Final Document Mageshwari
Final Document Mageshwari
1. INTRODUCTION
Cloud computing [1], which has received considerable attention from research
communities in academia as well as industry, is a distributed computation model over a large
pool of shared-virtualized computing resources, such as storage, processing power, applications
and services. Cloud users are provisioned and de-provisioned recourses as they want in cloud
computing environment.
(1) Users can avoid capital expenditure on hardware, software and services because they
pay only for what they use; (2) Users can enjoy low management overhead and immediate access
to a wide range of applications; and (3) Users can access their data wherever they are, rather than
having to stay close to their computers.
However, there is a vast variety of barriers before cloud computing can be widely
deployed. A recent survey by Oracle referred the data source from international data corporation
enterprise panel, showing that security represents 87% of users’ cloud fears1 .
One of the major security concerns of cloud users is the integrity of their outsourced files
since they no longer physically possess their data and thus lose the control over their data.
Moreover, the cloud server is not fully trusted and it is not mandatory for the cloud server to
report data loss incidents.
Indeed, to ascertain cloud computing reliability, the cloud security alliance (CSA)
published an analysis of cloud vulnerability incidents. The investigation [2] revealed that the
incident of data Loss & Leakage accounted for 25% of all incidents, ranked second only to
‖Insecure Interfaces & APIs‖.
Take Amazon’s cloud crash disaster as an example2 . In 2011, Amazon’s huge EC2
cloud services crash permanently destroyed some data of cloud users.
1
The data loss was apparently small relative to the total data stored, but anyone who runs a
website can immediately understand how terrifying a prospect any data loss is. Sometimes it is
insufficient to detect data corruption when accessing the data because it might be too late to
recover the corrupted data.
As a result, it is necessary for cloud users to frequently check if their outsourced data are
stored properly.
The size of the cloud data is huge, downloading the entire file to check the integrity
might be prohibitive in terms of bandwidth cost, and hence, very impractical. Moreover,
traditional cryptographic primitives for data integrity checking such as hash functions,
authorization code (MAC) cannot apply here directly due to being short of a copy of the original
file in verification.
In conclusion, remote data integrity checking for secure cloud storage is a highly
desirable as well as a challenging research topic. Blum proposed an auditing issue for the first
time that enables data owners to verify the integrity of remote data without explicit knowledge of
the entire data [3]. Recently, remote data integrity checking becomes more and more significant
due to the development of distributed storage systems and online storage systems.
Provable data possession (PDP) [4], [5] at untrusted stores, introduced by Ateniese et al.,
is a novel technique for ―blockless validating‖ data integrity over remote servers. In PDP, the
data owner generates some metadata for a file, and then sends his data file together with the
metadata to a remote server and deletes the file from its local storage.
To generate a proof that the server stores the original file correctly, the server computes a
response to a challenge from the verifier. The verifier can verify if the file keeps unchanged via
checking the correctness of the response.
PDP is a practical approach to checking the integrity of cloud data since it adopts a spot-
checking technique. Specifically, a file is divided into blocks and a verifier only challenges a
small set of randomly chosen clocks for integrity checking.
2
CHAPTER 2
SYSTEM ANALYSIS
Data security is said to be a person who acts as a user will have proper authorization like
proper sign in process. In normal scenario if the attacker wants to download the file without
proper authorization can done through copying the URL and download the file easily.
In this research work data security principle which will not allow the user or attacker to
download the file without proper authorization whereas intruder try to hack the data using URL
address without key. The authorized user can able to download the encrypted data by decryption
using secret key mechanism namely cryptography technique.
3
2.2 EXISTING SYSTEM
It is a Tree based association rule where it is mainly query based system. The user can
search their resources with the help of queries. Searching the resources with the help of queries is
not a simple task, where inaccurate result and etc. complexity would occur. Hence it is not a
better way for searching the resources.
The duplicate detection is the important concerns in identifying the duplicates several
algorithms fail towards the detection of an accurate duplicate in the hierarchical data; we
currently employ an intelligent model that is a hybrid between Decision Tree and Fuzzy
Similarity Matching
A drawback to IP source address spoofing is that reply packet will go back to the spoofed
IP address rather than to the attacker.
However in the scanning attack as we will see next the attacker may need to see replies
.in such cases, the attacker cannot use IP address spoofing.
