Cloud - Final Term-Report

Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing
Ravi K
Contents
1. Abstract Brief description about the project 2. Introduction
i. ii. 3. 4. 5.
01
03
03
Core technical area in the project Project area 20 20 21
05
Details of the work done Details of the proposed work Bibliography
Page: 1
Ravi K
Abstract
Cloud computing is an emerging computing paradigm in which resources of the computing infrastructure are provided as services over the Internet. This project proposes some services for data security and access control when users outsource sensitive data for sharing on cloud servers. This project addresses this challenging open issue by, on one hand, defining and enforcing access policies based on data attributes, and, on the other hand, allowing the data owner to delegate most of the computation tasks involved in fine grained data access control to untrusted cloud servers without disclosing the underlying data contents. Our proposed scheme enables the data owner to delegate tasks of data file re-encryption and user secret key update to cloud servers without disclosing data contents or user access privilege information. We achieve this goal by exploiting and uniquely combining techniques of attributebased encryption (ABE), proxy re-encryption, and lazy re-encryption. Our proposed scheme also has salient properties of user access privilege confidentiality and user secret key accountability and achieves fine - graininess, scalability and data confidentiality for data access control in cloud computing. Our proposal is to make extensive analysis to prove that our implementation is highly efficient and provably secures under existing security models.
Page: 2
Ravi K
1.0
1.1
Introduction
System Reference Cloud Computing is a commercial extension of computing resources
like computation cycles and storage offered as a metered service similar to a physical public utility like electricity, water, natural gas, or telephone network.
Page: 3
Ravi K
It enables a computing system to acquire or release computing resources on demand in a manner such that the loss of any one component of the system will not cause total system failure. Cloud computing also allows the deployment of software applications into an environment running the necessary technology stack for the purposes of development, staging, or production of a software application. It does all this in a way that minimizes the necessary interaction with the underlying layers of the technology stack. In this way cloud computing obfuscates much of the complexity that underlies Software as a Service (SaaS) or batch computing software applications. Here are the brief definitions used in the cloud computing technology.
i. Utility Computing- The combination of computing resources as a

metered service in a way similar to a physical public utility.
ii. Scalability- The ability of a computing system to grow relatively

easily in response to increased demand
iii. Elasticity- The ability of a system to dynamically acquire or

release compute resources on-demand
iv. Highly Available- Systems designed such that the loss of any one
component of a system will not result in system failure
v. Deployment- Placing your software application into a technology

stack in a running environment for development, testing, or production
vi. Software Application- An arrangement of programming code

designed to achieve some specific purpose
vii. Technology Stack- The Hardware and Software layers underlying a

