FILE ENCRYPTION WITH CHUNKING SYSTEM

A PROJECT REPORT

Submitted by

C. PRAVEEN KUMAR (912420104024)

C. SANJAY (912420104029)
B. BRAMEASWARAN (912420104301)

in partial fulfilment for the award of the degree

of

BACHELOR OF ENGINEERING

IN

COMPUTER SCIENCE AND ENGINEERING

SHANMUGANATHAN ENGINEERING COLLEGE

ARASAMPATTI - 622507

ANNA UNIVERSITY :: CHENNAI 600 025

MAY 2024
FILE ENCRYPTION WITH CHUNKING SYSTEM

A PROJECT REPORT

Submitted by

C. PRAVEEN KUMAR (912420104024)

C. SANJAY (912420104029)
B. BRAMEASWARAN (912420104301)

in partial fulfilment for the award of the degree

of

BACHELOR OF ENGINEERING

IN

COMPUTER SCIENCE AND ENGINEERING

SHANMUGANATHAN ENGINEERING COLLEGE

ARASAMPATTI - 622507

ANNA UNIVERSITY :: CHENNAI 600 025

MAY 2024

i
 ANNA UNIVERSITY :: CHENNAI 600 025

BONAFIDE CERTIFICATE

Certified that this project report “FILE ENCRYPTION WITH CHUNKING

SYSTEM” is the bonafide work of “C. PRAVEEN KUMAR (912420104024),
C. SANJAY (912420104029), B. BRAMEASWARAN (912420104301)” who
carried out the project work under my supervision.

SUPERVISOR HEAD OF THE DEPARTMENT

Mr. R. Rajapandian M.E.,
Assistant Professor,
Department of Computer
Science and Engineering,
Shanmuganathan Engineering
College,
Arasampatti-622507.
Dr. S. Saravanakumar,
Professor,
Department of Computer
Science and Engineering,
Shanmuganathan Engineering
College,
Arasampatti-622507.

Submitted for the viva voce to be held on _____________

INTERNAL EXAMINER EXTERNAL EXAMINER

ii
 ACKNOWLEDGEMENT

"HARD WORK NEVER FAILS" So we thank god for having gracefully

blessed us to come up till now and thereby giving strength and courage to
complete the project successfully. We sincerely submit this project to the
almighty lotus feet.
We wish to acknowledge with thanks to the significant contribution given
by the management of our college chairman "KALLVI VALLAL
Mrs.Pichappa valliammai”, Correspondent Dr.P.Manikandan, and Secretary
Mr.Vishvanathan, Shanmuganathan Engineering College, Arasampatti, for their
extensive support.
We convey our indebted humble thanks to our energetic Principal
Dr.KL.Muthuramu M.E., (W.R), M.E.(S.E),M.I.S.T.E., F.I.E., Ph.D., for his
moral support to complete this project.
We are grateful to our Head of the Department Dr.S.Saravanakumar, for
his valuable guidelines during the courses of the project.
Gratitude will never fail towards our dynamic and effective internal guide
Mr.G.Sasireka M.E., for her unending helps that have been provided to us
throughout the project and during code debugging.
We wish to acknowledge the department project coordinator
Mr.R.Rajapandian M.E., for his valuable, innovative suggestion, constructive
instruction, constant encouragement, during project proceedings.
We also convey our humble thanks to all the staff members of the CSE
Department who had provide their contribution to steer our project towards the
successful completion.
Finally, we thank our family members who have spent their wealth for our
studies and have motivated us to complete this project successfully.

iii
 ABSTRACT
Cloud computing provides high performance, accessibility and low cost for
data storing and sharing, provides a better consumption of resources. However,
security concerns develop the main constraint as we now outsource the storage of
data, which is possibly sensitive, to cloud providers. To preserve data privacy, a
mutual approach is to encrypt data files before the clients upload the encrypted
data into the cloud. Cloud storage services can help clients reduce their monetary
and maintenance overhead of data managements. Data confidentiality becomes
the main concern in outsourcing client data to cloud storages. The advent of cloud
computing has revolutionized the landscape of data storage, access, and
management, offering unparalleled convenience and scalability. Here proposing
an innovative approach that combines chunking-based storage with Elliptic Curve
Cryptography (ECC) encryption. The proposed methodology entails breaking
down large datasets into smaller, more manageable chunks, thereby facilitating
efficient storage and transmission. Each chunk is then individually encrypted
using ECC, a cryptographic technique known for its robust security and
efficiency. By applying ECC encryption to the chunks of data before storage in
the cloud, the project aims to fortify the confidentiality and integrity of the stored
information. The implementation of this approach promises to address the
pressing security concerns associated with cloud storage, offering a robust and
efficient solution for safeguarding sensitive data. By leveraging the
complementary strengths of chunking-based storage and ECC encryption, the
project endeavors to enhance data security, integrity, and resilience in cloud
computing environments. Moreover, the scalability and adaptability of this
approach make it suitable for a wide range of applications across various
industries.

iv
 TABLE OF CONTENT

CHAPTER NO TITLE PAGE NO

ABSTRACT IV
LIST OF FIGURES IX
LIST OF ABBERVATION X
1. INTRODUCTION 1
1.1 Cloud Computing 1
1.2 Application of Cloud Computing 4
1.3 Cloud Security 7
1.4 Applicability of Cloud Computing 11
2. LITERATURE SURVEY 13
2.1 Multi-Authority Cp-Abe-Based User 13
Access Control Scheme With Constant-Size
Key And Ciphertext For IOT deployment
2.1.1 Advantage 14
2.1.2 Disadvantage 14
2.2 Decentralized Lightweight Group Key 14
Management for Dynamic Access Control
in IOT Environments
2.2.1 Advantage 15
2.2.2 Disadvantage 15
2.3 An Efficient And Secure Revocation- 15
Enabled Attribute-Based Access Control
For E-Health In Smart Society
2.3.1 Advantage 16
2.3.2 Disadvantage 16
2.4 Secure Data Access Control With Fair 16
Accountability In Smart Grid Data sharing:
An Edge Blockchain Approach

v
 2.4.1 Advantage 17
2.4.2 Disadvantage 17
2.5 Authentication and Key Management in 17
Distributed IOT Using Blockchain
Technology
2.5.1 Advantage 18
2.5.2 Disadvantage 18
2.6 On The Design of a Flexible Delegation 18
Model For The Internet of Things Using
Blockchain
2.6.1 Advantage 19
2.6.2 Disadvantage 19
2.7 Attribute-Based Access Control For 20
AWS Internet of Things And Secure
Industries of The Future
2.7.1 Advantage 21
2.7.2 Disadvantage 21
2.8 A Secure And Reliable Device Access 21
Control Scheme For IOT Based Sensor
Cloud Systems
2.8.1 Advantage 22
2.8.2 Disadvantage 22
2.9 A Non-Interactive Attribute-Based 22
Access Control Scheme by Blockchain For
IOT
2.9.1 Advantage 23
2.9.2 Disadvantage 23
2.10 Bchealth: A Novel Blockchain-Based 23
Privacy-Preserving Architecture FOR IOT
Healthcare Applications
2.10.1 Advantage 24

vi
 2.10.2 Disadvantage 24
3. SYSTEM ANALYSIS 25
3.1 Existing System 25
3.1.1 Limitations of Existing System 26
3.2 Proposed System 26
3.2.1 Advantages of Proposed System 27
3.3 System Architecture 27
3.4 Modules Used 29
3.4.1 Cloud Framework 29
3.4.2 Data Upload 30
3.4.3 Data Partition 30
3.4.4 Encryption Process 30
3.4.5 Access Request 31
3.4.6 Data Sharing 31
4. SYSTEM DESIGN 32
4.1 UML diagrams 32
4.2 Types of UML Diagram 32
4.2.1 Use Case Diagram 33
4.2.2 Class Diagram 34
4.2.3 Sequence Diagram 35
4.2.4 Collaboration Diagram 36
4.2.5 Activity Diagram 37
5. IMPLEMENTATION 38
5.1 Elliptic Curve Cryptography 39
5.2 General Procedure of ECC 39
5.3 ECC Algorithm Steps 41
5.4 System Specification 43
5.4.1 Hardware Requirements 43
5.4.2 Software Requirements 43

vii
6. CONCLUSION AND FUTURE WORK 44
6.1 Result and Discussion 44
6.2 Conclusion 45
6.3 Future Work 45
APPENDIX I 46
APPENDIX II 55
REFERENCES 60