4
2.3 PROPOSED SYSTEM
We investigate how to achieve data sharing with sensitive information hiding in remote
data integrity auditing, and propose a new concept called identity-based shared data integrity
auditing with sensitive information hiding for secure cloud storage.
In such a scheme, the sensitive information can be protected and the other information
can be published. It makes the file stored in the cloud able to be shared and used by others on the
condition that the sensitive information is protected, while the remote data integrity auditing is
still able to be efficiently executed.
We design a practical identity-based shared data integrity auditing scheme with sensitive
information hiding for secure cloud storage. A sanitizer is used to sanitize the data blocks
corresponding to the sensitive information of the file.
In our detailed scheme, firstly, the user blinds the data blocks corresponding to the
personal sensitive information of the original file and generates the corresponding signatures,
and then sends them to a sanitizer.
The sanitizer sanitizes these blinded data blocks into a uniform format and also sanitizes
the data blocks corresponding to the organization’s sensitive information. It also transforms the
corresponding signatures into valid ones for the sanitized file.
This method not only realizes the remote data integrity auditing, but also supports the
data sharing on the condition that sensitive information is protected in cloud storage.
To the best of our knowledge, this is the first scheme with the above functions. Besides,
our scheme is based on identity-based cryptography, which simplifies the complex certificate
management.
We give the security analysis of the proposed scheme, and also justify the performance
by concrete implementations. The result shows that the proposed scheme achieves desirable
security and efficiency.
5
CHAPTER 3
REQUIREMENT SPECIFICATION
SYSTEM CONFIGURATION
6
3.3 SYSTEM SOFTWARE
Java Technology
Java technology is both a programming language and a platform.
With most programming languages, you either compile or interpret a program so that you
can run it on your computer. The Java programming language is unusual in that a program is
both compiled and interpreted. With the compiler, first you translate a program into an
intermediate language called Java byte codes —the platform-independent codes interpreted by
the interpreter on the Java platform. The interpreter parses and runs each Java byte code
instruction on the computer. Compilation happens just once; interpretation occurs each time the
program is executed. The following figure illustrates how this works.
7
You can think of Java byte codes as the machine code instructions for the Java Virtual
Machine (Java VM). Every Java interpreter, whether it’s a development tool or a Web browser
that can run applets, is an implementation of the Java VM. Java byte codes help make ―write
once, run anywhere‖ possible. You can compile your program into byte codes on any platform
that has a Java compiler. The byte codes can then be run on any implementation of the Java VM.
That means that as long as a computer has a Java VM, the same program written in the Java
programming language can run on Windows 2000, a Solaris workstation, or on an iMac.
8
The Java Application Programming Interface (Java API)
You’ve already been introduced to the Java VM. It’s the base for the Java platform
and is ported onto various hardware-based platforms.
The Java API is a large collection of ready-made software components that provide
many useful capabilities, such as graphical user interface (GUI) widgets. The Java API is
grouped into libraries of related classes and interfaces; these libraries are known as
packages. The next section, What Can Java Technology Do? Highlights what
functionality some of the packages in the Java API provide.
The following figure depicts a program that’s running on the Java platform. As the
figure shows, the Java API and the virtual machine insulate the program from the
hardware.
Native code is code that after you compile it, the compiled code runs on a specific
hardware platform. As a platform-independent environment, the Java platform can be a
bit slower than native code. However, smart compilers, well-tuned interpreters, and just-
in-time byte code compilers can bring performance close to that of native code without
threatening portability.
What Can Java Technology Do?
The most common types of programs written in the Java programming language are
applets and applications. If you’ve surfed the Web, you’re probably already familiar with
applets. An applet is a program that adheres to certain conventions that allow it to run
within a Java-enabled browser.
However, the Java programming language is not just for writing cute, entertaining applets
for the Web. The general-purpose, high-level Java programming language is also a
powerful software platform. Using the generous API, you can write many types of
programs.
9
An application is a standalone program that runs directly on the Java platform. A special
kind of application known as a server serves and supports clients on a network. Examples
of servers are Web servers, proxy servers, mail servers, and print servers. Another
specialized program is a servlet. A servlet can almost be thought of as an applet that runs
on the server side. Java Servlets are a popular choice for building interactive web
applications, replacing the use of CGI scripts. Servlets are similar to applets in that they
are runtime extensions of applications. Instead of working in browsers, though, servlets
run within Java Web servers, configuring or tailoring the server.