given software application.
Page: 4
Ravi K
More compactly stated, cloud computing is a commercial extension of utility computing that enables scalable, elastic, highly available deployment of software applications while minimizing the level of detailed interaction with the underlying technology stack itself.
Cloud computing has the benefit of flexibility to scale up or down the IT infrastructure depending on the enterprise needs. This means that the enterprise do not have to provision for future needs as the IT infrastructure they need may be set up in minimal time. This also means that the time to start a business process is not contingent on IT infrastructure establishment time.
1.2
Overall Description Cloud computing is also facing many challenges that, if not well
resolved, may impede its fast growth. Data security, as it exists in many other applications, is among these challenges that would raise great concerns from users when they store sensitive information on cloud servers. These concerns originate from the fact that cloud servers are usually operated by commercial providers which are very likely to be outside of the trusted domain of the users. Data confidential against cloud
Page: 5
Ravi K
servers is hence frequently desired when users outsource data for storage in the cloud. In some practical application systems, data confidentiality is not only a security/privacy issue, but also of juristic concerns. For example, in health care application scenarios use and disclosure of protected health information (PHI) should meet the requirements of Health Insurance Portability and Accountability Act (HIPAA), and keeping user data confidential against the storage servers is not just an option, but a requirement. Furthermore, we observe that there are also cases in which cloud users themselves are content providers. They publish data on cloud servers for sharing and need fine-grained data access control in terms of which user (data consumer) has the access privilege to which types of data. In the health care case, for example, a medical center would be the data owner who stores millions of health care records in the cloud. It would allow data consumers such as doctors, patients, researchers and etc, to access various types of health care records under policies admitted by HIPAA. To enforce these access policies, the data owners on one hand would like to take advantage of the abundant resources that the cloud provides for efficiency and economy; on the other hand, they may want to keep the data contents confidential against cloud servers. We address this open issue and propose a secure and scalable finegrained data access control scheme for cloud computing. Our proposed scheme is partially based on our observation that, in practical application scenarios each data file can be associated with a set of attributes which are meaningful in the context of interest. The access structure of each user can thus be defined as a unique logical expression over these attributes to reflect the scope of data files that the user is allowed to access. As the logical expression can represent any desired data file set, fine-
Page: 6
Ravi K
grained ness of data access control is achieved. To enforce these access structures, we define a public key component for each attribute. Data files are encrypted using public key components corresponding to their attributes. User secret keys are defined to reflect their access structures so that a user is able to decrypt a cipher text if and only if the data file attributes satisfy his access structure. Such a design also brings about the efficiency benefit, as compared to previous works, in that, The complexity of encryption is just related the number of attributes associated to the data file, and is independent to the number of users in the system; and Data file creation/deletion and new user grant operations just affect current file/user without involving system-wide data file update or rekeying. One extremely challenging issue with this design is the implementation of user revocation, which would inevitably require reencryption of data files accessible to the leaving user, and may need update of secret keys for all the remaining users. If all these tasks are performed by the data owner himself/herself, it would introduce a heavy computation overhead on him/her and may also require the data owner to be always online. To resolve this challenging issue, our proposed scheme enables the data owner to delegate tasks of data file re-encryption and user secret key update to cloud servers without disclosing data contents or user access privilege information. We achieve our design goals by exploiting a novel cryptographic primitive, namely key policy attribute-based encryption
Page: 7
Ravi K
1.2.1 System Analysis

Existing System: Our existing solution applies cryptographic methods by disclosing data decryption keys only to authorized users. These solutions inevitably introduce a heavy computation overhead on the data owner for key distribution and data management when fine grained data access control is desired, and thus do not scale well. Proposed System: In order to achieve secure, scalable and fine-grained access control on outsourced data in the cloud, we utilize and uniquely combine the following three advanced cryptographic techniques: Key Policy Attribute-Based Encryption (KP-ABE). Proxy Re-Encryption (PRE) Lazy re-encryption
Page: 8
Ravi K
1.2.3 General Description 1.1 Product Functions

The Product provides database application and functionality to use the database. Functionalities provided in the product are:
1. Create account.
2. Login
3. Upload files
4. Search files 5. Generate Secret Keys 6. Maintain Secret Keys. 7. Secure files 8. Display required data Content stored in the server.
Page: 9
Ravi K
1.2 Users
The Cloud service has several users using online services like shared database server application. The Late Re-Encryption of the private keys happens on the cloud server at leisure.
1.3 General Constraints

The Cloud computing software requires cloud server and large number of users for testing. This cloud infrastructure is difficult to simulate so the concept is implemented on Microsoft Database Server on the Desktop with support for limited users. The simulation is done for multiple users accessing the database simultaneously.
1.4 Models and Assumptions

