Batch-13 Report
Batch-13 Report
A PROJECT REPORT
Submitted by
BACHELOR OF ENGINEERING
IN
A PROJECT REPORT
Submitted by
BACHELOR OF ENGINEERING
IN
i
ANNA UNIVERSITY :: CHENNAI 600 025
BONAFIDE CERTIFICATE
ii
ACKNOWLEDGEMENT
iii
ABSTRACT
Cloud computing provides high performance, accessibility and low cost for
data storing and sharing, provides a better consumption of resources. However,
security concerns develop the main constraint as we now outsource the storage of
data, which is possibly sensitive, to cloud providers. To preserve data privacy, a
mutual approach is to encrypt data files before the clients upload the encrypted
data into the cloud. Cloud storage services can help clients reduce their monetary
and maintenance overhead of data managements. Data confidentiality becomes
the main concern in outsourcing client data to cloud storages. The advent of cloud
computing has revolutionized the landscape of data storage, access, and
management, offering unparalleled convenience and scalability. Here proposing
an innovative approach that combines chunking-based storage with Elliptic Curve
Cryptography (ECC) encryption. The proposed methodology entails breaking
down large datasets into smaller, more manageable chunks, thereby facilitating
efficient storage and transmission. Each chunk is then individually encrypted
using ECC, a cryptographic technique known for its robust security and
efficiency. By applying ECC encryption to the chunks of data before storage in
the cloud, the project aims to fortify the confidentiality and integrity of the stored
information. The implementation of this approach promises to address the
pressing security concerns associated with cloud storage, offering a robust and
efficient solution for safeguarding sensitive data. By leveraging the
complementary strengths of chunking-based storage and ECC encryption, the
project endeavors to enhance data security, integrity, and resilience in cloud
computing environments. Moreover, the scalability and adaptability of this
approach make it suitable for a wide range of applications across various
industries.
iv
TABLE OF CONTENT
v
2.4.1 Advantage 17
2.4.2 Disadvantage 17
2.5 Authentication and Key Management in 17
Distributed IOT Using Blockchain
Technology
2.5.1 Advantage 18
2.5.2 Disadvantage 18
2.6 On The Design of a Flexible Delegation 18
Model For The Internet of Things Using
Blockchain
2.6.1 Advantage 19
2.6.2 Disadvantage 19
2.7 Attribute-Based Access Control For 20
AWS Internet of Things And Secure
Industries of The Future
2.7.1 Advantage 21
2.7.2 Disadvantage 21
2.8 A Secure And Reliable Device Access 21
Control Scheme For IOT Based Sensor
Cloud Systems
2.8.1 Advantage 22
2.8.2 Disadvantage 22
2.9 A Non-Interactive Attribute-Based 22
Access Control Scheme by Blockchain For
IOT
2.9.1 Advantage 23
2.9.2 Disadvantage 23
2.10 Bchealth: A Novel Blockchain-Based 23
Privacy-Preserving Architecture FOR IOT
Healthcare Applications
2.10.1 Advantage 24
vi
2.10.2 Disadvantage 24
3. SYSTEM ANALYSIS 25
3.1 Existing System 25
3.1.1 Limitations of Existing System 26
3.2 Proposed System 26
3.2.1 Advantages of Proposed System 27
3.3 System Architecture 27
3.4 Modules Used 29
3.4.1 Cloud Framework 29
3.4.2 Data Upload 30
3.4.3 Data Partition 30
3.4.4 Encryption Process 30
3.4.5 Access Request 31
3.4.6 Data Sharing 31
4. SYSTEM DESIGN 32
4.1 UML diagrams 32
4.2 Types of UML Diagram 32
4.2.1 Use Case Diagram 33
4.2.2 Class Diagram 34
4.2.3 Sequence Diagram 35
4.2.4 Collaboration Diagram 36
4.2.5 Activity Diagram 37
5. IMPLEMENTATION 38
5.1 Elliptic Curve Cryptography 39
5.2 General Procedure of ECC 39
5.3 ECC Algorithm Steps 41
5.4 System Specification 43
5.4.1 Hardware Requirements 43
5.4.2 Software Requirements 43
vii
6. CONCLUSION AND FUTURE WORK 44
6.1 Result and Discussion 44
6.2 Conclusion 45
6.3 Future Work 45
APPENDIX I 46
APPENDIX II 55
REFERENCES 60
viii
LIST OF FIGURES
ix
LIST OF ABBREVIATIONS
GF - Galois fields
x
CHAPTER 1
INTRODUCTION
1.1 CLOUD COMPUTING
Cloud computing is definitely a promising model for business computing.