How does the API support all these kinds of programs? It does so with packages of
software components that provides a wide range of functionality. Every full
implementation of the Java platform gives you the following features:
The essentials: Objects, strings, threads, numbers, input and output, data
structures, system properties, date and time, and so on.
Applets: The set of conventions used by applets.
Networking: URLs, TCP (Transmission Control Protocol), UDP (User Data gram
Protocol) sockets, and IP (Internet Protocol) addresses.
Internationalization: Help for writing programs that can be localized for users
worldwide. Programs can automatically adapt to specific locales and be displayed
in the appropriate language.
Security: Both low level and high level, including electronic signatures, public
and private key management, access control, and certificates.
Software components: Known as JavaBeansTM, can plug into existing
component architectures.
Object serialization: Allows lightweight persistence and communication via
Remote Method Invocation (RMI).
Java Database Connectivity (JDBCTM): Provides uniform access to a wide
range of relational databases.
The Java platform also has APIs for 2D and 3D graphics, accessibility, servers,
collaboration, telephony, speech, animation, and more. The following figure depicts what
is included in the Java 2 SDK.
10
How Will Java Technology Change My Life?
We can’t promise you fame, fortune, or even a job if you learn the Java programming
language. Still, it is likely to make your programs better and requires less effort than
other languages. We believe that Java technology will help you do the following:
Get started quickly: Although the Java programming language is a powerful
object-oriented language, it’s easy to learn, especially for programmers already
familiar with C or C++.
Write less code: Comparisons of program metrics (class counts, method counts,
and so on) suggest that a program written in the Java programming language can
be four times smaller than the same program in C++.
Write better code: The Java programming language encourages good coding
practices, and its garbage collection helps you avoid memory leaks. Its object
orientation, its JavaBeans component architecture, and its wide-ranging, easily
extendible API let you reuse other people’s tested code and introduce fewer bugs.
Develop programs more quickly: Your development time may be as much as
twice as fast versus writing the same program in C++. Why? You write fewer
lines of code and it is a simpler programming language than C++.
Avoid platform dependencies with 100% Pure Java: You can keep your
program portable by avoiding the use of libraries written in other languages. The
100% Pure JavaTM Product Certification Program has a repository of historical
process manuals, white papers, brochures, and similar materials online.
11
Write once, run anywhere: Because 100% Pure Java programs are compiled into
machine-independent byte codes, they run consistently on any Java platform.
Distribute software more easily: You can upgrade applets easily from a central
server. Applets take advantage of the feature of allowing new classes to be loaded
―on the fly,‖ without recompiling the entire program.
ODBC
Microsoft Open Database Connectivity (ODBC) is a standard programming interface for
application developers and database systems providers. Before ODBC became a de facto
standard for Windows programs to interface with database systems, programmers had to use
proprietary languages for each database they wanted to connect to. Now, ODBC has made the
choice of the database system almost irrelevant from a coding perspective, which is as it should
be. Application developers have much more important things to worry about than the syntax that
is needed to port their program from one database to another when business needs suddenly
change.
Through the ODBC Administrator in Control Panel, you can specify the particular
database that is associated with a data source that an ODBC application program is written to
use. Think of an ODBC data source as a door with a name on it. Each door will lead you to a
particular database. For example, the data source named Sales Figures might be a SQL Server
database, whereas the Accounts Payable data source could refer to an Access database. The
physical database referred to by a data source can reside anywhere on the LAN.
From a programming perspective, the beauty of ODBC is that the application can be
written to use the same set of function calls to interface with any data source, regardless of the
database vendor. The source code of the application doesn’t change whether it talks to Oracle or
SQL Server. We only mention these two as an example. There are ODBC drivers available for
several dozen popular database systems. Even Excel spreadsheets and plain text files can be
turned into data sources. The operating system uses the Registry information written by ODBC
Administrator to determine which low-level ODBC drivers are needed to talk to the data source
(such as the interface to Oracle or SQL Server). The loading of the ODBC drivers is transparent
to the ODBC application program. In a client/server environment, the ODBC API even handles
many of the network issues for the application programmer.
12
The advantages of this scheme are so numerous that you are probably thinking there must
be some catch. The only disadvantage of ODBC is that it isn’t as efficient as talking directly to
the native database interface. ODBC has had many detractors make the charge that it is too slow.
