Anti Collision Complete Document

Secure Anti-Collusion Data Sharing Scheme for Dynamic
Groups in the Cloud
ABSTRACT
Benefited from cloud computing, users can achieve an
effective and economical approach for data sharing among
group members in the cloud with the characters of low
maintenance and little management cost. Meanwhile, we
must provide security guarantees for the sharing data files
since they are outsourced. Unfortunately, because of the
frequent change of the membership, sharing data while
providing privacy-preserving is still a challenging issue,
especially for an un trusted cloud due to the collusion attack.
Moreover, for existing schemes, the security of key
distribution is based on the secure communication channel,
however, to have such channel is a strong assumption and is
difficult for practice. In this paper, we propose a secure data
sharing scheme for dynamic members. Firstly, we propose a
secure way for key distribution without any secure
communication channels, and the users can securely obtain
their private keys from group manager. Secondly, our
scheme can achieve fine-grained access control, any user in
the group can use the source in the cloud and revoked users
cannot access the cloud again after they are revoked.
Thirdly, we can protect the scheme from collusion attack,
which means that revoked users cannot get the original data
file even if they conspire with the un trusted cloud. In our
approach, by leveraging polynomial function, we can
achieve a secure user revocation scheme. Finally, our
scheme can achieve fine efficiency, which means previous
users need not to update their private keys for the situation
either a new user joins in the group or a user is revoked from
the group.
Page 1

Groups in the Cloud
INTRODUCTION
Page 2

Groups in the Cloud
INTRODUCTION
1.1 MOTIVATION
Cloud computing, with the characteristics of intrinsic
data sharing and low maintenance, provides a better
utilization of resources. In cloud computing, cloud service
providers offer an abstraction of infinite storage space for
clients to host data. It can help clients reduce their financial
overhead of data managements by migrating the local
managements system into cloud servers. However, security
concerns become the main constraint as we now outsource
the storage of data, which is possibly sensitive, to cloud
providers. To preserve data privacy, a common approach is
to encrypt data files before the clients upload the encrypted
data into the cloud. Unfortunately, it is difficult to design a
secure and efficient data sharing scheme, especially for
dynamic groups in the cloud. Kallahalla et al presented a
cryptographic storage system that enables secure data
sharing on untrustworthy servers based on the techniques
that dividing files into file groups and encrypting each file
group with a file-block key. However, the file-block keys
need to be updated and distributed for a user revocation;
therefore, the system had a heavy key distribution overhead.
Other schemes for data sharing on untrusted servers have
been proposed in . However, the complexities of user
Page 3

Groups in the Cloud
participation and revocation in these schemes are linearly
increasing with the number of data owners and the revoked
users. Yu et al exploited and combined techniques of key
policy attribute-based encryption, proxy re-encryption and
lazy re-encryption to achieve fine-grained data access
control without disclosing data contents. However, the
single-owner manner may hinder the implementation of
applications, where any member in the group can use the
cloud service to store and share data files with others. Lu et
al
proposed a secure provenance scheme by leveraging
group signatures and cipher text-policy attribute-based

encryption techniques. Each user obtains two keys after the
registration while the attribute key is used to decrypt the
data which is encrypted by the attribute-based encryption
and the group signature key is used for privacy-preserving
and traceability. However, the revocation is not supported in
this scheme. Liu et al presented a secure multi-owner data
sharing scheme, named Mona. It is claimed that the scheme
can achieve fine-grained access control and revoked users
will not be able to access the sharing data again once they
are revoked. However, the scheme will easily suffer from the
collusion attack by the revoked user and the cloud. The
revoked user can use his private key to decrypt the
encrypted data file and get the secret data after his
revocation by conspiring with the cloud. In the phase of file
access, first of all, the revoked user sends his request to the
cloud, then the cloud responds the corresponding encrypted
data file and revocation list to the revoked user without
verifications. Next, the revoked user can compute the
decryption key with the help of the attack algorithm. Finally,
this attack can lead to the revoked users getting the sharing
data and disclosing other secrets of legitimate members.
Zhou et al presented a secure access control scheme on
Page 4

Groups in the Cloud
encrypted data in cloud storage by invoking role-based
encryption technique. It is claimed that the scheme can
achieve efficient user revocation that combines role-based
access control policies with encryption to secure large data
storage in the cloud. Unfortunately, the verifications
between entities are not concerned, the scheme easily suffer
from attacks, for example, collusion attack. Finally, this
attack can lead to disclosing sensitive data files. Zou et al.
presented a practical and flexible key management
mechanism
for
trusted
collaborative
computing.
By
leveraging access control polynomial, it is designed to

achieve efficient access control for dynamic groups.
Unfortunately, the secure way for sharing the personal
permanent portable secret between the user and the server is
not supported and the private key will be disclosed once the
personal permanent portable secret is obtained by the
attackers. Nabeel et al. proposed a privacy preserving
policy-based content sharing scheme in public clouds.
However, this scheme is not secure because of the weak
protection of commitment in the phase of identity token
issuance. In this paper, we propose a secure data sharing
scheme, which can achieve secure key distribution and data
sharing for dynamic group. The main contributions of our
scheme include:
We provide a secure way for key distribution without any
secure communication channels. The users can securely
obtain their private keys from group manager without any
Certificate Authorities due to the verification for the public
key of the user. Our scheme can achieve fine-grained access
control, with the help of the group user list, any user in the
group can use the source in the cloud and revoked users
cannot access the cloud again after they are revoked.
Page 5

Groups in the Cloud
We propose a secure data sharing scheme which can be
protected from collusion attack. The revoked users can not
be able to get the original data files once they are revoked
even if they conspire with the untrusted cloud. Our scheme
can achieve secure user revocation with the help of
polynomial function. 4. Our scheme is able to support
dynamic groups efficiently, when a new user joins in the
group or a user is revoked from the group, the private keys
of the other users do not need to be recomputed and updated.
We provide security analysis to prove the security of our
scheme. In addition, we also perform simulations to
demonstrate the efficiency of our scheme.
1.2 PROBLEM DEFINATION

Meanwhile, we must provide security guarantees for
the
sharing
data
files
since
they
are
outsourced.
Unfortunately, because of the frequent change of the

membership,
sharing
data
while
providing
privacy-
preserving is still a challenging issue, especially for an

untrusted cloud due to the collusion attack. Moreover, for
existing schemes, the security of key distribution is based on
the secure communication channel, however, to have such
channel is a strong assumption and is difficult for practice.
1.3 OBJECTIVE OF THE PROJECT

The Benefited from Cloud Computing, clients can achieve a
flourishing and moderate methodology for information
sharing among gathering individuals in the cloud with the
characters of low upkeep and little administration cost.
Then, security certifications to the sharing information
records will be given since they are outsourced. Horribly,
due to the never-ending change of the enrolment, sharing
information while giving protection saving is still a testing
Page 6

Groups in the Cloud
issue, particularly for an un trusted cloud because of the
agreement attack. In addition, for existing plans, the security
of key dispersion depends on the safe communication
channel, then again, to have such channel is a solid feeling
and is difficult for practice. In this paper, we propose a safe
information sharing plan for element individuals. Firstly, we
propose a safe route for key dispersion with no safe
correspondence channels, and the clients can safely acquire
their private keys from gathering administrator. Besides, the
plan can accomplish fine-grained access control, any client
in the gathering can utilize the source in the cloud and
refused clients can't get to the cloud again after they are
rejected. Thirdly, we can protect the plan from trickery
attack, which implies that rejected clients can't get the first
information record regardless of the possibility that they
scheme with the un trusted cloud. In this methodology, by
utilizing polynomial capacity, we can achieve a protected
client denial plan. At long last, our plan can bring about fine
productivity, which implies past clients need not to overhaul
their private keys for the circumstance either another client
joins in the gathering or a client is give up from the
gathering. We propose a safe information sharing plan which
can be protected from agreement attack. The denied clients
can not have the capacity to get the first information records
once they are rejected regardless of the fact that they
contrive with the un trusted cloud. Our plan can accomplish
secure client rejection with the assistance of polynomial
capacity.
Domain Description
Domain name: Cloud Computing
Cloud computing is the use of computing resources
(hardware and software) that are delivered as a service over
Page 7

Groups in the Cloud
a network (typically the Internet). The name comes from the
common use of a cloud-shaped symbol as an abstraction for
the complex infrastructure it contains in system diagrams.
Cloud computing entrusts remote services with a user's data,
software and computation. Cloud computing consists of
hardware and software resources made available on the
Internet as managed third-party services. These services
typically provide access to advanced software applications
and high-end networks of server computers.
Structure of cloud computing

How Cloud Computing Works?
The
goal
of
cloud
traditional supercomputing,
computing
is
to
apply
or high-performance
computing power, normally used by military and research

facilities, to perform tens of trillions of computations per
second, in consumer-oriented applications such as financial
portfolios, to deliver personalized information, to provide
data storage or to power large, immersive computer games.
The cloud computing uses networks of large groups
of servers typically
running
low-cost
consumer
PC
technology with specialized connections to spread dataprocessing chores across them. This shared IT infrastructure
contains large pools of systems that are linked together.
Often, virtualization techniques are used to maximize the
power of cloud computing.
Page 8

Groups in the Cloud
Characteristics and Services Models:

The salient characteristics of cloud
computing based on the definitions provided by the National
Institute of Standards and Terminology (NIST) are outlined
below:
On-demand self-service: A consumer can unilaterally

provision computing capabilities, such as server time and
network storage, as needed automatically without requiring
human interaction with each services provider.
Broad network access: Capabilities are available over

the network and accessed through standard mechanisms that
promote use by heterogeneous thin or thick client platforms
(e.g., mobile phones, laptops, and PDAs).
Resource pooling: The providers computing resources

are pooled to serve multiple consumers using a multi-tenant
model, with different physical and virtual resources
dynamically assigned and reassigned according to consumer
demand. There is a sense of location-independence in that
the customer generally has no control or knowledge over the
exact location of the provided resources but may be able to
specify location at a higher level of abstraction (e.g.,
country, state, or data center). Examples of resources include
storage, processing, memory, network bandwidth, and
virtual machines.
Rapid elasticity: Capabilities can be rapidly and

elastically provisioned, in some cases automatically, to
quickly scale out and rapidly released to quickly scale in. To
the consumer, the capabilities available for provisioning
often appear to be unlimited and can be purchased in any
quantity at any time.
Page 9

Groups in the Cloud
Measured
service:
Cloud
systems
automatically
control and optimize resource use by leveraging a metering

capability at some level of abstraction appropriate to the
type of service (e.g., storage, processing, bandwidth, and
active user accounts). Resource usage can be managed,
controlled, and reported providing transparency for both the
provider and consumer of the utilized service.
Characteristics of cloud computing

Services Models:
Cloud Computing comprises three different service
models, namely Infrastructure-as-a-Service (IaaS), Platformas-a-Service (PaaS), and Software-as-a-Service (SaaS). The
three service models or layer are completed by an end user
layer that encapsulates the end user perspective on cloud
services. The model is shown in figure below. If a cloud user
accesses services on the infrastructure layer, for instance,
she can run her own applications on the resources of a cloud
infrastructure and remain responsible for the support,
maintenance, and security of these applications herself. If
she accesses a service on the application layer, these tasks
are normally taken care of by the cloud service provider.
Page 10