It's describes important infrastructure to have an up-and coming type of service
provision which includes the benefit of reducing expense by sharing computing
and storage sources. Currently, Cloud Computing is really a huge technology that
is exceeding all of the earlier technologies of computing of this competitive and
demanding Information technology industry.
Cloud computing is consistently growing and there are many main cloud
computing providers including Amazon, Google, Microsoft, Yahoo and many
others who are offering solutions including Software-as-a-Service (SaaS),
Platform-as-a-Service (PaaS), Storage-as-a- Service and Infrastructure-as-a-
Service (IaaS). In addition, considering the possibility to substantially
minimizing expenses by optimization and also maximizing operating as well as
economic effectiveness, cloud computing is an excellent technology.
Furthermore, cloud computing can tremendously boost its cooperation, speed,
and also range, thus empowering a totally worldwide computing model on the
internet infrastructure. On top of that, the cloud computing has advantages in
delivering additional scalable, fault tolerant services.
Cloud computing handles resource management in a better way since the
user no longer needs to be responsible for identifying resources for storage. If a
user wants to store more data they request it from the cloud provider and once
they are finished they can either release the storage by simply stopping the use of
it, or move the data to a long-term lower-cost storage resource. This further allows
the user to effectively use more dynamic resources because they no longer need
to concern themselves with storage and cost that accompany new and old
resources.
1
The following cloud computing categories have been identified and defined in
the process of cloud development:
Infrastructure as Service (IaaS):
It provides virtual machines and other abstracted hardware and operating
systems which may be controlled through a service Application Programming
Interface (API). IaaS includes the entire infrastructure resource stack from the
facilities to the hardware platforms that reside in them. It incorporates the
capability to abstract resources as well as deliver physical and logical
connectivity to those resources. IaaS provides a set of APIs which allow
management and other forms of interaction with the infrastructure by consumers.
Platform as a Service (PaaS):
It allows customers to develop new applications using APIs, implemented
and operated remotely. The platforms offered include development tools,
configuration management and deployment platforms. PaaS is positioned over
IaaS and adds an additional layer of integration with application development
frameworks and functions such as database, messaging and queuing that allow
developers to build applications for the platform with programming languages
and tools are supported by the stack. Platform as a Service (PaaS): allows
customers to develop new applications using APIs, implemented and operated
remotely. The platforms offered include development tools, configuration
management and deployment platforms. PaaS is positioned over IaaS and adds
an additional layer of integration with application development frameworks and
functions such as database, messaging and queuing that allow developers to build
applications for the platform with programming languages and tools are
supported by the stack.
2
Software as a Service (SaaS):
Is software offered by a third party provider, available on demand, usually
through a Web browser, operating in a remote manner. Examples include online
word processing and spreadsheet tools, CRM services and Web content delivery
services. SaaS in turn is built upon the underlying IaaS and PaaS stacks and
provides a self-contained operating environment used to deliver the entire user
experience including the content, its presentation, the applications and
management capabilities.
Multi-Tenancy:
Need for policy-driven enforcement, segmentation, isolation, governance,
service levels and billing models for different consumer constituencies.
Consumers might utilize a public cloud provider’s service offerings or actually
be from the same organization, but would still share infrastructure.
3
• Hybrid Cloud:
The cloud infrastructure is a composition of two or more clouds (private,
community or public) that are bound together by standardized or proprietary
technology that enables portability of data and application.
Here are a few situations where cloud computing is used to enhance the ability to
achieve business goals.
4
seeking to increase the speed of development on a ready-to-use platform to
deploy applications.
2. Private cloud and hybrid cloud
Among the many incentives for using cloud, there are two situations where
organizations are looking into ways to assess some of the applications they intend
to deploy into their environment through the use of a cloud (specifically a public
cloud). While in the case of test and development it may be limited in time,
adopting a hybrid cloud approach allows for testing application workloads,
therefore providing the comfort of an environment without the initial investment
that might have been rendered useless should the workload testing fail.
Another use of hybrid cloud is also the ability to expand during periods of
limited peak usage, which is often preferable to hosting a large infrastructure that
might seldom be of use. An organization would seek to have the additional
capacity and availability of an environment when needed on a pay-as you-go
basis.
5. File storage
Cloud can offer you the possibility of storing your files and accessing,
storing and retrieving them from any web-enabled interface. The web services
interfaces are usually simple. At any time and place you have high availability,
speed, scalability and security for your environment. In this scenario,
organizations are only paying for the amount of storage they are actually
consuming, and do so without the worries of overseeing the daily maintenance of
the storage infrastructure.