viii
 LIST OF FIGURES

FIG NO FIGURE NAME PAGE NO

1.1 Types of Cloud Computing 4

1.2 Cloud security model 8

3.1 System Architecture 28

4.1 Use case Diagram 33

4.2 Class Diagram 34

4.3 Sequence Diagram 35

4.4 Collaboration Diagram 36

4.5 Activity Diagram 37

ix
 LIST OF ABBREVIATIONS

IOT - Internet of Things

AWS - Amazon Web Service

ECC - Elliptic Curve Cryptography

SAAS - Software as a Service

PAAS - Platform as a Service

IAAS - Infrastructure as a Service

GF - Galois fields

UML - Unified Modelling Language

API - Application Programming Interface

CDN - Content Delivery Network

DBMS - Database Management System

x
 CHAPTER 1
INTRODUCTION
1.1 CLOUD COMPUTING
Cloud computing is definitely a promising model for business computing.
It's describes important infrastructure to have an up-and coming type of service
provision which includes the benefit of reducing expense by sharing computing
and storage sources. Currently, Cloud Computing is really a huge technology that
is exceeding all of the earlier technologies of computing of this competitive and
demanding Information technology industry.
Cloud computing is consistently growing and there are many main cloud
computing providers including Amazon, Google, Microsoft, Yahoo and many
others who are offering solutions including Software-as-a-Service (SaaS),
Platform-as-a-Service (PaaS), Storage-as-a- Service and Infrastructure-as-a-
Service (IaaS). In addition, considering the possibility to substantially
minimizing expenses by optimization and also maximizing operating as well as
economic effectiveness, cloud computing is an excellent technology.
Furthermore, cloud computing can tremendously boost its cooperation, speed,
and also range, thus empowering a totally worldwide computing model on the
internet infrastructure. On top of that, the cloud computing has advantages in
delivering additional scalable, fault tolerant services.
Cloud computing handles resource management in a better way since the
user no longer needs to be responsible for identifying resources for storage. If a
user wants to store more data they request it from the cloud provider and once
they are finished they can either release the storage by simply stopping the use of
it, or move the data to a long-term lower-cost storage resource. This further allows
the user to effectively use more dynamic resources because they no longer need
to concern themselves with storage and cost that accompany new and old
resources.

1
The following cloud computing categories have been identified and defined in
the process of cloud development:
Infrastructure as Service (IaaS):
It provides virtual machines and other abstracted hardware and operating
systems which may be controlled through a service Application Programming
Interface (API). IaaS includes the entire infrastructure resource stack from the
facilities to the hardware platforms that reside in them. It incorporates the
capability to abstract resources as well as deliver physical and logical
connectivity to those resources. IaaS provides a set of APIs which allow
management and other forms of interaction with the infrastructure by consumers.
Platform as a Service (PaaS):
It allows customers to develop new applications using APIs, implemented
and operated remotely. The platforms offered include development tools,
configuration management and deployment platforms. PaaS is positioned over
IaaS and adds an additional layer of integration with application development
frameworks and functions such as database, messaging and queuing that allow
developers to build applications for the platform with programming languages
and tools are supported by the stack. Platform as a Service (PaaS): allows
customers to develop new applications using APIs, implemented and operated
remotely. The platforms offered include development tools, configuration
management and deployment platforms. PaaS is positioned over IaaS and adds
an additional layer of integration with application development frameworks and
functions such as database, messaging and queuing that allow developers to build
applications for the platform with programming languages and tools are
supported by the stack.

2
Software as a Service (SaaS):
Is software offered by a third party provider, available on demand, usually
through a Web browser, operating in a remote manner. Examples include online
word processing and spreadsheet tools, CRM services and Web content delivery
services. SaaS in turn is built upon the underlying IaaS and PaaS stacks and
provides a self-contained operating environment used to deliver the entire user
experience including the content, its presentation, the applications and
management capabilities.
Multi-Tenancy:
Need for policy-driven enforcement, segmentation, isolation, governance,
service levels and billing models for different consumer constituencies.
Consumers might utilize a public cloud provider’s service offerings or actually
be from the same organization, but would still share infrastructure.

The cloud services can be implemented in four deployment models:

• Public Cloud:
The cloud infrastructure is made available to the general public or large
industry group and is owned by an organization selling cloud services.
• Private Cloud:
The cloud infrastructure is operated entirely for a single organization. It
may be managed by the organization or a third party, and may exist on-premises
or off-premises.
• Community Cloud:
The cloud infrastructure is shared by several organizations and supports a
specific community. It may be managed by the organizations or a third party, and
may exist on-premises or off-premises.

3
• Hybrid Cloud:
The cloud infrastructure is a composition of two or more clouds (private,
community or public) that are bound together by standardized or proprietary
technology that enables portability of data and application.

1.1 Types of Cloud Computing

1.2 APPLICATIONS OF CLOUD COMPUTING

Here are a few situations where cloud computing is used to enhance the ability to
achieve business goals.

1. Infrastructure as a service (IaaS) and platform as a service (PaaS)

When it comes to IaaS, using an existing infrastructure on a pay-per-use
scheme seems to be an obvious choice for companies saving on the cost of
investing to acquire, manage and maintain an IT infrastructure. There are also
instances where organizations turn to PaaS for the same reasons while also

4
seeking to increase the speed of development on a ready-to-use platform to
deploy applications.
2. Private cloud and hybrid cloud
Among the many incentives for using cloud, there are two situations where
organizations are looking into ways to assess some of the applications they intend
to deploy into their environment through the use of a cloud (specifically a public
cloud). While in the case of test and development it may be limited in time,
adopting a hybrid cloud approach allows for testing application workloads,
therefore providing the comfort of an environment without the initial investment
that might have been rendered useless should the workload testing fail.
Another use of hybrid cloud is also the ability to expand during periods of
limited peak usage, which is often preferable to hosting a large infrastructure that
might seldom be of use. An organization would seek to have the additional
capacity and availability of an environment when needed on a pay-as you-go
basis.

3. Test and development

Probably the best scenario for the use of a cloud is a test and development
environment. This entails securing a budget, setting up your environment through
physical assets, significant manpower and time. Then comes the installation and
configuration of your platform. All this can often extend the time it takes for a
project to be completed and stretch your milestones.
With cloud computing, there are now readily available environments
tailored for your needs at your fingertips. This often combines, but is not limited
to, automated provisioning of physical and virtualized resources.

4. Big data analytics

One of the aspects offered by leveraging cloud computing is the ability to
tap into vast quantities of both structured and unstructured data to harness the
benefit of extracting business value.
5
 Retailers and suppliers are now extracting information derived from
consumers’ buying patterns to target their advertising and marketing campaigns
to a particular segment of the population. Social networking platforms are now
providing the basis for analytics on behavioral patterns that organizations are
using to derive meaningful information.

5. File storage
Cloud can offer you the possibility of storing your files and accessing,
storing and retrieving them from any web-enabled interface. The web services
interfaces are usually simple. At any time and place you have high availability,
speed, scalability and security for your environment. In this scenario,
organizations are only paying for the amount of storage they are actually
consuming, and do so without the worries of overseeing the daily maintenance of
the storage infrastructure.
There is also the possibility to store the data either on or off premises
depending on the regulatory compliance requirements. Data is stored in
virtualized pools of storage hosted by a third party based on the customer
specification requirements.

6. Disaster recovery
This is yet another benefit derived from using cloud based on the cost
effectiveness of a disaster recovery (DR) solution that provides for a faster
recovery from a mesh of different physical locations at a much lower cost that the
traditional DR site with fixed assets, rigid procedures and a much higher cost.

7. Backup
Backing up data has always been a complex and time-consuming
operation. This included maintaining a set of tapes or drives, manually collecting
them and dispatching them to a backup facility with all the inherent problems that
might happen in between the originating and the backup site. This way of

6
ensuring a backup is performed is not immune to problems such as running out
of backup media, and there is also time to load the backup devices for a restore
operation, which takes time and is prone to malfunctions and human errors.
Cloud-based backup, while not being the panacea, is certainly a far cry from what
it used to be. You can now automatically neither dispatch data to any location
across the wire with the assurance that security, availability nor are capacities
issues.
While the list of the above uses of cloud computing is not exhaustive, it
certainly give an incentive to use the cloud when comparing to more traditional
alternatives to increase IT infrastructure flexibility , as well as leverage on big
data analytics and mobile computing.

1.3 CLOUD SECURITY

There are several definitions of security.

• Confidentiality: The avoidance of unauthorized information disclosure

• Integrity: The avoidance of unauthorized information modification or
deletion.
• Availability : The avoidance of unauthorized information withholding
makes up security.

Resource security, resource management, and resource monitoring are the

main problems with cloud computing. As of right now, cloud application
deployment is not governed by any standard rules or regulations, and cloud
standardization control is lacking. Many innovative methods have been
developed and deployed in the cloud; nonetheless, because of the characteristics
of the cloud environment, these methods are unable to guarantee complete
security.