System Models Similar to other commercial systems, we assume that the system is composed of the following parties: the Data Owner, many Data Consumers, many Cloud Servers, and a Third Party Auditor if necessary. To access data files shared by the data owner, Data Consumers, or users for brevity, download data files of their interest from Cloud Servers and then decrypt. Neither the data owner nor users will be always online. They come online just on the necessity basis. For simplicity, we assume that the only access privilege for users is data file reading. Extending our proposed scheme to support data file writing is trivial by asking the data writer to sign the new data file on each update as does. From now on, we will also call data files by files for brevity.
Page: 10
Ravi K
Cloud Servers are always online and operated by the Cloud Service Provider (CSP). They are assumed to have abundant storage capacity and computation power. The Third Party Auditor is also an online party which is used for auditing every file access event. In addition, we also assume that the data owner can not only store data files but also run his own code on Cloud Servers to manage its data files. This assumption coincides with the unified ontology of cloud computing
B. Security Models In this work, we just consider Honest but Curious Cloud Servers as does. That is to say, Cloud Servers will follow our proposed protocol in general, but try to find out as much secret information as possible based on their inputs. More specifically, we assume Cloud Servers are more interested in file contents and user access privilege information than other secret information. Cloud Servers might collude with a small number of malicious users for the purpose of harvesting file contents when it is highly beneficial. Communication channel between the data owner/users and Cloud Servers are assumed to be secured under existing security protocols such as SSL. Users would try to access files either within or outside the scope of their access privileges. To achieve this goal, unauthorized users may work independently or cooperatively. In addition, each party is pre-loaded with a public/private key pair and the public key can be easily obtained by other parties when necessary.
Page: 11
Ravi K
Design Goals Our main design goal is to help the data owner achieve fine-grained access control on files stored by Cloud Servers. Specifically, we want to enable the data owner to enforce a unique access structure on each user, which precisely designates the set of files that the user is allowed to access. We also want to prevent Cloud Servers from being able to learn both the data file contents and user access privilege information. In addition, the proposed scheme should be able to achieve security goals like user accountability and support basic operations such as user grant/revocation as a general one-to-many communication system would require. All these design goals should be achieved efficiently in the sense that the system is scalable.
C. Approach to Input Design The input design is the link between the information system and the user. It comprises the developing specification and procedures for data preparation and those steps are necessary to put transaction data in to a usable form for processing can be achieved by inspecting the computer to read data from a written or printed document or it can occur by having people keying the data directly into the system. The design of input focuses on controlling the amount of input required, controlling the errors, avoiding delay, avoiding extra steps and keeping the process simple. The input is designed in such a way so that it provides security and ease of use with retaining the privacy. Input Design considered the following things:
Page: 12
Ravi K
What data should be given as input? How the data should be arranged or coded? The dialog to guide the operating personnel in providing input. Methods for preparing input validations and steps to follow when error occur.
D. Objectives 1. Input Design is the process of converting a user-oriented description of the input into a computer-based system. This design is important to avoid errors in the data input process and show the correct direction to the management for getting correct information from the computerized system. 2. It is achieved by creating user-friendly screens for the data entry to handle large volume of data. The goal of designing input is to make data entry easier and to be free from errors. The data entry screen is designed in such a way that all the data manipulates can be performed. It also provides record viewing facilities. 3. When the data is entered it will check for its validity. Data can be entered with the help of screens. Appropriate messages are provided as when needed so that the user will not be in amazed at that moment. Thus the objective of input design is to create an input layout that is easy to follow.
Page: 13
Ravi K
E. Approach to Output Design A quality output is one, which meets the requirements of the end user and presents the information clearly. In any system results of processing are communicated to the users and to other system through outputs. In output design it is determined how the information is to be displaced for immediate need and also the hard copy output. It is the most important and direct source information to the user. Efficient and intelligent output design improves the systems relationship to help user decision-making. 1. Designing computer output should proceed in an organized, well thought out manner; the right output must be developed while ensuring that each output element is designed so that people will find the system can use easily and effectively. When analysis design computer output, they should Identify the specific output that is needed to meet the requirements. 2. Select methods for presenting information. 3. Create document, report, or other formats that contain information produced by the system. The output form of an information system should accomplish one or more of the following objectives.
Convey
information
about
past
activities,
current
status
or
projections of the future. Signal important events, opportunities, problems, or warnings. Trigger an action. Confirm an action.
Page: 14
Ravi K
1.3
Specific Requirements
3.1 Functional Requirements 3.1.1 Create Account 3.1.1.1 Introduction Creating an account page requires Login ID and password And sending an update email to authenticate registration. 3.1.1.2 Inputs User provides the information for creating an account in the UI 3.1.1.3 Processing User account information is stored in the database table. 3.1.1.4 Outputs Display screen to show slots for login and password. 3.1.2 Login Page 3.1.2.1 Introduction Login page has fields Login and password 3.1.2.2 Inputs Login ID and password from the user 3.1.2.3 Processing The Login ID and Password is compared with the stored data. 3.1.2.4 Outputs Authentication is successful, then match found - success information is displayed. 3.1.3 Upload Files 3.1.3.1 Introduction Upload the files from the client to the server. The files can be of any type. It has to be protected with encryption algorithm. 3.1.3.2 Inputs The User files to be protected. 3.1.3.3 Processing The files are encrypted using the public and private keys based upon the user authentication.
Page: 15
Ravi K
3.1.3.4 Outputs Files stored on the server and notification page after authentication Successful. 3.1.4 Search Files 3.1.4.1 Introduction 3.1.4.2 Inputs 3.1.4.3 Processing 3.1.4.4 Outputs 3.1.5 Generate Search Keys 3.1.5.1 Introduction 3.1.5.2 Inputs 3.1.5.3 Processing 3.1.5.4 Outputs 3.1.6 Maintain Search Keys 3.1.6.1 Introduction 3.1.6.2 Inputs 3.1.6.3 Processing 3.1.6.4 Outputs 3.1.7 Secure Files 3.1.7.1 Introduction 3.1.7.2 Inputs 3.1.7.3 Processing 3.1.7.4 Outputs 3.1.8 Display required data contents stored on the server 3.1.8.1 Introduction 3.1.8.2 Inputs 3.1.8.3 Processing 3.1.8.4 Outputs
1.3
Implementation
Page: 16
Ravi K
Implementation is the stage of the project when the theoretical design is turned out into a working system. Thus it can be considered to be the most critical stage in achieving a successful new system and in giving the user, confidence that the new system will work and be effective. The implementation stage involves careful planning, investigation of the existing system and its constraints on implementation, designing of methods to achieve changeover and evaluation of changeover methods. Module Description:
1) Key Policy Attribute-Based Encryption (KP-ABE):