There is also the possibility to store the data either on or off premises
depending on the regulatory compliance requirements. Data is stored in
virtualized pools of storage hosted by a third party based on the customer
specification requirements.
6. Disaster recovery
This is yet another benefit derived from using cloud based on the cost
effectiveness of a disaster recovery (DR) solution that provides for a faster
recovery from a mesh of different physical locations at a much lower cost that the
traditional DR site with fixed assets, rigid procedures and a much higher cost.
7. Backup
Backing up data has always been a complex and time-consuming
operation. This included maintaining a set of tapes or drives, manually collecting
them and dispatching them to a backup facility with all the inherent problems that
might happen in between the originating and the backup site. This way of
6
ensuring a backup is performed is not immune to problems such as running out
of backup media, and there is also time to load the backup devices for a restore
operation, which takes time and is prone to malfunctions and human errors.
Cloud-based backup, while not being the panacea, is certainly a far cry from what
it used to be. You can now automatically neither dispatch data to any location
across the wire with the assurance that security, availability nor are capacities
issues.
While the list of the above uses of cloud computing is not exhaustive, it
certainly give an incentive to use the cloud when comparing to more traditional
alternatives to increase IT infrastructure flexibility , as well as leverage on big
data analytics and mobile computing.
7
There is a discussion of the inherent problems with data security,
governance, and control management in cloud computing. The main concerns of
security, privacy, and trust in the current cloud computing environment are
discussed, along with how users might identify both concrete and abstract risks
associated with using it. The authors list security, privacy, and trust as the three
main areas where cloud computing could be threatened. In the current period of
long-dreamed computing as a utility vision, security is crucial. It falls into four
subcategories: safeguards against illegal insider operations and service hijacking,
monitoring or tracing of cloud servers, data confidentiality, and safety systems.
For networks using cloud computing, a data security strategy is suggested. The
writers' primary topic of discussion was cloud data storage security. Additionally,
there are a few patents pertaining to data storage security methods. Provide a
survey on critical infrastructure security using cloud computing. For RFID
technology integrated into cloud computing, which will merge cloud computing
and the Internet of Things, a security and privacy architecture has been proposed.
8
1.3.1 DATA INTEGRITY
Because the users do not trust the cloud providers and cloud storage service
providers are virtually impossible to eliminate potential insider threat, it is very
dangerous for users to store their sensitive data in cloud storage directly. Simple
encryption is faced with the key management problem and cannot support
9
complex requirements such as query, parallel modification, and fine-grained
authorization.
Data availability means the following: when accidents such as hard disk
damage, IDC fire, and network failures occur, the extent that user's data can be
used or recovered and how the users verify their data by techniques rather than
depending on the credit guarantee by the cloud service provider alone. The issue
of storing data over the transmission boarder servers is a serious concern of clients
because the cloud vendors are governed by the local laws and, therefore, the cloud
clients should be cognizant of those laws. Moreover, the cloud service provider
should ensure the data security, particularly data confidentiality and integrity. The
cloud provider should share all such concerns with the client and build trust
relationship in this connection. The cloud vendor should provide guarantees of
data safety and explain jurisdiction of local laws to the clients. The main focus of
the paper is on those data issues and challenges which are associated with data
storage location and its relocation, cost, availability, and security.
10
1.4 APPLICABILITY OF CLOUD COMPUTING
Cloud computing has become an integral part of modern IT infrastructure,
offering a wide range of applications and benefits for individuals, businesses, and
organizations.
Cloud storage services such as Amazon S3, Google Cloud Storage, and
Microsoft Azure Storage provide scalable and cost-effective solutions for storing
and backing up data. Users can access their files from anywhere with an internet
connection.
Cloud platforms offer powerful tools for data processing and analytics.
Services like Amazon Redshift, Google BigQuery, and Azure Data Lake
Analytics enable organizations to analyze large datasets, derive insights, and
make data-driven decisions.
11
Internet of Things (IoT):
12
CHAPTER 2
LITERATURE SURVEY
2.1 TITLE: MULTI-AUTHORITY CP-ABE-BASED USER ACCESS
CONTROL SCHEME WITH CONSTANT-SIZE KEY AND
CIPHERTEXT FOR IOT DEPLOYMENT
AUTHORS: BANERJEE
Present a secure fine-grained user access control scheme for data usage in
the IoT environment. The proposed scheme is a three-factor user access control
scheme, which supports multi-authority ABE and it is highly scalable as both the
ABE key size stored in the user’s smart card and ciphertext size needed for
authentication request are constant with respect to the number of attributes. Under
this IoT architecture, multiple smart devices together form a smart environment
in which the devices are connected to the internet through the gateway node(s).