7
 There is a discussion of the inherent problems with data security,
governance, and control management in cloud computing. The main concerns of
security, privacy, and trust in the current cloud computing environment are
discussed, along with how users might identify both concrete and abstract risks
associated with using it. The authors list security, privacy, and trust as the three
main areas where cloud computing could be threatened. In the current period of
long-dreamed computing as a utility vision, security is crucial. It falls into four
subcategories: safeguards against illegal insider operations and service hijacking,
monitoring or tracing of cloud servers, data confidentiality, and safety systems.
For networks using cloud computing, a data security strategy is suggested. The
writers' primary topic of discussion was cloud data storage security. Additionally,
there are a few patents pertaining to data storage security methods. Provide a
survey on critical infrastructure security using cloud computing. For RFID
technology integrated into cloud computing, which will merge cloud computing
and the Internet of Things, a security and privacy architecture has been proposed.

Fig 1.2 Cloud security model

8
1.3.1 DATA INTEGRITY

Data integrity is one of the most critical elements in any information

system. Generally, data integrity means protecting data from unauthorized
deletion, modification, or fabrication. Managing entity's admittance and rights to
specific enterprise resources ensures that valuable data and services are not
abused, misappropriated, or stolen.

Data integrity is easily achieved in a standalone system with a single

database. Data integrity in the standalone system is maintained via database
constraints and transactions, which is usually finished by a database management
system (DBMS). Transactions should follow ACID (atomicity, consistency,
isolation, and durability) properties to ensure data integrity. Most databases
support ACID transactions and can preserve data integrity.

Authorization is used to control the access of data. It is the mechanism by

which a system determines what level of access a particular authenticated user
should have to secure resources controlled by the system.

1.3.2 DATA CONFIDENTIALITY

Data confidentiality is important for users to store their private or

confidential data in the cloud. Authentication and access control strategies are
used to ensure data confidentiality. The data confidentiality, authentication, and
access control issues in cloud computing could be addressed by increasing the
cloud reliability and trustworthiness.

Because the users do not trust the cloud providers and cloud storage service
providers are virtually impossible to eliminate potential insider threat, it is very
dangerous for users to store their sensitive data in cloud storage directly. Simple
encryption is faced with the key management problem and cannot support

9
complex requirements such as query, parallel modification, and fine-grained
authorization.

1.3.3 DATA AVAILABILITY

Data availability means the following: when accidents such as hard disk
damage, IDC fire, and network failures occur, the extent that user's data can be
used or recovered and how the users verify their data by techniques rather than
depending on the credit guarantee by the cloud service provider alone. The issue
of storing data over the transmission boarder servers is a serious concern of clients
because the cloud vendors are governed by the local laws and, therefore, the cloud
clients should be cognizant of those laws. Moreover, the cloud service provider
should ensure the data security, particularly data confidentiality and integrity. The
cloud provider should share all such concerns with the client and build trust
relationship in this connection. The cloud vendor should provide guarantees of
data safety and explain jurisdiction of local laws to the clients. The main focus of
the paper is on those data issues and challenges which are associated with data
storage location and its relocation, cost, availability, and security.

1.3.4 DATA PRIVACY

Privacy is the ability of an individual or group to seclude them or

information about themselves and thereby reveal them selectively. Privacy has
the following elements. In the cloud, the privacy means when users visit the
sensitive data, the cloud services can prevent potential adversary from inferring
the user's behavior by the user's visit model (not direct data leakage). Researchers
have focused on Oblivious RAM (ORAM) technology. ORAM technology visits
several copies of data to hide the real visiting aims of users.

10
1.4 APPLICABILITY OF CLOUD COMPUTING
Cloud computing has become an integral part of modern IT infrastructure,
offering a wide range of applications and benefits for individuals, businesses, and
organizations.

Data Storage and Backup:

Cloud storage services such as Amazon S3, Google Cloud Storage, and
Microsoft Azure Storage provide scalable and cost-effective solutions for storing
and backing up data. Users can access their files from anywhere with an internet
connection.

Data Processing and Analytics:

Cloud platforms offer powerful tools for data processing and analytics.
Services like Amazon Redshift, Google BigQuery, and Azure Data Lake
Analytics enable organizations to analyze large datasets, derive insights, and
make data-driven decisions.

Development and Testing Environments:

Cloud computing provides on-demand access to development and testing

environments. Developers can provision resources quickly, test applications in
various scenarios, and scale resources as needed, optimizing the software
development life cycle.

Content Delivery and Media Streaming:

Content delivery networks (CDNs) leverage cloud infrastructure to

distribute content globally, ensuring faster and more reliable access to websites,
videos, and other digital assets. Services like Amazon CloudFront and Akamai
enhance the user experience.

11
Internet of Things (IoT):

Cloud platforms facilitate the storage, processing, and analysis of data

generated by IoT devices. By utilizing platforms like AWS IoT, Azure IoT, and
Google Cloud IoT, organizations can derive meaningful insights from the vast
amounts of data produced by connected devices.

Machine Learning and Artificial Intelligence:

Cloud providers offer machine learning and AI services, such as AWS

SageMaker, Azure Machine Learning, and Google Cloud AI, enabling
organizations to build, train, and deploy machine learning models without the
need for extensive expertise in these domains.

12
 CHAPTER 2
LITERATURE SURVEY
2.1 TITLE: MULTI-AUTHORITY CP-ABE-BASED USER ACCESS
CONTROL SCHEME WITH CONSTANT-SIZE KEY AND
CIPHERTEXT FOR IOT DEPLOYMENT

AUTHORS: BANERJEE

Present a secure fine-grained user access control scheme for data usage in
the IoT environment. The proposed scheme is a three-factor user access control
scheme, which supports multi-authority ABE and it is highly scalable as both the
ABE key size stored in the user’s smart card and ciphertext size needed for
authentication request are constant with respect to the number of attributes. Under
this IoT architecture, multiple smart devices together form a smart environment
in which the devices are connected to the internet through the gateway node(s).
The registered users can access the services of the designated smart devices
through the gateway node(s) after the authentication process is completed. It is
worth noting that a user may have attributes defined under multiple smart
environments at the same time. In order to provide fine-grained access control in
the described architecture, it is needed to define how a user is eligible to access
different smart devices. As discussed previously, a natural solution to deal with
this problem is the use of CP-ABE. We envision an attribute authority associated
with each gateway node, and the access policy P of a smart device can be defined
during its enrollment process. a user can have different roles defined by attribute
authorities from different smart networks. This demands that a set of attributes,
and consequently, the access policies need to be defined globally.

13
2.1.1 ADVANTAGE

• The proposed scheme required less computation cost for resource-limited

smart devices

2.1.2 DISADVANTAGE

• Increased number of messages contributing to network congestion.

2.2 TITLE: DECENTRALIZED LIGHTWEIGHT GROUP KEY

MANAGEMENT FOR DYNAMIC ACCESS CONTROL IN IOT
ENVIRONMENTS

AUTHORS: DAMMAK

Introduce a novel Decentralized Lightweight Group Key Management

architecture for Access Control in the IoT environment (DLGKM-AC). Based on
a hierarchical architecture, composed of one Key Distribution Center (KDC) and
several Sub Key Distribution Centers (SKDCs), the proposed scheme enhances
the management of subscribers’ groups and alleviates the rekeying overhead on
the KDC. Moreover, a new master token management protocol for managing keys
dissemination across a group of subscribers is introduced. This protocol reduces
storage, computation, and communication overheads during join/leave events.
The proposed approach accommodates a scalable IoT architecture, which
mitigates the single point of failure by reducing the load caused by rekeying at
the core network. A hierarchical scheme comprising a central Key Distribution
Center (KDC) and several Sub Key Distribution Centers (SKDCs) to manage
groups of subscribers and to mitigate the single point of failure issue is
introduced. Key management tasks in DLGKM-AC are offloaded to several
SKDCs, which allow enhancing the system’s performances in terms of
computation and communication by reducing the overhead caused by
membership changes (join/leave). The KDC manages device groups, while each

14
SKDC manages user groups, which provides scalability for our DLGKM-AC.
Furthermore, DLGKM-AC introduces a new key management mechanism that
allows reducing the rekeying dependence of users in the same group. DLGKM-
AC is a scalable and flexible access management protocol that is based on the
GKM mechanism.

2.2.1 ADVANTAGE

• It guarantees secure group communication by preventing collusion attacks

and ensuring backward/forward secrecy.

2.2.2 DISADVANTAGE

• It still causes little more communication overhead.

2.3 TITLE: AN EFFICIENT AND SECURE REVOCATION-

ENABLED ATTRIBUTE-BASED ACCESS CONTROL FOR
EHEALTH IN SMART SOCIETY

AUTHORS: SHAHZAD

Present an efficient and secure ABE architecture with outsourcing intense

encryption and decryption operations in this work. For practical realization, our
scheme uses elliptic curve scalar point multiplication as the underlying
technology of ABE instead of costly pairing operations. In addition, it provides
support for attribute/users revocation and verifiability of outsourced medical data.
Using the selective-set security model, the proposed scheme is secure under the
elliptic curve decisional Diffie–Hellman (ECDDH) assumption. The MAA acts
as a key generation center (KGC) and the only fully trusted entity in the system
model. KGC is responsible for the registration of all system users. Through the
initialization phase, it produces public parameters (PARAMS), a system master
key (SMK), and secret key components (SK) against a set of attributes Su specific

15
to each user. CSP is providing services for storage and partial decryption via
subentities storage service provider (SSP) and decryption service provider (DSP),
respectively. The SSP stores the encrypted health-related data for each registered
patient and serves as a repository for all the uploaded data. DSP performs partial
decryption service to the interested MDU’s without knowing the actual data
contents. In proposed threat model, take the CSP honest-but-curious, adapted by
most of the ABKS schemes, which means they will honestly run the algorithm
and infer privacy information based on the available data.