Microsoft has always claimed that the critical factor in performance is the quality of the driver
software that is used. In our humble opinion, this is true. The availability of good ODBC drivers
has improved a great deal recently. And anyway, the criticism about performance is somewhat
analogous to those who said that compilers would never match the speed of pure assembly
language. Maybe not, but the compiler (or ODBC) gives you the opportunity to write cleaner
programs, which means you finish sooner. Meanwhile, computers get faster every year.
JDBC
In an effort to set an independent database standard API for Java; Sun Microsystems
developed Java Database Connectivity, or JDBC. JDBC offers a generic SQL database access
mechanism that provides a consistent interface to a variety of RDBMSs. This consistent interface
is achieved through the use of ―plug-in‖ database connectivity modules, or drivers. If a database
vendor wishes to have JDBC support, he or she must provide the driver for each platform that the
database and Java run on.
To gain a wider acceptance of JDBC, Sun based JDBC’s framework on ODBC. As you
discovered earlier in this chapter, ODBC has widespread support on a variety of platforms.
Basing JDBC on ODBC will allow vendors to bring JDBC drivers to market much faster than
developing a completely new connectivity solution.
JDBC was announced in March of 1996. It was released for a 90 day public review that
ended June 8, 1996. Because of user input, the final JDBC v1.0 specification was released soon
after.
The remainder of this section will cover enough information about JDBC for you to know what it
is about and how to use it effectively. This is by no means a complete overview of JDBC. That
would fill an entire book.
13
CHAPTER 4
SYSTEM DESIGN
14
4.2. DATA FLOW DIAGRAM:
1. The DFD is also called as bubble chart. It is a simple graphical formalism that can be
used to represent a system in terms of input data to the system, various processing carried
out on this data, and the output data is generated by this system.
2. The data flow diagram (DFD) is one of the most important modeling tools. It is used to
model the system components. These components are the system process, the data used
by the process, an external entity that interacts with the system and the information flows
in the system.
3. DFD shows how the information moves through the system and how it is modified by a
series of transformations. It is a graphical technique that depicts information flow and the
transformations that are applied as data moves from input to output.
4. DFD is also known as bubble chart. A DFD may be used to represent a system at any
level of abstraction. DFD may be partitioned into levels that represent increasing
information flow and functional detail.
15
Level 0:
Auditor Login
Level 1:
User Login
Check Status
16
Level 2:
Receiver
Auditor Check Status Logout
Information
Encryption
Secure File
Profile and Data
Download
Store in DB
17
UML DIAGRAMS
GOALS:
The Primary goals in the design of the UML are as follows:
1. Provide users a ready-to-use, expressive visual modeling Language so that they can
develop and exchange meaningful models.
2. Provide extendibility and specialization mechanisms to extend the core concepts.
3. Be independent of particular programming languages and development process.
4. Provide a formal basis for understanding the modeling language.
5. Encourage the growth of OO tools market.
6. Support higher level development concepts such as collaborations, frameworks, patterns
and components.
7. Integrate best practices.
18
4.3 USE CASE DIAGRAM:
A use case diagram in the Unified Modeling Language (UML) is a type of behavioral
diagram defined by and created from a Use-case analysis. Its purpose is to present a graphical
overview of the functionality provided by a system in terms of actors, their goals (represented as
use cases), and any dependencies between those use cases. The main purpose of a use case
diagram is to show what system functions are performed for which actor. Roles of the actors in
the system can be depicted.
Register
Login
Upload
Data Owner
Updatecipher text
End User
Download
View User
ADMIN
View Secret key Key Authority
View transaction
View Results
19
4.4 CLASS DIAGRAM:
data owner
+Register
+login
+id
+password
+Upload()
+Check Integrity Level()
+updatecipher text()
+logout()
Admin
+login
key authority +id
+password
+login
+id +View Storage server files()
+password +View User()
+View Secret key()
+Generate secret key()
+View Data Owner()
+View end user()
+View transaction()
+view attackers()
+View Results()
+logout()
+logout()
end user
+register
+login
+id
+password
20
4.5 SEQUENCE DIAGRAM:
1 : Register()
2 : Login()
3 : Upload()
5 : updatecipher text()
7 : View User()
10 : View transaction()
11 : Un Revoke User()
12 : View Attackers()
13 : View Results()
19 : Logout()
21
4.6 COLLABORATIVE DIAGRAM:
22
4.6 DATABASE DESIGN
23
4.6.2. User Register Table
24
4.6.3. Files Details
25
4.6.4. Files Logs
26
CHAPTER 5
TESTING
5.1 Introduction
The purpose of testing is to discover errors. Testing is the process of trying to discover
every conceivable fault or weakness in a work product. It provides a way to check the
functionality of components, sub-assemblies, assemblies and/or a finished product It is the
process of exercising software with the intent of ensuring that the
Software system meets its requirements and user expectations and does not fail in an
unacceptable manner. There are various types of test. Each test type addresses a specific testing
requirement.
