0% found this document useful (0 votes)
68 views73 pages

Secure File Sharing Using Access Control

The document discusses a secure file sharing system that utilizes AES-256 encryption to protect confidential files stored in the cloud, allowing users to control access permissions. It highlights the limitations of traditional encryption methods in data deduplication and proposes an advanced scheme that enhances security through differential privilege keys. Additionally, it covers the architecture, system requirements, and advantages of using Java and JavaServer Pages (JSP) for developing web applications.

Uploaded by

oftechtrichy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
68 views73 pages

Secure File Sharing Using Access Control

The document discusses a secure file sharing system that utilizes AES-256 encryption to protect confidential files stored in the cloud, allowing users to control access permissions. It highlights the limitations of traditional encryption methods in data deduplication and proposes an advanced scheme that enhances security through differential privilege keys. Additionally, it covers the architecture, system requirements, and advantages of using Java and JavaServer Pages (JSP) for developing web applications.

Uploaded by

oftechtrichy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 73

Secure File Sharing Using Access Control

Abstract

In the current environment, data security is paramount, and any confidential files we must
have with us everywhere we go raise the chance of losing such files. To prevent this
inconvenient method of transporting private information, our suggested solution uses the
cloud to store users' myriad of files of any size in encrypted form, encrypting them using the
AES-256 version technique to ensure that your private data remains secret. The user no
longer has to be concerned about security breaches when sharing his file with the intended
recipient, since he may now provide permission to access his document to only the people
he chooses, and it will only be accessible to him. With this approach, the saving and
exchange of data is made possible. Our encryption algorithm uses the AES256 version, in
which all data is grouped into a string of bits and is subsequently converted into 128-bit
blocks.

Introduction

With the rapid development of Internet technology, people can transmit and share digital
content with each other conveniently. In order to guarantee communication efficiency and
save network bandwidth, compression techniques can be implemented on digital content to
reduce redundancy, and the quality of the decompressed versions should also be preserved.
Nowadays, most digital content, especially digital images and videos, are converted into the
compressed forms for transmission. Another important issue in an open network
environment is how to transmit secret or private data securely. Even though traditional
cryptographic methods can encrypt the plaintext into the cipher text, the meaningless
random data of the cipher text may also arouse the suspicion from the attacker. To solve
this problem, information hiding techniques have been widely developed in both academia
and industry, which can embed secret data into the cover data imperceptibly. Due to the
prevalence of digital images on the Internet, how to compress images and hide secret data
into the compressed images efficiently deserves in-depth study. Recently, many data-hiding
schemes for the compressed codes have been reported, which can be applied to various
compression techniques of digital images, such as JPEG, JPEG2000, and vector quantization
(VQ). As one of the most popular lossy data compression algorithms, VQ is widely used for
digital image compression due to its simplicity and cost effectiveness in implementation.
During the VQ compression process, the Euclidean distance is utilized to evaluate the
similarity between each image block and the code words in the codebook. In this work, we
mainly focus on the data embedding in VQ-related image compressed codes.

Existing System
 Data deduplication systems, the private cloud is involved as a proxy to allow data
owner/users to securely perform duplicate check with differential privileges.
 Such architecture is practical and has attracted much attention from researchers.
 The data owners only outsource their data storage by utilizing public cloud while
the data operation is managed in private cloud.

Disadvantages
 Traditional encryption, while providing data confidentiality, is incompatible with data
deduplication.

 Identical data copies of different users will lead to different ciphertexts, making
deduplication impossible.

 Due to the prevalence of digital images on the Internet, how to compress images and
hide secret data into the compressed images efficiently deserves in-depth study.

Proposed System
In this paper, the system security is enhanced. Specifically, an advanced scheme to support
stronger security by encrypting the file with differential privilege keys. In this way, the users
without corresponding privileges cannot perform the duplicate check. Furthermore, such
unauthorized users cannot decrypt the cipher text even collude with the S-CSP. Security
analysis demonstrates that our system is secure in terms of the definitions specified in the
proposed security model.

Advantages
 The user is only allowed to perform the duplicate check for files marked with the
corresponding privileges.

 Advanced scheme to support stronger security by encrypting the file with differential
privilege keys.

 Reduce the storage size of the tags for integrity check. To enhance the security of
deduplication and protect the data confidentiality,

Architecture

System Requirements

Hardware Specification
 Main Processor : 2GHz

 Ram : 2 GB

 Hard Disk : 240 GB


Software Specification
 Language : Java

 Web Server : Glassfish

 Server Side : Jsp,Servlet

 Operating System : Windows

Software Description

Java

History

The JAVA language was created by James Gosling in June 1991 for use in a set top box
project. The language was initially called Oak, after an oak tree that stood outside Gosling's office -
and also went by the name Green - and ended up later being renamed to Java, from a list of random
words. Gosling's goals were to implement a virtual machine and a language that had a familiar C/C++
style of notation. The first public implementation was Java 1.0 in 1995. It promised "Write Once, Run
Anywhere” (WORA), providing no-cost runtimes on popular platforms. It was fairly secure and its
security was configurable, allowing network and file access to be restricted. Major web browsers soon
incorporated the ability to run secure Java applets within web pages. Java quickly became popular.
With the advent of Java 2, new versions had multiple configurations built for different types of
platforms. For example, J2EE was for enterprise applications and the greatly stripped down version
J2ME was for mobile applications. J2SE was the designation for the Standard Edition. In 2006, for
marketing purposes, new J2 versions were renamed Java EE, Java ME, and Java SE, respectively.

In 1997, Sun Microsystems approached the ISO/IEC JTC1 standards bodyand later the Ecma
International to formalize Java, but it soon withdrew from the process. Java remains a standard that is
controlled through the Java Community Process. At one time, Sun made most of its Java
implementations available without charge although they were proprietary software. Sun's revenue
from Java was generated by the selling of licenses for specialized products such as the Java Enterprise
System. Sun distinguishes between its Software Development Kit (SDK) and Runtime Environment
(JRE)which is a subset of the SDK, the primary distinction being that in the JRE, the compiler, utility
programs, and many necessary header files are not present.
On 13 Novmber2006, Sun released much of Java as free softwareunder the terms of the GNU
General Public License(GPL). On 8 May2007Sun finished the process, making all of Java's core code
open source, aside from a small portion of code to which Sun did not hold the copyright.

Primary goals

There were five primary goals in the creation of the Java language:

 It should use the object-oriented programming methodology.


 It should allow the same program to be executed on multiple operating systems.
 It should contain built-in support for using computer networks.
 It should be designed to execute code from remote sources securely.
 It should be easy to use by selecting what were considered the good parts of other
object-oriented languages

The Java Programming Language:

The Java programming language is a high-level language that can be characterized by all of
the following buzzwords:

 Simple
 Architecture neutral
 Object oriented
 Portable
 Distributed
 High performance

Each of the preceding buzzwords is explained in The Java Language Environment , a white
paper written by James Gosling and Henry McGilton.

In the Java programming language, all source code is first written in plain text files ending
with the .java extension. Those source files are then compiled into .class files by the javac compiler.

A .class file does not contain code that is native to your processor; it instead contains byte
codes — the machine language of the Java Virtual Machine 1 (Java VM). The java launcher tool then
runs your application with an instance of the Java Virtual Machine.
An overview of the software development process.

Because the Java VM is available on many different operating systems, the same .class files
TM
are capable of running on Microsoft Windows, the Solaris Operating System (Solaris OS), Linux,
or Mac OS. Some virtual machines, such as the Java Hot Spot virtual machineperform additional steps
at runtime to give your application a performance boost. This include various tasks such as finding
performance bottlenecks and recompiling (to native code) frequently used sections of code.

Through the Java VM, the same application is capable of running on multiple
platforms.

The Java Platform


A platform is the hardware or software environment in which a program runs. We've already
mentioned some of the most popular platforms like Microsoft Windows, Linux, Solaris OS, and Mac
OS. Most platforms can be described as a combination of the operating system and underlying
hardware. The Java platform differs from most other platforms in that it's a software-only platform
that runs on top of other hardware-based platforms.

The Java platform has two components:


The Java Virtual Machine

The Java Application Programming Interface (API)

You've already been introduced to the Java Virtual Machine; it's the base for the Java
platform and is ported onto various hardware-based platforms.

The API is a large collection of ready-made software components that provide many useful
capabilities. It is grouped into libraries of related classes and interfaces; these libraries are known as
packages. The next section, What CanJavaTechnologyDo?Highlights some of the functionality
provided by the API.