The registered users can access the services of the designated smart devices
through the gateway node(s) after the authentication process is completed. It is
worth noting that a user may have attributes defined under multiple smart
environments at the same time. In order to provide fine-grained access control in
the described architecture, it is needed to define how a user is eligible to access
different smart devices. As discussed previously, a natural solution to deal with
this problem is the use of CP-ABE. We envision an attribute authority associated
with each gateway node, and the access policy P of a smart device can be defined
during its enrollment process. a user can have different roles defined by attribute
authorities from different smart networks. This demands that a set of attributes,
and consequently, the access policies need to be defined globally.
13
2.1.1 ADVANTAGE
2.1.2 DISADVANTAGE
AUTHORS: DAMMAK
14
SKDC manages user groups, which provides scalability for our DLGKM-AC.
Furthermore, DLGKM-AC introduces a new key management mechanism that
allows reducing the rekeying dependence of users in the same group. DLGKM-
AC is a scalable and flexible access management protocol that is based on the
GKM mechanism.
2.2.1 ADVANTAGE
2.2.2 DISADVANTAGE
AUTHORS: SHAHZAD
15
to each user. CSP is providing services for storage and partial decryption via
subentities storage service provider (SSP) and decryption service provider (DSP),
respectively. The SSP stores the encrypted health-related data for each registered
patient and serves as a repository for all the uploaded data. DSP performs partial
decryption service to the interested MDU’s without knowing the actual data
contents. In proposed threat model, take the CSP honest-but-curious, adapted by
most of the ABKS schemes, which means they will honestly run the algorithm
and infer privacy information based on the available data.
2.3.1 ADVANTAGE
2.3.2 DISADVANTAGE
16
the correctness of the calculation results. Additionally, we use the blockchain to
realize accountability for malicious behaviors. Particularly, our scheme can
maintain the fairness of accountability, that is, each semi-trusted entity is included
in the scope of accountability. The combination of CP-ABE and (t, n) secret
sharing scheme enables data access control based on distributed authority. The
computational workloads of ends user devices are outsourced to edge nodes in
EB which makes our scheme suitable for data sharing between IoT devices with
limited computing capability.
2.4.1 ADVANTAGE
2.4.2 DISADVANTAGE
AUTHORS: SOUMYASHREE S
Propose a scheme for secure and efficient key generation and management
for mutual authentication between communication entities. The proposed scheme
uses a one-way hash chain technique to provide a set of public and private key
pairs to the IoT devices that allow the key pairs to verify themselves at any time.
The architecture consists of three layers namely Device, Fog, and Cloud layers.
The Device layer consists of the smart devices used in various IoT use-cases, for
example, different wearable medical devices to sense, monitor and observe
patient’s health status from a remote location. Since the devices are resource
constrained by nature, the Fog layer was added to improve the performance and
reduce the computation time and overhead of the devices. The Fog layer contains
17
a number of access managing nodes (AMNs) with standard computational and
storage capabilities to manage the devices of the Device layer. Devices belonging
to similar use-cases are grouped together into domains, where each domain is
managed by an AMN. AMNs also act as miners to pack the transactions of the
devices occurred within a certain time interval into a new block. Next, the Fog
layer is connected to the Cloud layer via high speed network connectivity. The
Cloud layer manages multiple Blockchains; each from the AMN network of the
Fog layer. For this, a number of nodes, known as manager nodes (MN) possessing
immense computing capabilities are introduced in the Cloud layer to handle the
constrained resources constrained and highly scalable IoT use-cases.
Communications within the same network is handled by the AMNs of the
network while inter network transactions are handled by the MNs of the Cloud
layer.
2.5.1 ADVANTAGE
• The number of devices increases, then it should not affect the time required
for authentication and key management.
2.5.2 DISADVANTAGE
AUTHORS: SHANTANU
18
control, data transparency and auditability. It is tamper-proof where data cannot
be manipulated by a malicious actor. To the best of our knowledge, our proposal
is the first one to use capability-based access for the delegation of access rights
in IoT using blockchain without relying upon concrete identity. In a blockchain
network, an event is a special form of transaction that is generated and linked to
a smart contract. The fact that each event is inherently comes from a given smart
contract is crucial in implementing an efficient verification of the delegation. An
event inherits all the important security properties of a blockchain transaction e.g.
ownership (i.e. it is owned by the smart contract which generates it), immutability
(i.e. the deeper the block containing the event is in the blockchain, the harder it is
to alter) and shared (i.e. it is automatically accessible to all parties involved in the
blockchain network). The ownership and immutability alone ensure that events
are also unforgeable and secure. In fact, an event generated by a smart contract
will be securely attached to that contract. If the address (public key) of a delegatee
is recorded inside of that event and since that event is immutable, then only the
delegatee can use that event by proving that he or she owns that public key.