Groups in the Cloud
Structure of service models

Benefits of cloud computing:
1.
Achieve economies of scale increase volume output or

productivity with fewer people. Your cost per unit, project or
product plummets.
2.
Reduce spending on technology infrastructure. Maintain

easy access to your information with minimal upfront
spending. Pay as you go (weekly, quarterly or yearly), based
on demand.
3.
Globalize your workforce on the cheap. People

worldwide can access the cloud, provided they have an
Internet connection.
4.
Streamline processes. Get more work done in less time

with less people.
5.
Reduce capital costs. Theres no need to spend big

money on hardware, software or licensing fees.
6.
Improve accessibility. You have access anytime,

anywhere, making your life so much easier!
7.
Monitor projects more effectively. Stay within budget

and ahead of completion cycle times.
Page 11

Groups in the Cloud
8.
Less personnel training is needed. It takes fewer people

to do more work on a cloud, with a minimal learning curve
on hardware and software issues.
9.
Minimize licensing new software. Stretch and grow

without the need to buy expensive software licenses or
programs.
10.
Improve flexibility. You can change direction without

serious people or financial issues at stake.
Advantages:
1. Price:
Pay for only the resources used.
2. Security: Cloud instances are isolated in the network from
other instances for improved security.
3. Performance: Instances can be added instantly for improved
performance. Clients have access to the total resources of
the Clouds core hardware.
4. Scalability: Auto-deploy cloud instances when needed.
5. Uptime: Uses multiple servers for maximum redundancies.
In case of server failure, instances can be automatically
created on another server.
6. Control: Able to login from any location. Server snapshot
and a software library lets you deploy custom instances.
7. Traffic: Deals with spike in traffic with quick deployment of
additional instances to handle the load.
Page 12

Groups in the Cloud
LITERATURE
SURVEY
1. Cipher text-Policy Attribute-Based Encryption

AUTHORS:
Taeho Jung1, Xiang-Yang Li12, Zhiguo
Wan34, Meng Wan5

In several distributed systems a user should only be able to
access data if a user posses a certain set of credentials or
attributes. Currently, the only method for enforcing such
policies is to employ a trusted server to store the data and
mediate access control. However, if any server storing the
data is compromised, then the confidentiality of the data will
be compromised. In this paper we present a system for
Page 13

Groups in the Cloud
realizing complex access control on encrypted data that we
call Ciphertext-Policy Attribute-Based Encryption. By using
our techniques encrypted data can be kept confidential even
if the storage server is untrusted; moreover, our methods are
secure against collusion attacks. Previous AttributeBased
Encryption systems used attributes to describe the encrypted
data and built policies into users keys; while in our system
attributes are used to describe a users credentials, and a
party encrypting data determines a policy for who can
decrypt. Thus, our methods are conceptually closer to
traditional access control methods such as Role-Based
Access Control (RBAC). In addition, we provide an
implementation of our system and give performance
measurements.
2. Multi-authority attribute based encryption with honestbut-curious central authority
AUTHORS:
Vladimir Bozovic1 , Daniel Socek2? ,
Rainer Steinwandt1
An attribute based encryption scheme capable of handling
multiple authorities was recently proposed by Chase. The
scheme is built upon a single-authority attribute based
encryption scheme presented earlier by Sahai and Waters.
Chases construction uses a trusted central authority that is
inherently capable of decrypting arbitrary ciphertexts
created within the system. We present a multi-authority
attribute based encryption scheme in which only the set of
recipients defined by the encrypting party can decrypt a
corresponding ciphertext. The central authority is viewed as
honest-but-curious: on the one hand it honestly follows
the protocol, and on the other hand it is curious to decrypt
arbitrary ciphertexts thus violating the intent of the
encrypting party. The proposed scheme, which like its
Page 14

Groups in the Cloud
predecessors
relies
on
the
Bilinear
DiffieHellman
assumption, has a complexity comparable to that of Chases

scheme. We prove that our scheme is secure in the selective
ID model and can tolerate an honest-but-curious central
authority. Building on the proposal for multi-authority based
attribute based encryption from [4], we constructed a
scheme where the central authority is no longer capable of
decrypting arbitrary ciphertexts created within the system. In
addition to showing security in the selective ID model, we
showed that the proposed system can tolerate an honest-butcurious central authority. Since both Chases scheme and the
proposed scheme rely on the same hardness assumption, and
have a comparable complexity, the new scheme seems a
viable alternative to Chases construction. However, since
only the proposed method is capable of handling a curious
yet honest central authority, the proposed scheme is
recommended in applications where security against such a
central authority is required.
3. Decentralizing Attribute-Based Encryption
AUTHORS: Allison Lewko,University of Texas at Austin
alewko@cs.utexas.edu
We propose a Multi-Authority Attribute-Based Encryption
(ABE) system. In our system, any party can become an
authority and there is no requirement for any global
coordination other than the creation of an initial set of
common reference parameters. A party can simply act as an
ABE authority by creating a public key and issuing private
keys to different users that reflect their attributes. A user can
encrypt data in terms of any boolean formula over attributes
issued from any chosen set of authorities. Finally, our
system does not require any central authority. In
constructing our system, our largest technical hurdle is to
Page 15

Groups in the Cloud
make it collusion resistant. Prior Attribute-Based Encryption
systems achieved collusion resistance when the ABE system
authority tied together different components (representing
different attributes) of a users private key by randomizing
the key. However, in our system each component will come
from a potentially different authority, where we assume no
coordination between such authorities. We create new
techniques to tie key components together and prevent
collusion attacks between users with different global
identifiers. We prove our system secure using the recent dual
system encryption methodology where the security proof
works by first converting the challenge ciphertext and
private keys to a semi-functional form and then arguing
security. We follow a recent variant of the dual system proof
technique due to Lewko and Waters and build our system
using bilinear groups of composite order. We prove security
under similar static assumptions to the LW paper in the
random oracle model.
4. Accountable Authority
Ciphertext-Policy
Attribute-
Based Encryption with White-Box Traceability and

Public Auditing in the Cloud
AUTHORS: Jianting Ning1 , Xiaolei Dong2 , Zhenfu Cao2
and Lifei Wei3
As a sophisticated mechanism for secure fine-grained access
control, ciphertext-policy attribute-based encryption (CPABE) is a highly promising solution for commercial
applications such as cloud computing. However, there still
exists one major issue awaiting to be solved, that is, the
prevention of key abuse. Most of the existing CP-ABE
systems missed this critical functionality, hindering the wide
utilization and commercial application of CP-ABE systems
to date. In this paper, we address two practical problems
Page 16

Groups in the Cloud
about the key abuse of CP-ABE: (1) The key escrow
problem of the semi-trusted authority; and, (2) The
malicious key delegation problem of the users. For the semitrusted
authority,
its
misbehavior
(i.e.,
illegal
key
(re-)distribution) should be caught and prosecuted. And for a

user, his/her malicious behavior (i.e., illegal key sharing)
need be traced. We affirmatively solve these two key abuse
problems by proposing the first accountable authority CPABE with whitebox traceability that supports policies
expressed in any monotone access structures. Moreover, we
provide an auditor to judge publicly whether a suspected
user is guilty or is framed by the authority. In this work, we
addressed two practical problems about the key abuse of
CPABE in the cloud, and have presented an accountable
authority CP-ABE system supporting white-box traceability
and public auditing. Specifically, the proposed system could
trace the malicious users for illegal key sharing. And for the
semitrusted authority, its illegal key (re-)distributing
misbehavior could be caught and prosecuted. Furthermore,
we have provided an auditor to judge whether a malicious
user is innocent or framed by the authority. As far as we
known, this is the first CP-ABE system that simultaneously
supports white-box traceability, accountable authority and
public auditing. We have also proved that the new system is
fully secure in the standard model. Note that there exists a
stronger notion for traceability called black-box traceability.
In black-box scenario, the malicious user could hide the
decryption algorithm by tweaking it, as well as the
decryption key. And in this case, the proposed system with
white-box traceability in this paper will fail since both the
decryption key and decryption algorithm are not wellformed. In our future work, we will focus on constructing an
Page 17

Groups in the Cloud
accountable authority CP-ABE system which is black-box
traceability and public auditing.
5. Privacy-preserving
Attribute
Based
Searchable
Encryption
AUTHORS: Payal Chaudhari1 and Manik Lal Das2
Attribute Based Encryption (ABE) is a promising public-key
cryptographic
primitive
that
can
be
used
for
cryptographically enforced access control in untrusted

storage. Storing data on untrusted storage not only requires
data security for data owners but also poses data protection
from untrusted storage server. To address this important
requirement, Anonymous
Attribute
Based
Encryption
(AABE) is a suitable primitive that provides users to access

data from untrusted storage without revealing their
identities. At the same time user data can be stored in
untrusted storage in an encrypted form. While storing data in
an encrypted form, keyword-based query search (and data
retrieval) is a challenging research problem. In this paper we
present an anonymous attribute based searchable encryption
(A2SBE) scheme which facilitates user to retrieve only a
subset of documents pertaining to his chosen keyword(s).
User can upload documents in public cloud in an encrypted
form, search documents based on keyword(s) and retrieve
documents without revealing his identity. The scheme is
proven secure under the selective ciphertextpolicy and
chosen plaintext attack (IND-sCP-CPA) model and selective
ciphertext-policy and chosen keyword attack (IND-sCPCKA) model. The scheme requires small storage for users
decryption key and reduced computation for decryption in
comparison to other schemes. The anonymous ABE
provides an interesting security feature receiver anonymity
in addition to data confidentiality and fine-grained access
Page 18

Groups in the Cloud
control of ABE. While storing encrypted documents in
public cloud, efficient search functionality facilitates user to
retrieve a subset of documents for which the user has access
rights on stored documents. We proposed an anonymous
attribute based searchable encryption (A2SBE) scheme
which facilitates user to retrieve only a subset of documents
pertaining to his chosen keyword(s). User can upload
documents in public cloud in an encrypted form, search
documents based on keyword(s) and retrieve documents
without revealing his identity. The scheme is proven secure
under the standard adversarial model. The scheme is
efficient, as it requires small storage for users decryption
key and reduced computation for decryption in comparison
to other schemes.
Page 19

Groups in the Cloud
SYSTEM
ANALYSIS
Page 20

Groups in the Cloud
3.1.1 Analysis Model

The model that is basically being followed is
WATER FALL Model which states that the phases are
organized in a linear order. First of all, the feasibility study
is done. Once that part is over, the requirement analysis and
project planning begins. If system exists as a whole but
modification and addition of new module is needed, analysis
of present system can be used as basic model.
The design starts after the requirement analysis is complete
and the coding begins after the design is complete. Once the
programming is completed, the testing is done. In this model
the sequence of activities performed in a software
development project are:
Requirement Analysis Project Planning

System Design Detail Design Coding
Unit Testing
System Integration & Testing
Page 21
Here the linear ordering of these activities is critical. At the end of the
phase, the output of one phase is the input to other phase. The output of each
phase should be consistent with the overall requirement of the system. Water fall
and iteration Model has been chosen because all requirements were known before
and the objective of our software development is the computerization/automation
of an already existing manual working system.
Fig. a) Water Fall Model
3.1.2 Study of the Project

Graphical User Interface / standalone Interface
A GUI may be designed for the requirements of a vertical market as
application-specific graphical user interfaces. The GUIS at the top level have
been categorized as:
The Operational / Generic User Interface.
The Operational/Generic User Interface helps the users upon the system
in transactions through the existing data and required services. The Operational
User Interface also helps the ordinary users in managing their own information in
a customized manner as per the assisted flexibilities.
Project Instructions
Based on the given requirements, conceptualize the Solution Architecture.