Unit testing
Unit testing involves the design of test cases that validate that the internal program logic is
functioning properly, and that program inputs produce valid outputs. All decision branches and
internal code flow should be validated. It is the testing of individual software units of the
application .it is done after the completion of an individual unit before integration. This is a
structural testing, that relies on knowledge of its construction and is invasive. Unit tests perform
basic tests at component level and test a specific business process, application, and/or system
configuration. Unit tests ensure that each unique path of a business process performs accurately
to the documented specifications and contains clearly defined inputs and expected results.
Integration testing
Integration tests are designed to test integrated software components to determine if they
actually run as one program. Testing is event driven and is more concerned with the basic
outcome of screens or fields. Integration tests demonstrate that although the components were
individually satisfaction, as shown by successfully unit testing, the combination of components is
correct and consistent. Integration testing is specifically aimed at exposing the problems that
arise from the combination of components.
27
Functional test
Functional tests provide systematic demonstrations that functions tested are available as
specified by the business and technical requirements, system documentation, and user manuals.
System Test
System testing ensures that the entire integrated software system meets requirements. It tests a
configuration to ensure known and predictable results. An example of system testing is the
configuration oriented system integration test. System testing is based on process descriptions
and flows, emphasizing pre-driven process links and integration points.
28
must be written from a definitive source document, such as specification or requirements
document, such as specification or requirements document. It is a testing in which the software
under test is treated, as a black box .you cannot ―see‖ into it. The test provides inputs and
responds to outputs without considering how the software works.
Unit testing is usually conducted as part of a combined code and unit test phase of the
software lifecycle, although it is not uncommon for coding and unit testing to be conducted as
two distinct phases.
Test objectives
The task of the integration test is to check that components or software applications, e.g.
components in a software system or – one step up – software applications at the company level –
interact without error.
Test Results: All the test cases mentioned above passed successfully. No defects encountered.
29
5.5 Acceptance Testing
User Acceptance Testing is a critical phase of any project and requires significant
participation by the end user. It also ensures that the system meets the functional requirements.
Test Results: All the test cases mentioned above passed successfully. No defects encountered.
30
5.6 TEST CASES
TEST
TESTING TESTING DURATION TEST DESCRIPTION
PLAN
ID MODULE TYPE
TP3 List out Uploaded Integration 1 hour To view a Uploaded all data’s
Files Testing
Admin view form Block Box 4 hours Admin view form positive or
TP5 Graph Testing negative result
TP8 View the result Integration View the result and details
1 hours
Testing
TP9 User check status Unit Testing User check status and result
2 hours
31
5.7 TEST DATA
5.7.1 User New Registration
32
5.8 TEST REPORT
33
CHAPTER 6
SYSTEM IMPLEMENTATION
1. Sub Bytes
2. Shift Rows
3. Mix Columns
4. Add Key
The number of rounds performed by the algorithm strictly depends on the size of key
The following tables gives overview of No.of rounds performed with the input of varying
key lengths:
128… ......................................................................... 10
192………………………………………………….12
256………………………………………………….14
The larger the number of keys the more secure will be the data. The time taken by s/w to encrypt
will increase with no. of rounds
34
Here, E=encryption function for a symmetric block cipher
n= cipher text
k= key of size 128bits which is same for both encryption and decryption
Encryption Decryption
Initial round
Add round key Add round key
Shift rows
Sub Bytes
35
Key expansions-In the key Expansion process the given 128 bits cipher key is stored in [4]x[4]
bytes matrix ( 16*8=128 bits) and then the four column words of the key matrix is expanded
into a schedule of 44 words (44*4=176) resulting in 11 round keys (176/11=16 bytes or 128
bits).
Sub Bytes
Shift Rows
In this step rows of the block are cylindrically shifted in left direction
The first row is u touched, the second by one shift, third by two and fourth by 3.
36
Mix columns
In this step each byte is XOR-ed with corresponding element of key’s matrix.
Once this step is done the keys are no longer available for this step. Using the same key
will weaken the algorithm.
