BMS College of Engineering

Department of Information Science and Engineering

CAPSTONE PROJECT PHASE -2
Review - III

IMPLEMENTATION OF PRIVACY
PRESERVATION IN PUBLIC CLOUD
Batch No:-
Under the Guidance of
Project Team Members:

Gagandeep S (1BM18IS035) Prof. Chandrakala G Raju

Deevith H T (1BM18IS031) Assistant Professor
Department of ISE
 Introduction
Nowadays developing different systems require various features to cope with
the new technologies. So implementing new idea over the cloud has become
every day's norm. Besides, they require better security features to prevent
unauthorized accesses to the system. To do so we need to develop and use
new authorizing methodologies and features. So, when we develop systems,
we make sure they are secure and have strong authorizing layers. The risk of
uploading data with cloud vendor is the chances of data being misused at
hosting environment as the control of the server lies with cloud vendor. This
is the major area of concern when the data is hosted in cloud environment.

Department of ISE, BMSCE 14-06-2022

1
 Motivation

Data validation has become one of the key aspects in the present world
scenario. Since the use of hardware storage devices have been reduced over
the course of time, tech users are now using virtual cloud to store their
personal and professional data. Hence, preserving the authenticity and
security of the uploaded data has become the major concern. So, it’s a
necessary feature to have extra security to maintain the confidentiality of the
data.

Department of ISE, BMSCE 14-06-2022

1
 Objectives

 To obtain API token from the backend for every authorized user and
fetch their requests using the token as the passkey.

 To make sure it’s a good system that can be applied and used without
facing any problems with unauthorized accesses.

 To know end-user’s opinions for improving the existing system and

generate a better version.

 To prove that the system is excellent and can work properly in

organization’s environment and be a strong defense for the
organization against all the unauthorized people or users.

Department of ISE, BMSCE 14-06-2022

1
 Literature Survey
SL.N Title of the Paper Problem Addressed Authors Approach / Method Results
O

1 Cloud Computing This paper provide the The system maintain the the best usage of the model we
Security Challenges and current and future trends of confidentiality of the data. To need to remove the current
this technology, what induce that type of trust in cloud security issues in cloud
its Potential
services provided by the computing, there is required a computing. So in this paper
Solution(2019) CC, security issues and system which can perform they used two cryptographic
challenges, Attacks on the verification, authentication and algorithms RSA algorithm and
Cloud Computing. encrypted data transmission, Digital Signature in order to
therefore that should maintain enhance the security.
the confidentiality of the data.
2 Enhancing Public Cloud In this paper an enhanced a Model that uses the two-factor This proposed model increases
Security by Developing a model for public cloud user authentication using the user confidence in cloud
authentication and files username and password and a application as we use
Model For User
integrity checking. certificate-based authentication symmetric and asymmetric
Authentication and Data for user authentication. encryption for uploading of
Integrity Checking files to ensure a secure
(2020) connection between cloud users
and cloud providers, The model
also reduces the computation
power on user devices.
3 The State of the Public This paper explores the This paper approaches security It explains the impact of these
Cloud: Security current state of cloud threats that continue to make security risks and their impact
computing security. such concerns relevant, and on the adoption of cloud
Concerns with Cloud
examines mitigations to these computing
Computing(2020) threats described in the current
literature.

Department of ISE, BMSCE 14-06-2022

1
SL.N Title of the Paper Problem Addressed Authors Approach / Method Results
O

4 A Survey on cloud Survey on Privacy, data All data are transferred in file Considering the security issues,
security issues and integrity Preservation in format within the groups, those they have proposed a model
the Cloud environment files are encrypted using AES which increases the integrity of
block chain(2019)
and cloud security algorithm and integrity is the data. The increase in
issues using maintained by connected devices and increase
Blockchain MD5 or SHA algorithm. The in computation is the need for
MD5 or SHA algorithm is used cloud computing in now a-days
to check for the modifications in trend.
the data
being stored in the cloud storage
5 Enforcing Implementing security Brief discussion of different The projected methodology
Confidentiality and for public cloud using SHA algorithms and their defends the client in sequence,
different cryptographic comparison, also designed starting unconstitutional
Authentication over
encryption techniques Scheme of Encryption and alright to use throughout the
Public Cloud Using like SHA (secure hash description Process purpose in time of message
Hybrid algorithms) and communication and The
Cryptosystems(2019) blowfish algorithms finding of study work improves
with SHA-3, time unit of
improvement has been created.