Choose the domain of your interest otherwise develop the application for
roseindia.com. Depict the various architectural components, show interactions and
connectedness and show internal and external elements. Provide an environment
for up gradation of application for newer versions that are available in the same
domain as web service target.
3.1.3 Feasibility Analysis

Preliminary investigation examine project feasibility, the likelihood the
system will be useful to the organization. The main objective of the feasibility
study is to test the Technical, Operational and Economical feasibility for adding
new modules and debugging old running system. All system is feasible if they are
unlimited resources and infinite time. There are aspects in the feasibility study
portion of the preliminary investigation:
Technical Feasibility
Operational Feasibility
Economic Feasibility
3.1.3.1 Technical Feasibility

The technical issue usually raised during the feasibility stage of the
investigation includes the following:
Does the necessary technology exist to do what is suggested?
Do the proposed equipments have the technical capacity to hold the data
required to use the new system?
Will the proposed system provide adequate response to inquiries,

regardless of the number or location of users?
Can the system be upgraded if developed?
Are there technical guarantees of accuracy, reliability, ease of access and

data security?
Earlier no system existed to cater to the needs of Secure Infrastructure
Implementation System. The current system developed is technically feasible. It

is a web based user interface for audit workflow at NIC-CSD. Thus it provides an
easy access to the users. The databases purpose is to create, establish and
maintain a workflow among various entities in order to facilitate all concerned
users in their various capacities or roles. Permission to the users would be granted
based on the roles specified. Therefore, it provides the technical guarantee of
accuracy, reliability and security. The software and hard requirements for the
development of this project are not many and are already available in-house at
NIC or are available as free as open source. The work for the project is done with
the current equipment and existing software technology. Necessary bandwidth
exists for providing a fast feedback to the users irrespective of the number of
users using the system.
3.1.3.2 Operational Feasibility
Proposed projects are beneficial only if they can be turned out into
information System. That will meet the organizations operating requirements.
Operational feasibility aspects of the project are to be taken as an important part
of the project implementation. Some of the important issues raised are to test the
operational feasibility of a project includes the following:
Is there sufficient support for the management from the users?
Will the system be used and work properly if it is being developed and
implemented? Will there be any resistance from the user that will
undermine the possible application benefits?
This system is targeted to be in accordance with the above-mentioned issues. The

well-planned design would ensure the optimal utilization of the computer
resources and would help in the improvement of performance status.
3.1.3.3 Economic Feasibility
A system can be developed technically and that will be used if installed
must still be a good investment for the organization. In the economical feasibility,
the development cost in creating the system is evaluated against the ultimate
benefit derived from the new systems. Financial benefits must equal or exceed the
costs.
The system is economically feasible. It does not require any addition
hardware or software. Since the interface for this system is developed using the
existing resources and technologies available at NIC, There is nominal
expenditure and economical feasibility for certain.
3.1 SOFTWARE REQUIREMENT SPECIFICATION
A Software requirements specification (SRS), a requirements

specification for a software system, is a complete description of the behavior of a
system to be developed and may include a set of use cases that describe
interactions the users will have with the software. In addition it also contains nonfunctional requirements. Non-functional requirements impose constraints on the
design or implementation (such as performance engineering requirements, quality
standards, or design constraints).
The software requirements specification document enlists all necessary
requirements that are required for the project development. To derive the
requirements we need to have clear and thorough understanding of the products to
be developed. This is prepared after detailed communications with the project
team and customer.
The developer is responsible for:
Developing the system, which meets the SRS and solving all the requirements
of the system?
Demonstrating the system and installing the system at client's location after
the acceptance testing is successful.
Submitting the required user manual describing the system interfaces to work
on it and also the documents of the system.
Conducting any user training that might be needed for using the
system. Maintaining the system for a period of one year after
installation.
3.2.1 User Requirements

The user requirement(s) document (URD) or user requirement(s)
specification is a document usually used in software engineering that specifies the
requirements the user expects from software to be constructed in a software
project. Initially, run the main file (run.bat) from the project and then HTML root
file is selected from the list of files displayed in the window.
System Requirements Specification

A System Requirements Specification (abbreviated SRS when need to
be distinct from a Software Requirements Specification SRS) is a structured
collection of information that embodies the requirements of a system. The
System Specification describes the functional and non-functional requirements
posed on a system element (system, Enabling System or segment). In order to
prepare the System Specification, the requirements will be derived from the
specifications of higher system elements or from the Overall System
Specification.
3.2.2 Hardware Requirements

To be used efficiently, all computer software needs certain hardware
components or other software resources to be present on a computer. The
hardware requirements are sufficient for installing and running the application;
Processor Type
Pentium IV/i3 and i5 processor
CPU Speed
2.4 GHZ
Ram Memory
256 MB RAM
Hard disk
40 GB HD
3.2.3 Software Requirements

Computer software is a set of programs, procedures, functions,
associated data and/or its documentation, if any. Program software performs the
function of the program it implements, either by directly providing instructions to
the digital electronics or by serving as an input to another piece of software.
Operating System
: Windows XP family/7 and 8 Supported.
IDE Tool
: Netbeans 7.2.1
Front End
: JSP,HTML, CSS AND JAVA SCRIPT
Web Server
:Apache Tomcat
Programming
Database
: JDK.1.6.0 and JDK 1.7

: MYSQL 5.1.44
3.3 Architecture of the Project

Description of Architecture
The system model consists of three different entities: the cloud, a group manager
and a large number of group members. The cloud, sustaining by the cloud service
providers, provides storage space for hosting data files in a pay-as-you-go manner.
On the other hand, the cloud is untrusted since the cloud service providers are
easily to become untrusted. Therefore, the cloud will try to learn the content of the
stored data. Group manager will obtain charge of system parameters generation,
user registration, also, client repudiation. Bunch individuals (clients) are an
arrangement of sign up clients that will store their own particular information into
the cloud and impart them to others. In the plan, the gathering enrollment is
powerfully changed, because of the new client call-up and client denial.
Fig System Architecture

We depict the principle plan objectives of the proposed plan including key
circulation, information secrecy, access control and effectiveness as takes after:
Key Distribution: The prerequisite of key transportation is that clients can safely
get their private keys from the gathering director with no Certificate Authorities.
In other existing plans, this purpose is skilful by expecting that the
communication channel is secure, on the other hand, in our plan, we can
accomplish it without this solid thought. Access control: First, collect individuals
can make use of the cloud asset for information stockpiling and information
sharing. Second, unapproved clients can't get to the cloud asset whenever, and
disavowed clients will be unfitted for utilizing the cloud asset again once they are
renounced. Information classification: Data secrecy requires that unapproved
clients including the cloud are unequipped for taking in the substance of the put
away information. To keep up the accessibility of information secrecy for element
gatherings is still an essential and testing issue. In particular, renounced clients
can't unscramble the put away information document after the denial.
Effectiveness: Any gathering part can store and impart information records to
others in the gathering by the cloud. Client repudiation can be accomplished
without including the others, which implies that the remaining clients don't have
to overhaul their private keys.
INPUT DESIGN
The input design is the link between the information system and the
user. It comprises the developing specification and procedures for data preparation
and those steps are necessary to put transaction data in to a usable form for
processing can be achieved by inspecting the computer to read data from a written
or printed document or it can occur by having people keying the data directly into
the system. The design of input focuses on controlling the amount of input
required, controlling the errors, avoiding delay, avoiding extra steps and keeping
the process simple. The input is designed in such a way so that it provides security
and ease of use with retaining the privacy. Input Design considered the following
things:
What data should be given as input?
How the data should be arranged or coded?
The dialog to guide the operating personnel in providing input.
Methods for preparing input validations and steps to follow when error occur.
OBJECTIVE
1. Input Design is the process of converting a user-oriented description of the
input into a computer-based system. This design is important to avoid errors in the
data input process and show the correct direction to the management for getting
correct information from the computerized system.
2. It is achieved by creating user-friendly screens for the data entry to handle large
volume of data. The goal of designing input is to make data entry easier and to be
free from errors. The data entry screen is designed in such a way that all the data
manipulates can be performed. It also provides record viewing facilities.
3. When the data is entered it will check for its validity. Data can be entered with
the help of screens. Appropriate messages are provided as when needed so that the
user will not be in maize of instant. Thus the objective of input design is to create
an input layout that is easy to follow.
OUTPUT DESIGN
A quality output is one, which meets the requirements of the end user
and presents the information clearly. In any system results of processing are
communicated to the users and to other system through outputs. In output design
it is determined how the information is to be displaced for immediate need and
also the hard copy output. It is the most important and direct source information to
the user. Efficient and intelligent output design improves the systems relationship
to help user decision-making.
1. Designing computer output should proceed in an organized, well thought out
manner; the right output must be developed while ensuring that each output
element is designed so that people will find the system can use easily and
effectively. When analysis design computer output, they should Identify the
specific output that is needed to meet the requirements.
2. Select methods for presenting information.
3. Create document, report, or other formats that contain information produced by
the system.
The output form of an information system should accomplish one or more
of the following objectives.
Convey information about past activities, current status or projections of the

Future.
Signal important events, opportunities, problems, or warnings.
Trigger an action.
Confirm an action.
3.4 Algorithms and Flowcharts

In the Zhu-Jiang scheme there are three entities, the cloud, a group manager
and a number of users. The manager generates a bilinear mapping system S = (q,
G1, G2, e(, )). He then picks P, G G1, Z q and computes W = P, Y =
G, Z = e(G, P). He publishes (S, P, W, Y, Z, f, f1, Enc()), where f is a hash
function: {0, 1} Z q , f1 is a hash function: {0, 1} G1, and Enc() is a
symmetric encryption system. The manager keeps (, G) as the secret master key.
Let IDi be the identity of a user, pk be the public key of the user that needs to be
negotiated with the manager, ac be the users account for paying. The registration
phase can be described as follows. The user picks v1 Z q and sends (IDi ,
pk, ac, v1) to the manager. The manager picks r Z q , computes R = e(P, P)
r , U = (r + v1 f(pkkackIDi)) P and sends U, R to the user. The user checks
R e(v1 f(pkkackIDi) P, W) ?= e(U, P). If it holds, he picks v2 Z q and
sends IDi , v2, AENCsk(IDi , v1, ac) to the manager, where AENC() is an
asymmetric encryption system and sk is the private key corresponding to the
public key pk. The manager compares the received IDi with the identity IDi
computed by decrypting AENCsk(IDi , v1, ac). He also verifies if the decrypted
number v1 is equal to the random number v1 in the first step. The other
description in this step is omitted. We refer to the original for full details. The
user decrypts AENCpk(KEY, v2) to obtain his private key KEY = (xi , Ai , Bi). In
the phase the interactions between the user and the manager can be depicted as
follows (see Fig. 3 in [1]).
Fig. Flow of System
The scheme is flawed