2.3.1 ADVANTAGE

• Improve overall efficiency in terms of storage, computation, and

communication.

2.3.2 DISADVANTAGE

• The proposed method is not recommended for healthcare medical

applications.

2.4 TITLE: SECURE DATA ACCESS CONTROL WITH FAIR

ACCOUNTABILITY IN SMART GRID DATA SHARING: AN EDGE
BLOCKCHAIN APPROACH

AUTHORS: ZHITAO GUAN

Propose an edge blockchain empowered secure data access control scheme

with fair accountability for the smart grid. The computation workloads of end
user devices are outsourced to the edge nodes in a consortium blockchain system.
Here adopt an on-chain/off-chain approach to ensure the flexible data sharing.
Here propose to outsource the computing tasks to the consortium blockchain in
the form of smart contracts by combining edge computing and blockchain. Edge
nodes as endorsers are responsible for the execution of smart contracts to ensure

16
the correctness of the calculation results. Additionally, we use the blockchain to
realize accountability for malicious behaviors. Particularly, our scheme can
maintain the fairness of accountability, that is, each semi-trusted entity is included
in the scope of accountability. The combination of CP-ABE and (t, n) secret
sharing scheme enables data access control based on distributed authority. The
computational workloads of ends user devices are outsourced to edge nodes in
EB which makes our scheme suitable for data sharing between IoT devices with
limited computing capability.

2.4.1 ADVANTAGE

• Proposed scheme is practical and efficient.

2.4.2 DISADVANTAGE

• The consistency of the shared data is difficult to guarantee.

2.5 TITLE: AUTHENTICATION AND KEY MANAGEMENT IN

DISTRIBUTED IOT USING BLOCKCHAIN TECHNOLOGY

AUTHORS: SOUMYASHREE S

Propose a scheme for secure and efficient key generation and management
for mutual authentication between communication entities. The proposed scheme
uses a one-way hash chain technique to provide a set of public and private key
pairs to the IoT devices that allow the key pairs to verify themselves at any time.
The architecture consists of three layers namely Device, Fog, and Cloud layers.
The Device layer consists of the smart devices used in various IoT use-cases, for
example, different wearable medical devices to sense, monitor and observe
patient’s health status from a remote location. Since the devices are resource
constrained by nature, the Fog layer was added to improve the performance and
reduce the computation time and overhead of the devices. The Fog layer contains

17
a number of access managing nodes (AMNs) with standard computational and
storage capabilities to manage the devices of the Device layer. Devices belonging
to similar use-cases are grouped together into domains, where each domain is
managed by an AMN. AMNs also act as miners to pack the transactions of the
devices occurred within a certain time interval into a new block. Next, the Fog
layer is connected to the Cloud layer via high speed network connectivity. The
Cloud layer manages multiple Blockchains; each from the AMN network of the
Fog layer. For this, a number of nodes, known as manager nodes (MN) possessing
immense computing capabilities are introduced in the Cloud layer to handle the
constrained resources constrained and highly scalable IoT use-cases.
Communications within the same network is handled by the AMNs of the
network while inter network transactions are handled by the MNs of the Cloud
layer.

2.5.1 ADVANTAGE

• The number of devices increases, then it should not affect the time required
for authentication and key management.

2.5.2 DISADVANTAGE

• The high cost of making a transaction in Blockchain network, discourages

launching a system.]

2.6 TITLE: ON THE DESIGN OF A FLEXIBLE DELEGATION

MODEL FOR THE INTERNET OF THINGS USING BLOCKCHAIN

AUTHORS: SHANTANU

Propose an identity-less, asynchronous and decentralized delegation model

for the IoT based on blockchain technology. Blockchain has been seen to play a
major role in managing, controlling and securing IoT devices with a decentralized

18
control, data transparency and auditability. It is tamper-proof where data cannot
be manipulated by a malicious actor. To the best of our knowledge, our proposal
is the first one to use capability-based access for the delegation of access rights
in IoT using blockchain without relying upon concrete identity. In a blockchain
network, an event is a special form of transaction that is generated and linked to
a smart contract. The fact that each event is inherently comes from a given smart
contract is crucial in implementing an efficient verification of the delegation. An
event inherits all the important security properties of a blockchain transaction e.g.
ownership (i.e. it is owned by the smart contract which generates it), immutability
(i.e. the deeper the block containing the event is in the blockchain, the harder it is
to alter) and shared (i.e. it is automatically accessible to all parties involved in the
blockchain network). The ownership and immutability alone ensure that events
are also unforgeable and secure. In fact, an event generated by a smart contract
will be securely attached to that contract. If the address (public key) of a delegatee
is recorded inside of that event and since that event is immutable, then only the
delegatee can use that event by proving that he or she owns that public key.

2.6.1 ADVANTAGE

• It allows each user in the network to confirm the identity of the source of
an entry in the ledger.

2.6.2 DISADVANTAGE

• Identity-less property limits the power of revocation as accesses are not

attached to identities anymore.

19
2.7 TITLE: ATTRIBUTE-BASED ACCESS CONTROL FOR AWS
INTERNET OF THINGS AND SECURE INDUSTRIES OF THE
FUTURE

AUTHORS: THANH KIM PHAM

Develop a formal attribute-based access control (ABAC) model for AWS

IoT by building upon and extending previously developed access control model
for AWS IoT, known as AWS-IoTAC model. This novel ABAC model support
the specification of fine grained security policies using attributes of various
entities, such as IoT devices, virtual objects, and topics. In addition to the new
access control components, our proposed ABAC model uses components of
AWS-IoTAC and the current cloud Identity and Access Management (IAM)
entities. For each physical device, we create virtual Things in AWS IoT and these
things have shadows associated with them. There can be more than one shadow
for each thing in AWS IoT. However, for this use case, we consider one shadow
for each thing. For each physical device, their corresponding virtual IoT thing,
and their shadows, we define attributes based on the characteristics of these
entities. These attributes and their values are utilized in the ABAC authorization
policies. Once the registration is complete, these devices connect to the AWS
Greengrass which holds a copy of physical devices’ shadows. These are edge
virtual objects. All the data from the devices is stored at the edge on the AWS
Greengrass service which allows local computation. The data is synced with the
cloud periodically when the Internet connection is available and/or when
user/administrator syncs data manually. The attribute-based authorization
policies restrict access to services and operations in the oil refinery, such as
sending and receiving messages, sending notifications to specific entities. There
are single or multi-level policies needed for securing these entities and operations.
For enabling fine-grained access in the smart oil refinery, here define policy rules

20
for each type of refinery devices that allow or deny specified actions on specific
devices and sending notifications to the relevant group of employees.

2.7.1 ADVANTAGE

• An ABAC model based on AWS IoT will be valuable for similar

development in other platforms.

2.7.2 DISADVANTAGE

• There are limited numbers of attributes that can be defined.

2.8 TITLE: A SECURE AND RELIABLE DEVICE ACCESS

CONTROL SCHEME FOR IOT BASED SENSOR CLOUD
SYSTEMS

AUTHORS: CHAUDHRY

Proposed a certificate based improved lightweight access control and key

agreement scheme for IoT devices (iLACKA-IoT) to ensure smooth and secure
access control and claimed LACKA-IoT to withstand the several attacks. The
proposed scheme is free of any pairing based expensive operations and provides
required security level and performance. The A has control over insecure channel
being used among the participants for data exchange and A can eavesdrop, delete,
replay or alter any data during transmission. A can also forge and transmit a
message to any device pretending itself as another device of the system. A can
expose the parameters stored on a physically captured device using power
analysis. A can be an insider (a curious device) or an external entity. The public
system parameters including public keys and identities of all the system entities
(certificate authority and communicating devices) are accessible to insiders and
outsiders. The private key of the certificate authority (CA) is safe and A does not

21
have capabilities to expose the private key of the CA. The security of the proposed
scheme is proved using formal and informal methods.

2.8.1 ADVANTAGE

• It provides attack resilience and extends the important known security

features.

2.8.2 DISADVANTAGE

• Access control procedure with communication cost is slight higher than

existing schemes.