The API and Java Virtual Machine insulate the program from the underlying
hardware.

As a platform-independent environment, the Java platform can be a bit slower than native
code. However, advances in compiler and virtual machine technologies are bringing performance
close to that of native code without threatening portability.

Java Runtime Environment

The Java Runtime Environment, or JRE, is the software required to run any application
deployed on the Java Platform. End-users commonly use a JRE in software packages and Web
browser plug-in. Sun also distributes a superset of the JRE called the Java 2 SDK(more commonly
known as the JDK), which includes development tools such as the Javacompiler,Javadoc, Jarand
debugger.

One of the unique advantages of the concept of a runtime engine is that errors (exceptions)
should not 'crash' the system. Moreover, in runtime engine environments such as Java there exist tools
that attach to the runtime engine and every time that an exception of interest occurs they record
debugging information that existed in memory at the time the exception was thrown (stack and heap
values). These Automated Exception Handling tools provide 'root-cause' information for exceptions in
Java programs that run in production, testing or development environments.
Uses OF JAVA

Blue is a smart card enabled with the secure, cross-platform, object-oriented Java Card API
and technology. Blue contains an actual on-card processing chip, allowing for enhance able and
multiple functionality within a single card. Applets that comply with the Java Card API specification
can run on any third-party vendor card that provides the necessary Java Card Application
Environment (JCAE). Not only can multiple applet programs run on a single card, but new applets
and functionality can be added after the card is issued to the customer

 Java Can be used in Chemistry.


 In NASA also Java is used.
 In 2D and 3D applications java is used.
 In Graphics Programming also Java is used.
 In Animations Java is used.
 In Online and Web Applications Java is used.

JSP :

JavaServer Pages (JSP) is a Java technology that allows software developers to dynamically
generate HTML, XML or other types of documents in response to a Web client request. The
technology allows Java code and certain pre-defined actions to be embedded into static content.

The JSP syntax adds additional XML-like tags, called JSP actions, to be used to invoke built-
in functionality. Additionally, the technology allows for the creation of JSP tag libraries that act as
extensions to the standard HTML or XML tags. Tag libraries provide a platform independent way of
extending the capabilities of a Web server.

JSPs are compiled into Java Servlet by a JSP compiler. A JSP compiler may generate a servlet
in Java code that is then compiled by the Java compiler, or it may generate byte code for the servlet
directly. JSPs can also be interpreted on-the-fly reducing the time taken to reload changes

JavaServer Pages (JSP) technology provides a simplified, fast way to create dynamic web
content. JSP technology enables rapid development of web-based applications that are server and
platform-independent.
Architecture OF JSP

The Advantages of JSP


Active Server Pages (ASP). ASP is a similar technology from Microsoft. The advantages of
JSP are twofold. First, the dynamic part is written in Java, not Visual Basic or other MS-specific
language, so it is more powerful and easier to use. Second, it is portable to other operating systems
and non-Microsoft Web servers. Pure Servlet. JSP doesn't give you anything that you couldn't in
principle do with a Servlet. But it is more convenient to write (and to modify!) regular HTML than to
have a zillion println statements that generate the HTML. Plus, by separating the look from the
content you can put different people on different tasks: your Web page design experts can build the
HTML, leaving places for your Servlet programmers to insert the dynamic content.

Server-Side Includes (SSI). SSI is a widely-supported technology for including externally-


defined pieces into a static Web page. JSP is better because it lets you use Servlet instead of a separate
program to generate that dynamic part. Besides, SSI is really only intended for simple inclusions, not
for "real" programs that use form data, make database connections, and the like. JavaScript.
JavaScript can generate HTML dynamically on the client. This is a useful capability, but only handles
situations where the dynamic information is based on the client's environment.

With the exception of cookies, HTTP and form submission data is not available to JavaScript.
And, since it runs on the client, JavaScript can't access server-side resources like databases, catalogs,
pricing information, and the like. Static HTML. Regular HTML, of course, cannot contain dynamic
information. JSP is so easy and convenient that it is quite feasible to augment HTML pages that only
benefit marginally by the insertion of small amounts of dynamic data. Previously, the cost of using
dynamic data would preclude its use in all but the most valuable instances.

ARCHITECTURE OF JSP

 The browser sends a request to a JSP page.


 The JSP page communicates with a Java bean.
 The Java bean is connected to a database.
 The JSP page responds to the browser.

SERVLETS – FRONT END

The Java Servlet API allows a software developer to add dynamic content to a Web server
using the Java platform. The generated content is commonly HTML, but may be other data such as
XML. Servlet are the Java counterpart to non-Java dynamic Web content technologies such as PHP,
CGI and ASP.NET. Servlet can maintain state across many server transactions by using HTTP
cookies, session variables or URL rewriting.

The Servlet API, contained in the Java package hierarchy javax. Servlet, defines the expected
interactions of a Web container and a Servlet. A Web container is essentially the component of a Web
server that interacts with the Servlet. The Web container is responsible for managing the lifecycle of
Servlet, mapping a URL to a particular Servlet and ensuring that the URL requester has the correct
access rights.

A Servlet is an object that receives a request and generates a response based on that request.
The basic Servlet package defines Java objects to represent Servlet requests and responses, as well as
objects to reflect the Servlet configuration parameters and execution environment. The package
javax .Servlet. Http defines HTTP-specific subclasses of the generic Servlet elements, including
session management objects that track multiple requests and responses between the Web server and a
client. Servlet may be packaged in a WAR file as a Web application.

Servlet can be generated automatically by Java Server Pages(JSP), or alternately by template


engines such as Web Macro. Often Servlet are used in conjunction with JSPs in a pattern called
"Model 2”, which is a flavour of the model-view-controller pattern.

Servlet are Java technology's answer to CGI programming. They are programs that run on a
Web server and build Web pages. Building Web pages on the fly is useful (and commonly done) for a
number of reasons:.

The Web page is based on data submitted by the user. For example the results pages from
search engines are generated this way, and programs that process orders for e-commerce sites do this
as well. The data changes frequently. For example, a weather-report or news headlines page might
build the page dynamically, perhaps returning a previously built page if it is still up to date. The Web
page uses information from corporate databases or other such sources. For example, you would use
this for making a Web page at an on-line store that lists current prices and number of items in stock.

The Servlet Run-time Environment


A Servlet is a Java class and therefore needs to be executed in a Java VM by a service we call
a Servlet engine. The Servlet engine loads the servlet class the first time the Servlet is requested, or
optionally already when the Servlet engine is started. The Servlet then stays loaded to handle multiple
requests until it is explicitly unloaded or the Servlet engine is shut down.

Some Web servers, such as Sun's Java Web Server (JWS), W3C's Jigsaw and Gefion
Software's Lite Web Server (LWS) are implemented in Java and have a built-in Servlet engine. Other
Web servers, such as Netscape's Enterprise Server, Microsoft's Internet Information Server (IIS) and
the Apache Group's Apache, require a Servlet engine add-on module. The add-on intercepts all
requests for Servlet, executes them and returns the response through the Web server to the client.
Examples of Servlet engine add-ons are Gefion Software's WAI Cool Runner, IBM's Web Sphere,
Live Software's JRun and New Atlanta's Servlet Exec.
All Servlet API classes and a simple Servlet-enabled Web server are combined into the Java
Servlet Development Kit (JSDK), available for download at Sun's official Servlet site .To get started
with Servlet I recommend that you download the JSDK and play around with the sample Servlet.

Life Cycle OF Servlet

 The Servlet lifecycle consists of the following steps:


 The Servlet class is loaded by the container during start-up.

The container calls the init() method. This method initializes the Servlet and must be called
before the Servlet can service any requests. In the entire life of a Servlet, the init() method is called
only once. After initialization, the Servlet can service client-requests.

Each request is serviced in its own separate thread. The container calls the service() method
of the Servlet for every request.

The service() method determines the kind of request being made and dispatches it to an
appropriate method to handle the request. The developer of the Servlet must provide an
implementation for these methods. If a request for a method that is not implemented by the Servlet is
made, the method of the parent class is called, typically resulting in an error being returned to the
requester. Finally, the container calls the destroy() method which takes the Servlet out of service. The
destroy() method like init() is called only once in the lifecycle of a Servlet.