1) The manager cannot complete his computational task in the registration phase
because the manager cannot decrypt AENCsk(IDi , v1, ac). In order to ensure that
the manager can decrypt a ciphertext, the user must use the managers public key
pkM to encrypt data. That is to say, the user has to compute AENCpkM (IDi , v1,
ac) and send it to the manager. But we find the scheme does not assign the
managers public key pkM at all.
2) The scheme stresses that the users public key pk needs to be negotiated with
the manager, and the user can securely obtain their private key from the group
manager without any Certificate Authorities. The authors have misunderstood the
concept of public key which is associated with an asymmetric encryption
algorithm. We here want to point out whether the negotiation is by online or
offline interactions, the manager can certainly assign the users private key (xi , Ai
, Bi) as well as pk simultaneously. In such case, the registration phase is totally
unnecessary. Notice that in order to bind the identity of an entity to its public key,
it is usual to introduce a trusted third party (TTP). The TTP is generally assumed
to be honest and fair but it does not have access to the secret or private keys of
users. Before creating a public-key certificate for Alice, the TTP must take
appropriate measures to verify the identity of Alice and that the public key to be
certificated actually belongs to Alice. To this end, it is conventional that Alice has
to appear before the TTP with a passport as proof of identity, and submit her
public key along with evidence that she knows the corresponding private key.
Explicitly, a users public key has to satisfy: creditability it should be
authenticated by a certification authority; accessibilityit should be easily
accessible to any user; durabilityit should be repeatedly usable in the life

duration because the cost to generate and distribute a users public key is
expensive.
3) The scheme adopts the mechanism that the group manager has to re-encrypt all
data stored in the cloud after a member is revoked. The mechanism, from the
practical point of view, is really infeasible because of its inefficiency.
Threat Model
As the threat model, in this paper, we propose our scheme based on the Dolev-Yao
model, in which the adversary can overhear, intercept, and synthesis any message
at the communication channels. With the Dolev-Yao model, the only way to
protect the information from attacking by the passive eavesdroppers and active
saboteurs is to design the effective security protocols. This means there is not any
secure communication channels between the communication entities. Therefore,
this kind of threaten model can be more effective and practical to demonstrate the
communication in the real world.
SYSTEM DESIGN
4.1 INTRODUCTION
In this project, we propose a mobile-based software token system that is
supposed to replace existing hardware and computer-based software tokens. The
proposed system is secure.
Unified Modeling Language Diagrams:
UML is a method for describing the system architecture in detail using the blueprint.
UML represents a collection of best engineering practices that have proven

successful in the modeling of large and complex systems.
UML is a very important part of developing objects oriented software and the
software development process.
UML uses mostly graphical notations to express the design of software

projects.
Using the UML helps project teams communicate, explore potential designs,
and validate the architectural design of the software.
Definition:
UML is a general-purpose visual modeling language that is used to
specify, visualize, construct, and document the artifacts of the software system.
UML is a language:
It will provide vocabulary and rules for communications and function
on conceptual and physical representation. So it is modeling language.
UML Specifying:
Specifying means building models that are precise, unambiguous and
complete. In particular, the UML address the specification of all the important
analysis, design and implementation decisions that must be made in developing and
displaying a software intensive system.
UML Visualization:
The UML includes both graphical and textual representation. It
makes easy to visualize the system and for better understanding.
UML Constructing:
UML models can be directly connected to a variety of programming

languages and it is sufficiently expressive and free from any ambiguity to permit the
direct execution of models.
UML Documenting:
UML provides variety of documents in addition raw executable codes.
Figure 3.4 Modeling a System Architecture using views of UML

o The use case view of a system encompasses the use cases that describe the
behavior of the system as seen by its end users, analysts, and testers.
o The design view of a system encompasses the classes, interfaces, and
collaborations that form the vocabulary of the problem and its solution.
o The process view of a system encompasses the threads and processes that form
the system's concurrency and synchronization mechanisms.
o The implementation view of a system encompasses the components and files
that are used to assemble and release the physical system. The deployment
view of a system encompasses the nodes that form the system's hardware
topology on which the system executes.
Uses of UML:
The UML is intended primarily for software intensive systems. It has been
used effectively for such domain as
Enterprise Information System and Banking and Financial Services
Telecommunications and Transportation
Defense/Aerospace and Retails
Medical Electronics and Scientific Fields
Building blocks of UML:

The vocabulary of the UML encompasses 3 kinds of building blocks
Things:
Things are the data abstractions that are first class citizens in a model. Things
are of 4 types. Those are Structural Things, Behavioral Things, Grouping Things, An
notational Things
Relationships:
Relationships tie the things together. Relationships in the UML are Dependency,
Association, Generalization, and Specialization.
UML Diagrams:
A diagram is the graphical presentation of a set of elements, most often
rendered as a connected graph of vertices (things) and arcs (relationships). There are
two types of diagrams, they are:
Structural and Behavioral Diagrams
Structural Diagrams:The UMLs four structural diagrams exist to visualize, specify, construct and
document the static aspects of a system. I can View the static parts of a system using
one of the following diagrams. Structural diagrams consist of Class Diagram, Object
Diagram, Component Diagram, and Deployment Diagram.
Behavioral Diagrams:
The UMLs five behavioral diagrams are used to visualize, specify, construct,
and document the dynamic aspects of a system. The UMLs behavioral diagrams are
roughly organized around the major ways which can model the dynamics of a system.
A behavioral diagram consists of Use case Diagram, Sequence Diagram,
Collaboration Diagram, State chart Diagram and Activity Diagram.
DATA FLOW DIAGRAMS
Data flow diagrams represent the flow of data through a system. A DFD is
composed of:
I.
II.
Data movement shown by tagged arrows.

Transformation or process of data shown by named bubbles.
III.
Sources and destination of data represented by named rectangles.
IV.
Static storage or data at rest denoted by an open rectangle that is

named.
The DFD is intended to represent information flow but it is not a
flow chart and it is not intended to indicate decision-making, flow of control, loops
and other procedural aspects of the system. DFD is a useful graphical tool and is
applied at the earlier stages of requirements analysis. It may be further refined at
preliminary design states and is used as mechanism for creating a top level structural
design for software.
The DFD drawn first at a preliminary level is further expanded into greater
details: The context diagram is decomposed and represented with multiple bubbles.
Each of these bubbles may be decomposed further and documented as more detailed
DFDs.
4.2 Data Flow Diagram / Sequence Diagram / Component Diagram

The DFD is also called as bubble chart. It is a simple graphical formalism that
can be used to represent a system in terms of the input data to the system, various
processing carried out on these data, and the output data is generated by the system.
4.2.1 Data Flow Diagram
CLOUD
Group Member
Login
success
Group Signature
Verification
success
Group Manager
error
Login
Login Failed
success
Group Member
Account Activate
error
Signature failed
Group details
File Upload
File Details
File Download
File Delete
File Edit and Save
Account Revoke
End
Fig.4.2.1 Dataflow diagram
Data Flow Diagram: level-0
error
Login Failed
4.2.2 Class Diagram:

Class diagrams are widely used to describe the types of objects in a system and
their relationships. Class diagrams model class structure and contents using design
elements such as classes, packages and objects. Class diagrams describe three
different perspectives when designing a system, conceptual, specification, and
implementation. These perspectives become evident as the diagram is created and

help solidify the design. Class diagrams are arguably the most used UML diagram
type. It is the main building block of any object oriented solution. It shows the classes
in a system, attributes and operations of each class and the relationship between each
class.
Group Member
Group Manager
+UserName: string
+Password: string
+ConfirmPassword: string
+Group: string
+Mail: string
+Mobile: number
+Place: String
+Username: string
+Password: string
+getFile Logs()
+getMemberDetails()
+ViewFiles()
+DeleteFiles()
+ViewGroup()
+AccountActivations()
+FileUpload()
+File Encryption()
+File Download()
+File Edit()
+A/C Revoke()
+getGroupSignatureKey()
Cloud
+CloudID: number
+Type: string
+Name: string
+MaintainFiles()
+StoreFile()
+getRegistrationDetails()
+getFiles()
+getDownloadedFiles()
+getFileLogs()
Fig.4.2.2 Class Diagram
4.2.3 Sequence diagram

A sequence diagram is a kind of interaction diagram that shows how
processes operate with one another and in what order. It is a construct of a Message
Sequence Chart. A sequence diagram shows object interactions arranged in time
sequence. It depicts the objects and classes involved in the scenario and the sequence
of messages exchanged between the objects needed to carry out the functionality of
the scenario. Sequence diagrams are typically associated with use case realizations in
the Logical View of the system under development.
Fig.4.2.3 Sequence Diagram

4.2.4 Use case Diagram
A use case is a set of scenarios that describing an interaction between a user
and a system. A use case diagram displays the relationship among actors and use
cases. The two main components of a use case diagram are use cases and actors. An
actor is represents a user or another system that will interact with the system you are
modeling. A use case is an external view of the system that represents some action
the user might perform in order to complete a task.
Registration
Login and Group Signature

verification
View Group
Group Account Activation
File Upload
File Edit
Group Manager
Group Members
File Download
File Delete
Account Revoke
Fig.4.2.4 Use case Diagram
4.2.5 Collaboration diagram

A collaboration diagram in the Unified Modeling Language (UML) 8.0 is a
simplified version of the UML 1.x collaboration diagram. A Communication diagram
models the interactions between objects or parts in terms of sequenced messages.
Collaboration diagrams represent a combination of information taken from Class,
Sequence, and Use Case Diagrams describing both the static structure and dynamic
behavior of a system.
Fig.4.2.5 Collaboration Diagram
4.2.6 Activity Diagram:
Activity diagrams describe the workflow behavior of a system. Activity

diagrams are similar to state diagrams because activities are the state of doing
something. The diagrams describe the state of activities by showing the sequence of
activities performed.
CLOUD
Group Member
Group Manager
error
Login
Login
Login Failed
success
success
Group Signature
Verification
error
Login Failed
Group Member
Account Activate
error
Signature failed
success
Group details
File Upload
File Details
File Download
File Delete
File Edit and Save
A
Account Revoke
Fig.4.2.6 Activity Diagram
4.3 Module design and organization

SOFTWARE DESIGN
System Design is a solution to how to approach to the creation of a system.
This important phase provides the understanding and procedural details necessary for
implementing the system recommended in the feasibility study. The design step
produces a data design, an architectural design and a procedural design. The data
design transforms the information domain model created during analysis in to the data
structures that will be required to implement the software.
The architectural design defines the relationship among major structural
components into a procedural description of the software. Source code generated and
testing
is
conducted
to
integrate
and
validate
the
software.
From a project management point of view, software design is conducted in two steps.
Preliminary design is connected with the transformation of requirements into data and
software architecture. Detailed design focuses on refinements to the architectural
representation that leads to detailed data structure and algorithmic representations of
software.
Logical Design:
The logical design of an information system is analogous to an engineering

blue print or conceptual view of an automobile. It shows the major features and how
they are related to one another.
The outputs, inputs and relationship between the variables are designed in this
phase. The objectives of database are accuracy, integrity and successful recover from
failure, privacy and security of data and good overall performance.
Data Design:
Data design is the first of the three design activities that are conducted during
software engineering. The impact of data structure on program structure and
procedural complexity causes data design to have a profound influence on software
quality. The concepts of information hiding and data abstraction provide the
foundation for an approach to data design.
FUNDAMENTAL DESIGN CONCEPTS

Abstraction:
During the software design, abstraction allows us to organize and channel our
process by postponing structural considerations until the functional characteristics;
data streams and data stores have been established. Data abstraction involves
specifying legal operations on objects; representations and manipulations details are
suppressed.
Information Hiding:
Information hiding is a fundamental design concept for software. When

software system is designed using the information hiding approach, each module in
the system hides the internal details if the processing activities and modules
communicating only through well-defined interfaces.
Modularity:
Modular systems incorporate collections of abstractions in which each

functional abstraction, each data abstraction and each control abstraction handles a
local aspect of the problem being solved. Modular system consists of well-defined
interfaces among the units. Modularity enhances design clarity, which in turn eases
implementation, debugging and maintenance of the software product.
Concurrency:
Software systems can be categorized as sequential or concurrent. In a

sequential system, of the system is activate at any given time. Concurrent systems
have implemented process that can be activated simultaneously if multiple
processors are available.
Verification:
Design is the bridge between customer requirements and implementations that

satisfies the customers requirements. This is typically done in two steps:
Verification that the software requirements definition satisfies the customers

needs.
Verification that the design satisfies the requirements definition.
IMPLEMENTATION
Implementation is the stage of the project when the theoretical design is turned out
into a working system. Thus it can be considered to be the most critical stage in
achieving a successful new system and in giving the user, confidence that the new
system will work and be effective.
The implementation stage involves careful planning, investigation of the existing
system and its constraints on implementation, designing of methods to achieve
changeover and evaluation of changeover methods.