2.6.1 ADVANTAGE
• It allows each user in the network to confirm the identity of the source of
an entry in the ledger.
2.6.2 DISADVANTAGE
19
2.7 TITLE: ATTRIBUTE-BASED ACCESS CONTROL FOR AWS
INTERNET OF THINGS AND SECURE INDUSTRIES OF THE
FUTURE
20
for each type of refinery devices that allow or deny specified actions on specific
devices and sending notifications to the relevant group of employees.
2.7.1 ADVANTAGE
2.7.2 DISADVANTAGE
AUTHORS: CHAUDHRY
21
have capabilities to expose the private key of the CA. The security of the proposed
scheme is proved using formal and informal methods.
2.8.1 ADVANTAGE
2.8.2 DISADVANTAGE
22
data to a cloud server. If a user wants to access the data, the data user first writes
attributes to blockchain as a transaction. Next, the PSI protocol is run by a smart
contract to determine whether the attributes set meets the threshold structure. If
the condition is met, the data user is allowed to access the data holder’s data.
2.9.1 ADVANTAGE
• Proposed scheme able to protect both the privacy of access policy and the
privacy of attributes while ensuring trusted access control.
2.9.2 DISADVANTAGE
• The data holder cannot obtain any other useful information about the
protocol.
23
increase the BC network throughput and improve the scalability of the network.
Here, instead of considering a Cluster Head (CH) for each cluster, we introduce
a hierarchical structure. Here allocate the first two bytes of the data packets to the
cluster number associated with that data. Upon receiving a data packet, each
cluster member will be able to identify the cluster that this data belongs to.
2.10.1 ADVANTAGE
2.10.2 DISADVANTAGE
24
CHAPTER 3
SYSTEM ANALYSIS
25
3.1.1 LIMITATIONS OF EXISTING SYSTEM
• Attackers can still get user’s data if they control the cloud storage
management node.
• They cannot resist internal attacks or prevent the CSP from selling user’s
data to earn illegal profit.
• The private data will be decoded once malicious attackers get access files
on cloud.
26
sensitive information remains protected against unauthorized access or breaches.
Access to the encrypted data is restricted to authorized users who possess the
corresponding private key for decryption. Authentication mechanisms, such as
user authentication and access control policies, are implemented to ensure that
only authenticated users can access the data stored in the cloud. By combining
chunking data with ECC encryption and implementing robust security measures,
organizations can enhance data confidentiality, integrity, and availability while
mitigating the risks associated with storing sensitive information in the cloud.
• The use of ECC encryption ensures the confidentiality of data stored in the
cloud.
27
Fig 3.1 System Architecture
In Fig 3.1 shows Chunking data with Elliptic Curve Cryptography (ECC)
encryption for storage in the cloud can provide a robust and secure approach to
safeguarding data. Chunking helps in efficient storage and retrieval of data,
especially for large files. Generate ECC key pairs for encryption and decryption.
Encrypt each chunk of data using the public key generated through ECC
encryption. This ensures that only the holder of the corresponding private key can
decrypt the data. Store the encrypted data chunks in the cloud storage provider's
infrastructure. It provides robust security measures in place to protect against
unauthorized access.
28
3.4 MODULES USED
MODULE DESCRIPTION
29
3.4.2 DATA UPLOAD
The Data Upload module facilitates the seamless transfer of data from local
storage to the cloud. Users interact with this module to select and upload files or
datasets. It employs various data transfer protocols to ensure efficient and reliable
transmission. Error handling mechanisms are implemented to address any issues
that may arise during the upload process, guaranteeing the integrity of the
transferred data. The Data Upload Module is responsible for securely transferring
data chunks from the local environment to the cloud storage provider's
infrastructure. Before uploading data, owner should register on cloud and get
approval for accessing application. Server provides approval for registered users
to access application. After getting approval, owner can upload data on server.
The Data Partition module is responsible for breaking down large files into
smaller, manageable chunks or partitions. It determines the optimal chunk size
based on factors such as storage capacity and retrieval efficiency. This module
divides files into partitions and assigns metadata to each partition for tracking and
management purposes, ensuring efficient storage and retrieval of data in the cloud
environment. It defines the chunking strategy based on factors such as file size,
storage limitations, and network bandwidth. The module ensures optimal chunk
sizes to balance storage efficiency with retrieval performance. It also provides
mechanisms for reassembling chunks during data retrieval.