 Request and Response Objects


The do Get method has two interesting parameters: HttpServletRequest and
HttpServletResponse. These two objects give you full access to all information about the request and
let you control the output sent to the client as the response to the request. With CGI you read
environment variables and stdin to get information about the request, but the names of the
environment variables may vary between implementations and some are not provided by all Web
servers.

The HttpServletRequest object provides the same information as the CGI environment
variables, plus more, in a standardized way. It also provides methods for extracting HTTP parameters
from the query string or the request body depending on the type of request (GET or POST). As a
Servlet developer you access parameters the same way for both types of requests. Other methods give
you access to all request headers and help you parse date and cookie headers.

Instead of writing the response to stdout as you do with CGI, you get an OutputStream or a
PrintWriter from the HttpServletResponse. The OuputStream is intended for binary data, such as a
GIF or JPEG image, and the PrintWriter for text output. You can also set all response headers and the
status code, without having to rely on special Web server CGI configurations such as Non Parsed
Headers (NPH). This makes your Servlet easier to install.

ServletConfig and Servlet Context:

There is only one Servlet Context in every application. This object can be used by all the
Servlet to obtain application level information or container details. Every Servlet, on the other hand,
gets its own ServletConfig object. This object provides initialization parameters for a servlet. A
developer can obtain the reference to Servlet Context using either the ServletConfig object or Servlet
Request object.

All servlets belong to one servlet context. In implementations of the 1.0 and 2.0 versions of
the Servlet API all servlets on one host belongs to the same context, but with the 2.1 version of the
API the context becomes more powerful and can be seen as the humble beginnings of an Application
concept. Future versions of the API will make this even more pronounced.

Many servlet engines implementing the Servlet 2.1 API let you group a set of servlets into
one context and support more than one context on the same host. The Servlet Context in the 2.1 API is
responsible for the state of its servlets and knows about resources and attributes available to the
servlets in the context. Here we will only look at how Servlet Context attributes can be used to share
information among a group of servlets.

There are three Servlet Context methods dealing with context attributes: get Attribute, set
Attribute and remove Attribute. In addition the servlet engine may provide ways to configure a servlet
context with initial attribute values. This serves as a welcome addition to the servlet initialization
arguments for configuration information used by a group of servlets, for instance the database
identifier we talked about above, a style sheet URL for an application, the name of a mail server, etc.

JDBC

Java Database Connectivity (JDBC) is a programming framework for Java developers writing
programs that access information stored in databases, spreadsheets, and flat files. JDBC is commonly
used to connect a user program to a "behind the scenes" database, regardless of what database
management software is used to control the database. In this way, JDBC is cross-platform. This article
will provide an introduction and sample code that demonstrates database access from Java programs
that use the classes of the JDBC API, which is available for free download from Sun's site.

A database that another program links to is called a data source. Many data sources, including
products produced by Microsoft and Oracle, already use a standard called Open Database
Connectivity (ODBC). Many legacy C and Perl programs use ODBC to connect to data sources.
ODBC consolidated much of the commonality between database management systems. JDBC builds
on this feature, and increases the level of abstraction. JDBC-ODBC bridges have been created to
allow Java programs to connect to ODBC-enabled database software.

JDBC Architecture
Two-tier and Three-tier Processing Models

The JDBC API supports both two-tier and three-tier processing models for database access.

In the two-tier model, a Java applet or application talks directly to the data source. This
requires a JDBC driver that can communicate with the particular data source being accessed. A user's
commands are delivered to the database or other data source, and the results of those statements are
sent back to the user. The data source may be located on another machine to which the user is
connected via a network. This is referred to as a client/server configuration, with the user's machine as
the client, and the machine housing the data source as the server. The network can be an intranet,
which, for example, connects employees within a corporation, or it can be the Internet.

In the three-tier model, commands are sent to a "middle tier" of services, which then sends the
commands to the data source. The data source processes the commands and sends the results back to
the middle tier, which then sends them to the user.

MIS directors find the three-tier model very attractive because the middle tier makes it
possible to maintain control over access and the kinds of updates that can be made to corporate data.
Another advantage is that it simplifies the deployment of applications. Finally, in many cases, the
three-tier architecture can provide performance advantages.
Until recently, the middle tier has often been written in languages such as C or C++, which
offer fast performance. However, with the introduction of optimizing compilers that translate Java
byte code into efficient machine-specific code and technologies such as Enterprise JavaBeans™, the
Java platform is fast becoming the standard platform for middle-tier development. This is a big plus,
making it possible to take advantage of Java's robustness, multithreading, and security features.

With enterprises increasingly using the Java programming language for writing server code,
the JDBC API is being used more and more in the middle tier of a three-tier architecture. Some of the
features that make JDBC a server technology are its support for connection pooling, distributed
transactions, and disconnected rowsets. The JDBC API is also what allows access to a data source
from a Java middle tier.
Use case Diagram

MODULES:
 1) Login & New user Registration module
 2) File Upload & Key generation
 3) Share File
 4) Search over files
 5)Decryption of Files

Module Description

Login Module:

The Login Form module presents site visitors with a form with username and
password fields. If the user enters a valid username/password combination they will be
granted access to additional resources. The login is categorized into three types

1) Data Owner
2) User

*Data owner can upload the file .He/She has the privileges to delete the uploaded file.

*User can perform keyword search on those files.

New user registration:

This module allows the new users to register themselves. They need to register by
giving their personal information. During registration they user has to set the type i.e. data
owner or user. Once the user is registered he/she becomes an existing user. Then they will
be redirected to the login module.

File Upload:

This module is available to the data owner category. In this module the data owner can
upload the files. Each file has a unique id.The data owner should mention the name of the
file while uploading. The file owner encrypts his files and outsources the cipher texts to the
server. The server validates the outsourced cipher texts and stores them for the owner. The
uploaded file is stored in the server. For each file a secret key will be generated.

Algorithm for Key Generation

AES is a new cryptographic algorithm that can be used to protect electronic data.
Specifically, AES is an iterative, symmetric-key block cipher that can use keys of 128, 192,
and 256 bits, and encrypts and decrypts data in blocks of 128 bits (16 bytes). Unlike public-
key ciphers, which use a pair of keys, symmetric-key ciphers use the same key to encrypt
and decrypt data. Encrypted data returned by block ciphers have the same number of bits
that the input data had. Iterative ciphers use a loop structure that repeatedly performs
permutations and substitutions of the input data.

Share File
In this module , the uploaded file is encoded using Base64 Encoding, and the file content is
stored in the server. If the encoded file content and the content already stored in the server
is shared to the another authorized user.

Search over files

Here the user can search for a particular file based on the given query. The files related
to the given query will be shown. If the user needs to access a particular file that file key
will be sent to his/her mail. Using that key he/she can access the file.

Decryption of Files

Decryption is the process of converting encrypted data back into its original form, so it can
be understood. When the user inputs the correct key that is used at the decryption process,
this will extract the original content that is encrypted.

This module is the opposite as such as Encryption module where the Key file should be
also specified same as that of encryption part. Then the user should select the encrypted file
and then provide the key which was sent to his/her mail id and decrypt the file.
Dataflow Diagram

User
Testing

The various levels of testing are

1. White Box Testing


2. Black Box Testing
3. Unit Testing
4. Functional Testing
5. Performance Testing
6. Integration Testing
7. Objective
8. Integration Testing
9. Validation Testing
10. System Testing
11. Structure Testing
12. Output Testing
13. User Acceptance Testing

White Box Testing

White-box testing (also known as clear box testing, glass box testing, transparent
box testing, and structural testing) is a method of testing software that tests internal
structures or workings of an application, as opposed to its functionality (i.e. black-box
testing). In white-box testing an internal perspective of the system, as well as programming
skills, are used to design test cases. The tester chooses inputs to exercise paths through the
code and determine the appropriate outputs. This is analogous to testing nodes in a circuit,
e.g. in-circuit testing (ICT).

While white-box testing can be applied at the unit, integration and system levels of
the software testing process, it is usually done at the unit level. It can test paths within a unit,
paths between units during integration, and between subsystems during a system–level test.
Though this method of test design can uncover many errors or problems, it might not detect
unimplemented parts of the specification or missing requirements.

White-box test design techniques include:


 Control flow testing
 Data flow testing
 Branch testing
 Path testing
 Statement coverage
 Decision coverage

White-box testing is a method of testing the application at the level of the source code.
The test cases are derived through the use of the design techniques mentioned above: control
flow testing, data flow testing, branch testing, path testing, statement coverage and decision
coverage as well as modified condition/decision coverage. White-box testing is the use of
these techniques as guidelines to create an error free environment by examining any fragile
code.