KP-ABE is a public key cryptography primitive for one-to-many communications. In KP-ABE, data are associated with attributes for each of which a public key component is defined. User secret key is defined to reflect the access structure so that the user is able to decrypt a cipher text if and only if the data attributes satisfy his access structure. A KP-ABE scheme is composed of four algorithms which can be defined as follows: Setup Attributes Encryption Secret key generation Decryption
Setup Attributes:
This algorithm is used to set attributes for users. From these attributes public key and master key for each user can be determined. The attributes, public key and master key are denoted as
Page: 17
Ravi K
Attributes- U = {1, 2. . . N} Public key- PK = (Y, T1, T2, . . . , TN) Master key- MK = (y, t1, t2, . . . , tN)
Encryption:
This algorithm takes a message M, the public key PK, and a set of attribute I as input. It outputs the cipher text E with the following format: E = (I, E, {Ei}i ) Where E = MY, Ei = Ti.
Secret key generation:

This algorithm takes as input an access tree T, the master key MK, and the public key PK. It outputs a user secret key SK as follows. SK = {ski}
Decryption:
This algorithm takes as input the cipher text E encrypted under the attribute set U, the users secret key SK for access tree T, and the public key PK. Finally it output the message M if and only if U satisfies T.
2) Proxy Re-Encryption (PRE):