MODULE DESCRIPTION:
Number of Modules
After careful analysis the system has been identified to have the following modules:
MODULES:
Cloud Module
Group Manager Module
Group Member Module
File Security Module
Group Signature Module
User Revocation Module.
MODULES DESCRIPTION:
1. Cloud Module:
In this module, we create a local Cloud and provide priced abundant storage
services. The users can upload their data in the cloud. We develop this module,
where the cloud storage can be made secure. However, the cloud is not fully trusted
by users since the CSPs are very likely to be outside of the cloud users trusted
domain. Similar to we assume that the cloud server is honest but curious. That is, the
cloud server will not maliciously delete or modify user data due to the protection of
data auditing schemes, but will try to learn the content of the stored data and the
identities of cloud users.
2. Group Manager Module:
Group manager takes charge of followings,
1. System parameters generation,
2. User registration,
3. User revocation, and
4. Revealing the real identity of a dispute data owner.
Therefore, we assume that the group manager is fully trusted by the other parties.
The Group manager is the admin. The group manager has the logs of each and every
process in the cloud. The group manager is responsible for user registration and also
user revocation too.
3. Group Member Module:
Group members are a set of registered users that will
store their private data into the cloud server and
Share them with others in the group.
Note that, the group membership is dynamically changed, due to the staff
resignation and new employee participation in the company. The group member has
the ownership of changing the files in the group. Whoever in the group can view the
files which are uploaded in their group and also modify it. The group meme
4. File Security Module:
1. Encrypting the data file.
2. File stored in the cloud can be deleted by either the group manager or the data
owner. (i.e., the member who uploaded the file into the server).
5. Group Signature Module:
A group signature scheme allows any member of the group to sign messages while
keeping the identity secret from verifiers. Besides, the designated group manager
can reveal the identity of the signatures originator when a dispute occurs, which is
denoted as traceability.
6. User Revocation Module:
User revocation is performed by the group manager via a public available
revocation list (RL), based on which group members can encrypt their data files and
ensure the confidentiality against the revoked users.
4.4 CONCLUSIONS
In this way we can design the layout of the project which is to be
implemented during the construction phase. Thus we will have a clear picture of the
project before being coded. Hence any necessary enhancements can be made during
this phase and coding can be started.
IMPLEMENTATION
&
RESULTS
5.1 INTRODUCTION
The implementation part is the most important phase of the project. In this
phase, we code the entire project in the chosen software according to the design laid
during the previous phase. The code has to be in such a way that the user
requirements are satisfied and also not complicated for the user i.e., the user interface
or GUI has to be easy to navigate. The code should be efficient in all terms like space,
easy to update, etc. In this manner, we can complete the coding part of the project and
later it can be sent for testing before being delivered to the customer.
5.2 EXPLANATION OF KEY FUNCTIONS

Clustering algorithms could also be classified as listed below
Flat clustering(Creates a set of clusters without any explicit structure that
would relate clusters to each other; Its also called exclusive clustering)
Hierarchical clustering(Creates a hierarchy of clusters)
Hard clustering(Assigns each document/object as a member of exactly one

cluster)
Soft clustering(Distribute the document/object over all clusters)
System Model
We consider a cloud computing architecture by combining with an example that a
company uses a cloud to enable its staffs in the same group or department to share
files. The system model consists of three different entities: the cloud, a group
manager (i.e., the company manager), and a large number of group members. Cloud
is operated by CSPs and provides priced abundant storage services. However, the
cloud is not fully trusted by users since the CSPs are very likely to be outside of the
cloud users trusted domain. Similar to, we assume that the cloud server is honest but
curious. That is, the cloud server will not maliciously delete or modify user data due
to the protection of data auditing schemes, but will try to learn the content of the
stored data and the identities of cloud users. Group manager takes charge of system
parameters generation, user registration, user revocation, and revealing the real
identity of a dispute data owner. In the given example, the group manager is acted by
the administrator of the company. Therefore, we assume that the group manager is
fully trusted by the other parties. Group members are a set of registered users that will
store their private data into the cloud server and share them with others in the group.
In our example, the staffs play the role of group members. Note that, the group
membership is dynamically changed, due to the staff resignation and new employee
participation in the company.
Algorithms
To achieve secure data sharing for dynamic groups in the cloud, we expect to
combine the group signature and dynamic broadcast encryption techniques. Specially,
the group signature scheme enables users to anonymously use the cloud resources,
and the dynamic broadcast encryption technique allows data owners to securely share
their data files with others including new joining users. Unfortunately, each user has
to compute revocation parameters to protect the confidentiality from the revoked
users in the dynamic broadcast encryption scheme, which results in that both the
computation overhead of the encryption and the size of the cipher text increase with
the number of revoked users. Thus, the heavy overhead and large cipher text size may
hinder the adoption of the broadcast encryption scheme to capacity-limited users. To
tackle this challenging issue, we let the group manager compute the revocation
parameters and make the result public available by migrating them into the cloud.
Such a design can significantly reduce the computation overhead of users to encrypt
files and the cipher text size. Specially, the computation overhead of users for
encryption operations and the cipher text size is constant and independent of the
revocation users.
Signature Generation
The concept of group signatures was first introduced in by Chaum and van Heyst. In
general, a group signature scheme allows any member of the group to sign messages
while keeping the identity secret from verifiers. Besides, the designated group
manager can reveal the identity of the signatures originator when a dispute occurs,
which is denoted as traceability. In this paper, a variant of the short group signature
scheme will be used to achieve anonymous access control, as it supports efficient
membership revocation.
Signature Verification
Revocation Verification
User revocation is performed by the group manager via a public available revocation
list (RL), based on which group members can encrypt their data files and ensure the
confidentiality against the revoked users.
5.3 METHOD OF IMPLEMENTATION

Installing Software
First of all install Java 1.7 .an application which has GUI to organize standalone
application. You can install an IDE like My Eclipse or an Edit Plus editor to write
Java programs (optional). You can even write them in notepad.
Enable Path Settings
Now the path settings have to be enabled so that your system will be able to
recognize the above installed softwares. Note that correct path have to be given
otherwise it may raise an error. The following picture depicts the method of setting.
Java
The JAVA language was created by James Gosling in June 1991 for use in a
set top box project. The language was initially called Oak, after an oak tree that stood
outside Gosling's office - and also went by the name Green - and ended up later being
renamed to Java, from a list of random words. Gosling's goals were to implement a
virtual machine and a language that had a familiar C/C++ style of notation. The first
public implementation was Java 1.0 in 1995. It promised "Write Once, Run
anywhere" (WORA), providing no-cost runtimes on popular platforms. It was fairly
secure and its security was configurable, allowing network and file access to be
restricted. Major web browsers soon incorporated the ability to run secure Java
applets within web pages. Java quickly became popular. With the advent of Java 2,
new versions had multiple configurations built for different types of platforms. For
example, J2EE was for enterprise applications and the greatly stripped down version
J2ME was for mobile applications. J2SE was the designation for the Standard
Edition. In 2006, for marketing purposes, new J2 versions were renamed Java EE,
Java ME, and Java SE, respectively.
In 1997, Sun Microsystems approached the ISO/IEC JTC1 standards body
and later the Erma International to formalize Java, but it soon withdrew from the
process. Java remains a de facto standard that is controlled through the Java
Community Process. At one time, Sun made most of its Java implementations
available without charge although they were proprietary software. Sun's revenue from
Java was generated by the selling of licenses for specialized products such as the Java
Enterprise System. Sun distinguishes between its Software Development Kit (SDK)
and Runtime Environment. (JRE) which is a subset of the SDK, the primary
distinction being that in the JRE, the compiler, utility programs, and many necessary
header files are not present.
On 13 November 2006, Sun released much of Java as free software under the
terms of the GNU General Public License (GPL). On 8 May 2007 Sun finished the
process, making Javas entire core code open source, aside from a small portion of
code to which Sun did not hold the copyright.
The following are the Primary goals: There were five primary goals in the creation of
the Java language:
It should use the object-oriented programming methodology.
It should allow the same program to be executed on multiple operating

systems. It should contain built-in support for using computer networks.
It should be designed to execute code from remote sources securely.
It should be easy to use by selecting what were considered the good parts of
other object-oriented languages
The Java programming language is a high-level language that can be

characterized by all of the following buzzwords:
Simple
Object oriented
Portable
Distributed
High performance
Multithreaded
Architecture neutral
Dynamic
Robust
Secure
Each of the preceding buzzwords is explained in The Java Language

environment, a white paper written by James Gosling and Henry McGilton.
In the Java programming language, all source code is first written in plain text
files ending with the .java extension. Those source files are then compiled into .class
files by the java compiler. A .class file does not contain code that is native to your
processor; it instead contains byte codes the machine language of the Java Virtual
Machine1 (Java VM). The java launcher tool then runs your application with an
instance of the Java Virtual Machine.
(An overview of the software development process)