These White-box testing techniques are the building blocks of white-box testing, whose
essence is the careful testing of the application at the source code level to prevent any hidden
errors later on. These different techniques exercise every visible path of the source code to
minimize errors and create an error-free environment. The whole point of white-box testing is
the ability to know which line of the code is being executed and being able to identify what
the correct output should be.

Levels

1. Unit testing. White-box testing is done during unit testing to ensure that the code is
working as intended, before any integration happens with previously tested code.
White-box testing during unit testing catches any defects early on and aids in any
defects that happen later on after the code is integrated with the rest of the application
and therefore prevents any type of errors later on.
2. Integration testing. White-box testing at this level are written to test the interactions of
each interface with each other. The Unit level testing made sure that each code was
tested and working accordingly in an isolated environment and integration examines
the correctness of the behavior in an open environment through the use of white-box
testing for any interactions of interfaces that are known to the programmer.
3. Regression testing. White-box testing during regression testing is the use of recycled
white-box test cases at the unit and integration testing levels.

White-box testing's basic procedures involve the understanding of the source code that
you are testing at a deep level to be able to test them. The programmer must have a deep
understanding of the application to know what kinds of test cases to create so that every
visible path is exercised for testing. Once the source code is understood then the source code
can be analysed for test cases to be created. These are the three basic steps that white-box
testing takes in order to create test cases:

1. Input, involves different types of requirements, functional specifications, detailed


designing of documents, proper source code, security specifications. This is the
preparation stage of white-box testing to layout all of the basic information.
2. Processing Unit, involves performing risk analysis to guide whole testing process,
proper test plan, execute test cases and communicate results. This is the phase of
building test cases to make sure they thoroughly test the application the given results
are recorded accordingly.
3. Output; prepare final report that encompasses all of the above preparations and
results.
Black Box Testing

Black-box testing is a method of software testing that examines the functionality of


an application (e.g. what the software does) without peering into its internal structures or
workings (see white-box testing). This method of test can be applied to virtually every level
of software testing: unit, integration, system and acceptance. It typically comprises most if
not all higher level testing, but can also dominate unit testing as well

Test procedures

Specific knowledge of the application's code/internal structure and programming


knowledge in general is not required. The tester is aware of what the software is supposed to
do but is not aware of how it does it. For instance, the tester is aware that a particular input
returns a certain, invariable output but is not aware of how the software produces the output
in the first place.
Test cases
Test cases are built around specifications and requirements, i.e., what the application
is supposed to do. Test cases are generally derived from external descriptions of the software,
including specifications, requirements and design parameters. Although the tests used are
primarily functional in nature, non-functional tests may also be used. The test designer selects
both valid and invalid inputs and determines the correct output without any knowledge of the
test object's internal structure.

Test design techniques


Typical black-box test design techniques include:

 Decision table testing


 All-pairs testing
 State transition tables
 Equivalence partitioning
 Boundary value analysis
Unit testing

In computer programming, unit testing is a method by which individual units


of source code, sets of one or more computer program modules together with associated
control data, usage procedures, and operating procedures are tested to determine if they are fit
for use. Intuitively, one can view a unit as the smallest testable part of an application.
In procedural programming, a unit could be an entire module, but is more commonly an
individual function or procedure. In object-oriented programming, a unit is often an entire
interface, such as a class, but could be an individual method. Unit tests are created by
programmers or occasionally by white box testers during the development process.

Ideally, each test case is independent from the others. Substitutes such as method
stubs, mock objects, fakes, and test harnesses can be used to assist testing a module in
isolation. Unit tests are typically written and run by software developers to ensure that code
meets its design and behaves as intended. Its implementation can vary from being very
manual (pencil and paper)to being formalized as part of build automation.

Testing will not catch every error in the program, since it cannot evaluate every
execution path in any but the most trivial programs. The same is true for unit testing.
Additionally, unit testing by definition only tests the functionality of the units themselves.
Therefore, it will not catch integration errors or broader system-level errors (such as functions
performed across multiple units, or non-functional test areas such as performance).

Unit testing should be done in conjunction with other software testing activities, as
they can only show the presence or absence of particular errors; they cannot prove a complete
absence of errors. In order to guarantee correct behaviour for every execution path and every
possible input, and ensure the absence of errors, other techniques are required, namely the
application of formal methods to proving that a software component has no unexpected
behaviour.

Software testing is a combinatorial problem. For example, every Boolean decision statement
requires at least two tests: one with an outcome of "true" and one with an outcome of "false".
As a result, for every line of code written, programmers often need 3 to 5 lines of test code.

This obviously takes time and its investment may not be worth the effort. There are
also many problems that cannot easily be tested at all – for example those that
are nondeterministic or involve multiple threads. In addition, code for a unit test is likely to
be at least as buggy as the code it is testing. Fred Brooks in The Mythical Man-
Month quotes: never take two chronometers to sea. Always take one or three. Meaning, if
two chronometers contradict, how do you know which one is correct?

Another challenge related to writing the unit tests is the difficulty of setting up
realistic and useful tests. It is necessary to create relevant initial conditions so the part of the
application being tested behaves like part of the complete system. If these initial conditions
are not set correctly, the test will not be exercising the code in a realistic context, which
diminishes the value and accuracy of unit test results.

To obtain the intended benefits from unit testing, rigorous discipline is needed
throughout the software development process. It is essential to keep careful records not only
of the tests that have been performed, but also of all changes that have been made to the
source code of this or any other unit in the software. Use of a version control system is
essential. If a later version of the unit fails a particular test that it had previously passed, the
version-control software can provide a list of the source code changes (if any) that have been
applied to the unit since that time.

It is also essential to implement a sustainable process for ensuring that test case
failures are reviewed daily and addressed immediately if such a process is not implemented
and ingrained into the team's workflow, the application will evolve out of sync with the unit
test suite, increasing false positives and reducing the effectiveness of the test suite.

Unit testing embedded system software presents a unique challenge: Since the
software is being developed on a different platform than the one it will eventually run on, you
cannot readily run a test program in the actual deployment environment, as is possible with
desktop programs.

Functional testing

Functional testing is a quality assurance (QA) process and a type of black box
testing that bases its test cases on the specifications of the software component under test.
Functions are tested by feeding them input and examining the output, and internal program
structure is rarely considered (not like in white-box testing). Functional Testing usually
describes what the system does.

Functional testing differs from system testing in that functional testing "verifies a program by
checking it against ... design document(s) or specification(s)", while system testing
"validate a program by checking it against the published user or system requirements"
(Kaner, Falk, Nguyen 1999, p. 52).

Functional testing typically involves five steps .The identification of functions that the
software is expected to perform

1. The creation of input data based on the function's specifications


2. The determination of output based on the function's specifications
3. The execution of the test case
4. The comparison of actual and expected outputs
Performance testing

In software engineering, performance testing is in general testing performed to


determine how a system performs in terms of responsiveness and stability under a particular
workload. It can also serve to investigate, measure, validate or verify
other quality attributes of the system, such as scalability, reliability and resource usage.

Performance testing is a subset of performance engineering, an emerging computer


science practice which strives to build performance into the implementation, design and
architecture of a system.
Testing types

Load testing

Load testing is the simplest form of performance testing. A load test is usually
conducted to understand the behaviour of the system under a specific expected load. This
load can be the expected concurrent number of users on the application performing a specific
number of transactions within the set duration. This test will give out the response times of all
the important business critical transactions. If the database, application server, etc. are also
monitored, then this simple test can itself point towards bottlenecks in the application
software.

Stress testing

Stress testing is normally used to understand the upper limits of capacity within the
system. This kind of test is done to determine the system's robustness in terms of extreme
load and helps application administrators to determine if the system will perform sufficiently
if the current load goes well above the expected maximum.

Soak testing

Soak testing, also known as endurance testing, is usually done to determine if the
system can sustain the continuous expected load. During soak tests, memory utilization is
monitored to detect potential leaks. Also important, but often overlooked is performance
degradation. That is, to ensure that the throughput and/or response times after some long
period of sustained activity are as good as or better than at the beginning of the test. It
essentially involves applying a significant load to a system for an extended, significant period
of time. The goal is to discover how the system behaves under sustained use.

Spike testing

Spike testing is done by suddenly increasing the number of or load generated by,
users by a very large amount and observing the behaviour of the system. The goal is to
determine whether performance will suffer, the system will fail, or it will be able to handle
dramatic changes in load.