Proxy Re-Encryption (PRE) is a cryptographic primitive in which a semi-trusted proxy is able to convert a cipher text encrypted under Alices public key into another cipher text that can be opened by Bobs private key
Page: 18
Ravi K
without seeing the underlying plaintext. A PRE scheme allows the proxy, given the proxy re-encryption key rkab, to translate cipher texts under public key pk1 into cipher texts under public key pk2 and vise versa.
3) Lazy re-encryption:
The lazy re-encryption technique and allow Cloud Servers to aggregate computation tasks of multiple operations. The operations such as Update secret keys Update user attributes.
1.4
Implementation Details
The idea evaluation entails simulating cloud server on the machine
and access the data from multiple users and test the algorithm presented here as solution to the problem. The application must support various kinds of user. End-user of application, Cloud user and administrators. The use cases that we have to support in the applications are: 1. The user account must be setup in the application to upload and download files from the server. 2. Generate the keys for encryption and decryption of the files. 3. Maintain and manage secret keys. 4. Search for the files on server. 5. Display the data of the server. 6. Duplicate and send the data to the user. 7. Deny access to the data file with invalid user / hacker.
Page: 19
Ravi K
The details of the use cases are listed in the diagram below.
Create account
Login
Upload files User Data owner Search files
Generate secret key
Cloud server Maintain secret keys
Secure files
Displays required datas
Fig: Use case for data-access control for cloud computing.
Page: 20
Ravi K
Cloud server User
Data owner
Upload files
Create account Maintain file details Generate Keys
Search files Ask secret key Send secret key Send required files Send duplicate datas
If secret key does not matches
If secret key matches
Fig: Sequence diagram for data-access control for cloud computing.
Page: 21
Ravi K
5. Data Design 5.1 Data Objects or Data Structures
U p lo a d file s F ile id F ile n a m e u p lo a d e d d a te d o w n lo a d e d d a t e s e n d t o c lo u d ( ) v ie w file d e t a ils ( )
U se r account N am e U serna m e P a s s w o rd D a t e o fb i r th A d d re s s C o n ta c t n u m b e r E m a il id c r e a te a c c o u n t ( ) g e n e r a t e k e y s ()
S e a r c h file s F ile id F ile n a m e U s e r d a ta d o w n lo a d f ile s ( ) s h o w d u p lic a t e s ( ) S e c u re U s e r d a ta U s e r id E n c r y p te d d a t a D e c r y p te d d a t a p u b li c k e y p r iv a te k e y e n c r y p t io n () d e c r y p t io n ()

Figure: Class diagram of the cloud server.
5.2 Files and Database Structures 5.2.1 Logical File Structure 5.2.2 Logical Record Description 5.2.3 Access Methods 5.3 Global Data
Page: 22
Ravi K
6. Procedural Design For each major module or component 6.1 Module Name 6.2 Processing Narrative 6.3 Algorithm Description
Page: 23
Ravi K
L o g in
O w n er
C h eck
U se r
O p e n f ile
E x is t s
yes
no
C re a te a c c o u n t U p l o a d f ile s t o c lo u d s e r v e r
E n te r d a ta to s e a rc h M a in t a in a n c e o f f ile s a n d u s e r s
E n c r y p t a n d d e c r y p t th e d a t a
E nd
S e n d t o c lo u d s e rv e r
yes
If f il e s e x is t s fo r d a t a
no
L i s t o u t th e f ile s
D is p la y s n o d a t a s in s e r v e r
E n d
O p e n t h e r e q u ire d f ile
E n te r s e c r e t k e y
C h eck
C o rr e c t
W ro n g
D is p la y s d u p lic a t e d a ta
D is p la y s o ri g in a l f ile
Figure: Data Flow Diagram of the project
Page: 24
Ravi K
6.4 Modules Used 6.5 Comments/Restrictions/Limitations
Page: 25
Ravi K
L o g in
C h eck
O w n er
U se r N o
U p l o a d file s
E x is ts
Y es
C re a te a c c o u n t
M a in t a in f i le s a n d u s e r d e t a il s
S en d d ata to c lo u d s e rv e r
E n te r s e c re t k e y
C h eck
A
D o w n lo a d o r ig in a l f i le s
R e c e i v e d u p l ic a t e d a ta
Figure: Activity Diagram
Page: 26
Ravi K
2.0