Because the Java VM is available on many different operating systems, the
same .class files are capable of running on Microsoft Windows, the Solaris TM
Operating System (Solaris OS), Linux, or Mac OS. Some virtual machines, such as
the Java Hotspot virtual machine, perform additional steps at runtime to give your
application a performance boost. This includes various tasks such as finding
performance bottlenecks and recompiling (to native code) frequently used sections of
code.
Through the Java VM, the same application is capable of running on multiple
platforms.
Java platform
A platform is the hardware or software environment in which a program runs.
We've already mentioned some of the most popular platforms like Microsoft
Windows, Linux, Solaris OS, and Mac OS. Most platforms can be described as a
combination of the operating system and underlying hardware. The Java platform
differs from most other platforms in that it's a software-only platform that runs on top
of other hardware-based platforms.
The Java platform has two components:
o The Java Virtual Machine
o The Java Application Programming Interface (API)
You've already been introduced to the Java Virtual Machine; it's the base for
the Java platform and is ported onto various hardware-based platforms. The API is a
large collection of ready-made software components that provide many useful
capabilities. It is grouped into libraries of related classes and interfaces; these libraries
are known as packages.
(The API and JVM insulate the program from the underlying hardware)
As a platform-independent environment, the Java platform can be a bit slower
than native code. However, advances in compiler and virtual machine technologies
are bringing performance close to that of native code without threatening portability.
Java Runtime Environment
The Java Runtime Environment, or JRE, is the software required to run any
application deployed on the Java Platform. End-users commonly use a JRE in
software packages and Web browser plug-in. Sun also distributes a superset of the
JRE called the Java 2 SDK (more commonly known as the JDK), which includes
development tools such as the Java compiler, Javadoc, Jar and debugger.
One of the unique advantages of the concept of a runtime engine is that errors
(exceptions) should not 'crash' the system. Moreover, in runtime engine environments
such as Java there exist tools that attach to the runtime engine and every time that an
exception of interest occurs they record debugging information that existed in
memory at the time the exception was thrown (stack and heap values). These
Automated Exception Handling tools provide 'root-cause' information for exceptions
in Java programs that run in production, testing or development environments. JVM
implementations that are optimized for the type of systems they are targeted at.
Fig. J2SE is part of the Java 2 Platform
The following characteristics are shared among the three Java editions:
Write Once Run Any where: because Java technology relies on Java bytecode that is interpreted by a virtual machine, applications written in Java can run on
similar types of systems (servers, desktop systems, and mobile devices) independent
of the underlying operating system and processor. For example, a developer doesn't
need to develop and maintain different versions of the same application to run
on a Nokia Communicator running the EPOC operating system, a Compaq iPAQ
running Pocket PC, or even a PDA powered by the Linux operating system. On
mobile phones, the variety of processors and operating systems is even more
significant, and therefore the wireless community in general is seeking a solution that
is platform agnostic, such as WAP or J2ME.
Security: while on the Internet, people are used to secure data transactions and
downloading files or email messages that may contain viruses, few wireless networks
today support standard Internet protocols, and wireless operators are concerned by the
security issues associated with the download of standard C applications on their
networks. Java technology features a robust security model: before any application is
executed by the Java virtual machine, a byte-code pre-verifier tests its code integrity.
Once an application is running, it cannot access system resources outside of a
'sandbox,' preventing applications from acting as viruses. Finally, Java applications
can take advantage of standard data encryption solutions (SSL or Elliptic Curve
Libraries) on packet based networks (for example CDPD, Mobitex, GPRS, WCDMA), providing a robust infrastructure for Mcommerce and enterprise application
access.
Rich graphical user interface: you may remember that the first demonstration of
Java technology was done using an animated character on a web page. While
animated GIF files have made this use of the technology obsolete on desktop systems,
mobile devices can benefit from richer GUI APIs that allow for differentiation of
services and the development of compelling applications.
Network awareness: while Java applications can operate in disconnected mode, they
are network-aware by default, allowing applications to be dynamically downloaded
over a network. Additionally, Java is network-agnostic, in the sense that Java
applications can exchange data with a backend server over any network protocol,
whether it is TCP/IP, WAP, i-mode, and different bearers, such as GSM, CDMA,
TDMA, PHS, CDPD, Mobitex, and so on.
Object Oriented
Everything in Java is coded using OO principles. This facilitates code

modularization, reusability, testability, and performance.
Interpreted/Portable
Java source is complied into platform-independent byte code, which is then
interpreted (compiled into native-code) at runtime. Javas slogan is "Write Once, Run
Everywhere".
Simple
Java has a familiar syntax, automatic memory management, exception handling,
single inheritance, standardized documentation, and a very rich set of libraries (no
need to reinvent the wheel).
Secure/Robust
Due to its support for strong type checking, exception handling, and memory
management, Java is immune to buffer- overruns, leaked memory, illegal data access.
Additionally, Java comes with a Security Manager that provides a sand-box execution
model.
Scalable
Thanks to its overall design, Java is scalable both in terms of
performance/throughput, and as a development environment. A single user can play a
Java game on a mobile phone, or millions of users can shop though a Java-based ecommerce enterprise application.
High-performance/Multi-threaded
With its Hotspot Just-in-Time compiler, Java can achieve (or exceed) performance
of native applications. Java supports multi-threaded development out-of-the-box.
Dynamic
Java can load application components at run-time even if it knows nothing about
them. Each class has a run-time representation.
Distributed
Java comes with support for networking, as well as for invoking methods on remote
(distributed) objects through RMI.
5.3.1 Forms
The following are some of the forms available in our project:

DatabaseConnection.java
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package DbPack;
import java.sql.*;
import java.util.logging.Level;
import java.util.logging.Logger;
/**
*
* @author jp
*/
public class DatabaseConnection {
public static Connection getCon(){
Connection con=null;
try {
Class.forName("com.mysql.jdbc.Driver");
con=
DriverManager.getConnection("jdbc:mysql://localhost:3306/mona","root","root");
System.out.println("connected.....");
} catch (ClassNotFoundException ex) {
Logger.getLogger(DatabaseConnection.class.getName()).log(Level.SEVERE,
null, ex);
} catch (SQLException ex) {
Logger.getLogger(DatabaseConnection.class.getName()).log(Level.SEVERE,
null, ex);
}
return con;
}
}
Register.java
/*
*/
package actionPackage;
import DbPack.TrippleDes;
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.*;
import java.util.Properties;
import javax.mail.Message;
import javax.mail.MessagingException;
import javax.mail.PasswordAuthentication;
import javax.mail.Session;
import javax.mail.Transport;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeMessage;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
*
* @author jp
*/
public class register extends HttpServlet {
/**
* Processes requests for both HTTP
* <code>GET</code> and
* <code>POST</code> methods.
*
* @param request servlet request
* @param response servlet response

* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse
response)
throws ServletException, IOException, SQLException {
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
try {
String user = request.getParameter("username");
String pass = request.getParameter("password");
String conpass = request.getParameter("conpassword");
String group = request.getParameter("group");
String email = request.getParameter("email");
String mobile = request.getParameter("mobile");
String place = request.getParameter("place");
//String mode = request.getParameter("mode");
if(pass.equals(conpass)){
Connection con =DbPack.DatabaseConnection.getCon();
Statement st = con.createStatement();
int
st.executeUpdate("insert
into
register
values('"+user+"','"+pass+"','"+group+"','"+email+"','"+mobile+"','"+place+"','NO','0')
");
if(i!=0){
mail_Send.sendMail(new TrippleDes().encrypt(group), user, email);
Properties props = new Properties();
props.put("mail.smtp.host", "smtp.gmail.com");
props.put("mail.smtp.socketFactory.port", "465");
props.put("mail.smtp.socketFactory.class",
"javax.net.ssl.SSLSocketFactory");
props.put("mail.smtp.auth", "true");
props.put("mail.smtp.port", "465");
// Assuming you are sending email from localhost
Session session = Session.getDefaultInstance(props,
new javax.mail.Authenticator() {
protected PasswordAuthentication getPasswordAuthentication() {

return new PasswordAuthentication("ram.emporis@gmail.com","8790982024");
}
});
try {
Message message = new MimeMessage(session);
message.setFrom(new InternetAddress(request.getParameter("username")));
message.setRecipients(Message.RecipientType.TO,
InternetAddress.parse(request.getParameter("email")));
message.setSubject("MONA GROUP: Activate your account & Group
Signature key ");
String ss="Activate your account"+"\n "+"\n "
String name="Dear" +" "+request.getParameter("username")+"\n "+"\n "
String moto="Welcome to MONA Group!"+"\n "+"\n "
String set="This message confirms that the following user profile was
successfully created:"+"\n "+"\n ";
String confi="Email:"+request.getParameter("email")+"\n "+"\n
String stt="Once you complete activation, you can log in and Enter Your
GROUP SIGNATURE KEY"+"\n "+"\n "
String ack="Thank you for your interest in MONA Group!!"+"\n "+"\n ";
// message.setText("YOU Have Successfully Registered Your Account with ID:
"+request.getParameter("username")+"
AND
PASSWORD:
"+request.getParameter("password")+" .Please Activate Your Account by Click on

The
Following
Link:");
message.setText(""+ss+""+name+""+moto+""+set+""+confi+""+stt+""+ack+"");
Transport.send(message);
System.out.println("Done");
} catch (MessagingException e) {
System.out.println(e);
e.printStackTrace();
// throw new RuntimeException(e);
}
response.sendRedirect("member_login.jsp?m=Registeration done");
}
else{
response.sendRedirect("register.jsp?m=register error...check");
}
}
else{
response.sendRedirect("register.jsp?m=password not match");
}
} catch (Exception ex) {
Logger.getLogger(register.class.getName()).log(Level.SEVERE, null, ex);
} finally {
out.close();
}
}
// <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the +
sign on the left to edit the code.">
/**
* Handles the HTTP
* <code>GET</code> method.
*
*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
try {
processRequest(request, response);
}
}
/**
* Handles the HTTP
* <code>POST</code> method.
*
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
try {
}
}
/**
* Returns a short description of the servlet.
*
* @return a String containing servlet description
*/
@Override
public String getServletInfo() {
return "Short description";
}// </editor-fold>
}
Key_verify.java
/*
*/
import DbPack.DatabaseConnection;
import java.sql.*;
import javax.servlet.http.HttpSession;
import org.apache.catalina.Session;
/**
*
* @author jp
*/
public class keyVerify extends HttpServlet {
/**
*
*/
response)
try {
String dbUgroup=null;
HttpSession session = request.getSession(true);
String ses = (String) session.getAttribute("fname");
String Uid = (String) session.getAttribute("UID");
System.out.println("id sess is "+Uid);
System.out.println("ses : " + ses);
String getK = request.getParameter("getK");
String getName = request.getParameter("getName");
Connection con = DatabaseConnection.getCon();
Statement st1 = con.createStatement();
ResultSet rs1 = st1.executeQuery("select * from register where username
='"+Uid+"' ");
if(rs1.next()){
dbUgroup = rs1.getString("group");
}
ResultSet rs = st.executeQuery("select * from upload where file_name = '" +
getName + "' ");
System.out.println("hi ");
if (rs.next()) {
if
((getK.equals(rs.getString("key_")))&&(dbUgroup.equals(rs.getString("group")))) {
System.out.println("fine");
response.sendRedirect("fileDChk.jsp?m=" + getName);
} else {
response.sendRedirect("Error.jsp");
}
} else {
response.sendRedirect("Error.jsp");
}
Logger.getLogger(keyVerify.class.getName()).log(Level.SEVERE, null, ex);