Configuration testing

Rather than testing for performance from the perspective of load, tests are created to
determine the effects of configuration changes to the system's components on the system's
performance and behaviour. A common example would be experimenting with different
methods of load-balancing.

Isolation testing

Isolation testing is not unique to performance testing but involves repeating a test
execution that resulted in a system problem. Often used to isolate and confirm the fault
domain.

Integration testing

Integration testing (sometimes called integration and testing, abbreviated I&T) is


the phase in software testing in which individual software modules are combined and tested
as a group. It occurs after unit testing and before validation testing. Integration testing takes
as its input modules that have been unit tested, groups them in larger aggregates, applies tests
defined in an integration test plan to those aggregates, and delivers as its output the integrated
system ready for system testing.

Purpose

The purpose of integration testing is to verify functional, performance, and


reliability requirements placed on major design items. These "design items", i.e. assemblages
(or groups of units), are exercised through their interfaces using black box testing, success
and error cases being simulated via appropriate parameter and data inputs. Simulated usage of
shared data areas and inter-process communication is tested and individual subsystems are
exercised through their input interface.

Test cases are constructed to test whether all the components within assemblages
interact correctly, for example across procedure calls or process activations, and this is done
after testing individual modules, i.e. unit testing. The overall idea is a "building block"
approach, in which verified assemblages are added to a verified base which is then used to
support the integration testing of further assemblages.

Some different types of integration testing are big bang, top-down, and bottom-up.
Other Integration Patterns are: Collaboration Integration, Backbone Integration, Layer
Integration, Client/Server Integration, Distributed Services Integration and High-frequency
Integration.
Big Bang

In this approach, all or most of the developed modules are coupled together to form a
complete software system or major part of the system and then used for integration testing.
The Big Bang method is very effective for saving time in the integration testing process.
However, if the test cases and their results are not recorded properly, the entire integration
process will be more complicated and may prevent the testing team from achieving the goal
of integration testing.

A type of Big Bang Integration testing is called Usage Model testing. Usage Model
Testing can be used in both software and hardware integration testing. The basis behind this
type of integration testing is to run user-like workloads in integrated user-like environments.
In doing the testing in this manner, the environment is proofed, while the individual
components are proofed indirectly through their use.

Usage Model testing takes an optimistic approach to testing, because it expects to


have few problems with the individual components. The strategy relies heavily on the
component developers to do the isolated unit testing for their product. The goal of the
strategy is to avoid redoing the testing done by the developers, and instead flesh-out problems
caused by the interaction of the components in the environment.

For integration testing, Usage Model testing can be more efficient and provides better
test coverage than traditional focused functional integration testing. To be more efficient and
accurate, care must be used in defining the user-like workloads for creating realistic scenarios
in exercising the environment. This gives confidence that the integrated environment will
work as expected for the target customers.

Top-down and Bottom-up

Bottom Up Testing is an approach to integrated testing where the lowest level


components are tested first, then used to facilitate the testing of higher level components. The
process is repeated until the component at the top of the hierarchy is tested.

All the bottom or low-level modules, procedures or functions are integrated and then
tested. After the integration testing of lower level integrated modules, the next level of
modules will be formed and can be used for integration testing. This approach is helpful only
when all or most of the modules of the same development level are ready. This method also
helps to determine the levels of software developed and makes it easier to report testing
progress in the form of a percentage.
Top Down Testing is an approach to integrated testing where the top integrated
modules are tested and the branch of the module is tested step by step until the end of the
related module.

Sandwich Testing is an approach to combine top down testing with bottom up


testing.

The main advantage of the Bottom-Up approach is that bugs are more easily found. With
Top-Down, it is easier to find a missing branch link.

CONCLUSIONS

The application developed enables us to share files over the cloud securely. This application uses the
AES algorithm for encryption and decryption. A user has the ability to share the files only with the
users they wish to. AES uses higher encryption key sizes, including 128, 192, and 256 bits. The reason
for choosing AES is that it is fast and, unlike DES, the number of financial transactions, wireless
communication, e-business, encrypted data storage, and more applications employing AES is
growing. Rounds in AES are a changeable algorithm that is dependent on the key length. At the
current stage, we are only using the AES algorithm, and to enhance security even further, we can use
more hybrid versions of the AES algorithm to better meet user needs

Future Enhancement

We can use distributed cloud storage to store encrypted files. Various databases can be used to
store large amounts of data. This system can also be a part of many security-centric systems in order
to address security related issues.

Reference

[1] P. Anderson and L. Zhang. Fast and secure laptop backups with encrypted de-duplication. In Proc.
of USENIX LISA, 2010.

[2] M. Bellare, S. Keelveedhi, and T. Ristenpart. Dupless: Server-aided encryption for deduplicated
storage. In USENIX SecuritySymposium, 2013.

[3] M. Bellare, S. Keelveedhi, and T. Ristenpart. Message-locked encryption and secure


deduplication. In EUROCRYPT, pages 296–312, 2013.

[4] M. Bellare, C. Namprempre, and G. Neven. Security proofs for identity-based identification and
signature schemes. J. Cryptology,22(1):1–61, 2009.
[5] M. Bellare and A. Palacio. Gq and schnorr identification schemes: Proofs of security against
impersonation under active and concurrent attacks. In CRYPTO, pages 162–177, 2002.

[6] S. Bugiel, S. Nurnberger, A. Sadeghi, and T. Schneider. Twin clouds: An architecture for secure
cloud computing. In Workshop on Cryptography and Security in Clouds (WCSC 2011), 2011.

Source Code

Index

<html>

<head>

<title>SFS</title>

<link rel="stylesheet" href="css/animate.css">

<link rel="stylesheet" href="css/icomoon.css">

<link rel="stylesheet" href="css/themify-icons.css">

<link rel="stylesheet" href="css/bootstrap.css">

<link rel="stylesheet" href="css/style.css">

<script src="js/modernizr-2.6.2.min.js"></script>

</head>

<body>

<div class="gtco-loader"></div>

<div id="page">

<nav class="gtco-nav" role="navigation">

<div class="container">

<div class="row">

<div class="col-sm-2 col-xs-2">

<div id="gtco-logo">Secure File Sharing</div>

</div>
<div class="col-xs-10 text-right fh5co-top-social">

<ul class="gtco-social">

<li><a href="index.jsp">Home</a></li>

<li><a href="cloudlogin.jsp">Cloud</a></li>

<li><a href="userlogin.jsp">Users</a></li>

<li><a href="adminlogin.jsp">Admin</a></li>

</ul>

</div>

</div>

</div>

</nav>

<div id="gtco-intro">

<div class="container">

<div class="row">

<div class="col-md-10 col-md-offset-1 text-center">

<div class="dt js-height">

<div class="dtc animate-box">

<h2 class="gradient-text">Secure
File Sharing Using Access Control</h2>

<p><a href="#" class="btn btn-


gradient">Hire Us</a></p>

</div>

</div>

</div>

</div>

</div>

</div>
<footer id="fh5co-footer">

<div class="container">

<div class="row">

<div class="col-md-4">

<div class="fh5co-footer-widget">

<a>All Rights Reserved.</a>

</div>

</div>

<div class="col-md-3 col-md-push-1">

<div class="fh5co-footer-widget">

<p><a href=""></a> <br> <a


href="#"></a></p>

</div>

</div>

<div class="col-md-4 col-md-push-1">

<div class="fh5co-footer-widget gtco-social-wrap">

<ul class="gtco-social">

<li><a href="#" class="icon-


twitter"></a></li>

<li><a href="#" class="icon-


dribbble"></a></li>

<li><a href="#" class="icon-


instagram"></a></li>

</ul>

</div>

</div>

</div>

</div>

</footer>
</div>

<div class="gototop js-top">

<a href="#" class="js-gotop"><i class="icon-arrow-up"></i></a>

</div>

<script src="js/jquery.min.js"></script>

<script src="js/jquery.easing.1.3.js"></script>

<script src="js/bootstrap.min.js"></script>

<script src="js/jquery.waypoints.min.js"></script>

<script src="js/main.js"></script>

</body>

</html>

Enter Key

<%@page import="java.sql.*;" %>

<html>

<head>

<title>SFS</title>

<link rel="stylesheet" href="css/animate.css">

<link rel="stylesheet" href="css/icomoon.css">

<link rel="stylesheet" href="css/themify-icons.css">

<link rel="stylesheet" href="css/bootstrap.css">

<link rel="stylesheet" href="css/style.css">

<script src="js/modernizr-2.6.2.min.js"></script>

<style>

tr

{
padding: 10px 15px;

td

padding: 10px 15px;