2.9 TITLE: A NON-INTERACTIVE ATTRIBUTE-BASED ACCESS

CONTROL SCHEME BY BLOCKCHAIN FOR IOT

AUTHORS: MINGRUI ZHANG

Develop a non-interactive, attribute-based access control scheme that

applies blockchain technology in IoT scenarios by using PSI technology. In
addition, the attributes of data user and data holder are hidden, which protects the
privacy of both parties’ attributes and access policy. In proposed work, the data
holder stores the data resources in the cloud server. When a user wants to access
the data resources, the user first sends their own attribute set confidentially to the
blockchain as a transaction. Subsequently, the smart contract of the blockchain
will run the private set intersection (PSI) protocol to automatically determine
whether the attribute set meets the access structure of the data holder. When the
element number of the intersection achieves the threshold set by the data holder,
the user is given access to the data holder’s cloud data. In our scheme, instead of
interacting with data users to verify that a data user is qualified, the data holder
deploys their own access policy on the blockchain, and a smart contract
automatically determines whether a user is qualified or not. A data holder uploads

22
data to a cloud server. If a user wants to access the data, the data user first writes
attributes to blockchain as a transaction. Next, the PSI protocol is run by a smart
contract to determine whether the attributes set meets the threshold structure. If
the condition is met, the data user is allowed to access the data holder’s data.

2.9.1 ADVANTAGE

• Proposed scheme able to protect both the privacy of access policy and the
privacy of attributes while ensuring trusted access control.

2.9.2 DISADVANTAGE

• The data holder cannot obtain any other useful information about the
protocol.

2.10 TITLE: BCHEALTH: A NOVEL BLOCKCHAIN-BASED

PRIVACY-PRESERVING ARCHITECTURE FOR IOT
HEALTHCARE APPLICATIONS

AUTHORS: KOOSHA MOHAMMAD

Propose an architecture (so called BCHealth) that enables data owners to

define their desired access policies over their privacy-sensitive healthcare data.
BCHealth is composed of two separate chains for storing access policies and data
transactions. BCHealth introduces the usage of two different chains, namely, data
chain and access control (policy) chain. Data chain stores patient’s healthcare
data and access control chain stores the patient’s defined access policies in a
private BC. It preserves the confidentiality of the data by storing the hash of
patient’s data as transactions in the data chain. At the same time, to control access
over data, patients store their desired access policy in another chain. This ensures
that the data owner’s access policies will remain unaltered, and access to patient’s
data will be controlled as expected. BCHealth uses a new clustering approach to

23
increase the BC network throughput and improve the scalability of the network.
Here, instead of considering a Cluster Head (CH) for each cluster, we introduce
a hierarchical structure. Here allocate the first two bytes of the data packets to the
cluster number associated with that data. Upon receiving a data packet, each
cluster member will be able to identify the cluster that this data belongs to.

2.10.1 ADVANTAGE

• It provides significant improvement in terms of network delay and cost.

2.10.2 DISADVANTAGE

• Decreasing the number of miners in each cluster increases the risk of

malicious activities

24
 CHAPTER 3

SYSTEM ANALYSIS

3.1 EXISTING SYSTEM

In the existing system, secure cloud storage is implemented by dividing

files into smaller segments or chunks, which are then distributed across different
nodes within the cloud infrastructure. This approach helps in enhancing data
availability and resilience against hardware failures or node outages. However,
while this distributed storage model provides some level of security through data
dispersion, it may not adequately address all aspects of data security, particularly
data privacy and integrity. When a user requests data from the cloud server, the
user typically sends a password or authentication token to the server for
identification and access authorization. However, there is a risk that the password
or token may be intercepted by malicious actors during transmission, potentially
compromising the security of the system. To mitigate this risk, the existing
system employs an asymmetric response mode for authentication. In asymmetric
encryption, two distinct keys are used: a public key for encryption and a private
key for decryption. In the response mode, the server generates a unique challenge
or token using its private key and sends it to the user. The user then encrypts this
challenge using their public key and sends it back to the server for verification.
Since the challenge is encrypted with the user's public key, only the
corresponding private key held by the user can decrypt it, ensuring that the
authentication process is secure even if the communication channel is
compromised. While the existing system provides some level of security through
the use of distributed storage and asymmetric response mode authentication, it
may still have limitations in ensuring comprehensive data privacy, integrity, and
availability.

25
3.1.1 LIMITATIONS OF EXISTING SYSTEM
• Attackers can still get user’s data if they control the cloud storage
management node.

• They cannot resist internal attacks or prevent the CSP from selling user’s
data to earn illegal profit.

• The private data will be decoded once malicious attackers get access files
on cloud.

3.2 PROPOSED SYSTEM

The proposed system aims to leverage the combined strengths of chunking
data with Elliptic Curve Cryptography (ECC) encryption for secure storage of
data in cloud environments. This system offers a robust and efficient approach to
safeguarding data confidentiality and integrity while ensuring seamless access
and retrieval. Large files are segmented into smaller, manageable chunks. This
chunking process enhances the efficiency of data storage and retrieval,
particularly in cloud environments where scalability and resource optimization
are crucial factors. The system utilizes ECC encryption, a powerful cryptographic
technique known for its strong security properties and computational efficiency.
ECC key pairs, consisting of a public key for encryption and a corresponding
private key for decryption, are generated using ECC algorithms. Each chunk of
data is encrypted using the public key generated through ECC encryption. This
encryption process ensures that the data remains secure during storage and
transmission in the cloud environment. Even if unauthorized access occurs, the
encrypted data remains unintelligible without the corresponding private key. The
encrypted data chunks are stored within the infrastructure of the chosen cloud
storage provider. Cloud providers typically offer robust security measures to
safeguard data, including encryption at rest, access controls, and monitoring
systems. Storing encrypted data adds an extra layer of security, ensuring that

26
sensitive information remains protected against unauthorized access or breaches.
Access to the encrypted data is restricted to authorized users who possess the
corresponding private key for decryption. Authentication mechanisms, such as
user authentication and access control policies, are implemented to ensure that
only authenticated users can access the data stored in the cloud. By combining
chunking data with ECC encryption and implementing robust security measures,
organizations can enhance data confidentiality, integrity, and availability while
mitigating the risks associated with storing sensitive information in the cloud.

3.2.1 ADVANTAGES OF PROPOSED SYSTEM

• It provides strong security with shorter key lengths.

• The use of ECC encryption ensures the confidentiality of data stored in the
cloud.

• Manageable chunks reduce overhead and optimize storage space.

• The data remains protected and unintelligible without the corresponding

decryption keys.

3.3 SYSTEM ARCHITECTURE

System architecture involves the high level structure of software system

abstraction, by using decomposition and composition, with architectural style
and quality attributes. A software architecture design must conform to the major
functionality and performance requirements of the system, as well as satisfy the
non-functional requirements such as reliability, scalability, portability, and
availability. Software architecture must describe its group of components, their
connections, interactions among them and deployment configuration of all
components.

27
 Fig 3.1 System Architecture

In Fig 3.1 shows Chunking data with Elliptic Curve Cryptography (ECC)
encryption for storage in the cloud can provide a robust and secure approach to
safeguarding data. Chunking helps in efficient storage and retrieval of data,
especially for large files. Generate ECC key pairs for encryption and decryption.
Encrypt each chunk of data using the public key generated through ECC
encryption. This ensures that only the holder of the corresponding private key can
decrypt the data. Store the encrypted data chunks in the cloud storage provider's
infrastructure. It provides robust security measures in place to protect against
unauthorized access.

28
3.4 MODULES USED

3.4.1 CLOUD FRAMEWORK

3.4.2 DATA UPLOAD

3.4.3 DATA PARTITION

3.4.4 ENCRYPTION PROCESS

3.4.5 ACCESS REQUEST

3.4.6 DATA SHARING

MODULE DESCRIPTION

3.4.1 CLOUD FRAMEWORK

The Cloud Framework module serves as the backbone of the system,

providing the infrastructure and services necessary for cloud storage. It involves
selecting a suitable cloud service provider, configuring storage resources, and
setting up security features. This module handles the provisioning of storage
space, establishment of authentication mechanisms, and implementation of
monitoring and logging functionalities to ensure the security and reliability of the
cloud storage environment. This module serves as the interface between the
application and the chosen cloud storage provider's infrastructure. It handles tasks
such as configuring cloud storage settings, managing storage buckets or
containers, and handling responses from the cloud service. It abstracts away the
complexities of cloud storage integration, providing a seamless experience for
uploading, retrieving, and managing data.

29
3.4.2 DATA UPLOAD

The Data Upload module facilitates the seamless transfer of data from local
storage to the cloud. Users interact with this module to select and upload files or
datasets. It employs various data transfer protocols to ensure efficient and reliable
transmission. Error handling mechanisms are implemented to address any issues
that may arise during the upload process, guaranteeing the integrity of the
transferred data. The Data Upload Module is responsible for securely transferring
data chunks from the local environment to the cloud storage provider's
infrastructure. Before uploading data, owner should register on cloud and get
approval for accessing application. Server provides approval for registered users
to access application. After getting approval, owner can upload data on server.