} finally {
out.close();
}
}
/**
* Handles the HTTP
*
*/
@Override
}
/**
* Handles the HTTP
*
*/
@Override
}
/**
*
*/
@Override
}// </editor-fold>
}
sigVerify.java
/*
*/
package com.action;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import org.apache.catalina.Session;
/**
*
* @author jp
*/
public class sigVerify extends HttpServlet {
/**
*
*/
response)
try {
String getu = session.getAttribute("uid").toString();
System.out.println("uid is " + getu);
String getS = request.getParameter("sig");
Connection con = DatabaseConnection.getCon();
ResultSet rs = st.executeQuery("select * from register where username = '" +
getu + "'");
if (rs.next()) {
String getSignature = null;
try {
getSignature = new TrippleDes().encrypt(rs.getString("group_"));
System.out.println("group sig is = " + getSignature);
Logger.getLogger(sigVerify.class.getName()).log(Level.SEVERE, null,
ex);
}
if (getS.equals(getSignature)) {
response.sendRedirect("memberHome.jsp?ms="+getu);//?<html><body
onload=\"alert('Signature Verified....')\"></body></html>");
} else {
out.println("Invaild Signature.....");
}
} else {
out.println("User Error");
}
Logger.getLogger(sigVerify.class.getName()).log(Level.SEVERE, null, ex);
} finally {
out.close();
}
}
/**
* Handles the HTTP
*
*/
@Override
}
/**
* Handles the HTTP
*
*/
@Override
}
/**
*
*/
@Override
}// </editor-fold>
}
Upload.java
/*
*/
import java.io.BufferedReader;
import java.io.File;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Iterator;
import java.util.List;
import java.util.Random;
import javax.swing.JOptionPane;
import org.apache.tomcat.util.http.fileupload.FileItem;
import org.apache.tomcat.util.http.fileupload.disk.DiskFileItemFactory;
import org.apache.tomcat.util.http.fileupload.servlet.ServletFileUpload;
/**
*
* @author jp
*/
public class upload extends HttpServlet {
private static final String TMP_DIR_PATH = "c:\\tmp";
private File tmpDir;
private static final String DESTINATION_DIR_PATH = "file";
private File destinationDir;
Calendar currentDate = Calendar.getInstance();
SimpleDateFormat formatter =
new SimpleDateFormat("yyyy/MMM/dd HH:mm:ss");
String dateNow = formatter.format(currentDate.getTime());
/**
*
*/
response)
try {
DiskFileItemFactory fileItemFactory = new DiskFileItemFactory();
fileItemFactory.setSizeThreshold(1 * 1024 * 1024);
fileItemFactory.setRepository(tmpDir);
ServletFileUpload uploadHandler = new ServletFileUpload(fileItemFactory);
Connection con = null;
Statement st = null;
Statement st1 = null;
PreparedStatement pstm1 = null;

String getu = session.getAttribute("ID").toString();
System.out.println("id is " + getu);
try {
/*
* Parse the request
*/
String gr=null;
con = DatabaseConnection.getCon();
st = con.createStatement();
st1 = con.createStatement();
List items = uploadHandler.parseRequest(request);
Iterator itr = items.iterator();
String fileName = "";
FileItem item = (FileItem) itr.next();
String fName = null;
fName = item.getName();
System.out.println("fname " + fName);
fileName = item.getName();
System.out.println("filename " + fileName);
// File file = new File(Constant.file, item.getName());
// item.write(file);
// System.out.println("" + file.getAbsolutePath());
int x = fileName.lastIndexOf('\\');
String fN = fileName.substring(x + 1, fileName.length());
System.out.println(fN);
String get = "" + item.getInputStream();
String str = getStringFromInputStream(item.getInputStream());
String cipher = new TrippleDes().encrypt(str);
System.out.println(str);
String
sq2
"insert
into
(file_name,file_data,date,key_,group_,user_id)values(?,?,?,?,?,?)";
String sq3 = "select * from register where username = '" + getu + "'";
System.out.println("jjj");
ResultSet rs3 = st.executeQuery(sq3);
upload
if(rs3.next()){
gr = rs3.getString("group_");
}
pstm1 = con.prepareStatement(sq2);
pstm1.setString(1, fileName);
Random r = new Random();
int getKey = r.nextInt() + 5000;
String key = "" + getKey;
pstm1.setString(2, cipher);
pstm1.setString(3, dateNow);
pstm1.setString(4, new TrippleDes().encrypt(fileName));
pstm1.setString(5, gr);
pstm1.setString(6, getu);
System.out.println("in");
int ii = st1.executeUpdate("insert into log_details
values('"+getu+"','"+fileName+"','"+gr+"','Upload',now())");
if(ii!=0){
JOptionPane.showMessageDialog(null,"File Key Is :
"+new
TrippleDes().encrypt(fileName).toString());
// out.println("alert('completed')");
response.sendRedirect("memberHome.jsp?msg=file Uploaded");
}else{
out.println("log error");
}
} catch (Exception e) {
System.out.println(e);
}
Logger.getLogger(upload.class.getName()).log(Level.SEVERE, null,ex);
}
}
private static String getStringFromInputStream(InputStream is) {
BufferedReader br = null;
StringBuilder sb = new StringBuilder();
String line;
try {
br = new BufferedReader(new InputStreamReader(is));
while ((line = br.readLine()) != null) {
sb.append(line+"\n");
}
} catch (IOException e) {
} finally {
if (br != null) {
try {
br.close();
} catch (IOException e) {
}
}
}
return sb.toString();
}
/**
* Handles the HTTP
*
*/
@Override

}
/**
* Handles the HTTP
*
*/
@Override
}
/**
*
*/
@Override
}// </editor-fold>
}
5.3.2 OUTPUT SCREENS

5.3.2.1 Step1: Run the Project file from the Netbeans IDE.
Figure 5.3.2.1. Home Page Execution

Home Page
Group Member Registration Form

81
Group Manager Login Page
5. Group Manager Account Home Page
82
View File Logs Details
View File Details In Cloud
83
Group Manager opens the particular Group to know newly Register member details
View Group Details Along with Activate /Deactive Member Details
84
Group manager Activates group member in a specific group and then forward the
group signature key to member email page
Group Member Login Page
85
Group Signature Verification Page
If the group signature key is valid then Member is Allowed to get Homepage
86
File Upload Here
File Download Page
87
File Details Here
File View (Enter File Key to View Decrypted Data)
88
File Modification Page (If File is Valid)
User Revocation Process
89
File Deletion Process
5.3.3 Result Discussion

Unfortunately, designing an efficient and secure data sharing scheme for groups
in the cloud is not an easy task due to the following challenging issues. First, identity
privacy is one of the most significant obstacles for the wide deployment of cloud
computing. Without the guarantee of identity privacy, users may be unwilling to join
in cloud computing systems because their real identities could be easily disclosed to
cloud providers and attackers. On the other hand, unconditional identity privacy may
incur the abuse of privacy. For example, a misbehaved staff can deceive others in the
90
company by sharing false files without being traceable. Therefore, traceability, which
enables the group manager (e.g., a company manager) to reveal the real identity of a
user, is also highly desirable. Second, it is highly recommended that any member in a
group should be able to fully enjoy the data storing and sharing services provided by
the cloud, which is defined as the multiple-owner manner. Compared with the singleowner manner, where only the group manager can store and modify data in the cloud,
the multiple-owner manner is more flexible in practical applications. More concretely,
each user in the group is able to not only read data, but also modify his/ her part of
data in the entire data file shared by the company. Last but not least, groups are
normally dynamic in practice, e.g., new staff participation and current employee
revocation in a company. The changes of membership make secure data sharing
extremely difficult. On one hand, the anonymous system challenges new granted
users to learn the content of data files stored before their participation, because it is
impossible for new granted users to contact with anonymous data owners, and obtain
the corresponding decryption keys. On the other hand, an efficient membership
revocation mechanism without updating the secret keys of the remaining users is also
desired to minimize the complexity of key management. Several security schemes for
data sharing on un trusted servers have been proposed. In these approaches, data
owners store the encrypted data files in un trusted storage and distribute the
corresponding decryption keys only to authorized users. Thus, unauthorized users as
well as storage servers cannot learn the content of the data files because they have no
knowledge of the decryption keys. However, the complexities of user participation
and revocation in these schemes are linearly increasing with the number of data
owners and the number of revoked users, respectively. By setting a group with a
single attribute, Lu etal. Proposed a secure provenance scheme based on the cipher
text-policy attribute-based encryption technique, which allows any member in a group
to share data with others. However, the issue of user revocation is not addressed in
their scheme. Yu et al. presented a scalable and fine-grained data access control
scheme in cloud computing based on the key policy attribute-based encryption (KPABE) technique [9]. Unfortunately, the single owner manner hinders the adoption of
their scheme into the case, where any user is granted to store and share data.
91
TESTING
92
&
VALIDATION
6.1 INTRODUCTION
System Testing is a process of executing a program with the intent of finding
an error. A good test case is one that has a high probability of finding an as-yet
undiscovered error. A successful test is one that uncovers an as-yet- undiscovered
error. System testing is the stage of implementation, which is aimed at ensuring that
the system works accurately and efficiently as expected before live operation
commences. It verifies that the whole set of programs hang together. System testing
requires a test consists of several key activities and steps for run program, string,
system and is important in adopting a successful new system. This is the last chance
to detect and correct errors before the system is installed for user acceptance testing.
The following are the Testing Objectives:
Testing is a process of executing a program with the intent of finding an
error.
A good test has a high probability of finding an as yet undiscovered error.
A successful test is one that uncovers an as yet undiscovered error.
6.2 DESIGN OF TEST CASES & SCENARIO

93
The objective is to design tests that systematically uncover different classes

of errors and do so with a minimum amount of time and effort. Testing cannot show
the absence of defects, it can only show that software defects are present.
6.2.1 Unit Testing
In unit testing each module developed is tested separately for its accuracy,
timeliness, simplicity etc. The various errors discovered during the unit testing may
be the errors in data interface between routines, logical error in the algorithm and
failure to account for various processing cases.
It may also contain requirement document, design error and implementation.
These errors are detected while running with sample data. The errors are then rectified
and tested again. This continues till all the errors are removed and the user needs are
fully satisfied.
Each individual file involved in project is tested by the developer by giving
the input file. The input file contains numeric value.
6.1.2 White Box Testing:
This testing is also called as Glass box testing. In this testing, by knowing the
specific functions that a product has been design to perform test can be conducted that
demonstrate each function is fully operational at the same time searching for errors in
each function. It is a test case design method that uses the control structure of the
procedural design to derive test cases. Basis path testing is a white box testing.
6.2.3 Black Box Testing
Black box testing is nothing but running the whole system, but what function
is going on is unknown. This testing is otherwise called as structured test; in our
project all the files are integrated and tested structurally.
6.2.4 Functional Testing
In this functional testing if the screen goes blank, they may start to wonder as
to what is happening and the user could just do anything such as press the enter key a
number of times, or switch of the system and so on, but if a message is displayed
saying that the processing is in progress and asking the operator to wait, then these
type of problems are avoided in the functional testing.
6.2.5 System Testing
Testing is vital to the success of the system. System testing makes a logical
94
assumption that if all parts of the system are correct, the goal will be successfully
achieved.
6.2.6 Integration Testing
Modules integrated by moving down the program design hierarchy. Can use
depth first or breadth first top down integration verifies major control and decision
points early in design process. Top-level structure tested most. Depth first
implementation allows a complete function to be implemented, tested and
demonstrated and does depth first implementation of critical functions early. Top
down integration forced (to some extent) by some development tools in programs
with graphical user interfaces.
6.2.7 Validation Testing
Validation testing is aims to demonstrate that the software functions in a
manner that can be reasonably expected by the customer. This tests conformance the
software to the Software Requirements Specification.
6.2.7.1 Validation Test Criteria
A set of black box test is to demonstrate conformance with requirements. To
check that all functional requirements satisfied, all performance requirements
achieved, documentation is correct and ' human-engineered', and other requirements
are met (e.g. compatibility, error recovery, and maintainability).
6.2.7.2 Configuration Review
An audit to ensure that all elements of the software configuration are properly
developed catalogued and has all the necessary detail to support maintenance.
6.2.1 PERFORMANCE ANALYSIS