1
 Existing System
To protect the data from misuse there are various approaches proposed.
Methods include use of cryptography and mandate an application to be
installed in client device for performing the cryptography related operations.
Other approaches propose the block wise data encryption access control
frame works etc. however these have key management complexities and
overheads for user.

The system’s processor plays a key role in encryption and many cloud
providers will offer basic encryption of a few database fields such as
passwords and account numbers, if data size increases, encryption process
slows down.

Department of ISE, BMSCE 14-06-2022

1
 Proposed System

The proposed model is to have a separate system called ‘authentication

System’ that interfaces the users to the cloud servers. Before the user’s
request is forwarded to cloud server the request is verified in authentication
system. These connections are forwarded to cloud server further to access the
data stored at cloud server. The user connections are tracked and identified as
coming from authentication server at cloud server. Methods to perform
stamping of user’s requests are provided. The goal is to hide the data from
everyone except the genuine user.

14-06-
Department of ISE, BMSCE
2022
1
 Problem Statement

Implementing an external authentication software for accessing files

uploaded on the public cloud by user. So that nobody including the cloud
hosts can access the files without permission.

14-06-
Department of ISE, BMSCE
2022
1
 SYSTEM REQUIREMENT SPECIFICATION

Functional Requirements
• Front end authorizing page

• Backend server to obtain access token

• External storage to store user credentials

Non-functional Requirements
• User-friendly

• Secure

• Compatible

• Reliable
14-06-
Department of ISE, BMSCE
2022
1
Hardware and Software Requirements

• Desktop/Laptop

• Webcam

• Proper Internet Connection

• Existing Cloud account over any platform

1
 SYSTEM DESIGN
 Every cloud user logs into the system.
 And as the authorised person needs to access the files stored in public
cloud, he/she is assured the security is their data as we are enabling one
more layer of security apart from the one's provided by the hosts of the
service.
 The data used for our security model will never be shared with the hosts
or any other third parties.
 Once the user verifies his/her credentials with us, they will get the access
token which would be the part of the header is every request they make.
 This ensures the total privacy of user data. And allows the user to use all
the services without any interruptions or data hindrance.

14-06-
Department of ISE, BMSCE
2022
1
1
 DETAILED DESIGN
User case Design
System
User 1

Admin Flies User 2

Request

Access
User 3

Server

14-06-
Department of ISE, BMSCE
2022
1
 Dataflow Diagram

Start
Launching Get
software Login credentials

Starting
Providing access Access token
server Logout

Perform Provide session

actions access

Stopping
End Server
server
 Modules

Home Login

JS

Flux

Frontend

Routes API Admin

Backend
 Technology Stack

• gitpod.io
• Postman
• React.js
• JWT

14-06-
Department of ISE, BMSCE
2022
1
 Methodology

Considering we have two endpoints or systems that is laptop (client) and a

server (API). When a request comes in from the client side that would be an
HTTP request from the front end, that request would be answered from the
backed server, this communication is stateless, which means that the every new
request from the client side , would in a new form without any older knowledge
of previous requests. So for every time you do a request from your end you
have to tell the backend and verify that the request is from an authorized user.
So, we achieve the goal by appending a token as the header of every request we
send from our side.

14-06-
Department of ISE, BMSCE
2022
1
Once the server received the request from the user-end, if the user is
unauthorized then it will react with the classic 401 (unauthorized), which is
the response for unauthorized request. Else if the user does not have access
on a particular file, then it would be responded with a 403 (forbidden) error,
which is for an authorized user but permission denial service.