30
key can access the encrypted data. The module ensures that each chunk is
encrypted using the public key, guaranteeing confidentiality and privacy. This
module securely manages encryption keys to prevent unauthorized access and
breaches, enhancing the confidentiality of stored data. It also handles key
management tasks such as key generation, and secure key storage to prevent
unauthorized access to sensitive information.
31
CHAPTER 4
SYSTEM DESIGN
32
4.2.1 USE CASE DIAGRAM
System
Register
Login
Upload Data
Data Partition
Data Owner
Data User
Data Encryption
Access Request
Key Sharing
33
4.2.2 CLASS DIAGRAM
Data User
+Register Details
+File Details
+Register()
+Login()
+Search Data()
+Access Request()
+Get Secret Key()
+Data Access()
34
4.2.3 SEQUENCE DIAGRAM
1 : Register()
2 : Approval()
3 : Register()
4 : Approval()
5 : Login()
6 : Upload Data()
7 : Data Partitioning()
8 : ECC Encryption()
10 : Provide Approval()
11 : Key sharing()
12 : Key Verification()
35
4.2.4 COLLABORATION DIAGRAM
36
4.2.5 ACTIVITY DIAGRAM
Enrolment
Data Upload
Data Partition
Data Encryption
Access Request
Key Sharing
37
CHAPTER 5
IMPLEMENTATION
38
5.1 ELLIPTIC CURVE CRYPTOGRAPHY
39
o Private Key = an integer, x, selected from the interval [1, p-1]
o Public Key = product, Q, of private key and base point
(Q = x*B)
Encryption
1. Define a Curve.
2. Generate public private Key pair using that curve, for both sender and
receiver.
Decryption
The sender will both share the curve with receiver or sender and
receiver will have the equal use for the equal curve form. Also, sender will share
its public key with receiver.
1. Generate public personal Key pair using the same curve for that curve
for receiver.
2. Regenerate a shared secret key utilizing private key of receiver and
public key of sender.
3. From that shared secret key, generate an encryption key.
4. Utilizing that encryption key and symmetric encryption algorithm,
decrypt the information.
40
5.3 ECC ALGORITHM STEPS
Assume that those who are going through this article will have a
basic understanding of cryptography (terms like encryption and decryption).
Consider ‘m’ has the point ‘M’ on the curve ‘E’. Randomly select ‘k’ from [1 –
(n-1)].
42
5.2 SYSTEM SPECIFICATION
– RAM : 2GB
– IDE : PyCharm
43
CHAPTER 6
44
6.2 CONCLUSION
45
APPENDIX I
SOURCE CODE
from flask import Flask, render_template, request, redirect, url_for, session,
send_file
import mysql.connector
from ecies.utils import generate_key
from ecies import encrypt, decrypt
import os
import base64, os
app = Flask(__name__)
app.secret_key = 'a'
@app.route('/')
def home():
return render_template('index.html')
@app.route('/ServerLogin')
def ServerLogin():
return render_template('ServerLogin.html')
@app.route('/OwnerLogin')
def OwnerLogin():
return render_template('OwnerLogin.html')
@app.route('/UserLogin')
def UserLogin():
return render_template('UserLogin.html')
@app.route('/NewOwner')
def NewOwner():
return render_template('NewOwner.html')
@app.route('/NewUser')
def NewUser():
return render_template('NewUser.html')
46
@app.route('/TrapdoorLogin')
def TrapdoorLogin():
return render_template('TrapdoorLogin.html')
@app.route("/tlogin", methods=['GET', 'POST'])
def tlogin():
error = None
if request.method == 'POST':
if request.form['uname'] == 'admin' and request.form['password'] ==
'admin':
conn=mysql.connector.connect(user='root', password='', host='localhost',
database='5sharedatadbpy')
cur = conn.cursor()
cur.execute("SELECT * FROM ownertb ")
data = cur.fetchall()
return render_template('THome.html', data=data)
else:
alert = 'Username or Password is wrong'
return render_template('goback.html', data=alert)
@app.route("/THome")
def THome():
conn = mysql.connector.connect(user='root', password='', host='localhost',
database='5sharedatadbpy')
cur = conn.cursor()
cur.execute("SELECT * FROM ownertb")
data = cur.fetchall()
return render_template('THome.html', data=data)
@app.route("/FileInfo")
def FileInfo():
47
conn = mysql.connector.connect(user='root', password='', host='localhost',
database='5sharedatadbpy')
cur = conn.cursor()
cur.execute("SELECT * FROM filetb")
data = cur.fetchall()
return render_template('FileInfo.html', data=data)
@app.route("/TUserRequest")
def TUserRequest():
conn = mysql.connector.connect(user='root', password='', host='localhost',