37
To overcome this problem keys are expanded.
In the last round the mix columns step is skipped.
It is not documented anywhere why this is done but recently a paper was published
against this method highlighting the weakening of cipher text
Advantages of AES
38
6.2 MODULE DESCRIPTION
1. AUDITOR
2. USER
System development deals with the operations that are carried out in order to get desired
output from software product based on certain design specifications. This Application hold the
following modules.
REGISTRATION PAGE
A registration form is a list of fields that a user will input data into and submit to an
individual. There are many reasons why you would want a person to fill out a registration form.
Companies use registration forms to sign up customers for subscriptions, services, or other
programs or plans.
LOGIN PAGE
Logins are used by websites, computer applications, and mobile apps. They are a security
measure designed to prevent unauthorized access to confidential data. When a login fails (i.e, the
username and password combination does not match a user account), the user is disallowed
access. Many systems block users from even trying to log in after multiple failed login attempts.
SOURCE PHASES
In this phase, data’s are uploaded and encrypted using AES algorithm whereas this kind of
encoding is done to avoid unauthorized person to view the context of the data and only the
authorized person can able to view through secret key which is provided to corresponding user.
Once the authenticated 4-digit secret key is assigned, the data is send through IP address and port
number in the ABE & AES algorithm which is one of the secured technique. Block diagram of
source phase is as shown in figure.1
39
Upload the File
Encryption
Authentication (Secret
key)
AUDITOR
Auditor first login for valid user name and password. After login validation process view all
user status file view for the upload process and de-duplication process are doing in this way.
Then view for the history of user
40
Upload Data
Authentication
Verification
File is downloaded
and viewedYes by the
user
41
6.3 ALGORITHMS
6.3.1 AES
Advanced Encryption Standard (AES) algorithm is one on the most common and widely
symmetric block cipher algorithm used in worldwide. This algorithm has an own particular
structure to encrypt and decrypt sensitive data and is applied in hardware and software all over
the world.
It is extremely difficult to hackers to get the real data when encrypting by AES
algorithm. Till date is not any evidence to crake this algorithm. AES has the ability to deal with
three different key sizes such as AES 128, 192 and 256 bit and each of this ciphers has 128 bit
block size.
This paper will provide an overview of AES algorithm and explain several crucial
features of this algorithm in details and demonstration some previous researches that have
done on it with comparing to other algorithms such as DES, 3DES, Blowfish etc
Like DES, AES is a symmetric block cipher. This means that it uses the same key for
both encryption and decryption. However, AES is quite different from DES in a number of ways.
The algorithm Rijndael allows for a variety of block and key sizes and not just the 64 and 56 bits
of DES’ block and key size.
The block and key can in fact be chosen independently from 128, 160, 192, 224, 256 bits
and need not be the same. However, the AES standard states that the algorithm can only accept a
block size of 128 bits and a choice of three keys - 128, 192, 256 bits. Depending on which
version is used, the name of the standard is modified to AES-128, AES-192 or AES256
respectively.
As well as these differences AES differs from DES in that it is not a feistel structure.
Recall that in a feistel structure, half of the data block is used to modify the other half of the data
block and then the halves are swapped.
In this case the entire data block is processed in parallel during each round using
substitutions and permutations.
42
A number of AES parameters depend on the key length. For example, if the key size used
is 128 then the number of rounds is 10 whereas it is 12 and 14 for 192 and 256 bits respectively.
At present the most common key size likely to be used is the 128 bit key. This description of the
AES algorithm therefore describes this particular implementation.
43
CHAPTER 7
7.1 CONCLUSION
The proposed AES algorithm has focused on securing the data while transmitting from
one system to another system in the computer network. Once the file is encrypted and
authentication secret key is assigned from the source end user which can be viewed only by
authorized user in the network.
In this paper, we investigated a new primitive called identity-based remote data integrity
checking for secure cloud storage. We formalized the security model of two important properties
of this primitive, namely, soundness and perfect data privacy.
We provided a new construction of this primitive and showed that it achieves soundness
and perfect data privacy. Both the numerical analysis and the implementation demonstrated that
the proposed protocol is efficient and practical.
It shows the original IP address. Sender and Receiver do not communicate through
transmission medium. Instead the secret is generated in the form of OTP. Filename should be
hidden to avoid intruder from hacking.