Details of the work done

Research and Understanding the concept behind cloud computing. Technology training to acquire the skill to execute the project. The
project concept is evaluated using the Microsoft technologies - .Net, C#.Net, ASP.Net
Implement basic use cases. The use cases mentioned above must be implemented in the project. The contribution towards implementation thus far: The user account creation with encryption key generation for every user.
o o o
Generation of public key and private key is completed. Secret Key management and sharing with the user. Creation of user kinds of users in the system like End users, Administrators.
o machine.
Implementation Cloud server (database server) on the local
3.0

Details of the proposed work

Implementation of file storage and database management. Implementation of file upload and encryption of the file with the user key.
Page: 27
Ravi K
Implementation of searching for the files uploaded by user and present them to user based upon user credentials. File exchange with user/ download/ duplicate the files from the server. Depending upon user credentials. Testing all the features and improve these functionalities.
7. Interface Design
7.1 User-machine Interfaces UI Screen: Login Page
Page: 28
Ravi K
UI Screen: Admin
Page: 29
Ravi K
Page: 30
Ravi K
UI Screen: New User File
Page: 31
Ravi K
Page: 32
Ravi K
UI Screen: User File Management:
Page: 33
Ravi K
UI Screen: File Management:
Page: 34
Ravi K
Page: 35
Ravi K
UI Screen: User File:
Page: 36
Ravi K
8. Test Provision 8.1 Test Guidelines 8.2 Module Testing Unit Testing: Unit testing is usually conducted as part of a combined code and unit test phase of the software lifecycle, although it is not uncommon for coding and unit testing to be conducted as two distinct phases. Test strategy and approach Field testing will be performed manually and functional tests will be written in detail. Test objectives All field entries must work properly. Pages must be activated from the identified link. The entry screen, messages and responses must not be delayed. Features to be tested Verify that the entries are of the correct format No duplicate entries should be allowed All links should take the user to the correct page.
Page: 37
Ravi K
6.2 Integration Testing Software integration testing is the incremental integration testing of two or more integrated software components on a single platform to produce failures caused by interface defects. The task of the integration test is to check that components or software applications, e.g. components in a software system or one step up software applications at the company level interact without error. Test Results: All the test cases mentioned above passed successfully. No defects encountered. 6.3 Acceptance Testing User Acceptance Testing is a critical phase of any project and requires significant participation by the end user. It also ensures that the system meets the functional requirements. Test Results: All the test cases mentioned above passed successfully. No defects encountered.
For each major module of component 8.2.1 Module Name 8.2.2 Test Case 8.3 Integration Strategy
Page: 38
Ravi K
Conclusion and scope for future work.

This project aims at fine-grained data access control in cloud computing. One challenge in this context is to achieve fine grained ness,
Page: 39
Ravi K
data confidentiality, and scalability simultaneously, which is not provided by current work. In this paper we propose a scheme to achieve this goal by exploiting KPABE and uniquely combining it with techniques of proxy reencryption and lazy re-encryption. Moreover, our proposed scheme can enable the data owner to delegate most of computation overhead to powerful cloud servers. Confidentiality of user access privilege and user secret key accountability can be achieved. Formal security proofs show that our proposed scheme is secure under standard cryptographic models.
4.0
1. 2.
Bibliography
[Matthew MacDonald 2002] Matthew MacDonald, User Interfaces in [Jeffrey Richter 2002] Jeffrey Richter, Applied Microsoft .NET
C#: Windows Forms and Custom Controls Framework Programming (Pro-Developer).
Page: 40
Ravi K
3. 4. 5. 6.
[Patrick Smacchia 2006] Patrick Smacchia, Practical .Net2 and C#2: [Behrouz A Forouzan 2003] Behrouz A Forouzan , Data [James F. Kurose, 2010] James F. Kurose , Computer Networking: A [Abraham Silberschatz 06] Abraham Silberschatz, Operating System
Harness the Platform, the Language, and the Framework Communications and Networking Top-Down Approach. Concepts.
7. [M. Armbrust 2009 ], M. Armbrust, A. Fox, R. Griffith, A. D. Joseph,