database='5sharedatadbpy')
cur = conn.cursor()
cur.execute("SELECT * FROM userfiletb where status='waiting' ")
data = cur.fetchall()
conn = mysql.connector.connect(user='root', password='', host='localhost',
database='5sharedatadbpy')
cur = conn.cursor()
cur.execute("SELECT * FROM userfiletb where status !='Accept' ")
data1 = cur.fetchall()
return render_template('TUserRequest.html', data=data, data1=data1)
@app.route("/TApproved")
def TApproved():
rid = request.args.get('rid')
fid = request.args.get('fid')
session["fid"] = fid
session["rid"] = rid
conn = mysql.connector.connect(user='root', password='', host='localhost',
database='5sharedatadbpy')
cursor = conn.cursor()
48
cursor.execute("Update userfiletb set Status='ApprovedTrapdoor' where id='"
+ rid + "' ")
conn.commit()
conn.close()
return TUserRequest()
@app.route("/serverlogin", methods=['GET', 'POST'])
def adminlogin():
error = None
if request.method == 'POST':
if request.form['uname'] == 'server' and request.form['password'] == 'server':
conn = mysql.connector.connect(user='root', password='', host='localhost',
database='5sharedatadbpy')
cur = conn.cursor()
cur.execute("SELECT * FROM ownertb where status='waiting'")
data = cur.fetchall()
conn = mysql.connector.connect(user='root', password='',
host='localhost', database='5sharedatadbpy')
cur = conn.cursor()
cur.execute("SELECT * FROM ownertb where status='Active'")
data1 = cur.fetchall()
return render_template('ServerHome.html', data=data, data1=data1)
else:
alert = 'Username or Password is wrong'
return render_template('goback.html', data=alert)
@app.route("/ServerHome")
def ServerHome():
conn = mysql.connector.connect(user='root', password='', host='localhost',
database='5sharedatadbpy')
cur = conn.cursor()
49
cur.execute("SELECT * FROM ownertb where status='waiting'")
data = cur.fetchall()
conn = mysql.connector.connect(user='root', password='', host='localhost',
database='5sharedatadbpy')
cur = conn.cursor()
cur.execute("SELECT * FROM ownertb where status='Active'")
data1 = cur.fetchall()
return render_template('ServerHome.html', data=data, data1=data1)
@app.route("/UserApproved")
def UserApproved():
conn = mysql.connector.connect(user='root', password='', host='localhost',
database='5sharedatadbpy')
cur = conn.cursor()
cur.execute("SELECT * FROM regtb where status='waiting'")
data = cur.fetchall()
conn = mysql.connector.connect(user='root', password='', host='localhost',
database='5sharedatadbpy')
cur = conn.cursor()
cur.execute("SELECT * FROM regtb where status='Active'")
data1 = cur.fetchall()
return render_template('UserApproved.html', data=data, data1=data1)
@app.route("/Approved")
def Approved():
id = request.args.get('lid')
email = request.args.get('email')
import random
loginkey = random.randint(1111, 9999)
message = "Owner Login Key :" + str(loginkey)
sendmsg(email, message)
50
conn = mysql.connector.connect(user='root', password='', host='localhost',
database='5sharedatadbpy')
cursor = conn.cursor()
cursor.execute("Update ownertb set Status='Active',LoginKey='" +
str(loginkey) + "' where id='" + id + "' ")
conn.commit()
conn.close()
conn = mysql.connector.connect(user='root', password='', host='localhost',
database='5sharedatadbpy')
cur = conn.cursor()
cur.execute("SELECT * FROM ownertb where status='waiting'")
data = cur.fetchall()
conn = mysql.connector.connect(user='root', password='', host='localhost',
database='5sharedatadbpy')
cur = conn.cursor()
cur.execute("SELECT * FROM ownertb where status='Active'")
data1 = cur.fetchall()
return render_template('ServerHome.html', data=data, data1=data1)
@app.route("/Approved1")
def Approved1():
id = request.args.get('lid')
email = request.args.get('email')
import random
loginkey = random.randint(1111, 9999)
message = "User Login Key :" + str(loginkey)
sendmsg(email, message)
conn = mysql.connector.connect(user='root', password='', host='localhost',
database='5sharedatadbpy')
cursor = conn.cursor()
51
cursor.execute("Update regtb set Status='Active',LoginKey='" + str(loginkey)
+ "' where id='" + id + "' ")
conn.commit()
conn.close()
conn = mysql.connector.connect(user='root', password='', host='localhost',
database='5sharedatadbpy')
cur = conn.cursor()
cur.execute("SELECT * FROM regtb where status='waiting'")
data = cur.fetchall()
52
else:
return 'Incorrect username / password !'