44
CHAPTER 8
APPENDICES
8.1 CODING
AES FILE:
package Algorithm;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
45
return new String(result);
}
46
return toHex(txt.getBytes());
}
public static String fromHex(String hex) {
return new String(toByte(hex));
}
47
String s = "";
try{
}catch(Exception e)
{
e.printStackTrace();
}
return out;
}
48
String t = dis.readLine();
while( t != null)
{
s += t+'\n';
t = dis.readLine(); //dis.read(f.1)
}
}catch(Exception e)
{
e.printStackTrace();
}
return out;
}
System.out.println("Crip :"+crypto);
System.out.println("Dec :"+cleartext);
49
File ou = AES.decriptFile(ff);
String s1="";
DataInputStream dis = new DataInputStream(new FileInputStream(ou));
String t = dis.readLine();
while( t != null)
{
s1 += t+'\n';
t = dis.readLine(); //dis.read(f.1)
}
System.out.println("fname : "+ou.getName());
System.out.println(s1);
//System.out.println(AES.toHex( "Vijay it in ameer pet".getBytes()));
}
}
IP FILE FIND:
package com;
import java.io.*;
import java.net.*;
public class IP
50
{
InetAddress ip=InetAddress.getByName("www.javatpoint.com");
System.out.println("Host Name: "+ip.getHostName());
System.out.println("IP Address: "+ip.getHostAddress());
catch(Exception e){System.out.println(e);
}
package drive;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Servlet implementation class Admin_Action
*/
@WebServlet("/Admin_Action")
51
public class Admin_Action extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public Admin_Action() {
super();
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException,
IOException
{
PrintWriter out=response.getWriter();
bean.POJO po = new bean.POJO();
po.setName(request.getParameter("name"));
po.setPassword(request.getParameter("password"));
if(po.getName().equalsIgnoreCase("admin")&&po.getPassword().equalsIgnoreCase("admin"))
{
out.println("<script type=\"text/javascript\">");
out.println("alert(\"Welcome Mr. '"+po.getName()+"'\")");
out.println("</script>");
RequestDispatcher rd=request.getRequestDispatcher("adminHome.jsp");
rd.include(request,response);
System.out.println("Working");
}
else
{
out.println("<script type=\"text/javascript\">");
out.println("alert(\"Invalid '"+po.getName()+"'\")");
out.println("</script>");
RequestDispatcher rd=request.getRequestDispatcher("adminLogin.html");
52
rd.include(request,response);
System.out.println("ok");
}
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws
ServletException, IOException {
// TODO Auto-generated method stub
doGet(request, response);
}
53
User Register Page:
package drive;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.hibernate.Session;
import org.hibernate.SessionFactory;
import org.hibernate.Transaction;
import org.hibernate.cfg.Configuration;
import bean.UserReg;
/**
* Servlet implementation class UserRegister
*/
@WebServlet("/UserRegister")
public class UserRegister extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public UserRegister() {
super();
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
54
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException,
IOException
{
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws
ServletException, IOException {
PrintWriter out = response.getWriter();
Configuration cfg=new Configuration();
cfg.configure("resource/hibernate.cfg.xml");
SessionFactory sf=cfg.buildSessionFactory();
Session s=sf.openSession();
Transaction t = s.beginTransaction();
s.save(ur);
t.commit();
s.close();
System.out.println("Check DB");
out.println("<script type=\"text/javascript\">");
out.println("alert(\"Sucessfully Register\")");
out.println("</script>");
RequestDispatcher rd=request.getRequestDispatcher("adminHome.jsp");
rd.include(request,response);
System.out.println("Working");
55
}
MAIL PAGE
package com;
import java.util.*;
import javax.mail.*;
import javax.mail.internet.*;
public void sendFromGMail(String from, String pass, String[] to, String subject, String
body)
{
Properties props = System.getProperties();
String host = "smtp.gmail.com";
props.put("mail.smtp.starttls.enable", "true");
props.put("mail.smtp.host", host);