If the user request is authorized then the response code would be

200(allowed). Hence a token as the header of each request is necessary.
 Implementation
Steps we have implemented

1. Create token in the backend

2. Storing the token in a session storage for a
temporary access
3. Requesting the services with that token

Here, in this module, explained is setting up of a web application with the

help of Python, JavaScript and flask.

14-06-
Department of ISE, BMSCE
2022
1
1. Creating a token:
Step 1- Installation of Flask JWT extended

Step 2- Running the server

The launching of the API host from our local server

By using postman, and with our API URL generated by the server, create
a token by inputting our username and password
2. Storing the token

The storage of the access token needs happen in the session storage of the
backend, because a newer access token would be generated for the next login
of the authorized user.

Once the token is generated for a given user, he can login and perform action
as required and logout by removing the presence and might need to login
again with a newer access token for next access onto his public cloud.

While user is inside the cloud system he/she can request any service with that token .
FACE API INCLUSION

We would like to include a biometric verification for our authenticator

and generate a new token , which would be aggregated with the
previously obtained token and increase the security over the cloud.

Here, we have used a open source face API namely Compreface which
provides the service of face verification.

Steps For Implementing Compreface

Initially, we need to set up docker desktop on our service and obtain the
compreface archive provided by them. Then run the docker command to
start the service and launch the application over the localhost on our
system.
The admin will have to setup up his account and receive the api token to
the sample sdk

Later on, the face stored in while registering an user will be used to again
verify him and obtain a access token if the similarity index is more than
0.95. This token will be concatenated with the one which will be obtained
from username and password previously.
 Testing
Shows the error dialog box popping up when a user gives a
wrong credentials in the input form .

14-06-
Department of ISE, BMSCE
2022
1
shows that it will show this message when there is no header or token in
matching with the header in postman.

When we put token which was produced in the headers naming authorization it will
match the header and successfully shows the message. By this way we can check the
code in postman itself .
The verification of the images of same person of different age.

The similarity is 0.99~1 .Hence age also a factor that determines the
similarity.
The verification of the images of different person

Here, the similarity is 0.5 which shows that both are two different
persons.
 Results
This is the home page of the cloud authentication system.
It consists of two links where one will show the documentation of this project
and other one is about the BMS college. After clicking the login button , login
page will show up

14-06-
Department of ISE, BMSCE
2022
1
This is the login page where user has to give the login credentials
This is the user page after putting correct credentials in login page.
It shows the name of the user entering session succesfully
 The application inspection of
user session

The network inspection of the

user session

1
After logging out , the token won’t be there .It will deleted as soon as the
session ends.
This shows the verification of two images of same person where the
similarity is shown as 1 , gender and age of the person .
 Conclusion

With the implementation of this system, public cloud seems more secure
and reliable. Since we are using external server and storage not only it's
safe from third party intervention, but also it blocks the hosts from data
accessing. This would solve the major concern like data hindrance, theft
and many other tech related problems.

Also, we have verified an accurately working Face API, which would

also be helpful for authentication.

Department of ISE, BMSCE 14-06-2022

1
 Future Enhancement

In the near future, we will have implemented a fully operated sign up

for multiple users in our authenticator and combine the FACE API in
order to increase the security and make the public cloud more secure
for the individuals. This allows authorized users across networks and
continents to securely access information stored in the cloud with
authentication provided through cloud-based services

Department of ISE, BMSCE 14-06-2022

1
 Project outcome

We developed a system to generate token for the users who want to

access the cloud securely. This application presents a unique method
of token generation to securely access cloud files. The developed
application also includes user authentication using user name and
password . We have also developed a project which uses open face
API for authentication . This API has an accuracy rate of 99%. This
API along with the develop system even more secure authentication
system to access cloud.

Department of ISE, BMSCE 14-06-2022

1
 References
1. Xiaodong Yang, Ping Yang, Faying An, Qixu Zhou, Miaomiao Yang ,Traceable Multi-
Authority Attribute-based Encryption Scheme for cloud computing , China ,IEEE ,2017.