if sear == prkey:
privhex = prkey
filepath = "./static/Encrypt/" + fname
head, tail = os.path.split(filepath)
newfilepath1 = './static/Encrypt/' + str(tail)
newfilepath2 = './static/Decrypt/' + str(tail)
data = 0
with open(newfilepath1, "rb") as File:
data = base64.b64decode(File.read())
print(data)
decrypted_secp = decrypt(privhex, data)
print("\nDecrypted:", decrypted_secp)
with open(newfilepath2, "wb") as DFile:
DFile.write(base64.b64decode(decrypted_secp))
return send_file(newfilepath2, as_attachment=True)
else:
return 'key Inorrect..!'
def sendmsg(Mailid, message):
import smtplib
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from email.mime.base import MIMEBase
from email import encoders
fromaddr = "[email protected]"
toaddr = Mailid
# instance of MIMEMultipart
msg = MIMEMultipart()
53
# storing the senders email address
msg['From'] = fromaddr
# storing the receivers email address
msg['To'] = toaddr
# storing the subject
msg['Subject'] = "Alert"
# string to store the body of the mail
body = message
# attach the body with the msg instance
msg.attach(MIMEText(body, 'plain'))
# creates SMTP session
s = smtplib.SMTP('smtp.gmail.com', 587)
# start TLS for security
s.starttls()
# Authentication
s.login(fromaddr, "qmgn xecl bkqv musr")
# Converts the Multipart msg into a string
text = msg.as_string()
# sending the mail
s.sendmail(fromaddr, toaddr, text)
# terminating the session
s.quit()
if __name__ == '__main__':
# app.run(host='0.0.0.0',debug = True, port = 5000)
app.run(debug=True, use_reloader=True)
54
APPENDIX II
SCREENSHOTS
1. HOME PAGE
55
3. USER APPROVAL IN SERVER PAGE
56
5. USER AND OWNER LOGIN KEY GENERATION
6. FILE UPLOAD
57
7. SEARCH FILE IN USER LOGIN
8. OWNER APPROVAL
58
9. DECRYPTED KEY GENERATION FOR FILE RETRIVAL
59
REFERENCES
[1] Bhatt, Smriti, Thanh Kim Pham, Maanak Gupta, James Benson, Jaehong
Park, and Ravi Sandhu. "Attribute-based access control for AWS internet of
things and secure industries of the future." IEEE Access 9 (2021): 107200-
107223.
[2] Chaudhry, Shehzad Ashraf, Khalid Yahya, Fadi Al-Turjman, and Ming-
Hour Yang. "A secure and reliable device access control scheme for IoT based
sensor cloud systems." IEEE Access 8 (2020): 139244-139254.
[3] Yang, Qiliang, Mingrui Zhang, Yanwei Zhou, Tao Wang, Zhe Xia, and Bo
Yang. "A non-interactive attribute-based access control scheme by blockchain for
IoT." Electronics 10, no. 15 (2021): 1855.
[5] Banerjee, Soumya, Sandip Roy, Vanga Odelu, Ashok Kumar Das, Samiran
Chattopadhyay, Joel JPC Rodrigues, and Youngho Park. "Multi-authority CP-
ABE-based user access control scheme with constant-size key and ciphertext for
IoT deployment." Journal of Information Security and Applications 53 (2020):
102503.
60
[7] Pal, Shantanu, Tahiry Rabehaja, Michael Hitchens, Vijay Varadharajan,
and Ambrose Hill. "On the design of a flexible delegation model for the Internet
of Things using blockchain." IEEE Transactions on Industrial Informatics 16, no.
5 (2019): 3521-3530.
[9] Yang, Wenti, Zhitao Guan, Longfei Wu, Xiaojiang Du, and Mohsen
Guizani. "Secure data access control with fair accountability in smart grid data
sharing: An edge blockchain approach." IEEE Internet of Things Journal 8, no.
10 (2020): 8632-8643.
[10] Khan, Shahzad, Waseem Iqbal, Abdul Waheed, Gulzar Mehmood, Shawal
Khan, Mahdi Zareei, and Rajesh Roshan Biswal. "An efficient and secure
revocation-enabled attribute-based access control for eHealth in smart
society." Sensors 22, no. 1 (2022): 336.
61