3.4.3 DATA PARTITION

The Data Partition module is responsible for breaking down large files into
smaller, manageable chunks or partitions. It determines the optimal chunk size
based on factors such as storage capacity and retrieval efficiency. This module
divides files into partitions and assigns metadata to each partition for tracking and
management purposes, ensuring efficient storage and retrieval of data in the cloud
environment. It defines the chunking strategy based on factors such as file size,
storage limitations, and network bandwidth. The module ensures optimal chunk
sizes to balance storage efficiency with retrieval performance. It also provides
mechanisms for reassembling chunks during data retrieval.

3.4.4 ENCRYPTION PROCESS

The Encryption Process module safeguards data privacy and security by

encrypting data partitions using strong cryptographic techniques such as Elliptic
Curve Cryptography (ECC). It generates ECC key pairs for encryption and
decryption, ensuring that only authorized users with the corresponding private

30
key can access the encrypted data. The module ensures that each chunk is
encrypted using the public key, guaranteeing confidentiality and privacy. This
module securely manages encryption keys to prevent unauthorized access and
breaches, enhancing the confidentiality of stored data. It also handles key
management tasks such as key generation, and secure key storage to prevent
unauthorized access to sensitive information.

3.4.5 ACCESS REQUEST

The Access Request Module facilitates access to encrypted data stored in

the cloud by authorized users. It manages user authentication and authorization
processes for accessing encrypted data stored in the cloud. In this module user
should register before accessing application. Registered users can make search
process and send data access request. The module verifies user credentials, checks
permissions against access policies, and facilitates the exchange of encryption
keys securely. Users submit access requests to retrieve specific data, and this
module verifies their credentials and permissions before granting access. It
employs robust authentication mechanisms such as username/password or multi-
factor authentication to ensure the security of data access and prevent
unauthorized usage.

3.4.6 DATA SHARING

The Data Sharing module enables authorized users to securely share

encrypted data with others. It allows users to define sharing permissions and
generate secure access links or tokens for shared data. This module ensures
controlled access to shared data while maintaining data confidentiality and
integrity. It provides sharing permissions, and distributing decryption keys
securely to intended recipients. User can access data using shared key.

31
 CHAPTER 4

SYSTEM DESIGN

4.1 UML DIAGRAMS

A Unified Modelling Language (UML) diagram provides a visual

representation of an aspect of a system. UML diagrams illustrate the quantifiable
aspects of a system that can be described visually, such as relationships,
behaviour, structure, and functionality. For example, a class diagram describes
the structure of the system or the details of an implementation, while a sequence
diagram shows the interaction between objects over time. In a UML diagram, the
diagram elements visually represent the classifiers in a system or application.
These classifiers are the diagrammatic representation of a source element. UML
diagrams provide views of source elements; however, diagram elements do not
have semantic value. UML diagrams can help system architects and developers
understand, collaborate on, and develop an application.

4.2 TYPES OF UML DIAGRAM

4.2.1 Use Case Diagram

4.2.2 Class Diagram

4.2.3 Sequence Diagram

4.2.4 Collaboration Diagram

4.2.5 Activity Diagram

32
4.2.1 USE CASE DIAGRAM

A use case is a list of steps, typically defining interactions between a role

(known in Unified Modelling Language (UML) as an "actor") and a system, to
achieve a goal. The actor can be a human, an external system, or time. In systems
engineering, use cases are used at a higher level than within software engineering,
often representing missions or stakeholder goals.

System

Register

Login

Upload Data

Data Partition
Data Owner
Data User

Data Encryption

Access Request

Key Sharing

Secure Data Access

Fig: 4.1 Use case Diagram

33
4.2.2 CLASS DIAGRAM

The class diagram is a static diagram. It represents the static view of an

application. Class diagram is not only used for visualizing, describing and
documenting different aspects of a system but also for constructing executable
code of the software application. The class diagram describes the attributes and
operations of a class and also the constraints imposed on the system. The class
diagrams are widely used in the modelling of object oriented systems because
they are the only UML diagrams which can be mapped directly with object
oriented languages.

Data Owner Server

+Register Details +User details
+File Details +File Details

+Register() +View Files()

+Login() +File Partitioning()
+Upload Files() +File Encryption()
+Access Permission() +Secret Key Storage()

Data User
+Register Details
+File Details
+Register()
+Login()
+Search Data()
+Access Request()
+Get Secret Key()
+Data Access()

Fig 4.2 Class Diagram

34
4.2.3 SEQUENCE DIAGRAM

A Sequence diagram is an interaction diagram that shows how processes

operate with one another and in what order. It is a construct of a Message
Sequence Chart. A sequence diagram shows object interactions arranged in time
sequence. Sequence diagram is sometimes called event trace diagrams, event
scenarios, and timing diagrams. A sequence diagram shows, as parallel vertical
lines, different processes that live simultaneously and horizontal arrows. The
messages exchanged between them.

Data Owner Server Data User

1 : Register()

2 : Approval()
3 : Register()
4 : Approval()

5 : Login()

6 : Upload Data()

7 : Data Partitioning()

8 : ECC Encryption()

9 : Data Search and Request()

10 : Provide Approval()

11 : Key sharing()

12 : Key Verification()

13 : Data Merge and Retrieval()

Fig 4.3 Sequence Diagram

35
4.2.4 COLLABORATION DIAGRAM

A collaboration diagram resembles a flowchart that portrays the roles,

functionality and behavior of individual objects as well as the overall operation
of the system in real time. Objects are shown as rectangles with naming labels
inside. These labels are preceded by colons and may be underlined. The
relationships between the objects are shown as lines connecting the rectangles.
The messages between objects are shown as arrows connecting the relevant
rectangles along with labels that define the message sequencing.

Fig 4.4 Collaboration Diagram

36
4.2.5 ACTIVITY DIAGRAM

Activity diagrams are graphical representations of workflows of stepwise

activities and action with support for choice, iteration and concurrency. In
the Unified Modeling Language, activity diagrams are intended to model both
computational and organizational processes Activity diagrams show the overall
flow of control.

Cloud Storage Framework

Enrolment

Data Upload

Data Partition

Data Encryption

Access Request

Key Sharing

Data Merge & Retrieval

Fig: 4.5 Activity Diagram

37
 CHAPTER 5

IMPLEMENTATION

In the proposed system, the Cloud Framework module serves as the

foundational infrastructure for the cloud storage solution, encompassing the
selection of a suitable cloud service provider, configuration of storage resources,
and implementation of security features such as access controls and encryption.
The Data Upload module facilitates secure and efficient transfer of data from
users' local devices to the cloud storage environment, utilizing encrypted data
transfer protocols to ensure confidentiality and integrity. Within the Data
Partition module, sophisticated algorithms are employed to segment large files
into smaller, manageable chunks, optimizing storage efficiency and retrieval
performance. The Encryption Process module enhances data security by
encrypting each data partition using strong cryptographic techniques such as
Elliptic Curve Cryptography (ECC), with secure key management ensuring the
confidentiality of encryption keys. The Access Request module manages user
authentication and authorization processes, enforcing access control policies to
ensure that only authorized users can access encrypted data stored in the cloud.
Finally, the Data Sharing module enables secure sharing of encrypted data among
authorized users, offering granular control over sharing permissions and access
tokens to facilitate collaboration while maintaining data confidentiality and
integrity. Together, these modules provide a comprehensive and robust solution
for secure data storage in the cloud, addressing key security concerns such as data
privacy, integrity, and availability.

38
5.1 ELLIPTIC CURVE CRYPTOGRAPHY

Elliptical curve cryptography (ECC) is a public key encryption technique

based on elliptic curve theory that can be used to create faster, smaller, and more
efficient cryptographic keys. ECC generates keys through the properties of the
elliptic curve equation instead of the traditional method of generation as the
product of very large prime numbers. The technology can be used in conjunction
with most public key encryption methods, such as RSA, and Diffie-Hellman.
According to some researchers, ECC can yield a level of security with a 164-bit
key that other systems require a 1,024-bit key to achieve. Because ECC helps to
establish equivalent security with lower computing power and battery resource
usage, it is becoming widely used for mobile applications. Elliptic curves are an
algebraic structure and their use for cryptography. They feature properties which
allow the setup of a problem similar to the well-known discrete logarithm
problem of finite fields – also known as Galois fields (GF). ECC includes key
agreement, encryption, and digital signature algorithms. The key distribution
algorithm is used to share a secret key, the encryption algorithm enables
confidential communication, and the digital signature algorithm is used to
authenticate the signer and validate the integrity of the message:

5.2 GENERAL PROCEDURE OF ECC

• Both parties agree to some publicly-known data items
• The elliptic curve equation
• Values of a and b
• Prime, p
• The elliptic group computed from the elliptic curve equation
• A base point, B, taken from the elliptic group
• Similar to the generator used in current cryptosystems
• Each user generates their public/private key pair

39
 o Private Key = an integer, x, selected from the interval [1, p-1]
o Public Key = product, Q, of private key and base point
(Q = x*B)
Encryption
1. Define a Curve.