2. Bappaditya Jana, Jayanta Poray , A Multilevel Encryption Technique in Cloud Security, West
Bengal, IEEE, 2017.

3. Naseer Amara, Huang Zhiqui , Awais Ali , Lahore, Cloud Computing Security Threats and
Attacks with their Mitigation Techniques,China,IEEE,2017.

4. Amal Ghorbel ,Mahmoud Ghorbel ,Mohamed Jmaiel ,Privacy in cloud computing

environments: a survey and research challenges , New York, Springler,2017.

5. Wg Cdr Nimit Kaura, Lt Col Abhishek Lal , Survey Paper on cloud computing security, India,
IEEE,2017.

Department of ISE, BMSCE 14-06-2022

1
6. Ayman M. El-Zoghby , Marianne A. Azer ,Cloud computing Privacy Issues, Challenges and
Solutions,Egypt,IEEE,2017.

7. Shehzad Ashraf Chaudhry1 , Luk Kim , Seungmin Rho ,Mohammad Sabzinejad Farash , Taeshik
Shon, An improved anonymous authentication scheme for distributed mobile cloud computing
services,Springler,2017.

8. A.Praveena , Dr.S.Smys , Ensuring Data Security in Cloud Based Social Networks, India , IEEE,
2017.

9. Mr. Amit Gyandev Prajapati , Mr. Shankarlal Jayantilal Sharma , Mr. Vishal Sahebrao
Badgujar ,All About Cloud : A Systematic Survey,India,IEEE,2018.

10. Alejandro Sanchez-Gomez, Jesus Diaz, Luis Hernandez-Encinas, and David Arroyo ,Review of
the Main Security Threats and Challenges in Free-Access Public Cloud Storage
Servers,Springler,2018.
11. Hussam Hourani , Mohammad Abdallah ,Cloud Computing: Legal and Security
Issues,IEEE,2018.

12. Srijita Basu , Arjun Bardhan, Koyal Gupta,Payel Saha, Mahasweta Pal,Manjima Bose,
Kaushik Basu,Saunak Chaudhury, Pritika Sarkar ,Cloud Computing Security Challenges &
Solutions-A Survey,India,IEEE,2018.

13. Suryadipta Majumdar , Taous Madi, Yosr Jarraya, Makan Pourzandi, Lingyu Wang, and
Mourad Debbabi Cloud Security Auditing: Major Approaches and Existing
Challenges ,Canada, Springler,2019.

14. N. Thillaiarasu, S. Chenthur Pandian, G. Naveen Balaji , R. M. Benitha Shierly , A. Divya ,

and G. Divya Prabha, Enforcing Confidentiality and Authentication over Public Cloud Using
Hybrid Cryptosystems , India, Springler,2019.

15. S.Pavithra , S.Ramya , Soma Prathibha ,A Survey on cloud security issues and block chain ,
India , IEEE, 2019.
16. Srijita Basu , Arjun Bardhan, Koyal Gupta,Payel Saha, Mahasweta Pal,Manjima Bose,
Kaushik Basu,Saunak Chaudhury, Pritika Sarkar ,Cloud Computing Security Challenges and
its Potential Solution, India, IEEE,2019.

17. Kennedy A. Torkura , Muhammad I. H. Sukmana , Feng Cheng, and Christoph Meinel ,Cloud
Strike: Chaos Engineering for Security and Resiliency in Cloud Infrastructure , Germany,
IEEE,2020.

18. Chandler Cain , David Raymond, J. Scot Ransbottom ,The State of the Public Cloud: Security
Concerns with Cloud Computing,IEEE,2020.

19. Abdulmajeed Raji , Murtada Adam, Enhancing Public Cloud Security by Developing a Model
For User Authentication and Data Integrity Checking, Africa, Researchgate,2020.

20. Leila Megouache, Abdelhafd Zitouni1 and Mahieddine Djoudi, Ensuring user authentication
and data integrity in multi‑cloud environment,Springler,2020.
 13

43 Department of ISE, BMSCE 14-06-2022