props.put("mail.smtp.user", from);
props.put("mail.smtp.password", pass);
props.put("mail.smtp.port", "587");
props.put("mail.smtp.auth", "true");
props.put("mail.smtp.ssl.trust", "smtp.gmail.com");
try {
56
message.setFrom(new InternetAddress(from));
InternetAddress[] toAddress = new InternetAddress[to.length];
message.setSubject(subject);
message.setText(body);
Transport transport = session.getTransport("smtp");
transport.connect(host, from, pass);
transport.sendMessage(message, message.getAllRecipients());
transport.close();
System.out.println("Mail Send Successfully .... ");
}
catch (AddressException ae) {
ae.printStackTrace();
}
catch (MessagingException me) {
me.printStackTrace();
}
}
57
Data Base Con:
package com.dao;
import java.sql.Connection;
import java.sql.DriverManager;
public class DBModel {
}catch(Exception ex)
{
System.out.println(ex);
}
return con;
}
58
Profile Update
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
59
<link rel="stylesheet" href="css/style.css">
</head>
<div id="overlayer"></div>
<div class="loader">
<span class="sr-only">Loading...</span>
</div>
</div>
<div class="site-mobile-menu-header">
</div>
</div>
<div class="site-mobile-menu-body"></div>
</div>
60
<header class="site-navbar py-4 js-sticky-header site-navbar-target" role="banner">
<div class="container">
</div>
</ul>
</nav>
</div>
61
<div class="col-6 col-md-9 d-inline-block d-lg-none ml-md-0" ><a href="#" class="site-
menu-toggle js-menu-toggle text-black float-right"><span class="icon-menu
h3"></span></a></div>
</div>
</div>
</header>
<div class="container">
</div>
<div class="col-md-12">
</div>
</div>
62
<div class="row form-group">
<div class="col-md-12">
</div>
</div>
<div class="col-md-12">
</div>
</div>
<div class="col-md-12">
</div>
</div>
63
<div class="row form-group">
<div class="col-md-12">
</div>
</div>
<div class="col-md-12">
</div>
</div>
<div class="col-md-12">
</div>
</div>
</form>
</div>
</div>
</div>
</div>
64
<div class="footer py-5 text-center">
<div class="container">
<div class="col-12">
<p class="mb-0">
</p>
</div>
</div>
<div class="row">
<div class="col-md-12">
<p class="mb-0">
<!-- Link back to Colorlib can't be removed. Template is licensed under CC BY 3.0. -->
<!-- Link back to Colorlib can't be removed. Template is licensed under CC BY 3.0. -->
</p>
</div>
</div>
</div>
</div>
65
</div> <!-- .site-wrap -->
<script src="js/jquery-3.3.1.min.js"></script>
<script src="js/jquery-ui.js"></script>
<script src="js/popper.min.js"></script>
<script src="js/bootstrap.min.js"></script>
<script src="js/owl.carousel.min.js"></script>
<script src="js/jquery.countdown.min.js"></script>
<script src="js/bootstrap-datepicker.min.js"></script>
<script src="js/jquery.easing.1.3.js"></script>
<script src="js/aos.js"></script>
<script src="js/jquery.fancybox.min.js"></script>
<script src="js/jquery.sticky.js"></script>
<script src="js/main.js"></script>
</body>
</html>
66
8.2 SCREEN SHOTS
67
Fig. 8.2.2: Login Page
68
Fig. 8.2.3: Register Page
69
Fig. 8.2.4: Register Page
70
Fig. 8.2.5: View User Page
71
Fig. 8.2.6: View Files
72
Fig. 8.2.7: User Login Page
73
Fig. 8.2.8: User Upload
74
BIBLIOGRAPHY
[1] S. N. Sheela Evangelin Prasad and M. V. Srinath ,― A New Local Area Network Attack
through IP Address Spoofing‖, October 2018,IJRAR, ISSN:2349-5138,Volume5,Issue4
[4] Er.Aanchal Kumar, Er.Jaspreet Kaur and Er. Inderpreet Kaur, ―Intrusion Detection System
by Machine Learning Review‖, 2016, IJARIIT,ISSN: 2454-132X, Volume2, Issue3.
[6] Hanan Hindy et.al, ―A Taxonomy and Survey of Intrusion Detection System Design
Techniques, Network Threats and Datasets‖ , 2018,Association for Computing Machinery, Vol.
1, No. 1.
[7] Ankit Punia and Vedang Ratan Vatsa, ―Current Trends and Approaches of Network Intrusion
Detection System‖ , IJCSMC, Vol. 6, Issue. 6, June 2017, pg.266 – 270.
[8] Rupali Gharde and Archana Augustine, ―Anomaly Detection with Cryptographic Operations
and Transient secrets in CipherXray‖ ,2017,International Journal of Innovative Research in
Computer and Communication Engineering,Vol. 5, Issue 3.
75