</style>

</head>

<body>

<div class="gtco-loader"></div>

<div id="page">

<nav class="gtco-nav" role="navigation">

<div class="container">

<div class="row">

<div class="col-sm-2 col-xs-2">

<div id="gtco-logo">SecureFileSharing</div>

</div>

<div class="col-xs-10 text-right fh5co-top-social">

<ul class="gtco-social">

<li><a href="userhome.jsp">Home</a></li>

<li><a href="storefile.jsp">Upload
File</a></li>

<li><a href="mycloud.jsp">My
Cloud</a></li>

<li><a href="index.jsp">Logout</a></li>

</ul>

</div>

</div>
</div>

</nav>

<div id="gtco-intro">

<div class="container">

<div class="row">

<div class="col-md-10 col-md-offset-1 text-center">

<div class="dt js-height">

<div class="dtc animate-box">

<%

String uid = (String) session.getAttribute("uid");

String id = request.getParameter("a");

session.setAttribute("fid", id);

%>

<h2 class="gradient-text">Secure
File Sharing Using Access Control</h2>

<h3 align="center">Enter Key</h3>

<form action="KeyC.jsp" method="post">

<h4 align="center"><input type="text" name="key" /></h4>

<h4 align="center"><input type="submit" value="Submit" /></h4>

</form>

<br>

</div>

</div>

</div>

</div>

</div>

</div>
<footer id="fh5co-footer">

<div class="container">

<div class="row">

<div class="col-md-4">

<div class="fh5co-footer-widget">

<a>All Rights Reserved.</a>

</div>

</div>

<div class="col-md-3 col-md-push-1">

<div class="fh5co-footer-widget">

<p><a href=""></a> <br> <a


href="#"></a></p>

</div>

</div>

<div class="col-md-4 col-md-push-1">

<div class="fh5co-footer-widget gtco-social-wrap">

<ul class="gtco-social">

<li><a href="#" class="icon-


twitter"></a></li>

<li><a href="#" class="icon-


dribbble"></a></li>

<li><a href="#" class="icon-


instagram"></a></li>

</ul>

</div>

</div>

</div>

</div>

</footer>
</div>

<div class="gototop js-top">

<a href="#" class="js-gotop"><i class="icon-arrow-up"></i></a>

</div>

<script src="js/jquery.min.js"></script>

<script src="js/jquery.easing.1.3.js"></script>

<script src="js/bootstrap.min.js"></script>

<script src="js/jquery.waypoints.min.js"></script>

<script src="js/main.js"></script>

</body>

</html>

KeyCheck

<%--

Document : KeyC

Created on : Feb 25, 2020, 11:52:18 AM

Author : Admin

--%>

<%@page import="java.sql.*;" %>

<%@page contentType="text/html" pageEncoding="UTF-8"%>

<!DOCTYPE html>

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<title>JSP Page</title>

</head>
<body>

<%

String k = request.getParameter("key");

String fid = (String)session.getAttribute("fid");

Class.forName("com.mysql.jdbc.Driver");

Connection con =
DriverManager.getConnection("jdbc:mysql://localhost:3306/cpabe","root","root");

Statement stmt = con.createStatement();

ResultSet rss = stmt.executeQuery("select * from ufiles where id='"+fid+"' and Fkey='"+k+"'");

if(rss.next())

String a = rss.getString("Ufile");

session.setAttribute("fl", a);

String fk = "";

Statement smt = con.createStatement();

smt.executeUpdate("update ufiles set Fkey='"+fk+"' where id='"+fid+"'");

response.sendRedirect("down.jsp");

else

response.sendRedirect("Ekey.jsp");

%>

</body>

</html>

Key Generate

<%--

Document : Keygen

Created on : Feb 25, 2020, 11:39:52 AM


Author : Admin

--%>

<%@page import="java.sql.*;" %>

<%@page import="java.util.Random"%>

<%@page contentType="text/html" pageEncoding="UTF-8"%>

<!DOCTYPE html>

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<title>JSP Page</title>

</head>

<body>

<%

String dCase = "asdfghjklqwertyuiozxcvbnmqwersdfghtyu";

String uCase = "qwertyuiopasdfghjklzxcvbnmasdfghjklasdfghjkl";

Random r=new Random();

String key = "";

while (key.length () != 8)

int rPick = r.nextInt(2);

if (rPick == 0){

int spot = r.nextInt(26);

key += dCase.charAt(spot);

} else if (rPick == 1) {

int spot = r.nextInt (26);

key += uCase.charAt(spot);

String id = request.getParameter("a");

Class.forName("com.mysql.jdbc.Driver");
Connection con =
DriverManager.getConnection("jdbc:mysql://localhost:3306/cpabe","root","root");

Statement stmt = con.createStatement();

stmt.executeUpdate("update ufiles set Fkey='"+key+"' where id='"+id+"'");

response.sendRedirect("mycloud.jsp");

%>

</body>

</html>

Share File

<%@page import="java.sql.*;" %>

<html>

<head>

<title>SFS</title>

<link rel="stylesheet" href="css/animate.css">

<link rel="stylesheet" href="css/icomoon.css">

<link rel="stylesheet" href="css/themify-icons.css">

<link rel="stylesheet" href="css/bootstrap.css">

<link rel="stylesheet" href="css/style.css">

<script src="js/modernizr-2.6.2.min.js"></script>

<style>

.log

border-style: solid;

width: 400px;

</style>

</head>

<body>
<div class="gtco-loader"></div>

<div id="page">

<nav class="gtco-nav" role="navigation">

<div class="container">

<div class="row">

<div class="col-sm-2 col-xs-2">

<div id="gtco-logo">SecureFileSharing</div>

</div>

<div class="col-xs-10 text-right fh5co-top-social">

<ul class="gtco-social">

<li><a href="userhome.jsp">Home</a></li>

<li><a href="storefile.jsp">Upload
File</a></li>

<li><a href="mycloud.jsp">My
Cloud</a></li>

<li><a href="index.jsp">Logout</a></li>

</ul>

</div>

</div>

</div>

</nav>

<div id="gtco-intro">

<div class="container">

<div class="row">

<div class="col-md-10 col-md-offset-1 text-center">

<div class="dt js-height">

<div class="dtc animate-box">


<center>

<h2 class="gradient-text">Secure
File Sharing Using Access Control</h2>

<form action="Sharefle.jsp"
method="post">

<div class="log">

<h3 align="center">Share File To Another User</h3>

<h4 align="center">

<input type="text" name="user"/></h4>

<h5 align="center">

<input type="submit" class="btn btn-gradient"


value="Share" /></h5>

<h3 align="center"></h3>

</div>

</form>

</center>

</div>

</div>

</div>

</div>

</div>

<%

int n = 0;

int no = n;

String fl = request.getParameter("aaa");

session.setAttribute("fl", fl);

%>

</div>
<footer id="fh5co-footer">

<div class="container">

<div class="row">

<div class="col-md-4">

<div class="fh5co-footer-widget">

<a>All Rights Reserved.</a>

</div>

</div>

<div class="col-md-3 col-md-push-1">

<div class="fh5co-footer-widget">

<p><a href=""></a> <br> <a


href="#"></a></p>

</div>

</div>

<div class="col-md-4 col-md-push-1">

<div class="fh5co-footer-widget gtco-social-wrap">

<ul class="gtco-social">

<li><a href="#" class="icon-


twitter"></a></li>

<li><a href="#" class="icon-


dribbble"></a></li>

<li><a href="#" class="icon-


instagram"></a></li>

</ul>

</div>

</div>

</div>

</div>

</footer>
</div>

<div class="gototop js-top">

<a href="#" class="js-gotop"><i class="icon-arrow-up"></i></a>

</div>

<script src="js/jquery.min.js"></script>

<script src="js/jquery.easing.1.3.js"></script>

<script src="js/bootstrap.min.js"></script>

<script src="js/jquery.waypoints.min.js"></script>

<script src="js/main.js"></script>

</body>

</html>

Store File

<%--

Document : Sharefle

Created on : Jul 7, 2020, 4:18:36 PM

Author : Admin

--%>

<%@page import="java.sql.*;" %>

<%@page contentType="text/html" pageEncoding="UTF-8"%>

<!DOCTYPE html>

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<title>JSP Page</title>

</head>

<body>
<%

int n = 0;

int no = n;