2. Generate public private Key pair using that curve, for both sender and
receiver.

3. Generate a Shared secret key from the key pair.

4. From that shared secret key, generate an encryption key.

5. Using that encryption key and asymmetric encryption algorithm, encrypt

the data to send.

Decryption
The sender will both share the curve with receiver or sender and
receiver will have the equal use for the equal curve form. Also, sender will share
its public key with receiver.

1. Generate public personal Key pair using the same curve for that curve
for receiver.
2. Regenerate a shared secret key utilizing private key of receiver and
public key of sender.
3. From that shared secret key, generate an encryption key.
4. Utilizing that encryption key and symmetric encryption algorithm,
decrypt the information.

40
5.3 ECC ALGORITHM STEPS

Assume that those who are going through this article will have a
basic understanding of cryptography (terms like encryption and decryption).

The equation of an elliptic curve is given as,

Few terms that will be used,

E -> Elliptic Curve
P -> Point on the curve
n -> Maximum limit ( This should be a prime number )
Key Generation

Key generation is an important part where we have to generate both

public key and private key. The sender will be encrypting the message
with receiver’s public key and the receiver will decrypt its private key. Now, we
have to select a number ‘d’ within the range of ‘n’.

Using the following equation we can generate the public key

Q=d*P
d = range of (1 to n-1). P is the point on the curve.
‘Q’ is the public key and ‘d’ is the private key.
Encryption
Let ‘m’ be the message that we are sending. We have to represent
this message on the curve. This has in-depth implementation details. All the
advance research on ECC is done by a company called certicom.

Consider ‘m’ has the point ‘M’ on the curve ‘E’. Randomly select ‘k’ from [1 –
(n-1)].

Two cipher texts will be generated let it be C1 and C2.

41
C1 = k*P, C2 = M + k*Q.C1 and C2 will be send.
Decryption
We have to get back the message ‘m’ that was send to us, M = C2 – d * C1
M is the original message that we have send.
Proof
How do we get back the message?
M = C2 – d * C1
‘M’ can be represented as ‘C2 – d * C1’
C2 – d * C1 = (M + k * Q) – d * (k * P )
( C2 = M + k * Q and C1 = k * P )
= M + k * d * P – d * k *P (canceling out k * d * P)
= M (Original Message)

42
5.2 SYSTEM SPECIFICATION

5.2.1 HARDWARE REQUIREMENTS

– Processor : Intel Pentium Processor

– RAM : 2GB

– Hard disk : 160 GB

– Compact Disk : 650 Mb

5.2.2 SOFTWARE REQUIREMENTS

– Operating System : Windows OS

– Front End : Python

– Back End : MySQL SERVER

– IDE : PyCharm

43
 CHAPTER 6

CONCLUSION AND FUTURE WORK

6.1 RESULT AND DISCUSSION

The implementation of the proposed system has yielded promising

results, affirming its efficacy in providing secure and efficient cloud data storage.
Through comprehensive testing and evaluation, key outcomes and insights have
been gleaned. Security assessments, including rigorous penetration testing and
vulnerability scans, have underscored the robustness of the system's security
mechanisms, notably the encryption protocols leveraging ECC and stringent
access controls. Performance evaluations have demonstrated the system's
proficiency in handling data operations, with metrics such as upload/download
speeds and resource utilization indicating efficient operation even under varying
workloads and scaling demands. Scalability tests have affirmed the system's
ability to flexibly expand to accommodate growing data volumes while
maintaining optimal resource allocation. User feedback and usability assessments
have guided enhancements to the system's interface, ensuring intuitive navigation
and improved user experience. Furthermore, compliance audits have validated
adherence to industry regulations, bolstering confidence in the system's data
protection measures. Cost analyses have highlighted the system's cost-
effectiveness, showcasing its competitive advantage in the cloud storage
landscape. Overall, these results underscore the system's effectiveness in
addressing data security, performance, scalability, compliance, and cost
considerations, positioning it as a robust solution for organizations seeking secure
cloud data storage solutions. Ongoing refinements and optimizations based on
these findings promise to further enhance the system's capabilities and resilience
to evolving security challenges.

44
6.2 CONCLUSION

In conclusion, the implementation of the proposed system represents a

significant advancement in the realm of cloud data storage, offering a
comprehensive solution that addresses critical security concerns while ensuring
efficient performance, scalability, compliance, and cost-effectiveness. The
utilization of Elliptic Curve Cryptography (ECC) encryption in conjunction with
data chunking presents a robust and effective method for securing data in cloud
storage environments. By segmenting large files into smaller chunks and
encrypting each segment using ECC encryption, this approach ensures
heightened security and confidentiality. The adoption of ECC encryption,
renowned for its strong security with relatively compact key sizes, fortifies data
protection against unauthorized access.

6.3 FUTURE WORK

• Future work focused on implementing various access control methods for

enhancing secure data sharing.

• Also implement integrity verification of outsourced data using auditing

process with the help of TPA.

45
APPENDIX I
SOURCE CODE
from flask import Flask, render_template, request, redirect, url_for, session,
send_file
import mysql.connector
from ecies.utils import generate_key
from ecies import encrypt, decrypt
import os
import base64, os
app = Flask(__name__)
app.secret_key = 'a'
@app.route('/')
def home():
return render_template('index.html')
@app.route('/ServerLogin')
def ServerLogin():
return render_template('ServerLogin.html')
@app.route('/OwnerLogin')
def OwnerLogin():
return render_template('OwnerLogin.html')
@app.route('/UserLogin')
def UserLogin():
return render_template('UserLogin.html')
@app.route('/NewOwner')
def NewOwner():
return render_template('NewOwner.html')
@app.route('/NewUser')
def NewUser():
return render_template('NewUser.html')
46
@app.route('/TrapdoorLogin')
def TrapdoorLogin():
return render_template('TrapdoorLogin.html')
@app.route("/tlogin", methods=['GET', 'POST'])
def tlogin():
error = None
if request.method == 'POST':
if request.form['uname'] == 'admin' and request.form['password'] ==
'admin':
conn=mysql.connector.connect(user='root', password='', host='localhost',
database='5sharedatadbpy')
cur = conn.cursor()
cur.execute("SELECT * FROM ownertb ")
data = cur.fetchall()
return render_template('THome.html', data=data)
else:
alert = 'Username or Password is wrong'
return render_template('goback.html', data=alert)
@app.route("/THome")
def THome():
conn = mysql.connector.connect(user='root', password='', host='localhost',
database='5sharedatadbpy')
cur = conn.cursor()
cur.execute("SELECT * FROM ownertb")
data = cur.fetchall()
return render_template('THome.html', data=data)
@app.route("/FileInfo")
def FileInfo():

47
 conn = mysql.connector.connect(user='root', password='', host='localhost',
database='5sharedatadbpy')
cur = conn.cursor()
cur.execute("SELECT * FROM filetb")
data = cur.fetchall()
return render_template('FileInfo.html', data=data)
@app.route("/TUserRequest")
def TUserRequest():
conn = mysql.connector.connect(user='root', password='', host='localhost',
database='5sharedatadbpy')
cur = conn.cursor()
cur.execute("SELECT * FROM userfiletb where status='waiting' ")
data = cur.fetchall()
conn = mysql.connector.connect(user='root', password='', host='localhost',
database='5sharedatadbpy')
cur = conn.cursor()
cur.execute("SELECT * FROM userfiletb where status !='Accept' ")
data1 = cur.fetchall()
return render_template('TUserRequest.html', data=data, data1=data1)
@app.route("/TApproved")
def TApproved():
rid = request.args.get('rid')
fid = request.args.get('fid')
session["fid"] = fid
session["rid"] = rid
conn = mysql.connector.connect(user='root', password='', host='localhost',
database='5sharedatadbpy')
cursor = conn.cursor()

48
 cursor.execute("Update userfiletb set Status='ApprovedTrapdoor' where id='"
+ rid + "' ")
conn.commit()
conn.close()
return TUserRequest()
@app.route("/serverlogin", methods=['GET', 'POST'])
def adminlogin():
error = None
if request.method == 'POST':
if request.form['uname'] == 'server' and request.form['password'] == 'server':
conn = mysql.connector.connect(user='root', password='', host='localhost',
database='5sharedatadbpy')
cur = conn.cursor()
cur.execute("SELECT * FROM ownertb where status='waiting'")
data = cur.fetchall()
conn = mysql.connector.connect(user='root', password='',
host='localhost', database='5sharedatadbpy')
cur = conn.cursor()
cur.execute("SELECT * FROM ownertb where status='Active'")
data1 = cur.fetchall()
return render_template('ServerHome.html', data=data, data1=data1)
else:
alert = 'Username or Password is wrong'
return render_template('goback.html', data=alert)
@app.route("/ServerHome")
def ServerHome():
conn = mysql.connector.connect(user='root', password='', host='localhost',
database='5sharedatadbpy')
cur = conn.cursor()