We make the performance simulation with NS2 and compare with Mona in
and the original dynamic broadcast encryption (ODBE) scheme in . Without loss of
generality, we set and the elements in and to be 161 and 1,024 bits, respectively. In
addition, we assume the size of the data identity is 16 bits, which yield a group
capacity of data files. Similarly, the size of user and group identity are also set 16 bits.
Both group members and group managers processes are conducted on a laptop with
Core 2 T5800 2.0 GHz, DDR2 800 2G, Ubuntu 12.04 X86. The cloud process is
implemented on a laptop with Core i7-3630 2.4 GHz, DDR3 1600 8G, Ubuntu 12.04
X64. We select an elliptic curve with 160 bits group order.
95
Fig 6.3 Comparison on computation cost of members for file upload among
ODBE, RBAC, Mona and our scheme
As illustrated in figure 6.3, we list the comparison on computation cost of members

for file upload among ODBE, RBAC, Mona and our scheme. It is obviously observed
that the computation cost for members in our scheme is irrelevant to the number of
revoked users. The reason is that in our scheme, we move the operation of user
revocation to the group manager so that the legal clients can encrypt the data files
alone without involving information of other clients, including both legal and revoked
clients. On the contrary, the computation cost increases with the number of revoked
users in ODBE. The reason is that several operations including point multiplications
and exponentiations have to be performed by clients to compute the parameters in
ODBE.
The computation cost of members for file download operations with the size of 10
and 100Mbytes are illustrated in figure 8. The computation cost is irrelevant to the
number of revoked users in RBAC scheme. The reason is that no matter how many
users are revoked, the operations for members to decrypt the data files almost remain
the same. The computation cost in Mona increases with the number of revoked users,
because the users need to perform computing for revocation verification and check
whether the data owner is a revoked user. Besides the above operations, more
parameters need to be computed by members in ODBE. On the contrary, the
computation cost decreases with the number of revoked users in our scheme because
96
of the computation for the recovery of the secret parameter decreases with the number
of revoked users.
Comparison on computation cost of members for file download among ODBE,

RBAC, Mona and our scheme
Cloud Computation Cost

As illustrated in figure, we list the comparison on computation cost of the cloud for
file upload between Mona and our scheme. In general, it can be obviously seen that
both the computation costs of the cloud in two schemes are acceptable. In detail, the
cost in Mona increases with the number of revoked users, as the revocation
verification cost increases. However, in our scheme, the cost is irrelevant to the
number of the revoked users. The reason is that the computation cost of the cloud for
file upload in our scheme consists of two verifications for signature, which is
irrelevant to the number of the revoked users. The reason for the small computation
cost of the cloud in the phase of file upload in RBAC scheme is that the verifications
between communication entities are not concerned in this scheme.
Comparison on computation cost of members for file upload among RBAC,

97
Mona and our scheme

The computation cost of the cloud for file download operations with the size of 10
and 100Mbytes are illustrated in figure 10. Similar to the operation of file upload, the
computation cost of the cloud is mainly determined by the revocation verification
operation. Therefore, the cost increases with the number of revoked users. However,
in our scheme, the cloud just simply verifies the signature. Therefore, the computation
cost of the cloud for file download is irrelevant to the number of the revoked users.
The reason for the high computation cost of the cloud in RBAC scheme is that the
cloud performs some algorithm operations to help the user to decrypt data files. In
addition, it can be seen that in these schemes, the computation cost is independent
with the size of the file, since both the signature in Mona and the encrypted message
in our scheme are irrelevant to the size of the requested file and the operations of
cloud for decryption in RBAC scheme is also irrelevant to the size of the encrypted
data files.
6.3 VALIDATION
Validation aims to demonstrate that the software functions in a manner that can be
reasonably expected by the customer. This tests conformance the software to the Software
Requirements Specification.
Here an experiment has done for checking the consistency for the user
requirements regarding the username and password which should be validated through
the server and the username and password should be matched and also the method
Steganography implemented also checked for its consistency to provide security.
98
CONCLUSION
7. CONCLUSION
99
In this paper, we design a secure anti-collusion data sharing scheme for

dynamic groups in the cloud. In our scheme, the users can securely obtain their
private keys from group manager Certificate Authorities and secure communication
channels. Also, our scheme is able to support dynamic groups efficiently, when a new
user joins in the group or a user is revoked from the group, the private keys of the
other users do not need to be recomputed and updated. Moreover, our scheme can
achieve secure user revocation; the revoked users can not be able to get the original
data files once they are revoked even if they conspire with the untrusted cloud.
FUTURE WORKS
In this paper, we outline a protected against agreement information sharing
plan for element bunches in the cloud. In our plan, the clients can safely acquire their
private
keys
from
gathering
director
Certificate
Authorities
and
secure
correspondence channels. Likewise, our plan can bolster dynamic gatherings

proficiently, when another client joins in the gathering or a client is denied from the
gathering, the private keys of alternate clients don't should be recomputed and
redesigned. In addition, our plan can accomplish secure client repudiation, the
disavowed clients can not have the capacity to get the first information records once
they are denied regardless of the possibility that they plot with the untrusted cloud.
REFERENCES
[1] M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. Katz, A. Konwinski, G. Lee, D.
Patterson, A. Rabkin, I. Stoica, and M. Zaharia. A View of Cloud omputing, Comm.
ACM, vol. 53, no. 4, pp. 50-58, Apr.2010.
100
[2] S. Kamara and K. Lauter, Cryptographic Cloud Storage, Proc. Intl

Conf.Financial Cryptography and Data Security (FC), pp.136- 149, Jan. 2010.
[3] M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu, Plutus:
ScalableSecure File Sharing on Untrusted Storage, Proc. USENIX Conf. File and
Storage Technologies, pp. 29-42, 2003.
[4] E. Goh, H. Shacham, N. Modadugu, and D. Boneh, Sirius: Securing Remote
Untrusted Storage, Proc. Network and Distributed Systems Security Symp. (NDSS),
pp. 131-145, 2003. [5] G. Ateniese, K. Fu, M. Green, and S. Hohenberger, Improved
Proxy Re-Encryption Schemes with Applications to Secure Distributed Storage,
Proc.Network and Distributed Systems Security Symp. (NDSS), pp. 29-43, 2005.
[6] Shucheng Yu, Cong Wang, Kui Ren, and Weijing Lou, Achieving Secure,
Scalable, and Fine-grained Data Access Control in Cloud Computing, Proc. ACM
Symp. Information, Computer and Comm. Security, pp. 282-292, 2010.
[7] V. Goyal, O. Pandey, A. Sahai, and B. Waters, Attribute-Based Encryption for
Fine-Grained Access Control of Encrypted Data, Proc. ACM Conf. Computer and
Comm. Security (CCS), pp. 89- 98, 2006
[8] R. Lu, X. Lin, X. Liang, and X. Shen, Secure Provenance: The Essential of
Bread and Butter of Data Forensics in Cloud Computing, Proc. ACM Symp.
Information, Computer and Comm. Security, pp. 282-292, 2010.
[9] B. Waters, Ciphertext-Policy Attribute-Based Encryption: An Expressive,
Efficient,
and
Provably
Secure
Realization,
Proc.
Intl
Conf.http://eprint.iacr.org/2008/290.pdf, 2008
[10] Xuefeng Liu, Yuqing Zhang, Boyang Wang, and Jingbo Yang, Mona: Secure
Multi-Owner Data Sharing for Dynamic Groups in the Cloud, IEEE Transactions on
Parallel and Distributed Systems, vol. 24, no. 6, pp. 1182-1191, June 2013
101

Anti Collision Complete Document

Diunggah oleh

Informasi Dokumen

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Anti Collision Complete Document

Diunggah oleh

Hak Cipta:

Format Tersedia

Secure Anti-Collusion Data Sharing Scheme for Dynamic

Groups in the Cloud

Secure Anti-Collusion Data Sharing Scheme for Dynamic

Secure Anti-Collusion Data Sharing Scheme for Dynamic

Secure Anti-Collusion Data Sharing Scheme for Dynamic

proposed a secure provenance scheme by leveraging

group signatures and cipher text-policy attribute-based

Secure Anti-Collusion Data Sharing Scheme for Dynamic

leveraging access control polynomial, it is designed to

Secure Anti-Collusion Data Sharing Scheme for Dynamic

1.2 PROBLEM DEFINATION

Unfortunately, because of the frequent change of the

preserving is still a challenging issue, especially for an

1.3 OBJECTIVE OF THE PROJECT

Secure Anti-Collusion Data Sharing Scheme for Dynamic

Secure Anti-Collusion Data Sharing Scheme for Dynamic

Structure of cloud computing

computing power, normally used by military and research

Secure Anti-Collusion Data Sharing Scheme for Dynamic

Characteristics and Services Models:

On-demand self-service: A consumer can unilaterally

Broad network access: Capabilities are available over

Resource pooling: The providers computing resources

Rapid elasticity: Capabilities can be rapidly and

Secure Anti-Collusion Data Sharing Scheme for Dynamic

control and optimize resource use by leveraging a metering

Characteristics of cloud computing

Secure Anti-Collusion Data Sharing Scheme for Dynamic

Structure of service models

Achieve economies of scale increase volume output or

Reduce spending on technology infrastructure. Maintain

Globalize your workforce on the cheap. People

Streamline processes. Get more work done in less time

Reduce capital costs. Theres no need to spend big

Improve accessibility. You have access anytime,

Monitor projects more effectively. Stay within budget

Secure Anti-Collusion Data Sharing Scheme for Dynamic

Less personnel training is needed. It takes fewer people

Minimize licensing new software. Stretch and grow

Improve flexibility. You can change direction without

Secure Anti-Collusion Data Sharing Scheme for Dynamic

1. Cipher text-Policy Attribute-Based Encryption

Taeho Jung1, Xiang-Yang Li12, Zhiguo

Wan34, Meng Wan5

Secure Anti-Collusion Data Sharing Scheme for Dynamic

Vladimir Bozovic1 , Daniel Socek2? ,

Secure Anti-Collusion Data Sharing Scheme for Dynamic

assumption, has a complexity comparable to that of Chases

Secure Anti-Collusion Data Sharing Scheme for Dynamic

Based Encryption with White-Box Traceability and

Secure Anti-Collusion Data Sharing Scheme for Dynamic

(re-)distribution) should be caught and prosecuted. And for a

Secure Anti-Collusion Data Sharing Scheme for Dynamic

cryptographically enforced access control in untrusted

(AABE) is a suitable primitive that provides users to access

Secure Anti-Collusion Data Sharing Scheme for Dynamic

Secure Anti-Collusion Data Sharing Scheme for Dynamic

Secure Anti-Collusion Data Sharing Scheme for Dynamic

3.1.1 Analysis Model

Requirement Analysis Project Planning

Fig. a) Water Fall Model

3.1.2 Study of the Project

Based on the given requirements, conceptualize the Solution Architecture.

3.1.3 Feasibility Analysis