String fl = (String)session.getAttribute("fl");

String user = request.getParameter("user");

Class.forName("com.mysql.jdbc.Driver");

Connection con =
DriverManager.getConnection("jdbc:mysql://localhost:3306/cpabe","root","root");

Statement stmt = con.createStatement();

stmt.executeUpdate("insert into ufiles values('"+no+"','"+user+"','"+fl+"','')");

response.sendRedirect("mycloud.jsp");

%>

</body>

</html>

Admin Home

<%@page import="java.sql.*;" %>

<html>

<head>

<title>SFS</title>

<link rel="stylesheet" href="css/animate.css">

<link rel="stylesheet" href="css/icomoon.css">

<link rel="stylesheet" href="css/themify-icons.css">

<link rel="stylesheet" href="css/bootstrap.css">

<link rel="stylesheet" href="css/style.css">

<script src="js/modernizr-2.6.2.min.js"></script>

<style>

tr

{
padding: 10px 15px;

td

padding: 10px 15px;

</style>

</head>

<body>

<div class="gtco-loader"></div>

<div id="page">

<nav class="gtco-nav" role="navigation">

<div class="container">

<div class="row">

<div class="col-sm-2 col-xs-2">

<div id="gtco-logo">SecureFileSharing</div>

</div>

<div class="col-xs-10 text-right fh5co-top-social">

<ul class="gtco-social">

<li><a
href="adminhome.jsp">Home</a></li>

<li><a href="index.jsp">Logout</a></li>

</ul>

</div>

</div>
</div>

</nav>

<div id="gtco-intro">

<div class="container">

<div class="row">

<div class="col-md-10 col-md-offset-1 text-center">

<div class="dt js-height">

<div class="dtc animate-box">

<%

String uid = (String) session.getAttribute("uid");

%>

<h2 class="gradient-text">Secure
File Sharing Using Access Control</h2>

<h3 align="center">Users List</h3>

<br>

<table border="2" align="center" cellpadding="10" cellspacing="10">

<tr>

<th>Name</th>

<th>Contact</th>

<th>ID</th>

<th>City</th>

<th>State</th>

</tr>

<%

Class.forName("com.mysql.jdbc.Driver");

Connection con =
DriverManager.getConnection("jdbc:mysql://localhost:3306/cpabe","root","root");

Statement stmt = con.createStatement();

ResultSet rss = stmt.executeQuery("select * from users");

while(rss.next())
{

%>

<tr>

<td><%=rss.getString("Name")%></td>

<td><%=rss.getString("Contact")%></td>

<td><%=rss.getString("ID")%></td>

<td><%=rss.getString("City")%></td>

<td><%=rss.getString("State")%></td>

</tr>

<%

%>

</table>

<br>

</div>

</div>

</div>

</div>

</div>

</div>

<footer id="fh5co-footer">

<div class="container">

<div class="row">

<div class="col-md-4">

<div class="fh5co-footer-widget">

<a>All Rights Reserved.</a>


</div>

</div>

<div class="col-md-3 col-md-push-1">

<div class="fh5co-footer-widget">

<p><a href=""></a> <br> <a


href="#"></a></p>

</div>

</div>

<div class="col-md-4 col-md-push-1">

<div class="fh5co-footer-widget gtco-social-wrap">

<ul class="gtco-social">

<li><a href="#" class="icon-


twitter"></a></li>

<li><a href="#" class="icon-


dribbble"></a></li>

<li><a href="#" class="icon-


instagram"></a></li>

</ul>

</div>

</div>

</div>

</div>

</footer>

</div>

<div class="gototop js-top">

<a href="#" class="js-gotop"><i class="icon-arrow-up"></i></a>

</div>

<script src="js/jquery.min.js"></script>

<script src="js/jquery.easing.1.3.js"></script>
<script src="js/bootstrap.min.js"></script>

<script src="js/jquery.waypoints.min.js"></script>

<script src="js/main.js"></script>

</body>

</html>

Admin Login

<html>

<head>

<title>SFS</title>

<link rel="stylesheet" href="css/animate.css">

<link rel="stylesheet" href="css/icomoon.css">

<link rel="stylesheet" href="css/themify-icons.css">

<link rel="stylesheet" href="css/bootstrap.css">

<link rel="stylesheet" href="css/style.css">

<script src="js/modernizr-2.6.2.min.js"></script>

<style>

.log

border-style: solid;

width: 400px;

</style>

</head>

<body>

<div class="gtco-loader"></div>
<div id="page">

<nav class="gtco-nav" role="navigation">

<div class="container">

<div class="row">

<div class="col-sm-2 col-xs-2">

<div id="gtco-logo">SecureFileSharing</div>

</div>

<div class="col-xs-10 text-right fh5co-top-social">

<ul class="gtco-social">

<li><a href="index.jsp">Home</a></li>

<li><a href="cloudlogin.jsp">Cloud</a></li>

<li><a href="userlogin.jsp">Users</a></li>

<li><a href="adminlogin.jsp">Admin</a></li>

</ul>

</div>

</div>

</div>

</nav>

<div id="gtco-intro">

<div class="container">

<div class="row">

<div class="col-md-10 col-md-offset-1 text-center">

<div class="dt js-height">

<div class="dtc animate-box">

<center>
<h2 class="gradient-text">Secure
File Sharing Using Access Control</h2>

<form action="cloudlog.jsp" method="post">

<div class="log">

<h3 align="center">Admin Login</h3>

<h4 align="center"><input type="text" name="id"


placeholder="Enter ID" /></h4>

<h4 align="center"><input type="password" name="pass"


placeholder="Password" /></h4>

<h5 align="center">

<input type="submit" class="btn btn-gradient"


value="Login" /></h5>

<h3 align="center"></h3>

</div>

</form>

</center>

</div>

</div>

</div>

</div>

</div>

</div>

<footer id="fh5co-footer">

<div class="container">

<div class="row">

<div class="col-md-4">
<div class="fh5co-footer-widget">

<a>All Rights Reserved.</a>

</div>

</div>

<div class="col-md-3 col-md-push-1">

<div class="fh5co-footer-widget">

<p><a href=""></a> <br> <a


href="#"></a></p>

</div>

</div>

<div class="col-md-4 col-md-push-1">

<div class="fh5co-footer-widget gtco-social-wrap">

<ul class="gtco-social">

<li><a href="#" class="icon-


twitter"></a></li>

<li><a href="#" class="icon-


dribbble"></a></li>

<li><a href="#" class="icon-


instagram"></a></li>

</ul>

</div>

</div>

</div>

</div>

</footer>

</div>

<div class="gototop js-top">

<a href="#" class="js-gotop"><i class="icon-arrow-up"></i></a>

</div>
<script src="js/jquery.min.js"></script>

<script src="js/jquery.easing.1.3.js"></script>

<script src="js/bootstrap.min.js"></script>

<script src="js/jquery.waypoints.min.js"></script>

<script src="js/main.js"></script>

</body>

</html>

Cloud Home

<%@page import="java.sql.*;" %>

<html>

<head>

<title>SFS</title>

<link rel="stylesheet" href="css/animate.css">

<link rel="stylesheet" href="css/icomoon.css">

<link rel="stylesheet" href="css/themify-icons.css">

<link rel="stylesheet" href="css/bootstrap.css">

<link rel="stylesheet" href="css/style.css">

<script src="js/modernizr-2.6.2.min.js"></script>

<style>

tr

padding: 10px 15px;

td

padding: 10px 15px;


}

</style>

</head>

<body>

<div class="gtco-loader"></div>

<div id="page">

<nav class="gtco-nav" role="navigation">

<div class="container">

<div class="row">

<div class="col-sm-2 col-xs-2">

<div id="gtco-logo">SecureFileSharing</div>

</div>

<div class="col-xs-10 text-right fh5co-top-social">

<ul class="gtco-social">

<li><a
href="adminhome.jsp">Home</a></li>

<li><a href="index.jsp">Logout</a></li>

</ul>

</div>

</div>

</div>

</nav>

<div id="gtco-intro">

<div class="container">
<div class="row">

<div class="col-md-10 col-md-offset-1 text-center">

<div class="dt js-height">

<div class="dtc animate-box">

<%

String uid = (String) session.getAttribute("uid");