49
 cur.execute("SELECT * FROM ownertb where status='waiting'")
data = cur.fetchall()
conn = mysql.connector.connect(user='root', password='', host='localhost',
database='5sharedatadbpy')
cur = conn.cursor()
cur.execute("SELECT * FROM ownertb where status='Active'")
data1 = cur.fetchall()
return render_template('ServerHome.html', data=data, data1=data1)
@app.route("/UserApproved")
def UserApproved():
conn = mysql.connector.connect(user='root', password='', host='localhost',
database='5sharedatadbpy')
cur = conn.cursor()
cur.execute("SELECT * FROM regtb where status='waiting'")
data = cur.fetchall()
conn = mysql.connector.connect(user='root', password='', host='localhost',
database='5sharedatadbpy')
cur = conn.cursor()
cur.execute("SELECT * FROM regtb where status='Active'")
data1 = cur.fetchall()
return render_template('UserApproved.html', data=data, data1=data1)
@app.route("/Approved")
def Approved():
id = request.args.get('lid')
email = request.args.get('email')
import random
loginkey = random.randint(1111, 9999)
message = "Owner Login Key :" + str(loginkey)
sendmsg(email, message)

50
conn = mysql.connector.connect(user='root', password='', host='localhost',
database='5sharedatadbpy')
cursor = conn.cursor()
cursor.execute("Update ownertb set Status='Active',LoginKey='" +
str(loginkey) + "' where id='" + id + "' ")
conn.commit()
conn.close()
conn = mysql.connector.connect(user='root', password='', host='localhost',
database='5sharedatadbpy')
cur = conn.cursor()
cur.execute("SELECT * FROM ownertb where status='waiting'")
data = cur.fetchall()
conn = mysql.connector.connect(user='root', password='', host='localhost',
database='5sharedatadbpy')
cur = conn.cursor()
cur.execute("SELECT * FROM ownertb where status='Active'")
data1 = cur.fetchall()
return render_template('ServerHome.html', data=data, data1=data1)
@app.route("/Approved1")
def Approved1():
id = request.args.get('lid')
email = request.args.get('email')
import random
loginkey = random.randint(1111, 9999)
message = "User Login Key :" + str(loginkey)
sendmsg(email, message)
conn = mysql.connector.connect(user='root', password='', host='localhost',
database='5sharedatadbpy')
cursor = conn.cursor()

51
 cursor.execute("Update regtb set Status='Active',LoginKey='" + str(loginkey)
+ "' where id='" + id + "' ")
conn.commit()
conn.close()
conn = mysql.connector.connect(user='root', password='', host='localhost',
database='5sharedatadbpy')
cur = conn.cursor()
cur.execute("SELECT * FROM regtb where status='waiting'")
data = cur.fetchall()

conn = mysql.connector.connect(user='root', password='', host='localhost',

database='5sharedatadbpy')
cur = conn.cursor()
cur.execute("SELECT * FROM regtb where status='Active'")
data1 = cur.fetchall()
return render_template('UserApproved.html', data=data, data1=data1)
@app.route("/uddd", methods=['GET', 'POST'])
def uddd():
if request.method == 'POST':
sear = request.form['sear']
conn = mysql.connector.connect(user='root', password='', host='localhost',
database='5sharedatadbpy')
cursor = conn.cursor()
cursor.execute("SELECT * FROM userfiletb where id='" +
session["ufid"] + "'")
data = cursor.fetchone()
if data:
prkey = data[4]
fname = data[3]

52
 else:
return 'Incorrect username / password !'
if sear == prkey:
privhex = prkey
filepath = "./static/Encrypt/" + fname
head, tail = os.path.split(filepath)
newfilepath1 = './static/Encrypt/' + str(tail)
newfilepath2 = './static/Decrypt/' + str(tail)
data = 0
with open(newfilepath1, "rb") as File:
data = base64.b64decode(File.read())
print(data)
decrypted_secp = decrypt(privhex, data)
print("\nDecrypted:", decrypted_secp)
with open(newfilepath2, "wb") as DFile:
DFile.write(base64.b64decode(decrypted_secp))
return send_file(newfilepath2, as_attachment=True)
else:
return 'key Inorrect..!'
def sendmsg(Mailid, message):
import smtplib
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from email.mime.base import MIMEBase
from email import encoders
fromaddr = "[email protected]"
toaddr = Mailid
# instance of MIMEMultipart
msg = MIMEMultipart()

53
 # storing the senders email address
msg['From'] = fromaddr
# storing the receivers email address
msg['To'] = toaddr
# storing the subject
msg['Subject'] = "Alert"
# string to store the body of the mail
body = message
# attach the body with the msg instance
msg.attach(MIMEText(body, 'plain'))
# creates SMTP session
s = smtplib.SMTP('smtp.gmail.com', 587)
# start TLS for security
s.starttls()
# Authentication
s.login(fromaddr, "qmgn xecl bkqv musr")
# Converts the Multipart msg into a string
text = msg.as_string()
# sending the mail
s.sendmail(fromaddr, toaddr, text)
# terminating the session
s.quit()
if __name__ == '__main__':
# app.run(host='0.0.0.0',debug = True, port = 5000)
app.run(debug=True, use_reloader=True)

54
APPENDIX II
SCREENSHOTS
1. HOME PAGE

2. NEW USER REGISTRATION

55
3. USER APPROVAL IN SERVER PAGE

4. NEW OWNER REGISTRATION

56
5. USER AND OWNER LOGIN KEY GENERATION

6. FILE UPLOAD

57
7. SEARCH FILE IN USER LOGIN

8. OWNER APPROVAL

58
9. DECRYPTED KEY GENERATION FOR FILE RETRIVAL

10. DOWNLOADED FILE

59
 REFERENCES

[1] Bhatt, Smriti, Thanh Kim Pham, Maanak Gupta, James Benson, Jaehong
Park, and Ravi Sandhu. "Attribute-based access control for AWS internet of
things and secure industries of the future." IEEE Access 9 (2021): 107200-
107223.

[2] Chaudhry, Shehzad Ashraf, Khalid Yahya, Fadi Al-Turjman, and Ming-
Hour Yang. "A secure and reliable device access control scheme for IoT based
sensor cloud systems." IEEE Access 8 (2020): 139244-139254.

[3] Yang, Qiliang, Mingrui Zhang, Yanwei Zhou, Tao Wang, Zhe Xia, and Bo
Yang. "A non-interactive attribute-based access control scheme by blockchain for
IoT." Electronics 10, no. 15 (2021): 1855.

[4] Hossein, Koosha Mohammad, Mohammad Esmaeil Esmaeili, Tooska

Dargahi, Ahmad Khonsari, and Mauro Conti. "BCHealth: A novel blockchain-
based privacy-preserving architecture for IoT healthcare applications." Computer
Communications 180 (2021): 31-47.

[5] Banerjee, Soumya, Sandip Roy, Vanga Odelu, Ashok Kumar Das, Samiran
Chattopadhyay, Joel JPC Rodrigues, and Youngho Park. "Multi-authority CP-
ABE-based user access control scheme with constant-size key and ciphertext for
IoT deployment." Journal of Information Security and Applications 53 (2020):
102503.

[6] Dammak, Maissa, Sidi-Mohammed Senouci, Mohamed Ayoub Messous,

Mohamed Houcine Elhdhili, and Christophe Gransart. "Decentralized
lightweight group key management for dynamic access control in IoT
environments." IEEE Transactions on Network and Service Management 17, no.
3 (2020): 1742-1757.

60
[7] Pal, Shantanu, Tahiry Rabehaja, Michael Hitchens, Vijay Varadharajan,
and Ambrose Hill. "On the design of a flexible delegation model for the Internet
of Things using blockchain." IEEE Transactions on Industrial Informatics 16, no.
5 (2019): 3521-3530.

[8] Panda, Soumyashree S., Debasish Jena, Bhabendu Kumar Mohanta,

Somula Ramasubbareddy, Mahmoud Daneshmand, and Amir H. Gandomi.
"Authentication and key management in distributed iot using blockchain
technology." IEEE Internet of Things Journal 8, no. 16 (2021): 12947-12954.

[9] Yang, Wenti, Zhitao Guan, Longfei Wu, Xiaojiang Du, and Mohsen
Guizani. "Secure data access control with fair accountability in smart grid data
sharing: An edge blockchain approach." IEEE Internet of Things Journal 8, no.
10 (2020): 8632-8643.

[10] Khan, Shahzad, Waseem Iqbal, Abdul Waheed, Gulzar Mehmood, Shawal
Khan, Mahdi Zareei, and Rajesh Roshan Biswal. "An efficient and secure
revocation-enabled attribute-based access control for eHealth in smart
society." Sensors 22, no. 1 (2022): 336.

61