrypted cloud data supporting parallel
computing,” IEICE Transactions on Communications, vol. E98-B, no. 1, pp. 190–200,
2015.

[20] H. Li, D. Liu, Y. Dai, T. H. Luan, and X. S. Shen, “Enabling efficient multi-
keyword ranked search over encrypted mobile cloud data through blind storage,”
IEEE Transactions on Emerging Topics in Computing, vol. 3, no. 1, 2014.

[21] H. Yin, Z. Qin, L. Ou, and K. Li, “A query privacyenhanced and secure search
scheme over encrypted data in cloud computing,” Journal of Computer and System
Sciences, http://dx.doi.org/10.1016/j.jcss.2016.12.003.

[22] B. Wang, B. Li, and H. Li, “Oruta: Privacy-preserving public auditing for shared
data in the cloud,” IEEE Transactions on Cloud Computing, vol. 2, no. 1, pp. 43–56,
2014.

[23] C. Wang, N. Cao, K. Ren, and W. Lou, “Enabling secure and efficient ranked
keyword search over outsourced cloud data,” IEEE Transactions on Parallel and
Distributed Systems, vol. 23, no. 8, pp. 1467–1479, 2012.

[24] W. Sun, B. Wang, N. Cao, M. Li, W. Lou, and Y. T. Hou, “Verifiable privacy-
preserving multi-keyword text search in the cloud supporting similarity-based
ranking,” IEEE Transactions on Parallel and Distributed Systems, vol. 25, no. 11, pp.
3025–3035, 2014.

[25] Q. Zheng, S. Xu, and G. Ateniese, “Vabks: Verifiable attribute based keyword
search over outsourced encrypted data,” in IEEE INFOCOM, May 2014, pp. 522–
530.

[26] W. Sun, X. Liu, W. Lou, Y. T. Hou, and H. Li, “Catch you if you lie to me:
Efficient verifiable conjunctive keyword search over large dynamic encrypted cloud
data,” in IEEE INFOCOM, April 2015, pp. 2110–2118.

65 LITS,CSE
 BIBILOGRAPHY

[27] H. Yin, Z. Qin, L. Ou, Q. Liu, Y. Hu, and H. Rong, “A secure and fine-grained
query results verification scheme for private search over encrypted cloud data,” in
IEEE ICA3PP, 2015, pp. 667–681.

[28] V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based encryption for

fine-grained access control of encryption data,” in ACM CCS, 2006, pp. 89–98.

[29] B. Bloom, “Space/time trade-offs in hash coding with allowable errors,”

Commun. ACM, vol. 12, no. 7, pp. 422–426, 1970.

[30] L. Fan, P. Cao, J. Almeida, and A. Z. Broder, “Summary cache: A scalable wide
area web cache sharing protocal,” in ACM SIGCOMM, 1998, pp. 254–265.

[31] M. Bellare and P. Rogaway, Introduction to Modern Cryptography. Lecture

Notes, 2001.

[32] D. Boneh and M. Franklin, “Identity-based encryption from the weil pairing,” in
Springer CRYPTO, ser. LNCS 2139, J. Kilian, Ed., 2001, pp. 213–229.

[33] P. Paillier, “Public-key cryptosystems based on composite degree residuosity

classes,” in Springer EUROCRYPT, 1999, pp. 223–238.

[34] X. Li, K. Chen, and L. Sun, “Certificateless signature and proxy signature
schemes from bilinear pairings,” Lithuanian Mathematical Journal, vol. 45, no. 1, pp.
76–83, 2005.

[35] M. Gorantla and A. Saxena, “An efficient certificateless signature scheme,” in

Computational Intelligence and Security, CIS 2005, 2005, pp. 110–116.

[36] W. Yap, S. Heng, and B. Goi, “An efficient certificateless signature scheme,” in
Emerging Directions in Embedded and Ubiquitous Computing, EUC 2006
Workshops, 2006, pp. 322–331.

66 LITS,CSE
 BIBILOGRAPHY

[37] H. Xiong and Z. Qin, “Revocable and scalable certificateless remote

authentication protocol with anonymity for wireless body area networks,” IEEE
Transactions on Information Forensics and Security, vol. 10, no. 7, pp. 1442–1455,
2015.

[38] J. Liu, Z. Zhang, X. Chen, and K. S. Kwak, “Certificateless remote anonymous

authentication schemes for wirelessbody area networks,” IEEE Transactions on
Parallel and Distributed Systems, vol. 25, no. 2, pp. 332–342, 2014.

[39] S. Al-Riyami and K. Paterson, “Certificateless public key cryptography,” in

Springer ASIACRYPT, 2003, pp. 452–473.

[40] H. Xiong, “Cost-effective scalable and anonymous certificateless remote

authentication protocol,” IEEE Transactions on Information Forensics and Security,
vol. 9, no. 12, pp. 2327–2339, 2014.

[41] “Rfc, request for comments database,” http://www.ietf.org/rfc.html.

[42] http://gas.dia.unisa.it/projects/jpbc/index.html.

67 LITS,CSE