%>

<h2 class="gradient-text">Secure
File Sharing Using Access Control</h2>

<h3 align="center">Users List</h3>

<br>

<table border="2" align="center" cellpadding="10" cellspacing="10">

<tr>

<th>ID</th>

<th>User</th>

<th>Files</th>

</tr>

<%

Class.forName("com.mysql.jdbc.Driver");

Connection con =
DriverManager.getConnection("jdbc:mysql://localhost:3306/cpabe","root","root");

Statement stmt = con.createStatement();

ResultSet rss = stmt.executeQuery("select * from ufiles");

while(rss.next())

%>

<tr>

<td><%=rss.getString("id")%></td>

<td><%=rss.getString("User")%></td>

<td><%=rss.getString("Ufile")%></td>
</tr>

<%

%>

</table>

<br>

</div>

</div>

</div>

</div>

</div>

</div>

<footer id="fh5co-footer">

<div class="container">

<div class="row">

<div class="col-md-4">

<div class="fh5co-footer-widget">

<a>All Rights Reserved.</a>

</div>

</div>

<div class="col-md-3 col-md-push-1">

<div class="fh5co-footer-widget">

<p><a href=""></a> <br> <a


href="#"></a></p>

</div>
</div>

<div class="col-md-4 col-md-push-1">

<div class="fh5co-footer-widget gtco-social-wrap">

<ul class="gtco-social">

<li><a href="#" class="icon-


twitter"></a></li>

<li><a href="#" class="icon-


dribbble"></a></li>

<li><a href="#" class="icon-


instagram"></a></li>

</ul>

</div>

</div>

</div>

</div>

</footer>

</div>

<div class="gototop js-top">

<a href="#" class="js-gotop"><i class="icon-arrow-up"></i></a>

</div>

<script src="js/jquery.min.js"></script>

<script src="js/jquery.easing.1.3.js"></script>

<script src="js/bootstrap.min.js"></script>

<script src="js/jquery.waypoints.min.js"></script>

<script src="js/main.js"></script>

</body>

</html>
Cloud Log

<%--

Document : cloudlog

Created on : Feb 25, 2020, 12:08:12 PM

Author : Admin

--%>

<%@page import="java.sql.*;" %>

<%@page contentType="text/html" pageEncoding="UTF-8"%>

<!DOCTYPE html>

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<title>JSP Page</title>

</head>

<body>

<%

String id = request.getParameter("id");

String pass = request.getParameter("pass");

Class.forName("com.mysql.jdbc.Driver");

Connection con =
DriverManager.getConnection("jdbc:mysql://localhost:3306/cpabe","root","root");

Statement stmt = con.createStatement();

ResultSet rss =stmt.executeQuery("select * from admin where id='"+id+"' and


password='"+pass+"'");

if(rss.next())

if(id.equals("admin"))

response.sendRedirect("adminhome.jsp");

}
else if(id.equals("cloud"))

response.sendRedirect("cloudhome.jsp");

else

response.sendRedirect("index.jsp");

%>

</body>

</html>

Download

<%@page import="java.sql.*;" %>

<%

String filename = (String)session.getAttribute("fl");

//String filename=rs.getString("ufile");

//C:\Users\Public\Documents

String filepath = "D:\\file1\\";

response.setContentType("APPLICATION/OCTET-STREAM");

response.setHeader("Content-Disposition","attachment; filename=\"" + filename + "\"");

java.io.FileInputStream fileInputStream=new java.io.FileInputStream(filepath + filename);

int i;

while ((i=fileInputStream.read()) != -1) {

out.write(i);

}
fileInputStream.close();

%>

Encryption

<%@ page import="java.io.*,javax.crypto.*,javax.crypto.spec.*,java.util.*;" language="java"


contentType="text/html; charset=ISO-8859-1"

pageEncoding="ISO-8859-1"%>

<%

String drive,file,folder,password;

FileInputStream inFile;

FileOutputStream outFile;

drive="D";

folder="file1";

file=(String)session.getAttribute("fle");

password="fdzshfghjg";

//C:\Users\Public\Documents

inFile = new FileInputStream(drive+":"+"\\"+folder+"\\"+file);

outFile = new FileOutputStream("D:\\enc file\\"+file+".des");

//D:\\file\\file.des

try

PBEKeySpec keySpec = new PBEKeySpec(password.toCharArray());

SecretKeyFactory keyFactory =

SecretKeyFactory.getInstance("PBEWithMD5AndDES");

SecretKey passwordKey = keyFactory.generateSecret(keySpec);


byte[] salt = new byte[8];

Random rnd = new Random();

rnd.nextBytes(salt);

int iterations = 100;

PBEParameterSpec parameterSpec = new PBEParameterSpec(salt, iterations);

Cipher cipher = Cipher.getInstance("PBEWithMD5AndDES");

cipher.init(Cipher.ENCRYPT_MODE, passwordKey, parameterSpec);

outFile.write(salt);

byte[] input = new byte[64];

int bytesRead;

while ((bytesRead = inFile.read(input)) != -1)

byte[] output = cipher.update(input, 0, bytesRead);

if (output != null) outFile.write(output);

byte[] output = cipher.doFinal();

if (output != null) outFile.write(output);

inFile.close();

outFile.flush();

outFile.close();

catch(Exception e)

System.out.println(e.getMessage());

System.out.println(e.getLocalizedMessage());

System.out.println(e.getCause());

}
response.sendRedirect("storefile.jsp");

%>

Upload

<%@page import="java.sql.*;" %>

<%@page contentType="text/html;charset=windows-1252"%>

<%

response.setContentType("text/html");

response.setHeader("Cache-control","no-cache");

String err = "";

String lastFileName = "";

String uname= "";

String contentType = request.getContentType();

String boundary = "";

final int BOUNDARY_WORD_SIZE = "boundary=".length();

if(contentType == null || !contentType.startsWith("multipart/form-data")) {

err = "Ilegal ENCTYPE : must be multipart/form-data\n";

err += "ENCTYPE set = " + contentType;

}else{

boundary = contentType.substring(contentType.indexOf("boundary=") +
BOUNDARY_WORD_SIZE);

boundary = "--" + boundary;

try {

javax.servlet.ServletInputStream sis = request.getInputStream();

byte[] b = new byte[1024];

int x=0;

int state=0;
String name=null,fileName=null,contentType2=null;

java.io.FileOutputStream buffer = null;

while((x=sis.readLine(b,0,1024))>-1) {

String s = new String(b,0,x);

if(s.startsWith(boundary)) {

state = 0;

//out.println("name="+name+"<br>");

//out.println(fileName+"<br>");

name = null;

contentType2 = null;

fileName = null;

}else if(s.startsWith("Content-Disposition") && state==0) {

state = 1;

if(s.indexOf("filename=") == -1)

name = s.substring(s.indexOf("name=") + "name=".length(),s.length()-2);

else {

name = s.substring(s.indexOf("name=") + "name=".length(),s.lastIndexOf(";"));

fileName = s.substring(s.indexOf("filename=") + "filename=".length(),s.length()-2);

if(fileName.equals("\"\"")) {

fileName = null;

}else {

String userAgent = request.getHeader("User-Agent");

String userSeparator="/"; // default

if (userAgent.indexOf("Windows")!=-1)

userSeparator="\\";

if (userAgent.indexOf("Linux")!=-1)

userSeparator="/";

fileName = fileName.substring(fileName.lastIndexOf(userSeparator)+1,fileName.length()-1);
if(fileName.startsWith( "\""))

fileName = fileName.substring( 1);

name = name.substring(1,name.length()-1);

if (name.equals("file")) {

if (buffer!=null)

buffer.close();

lastFileName = fileName;

//C:\Users\Public\Documents

buffer = new java.io.FileOutputStream("D:\\file1\\"+fileName);

}else if(s.startsWith("Content-Type") && state==1) {

state = 2;

contentType2 = s.substring(s.indexOf(":")+2,s.length()-2);

}else if(s.equals("\r\n") && state != 3) {

state = 3;

}else {

if (name.equals("file"))

buffer.write(b,0,x);

sis.close();

buffer.close();

}catch(java.io.IOException e) {

err = e.toString();

boolean ok = err.equals("");

if(!ok) {
out.println(err);

}else{

String fn=lastFileName;

session.setAttribute("fle", fn);

%>

<%

response.sendRedirect("filestore.jsp");

%>
Screenshots

Index

Register
Login

Home
Upload File

My Cloud
Generate Key

Download
Share Files

View Share File


Admin

View All users


View All Files

You might also like