R. H. Katz, A. Konwinski, G. Lee, D. A. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, Above the clouds: A berkeley view of cloud computing, University of California, Berkeley, Tech. Rep. USBEECS-2009-28, Feb 2009. 8. Amazon Web Services (AWS), Online at http://aws. amazon.com.
9.
Google App Engine, Online at http://code.google.com/appengine/.
10. Microsoft Azure, http://www.microsoft.com/azure/. 11. 104th United States Congress, Health Insurance Portability and
Accountability Act of 1996 (HIPPA), Online at http://aspe.hhs.gov/ admnsimp/pl104191.htm, 1996.
12. [H. Harney, 2001] H. Harney, A. Colgrove, and P. D. McDaniel,

Principles of policy in secure groups, in Proc. of NDSS01, 2001.
13. [P. D. McDaniel, 2002] P. D. McDaniel and A. Prakash, Methods

and limitations of security policy reconciliation, in Proc. of SP02, 2002
14. 15.
[T. Yu 2003] T. Yu and M. Winslett, A unified scheme for resource protection in automated trust negotiation, in Proc. of SP03, 2003. [J. Li 2005] J. Li, N. Li, and W. H. Winsborough, Automated trust negotiation using cryptographic credentials, in Proc. of CCS05, 2005.
Page: 41
Ravi K
16.
[J. Anderson 1972] J. Anderson, Computer Security Technology Planning Study, Air Force Electronic Systems Division, Report ESDTR-73-51, 1972, http: //seclab.cs.ucdavis.edu/projects/history/.
17.
[M. Kallahalla] M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu
18. Scalable secure file sharing on untrusted storage, in Proc. of

FAST03, 2003.
19. [E. 2003 Goh] E. Goh, H. Shacham, N. Modadugu, and D. Boneh,

Sirius: Securing remote untrusted storage, in Proc. of NDSS03, 2003.
20. [ G. Ateniese 2005] G. Ateniese, K. Fu, M. Green, and S.

Hohenberger, Improved proxy re-encryption schemes with applications to secure distributed storage, in Proc. of NDSS05, 2005 Websites referred:
1.
http://www.sourcefordgde.com 2. http://www.networkcomputing.com/ 3. http://www.ieee.org 4. http://www.almaden.ibm.com/software/quest/Resources/ 5. http://www.computer.org/publications/dlib 6. http://www.ceur-ws.org/Vol-90/
7.
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
12. Literature Survey

Literature survey is the most important step in software development process. Before developing the tool it is necessary to determine the time factor, economy n company strength. Once these things are satisfied, then next steps is to determine
Page: 42
Ravi K
which operating system and language can be used for developing the tool. Once the programmers start building the tool the programmers need lot of external support. This support can be obtained from senior programmers, from book or from websites. Before building the system the above consideration are taken into account for developing the proposed system. Cloud Computing: Cloud computing providing unlimited infrastructure to store and execute customer data and program. As customers you do not need to own the infrastructure, they are merely accessing or renting; they can forego capital expenditure and consume resources as a service, paying instead for what they use. Benefits of Cloud Computing: Minimized Capital expenditure Location and Device independence Utilization and efficiency improvement Very high Scalability High Computing power
Security a major Concern: Security concerns arising because both customer data and program are Security is always a major concern in Open System Architectures residing in Provider Premises.
Data centre Security? Professional Security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means.
Page: 43
Ravi K
When an employee no longer has a business need to access datacenter All physical and electronic access to data centers by employees should be Audit tools so that users can easily determine how their data is stored,
his privileges to access datacenter should be immediately revoked. logged and audited routinely. protected, used, and verify policy enforcement. Data Location: When user uses the cloud, user probably won't know exactly where your Data should be stored and processed only in specific jurisdictions as define Provider should also make a contractual commitment to obey local privacy Data-centered policies that are generated when a user provides personal data is hosted, what country it will be stored in? by user. requirements on behalf of their customers, or sensitive information, that travels with that information throughout its lifetime to ensure that the information is used only in accordance with the policy Backups of Data: Data store in database of provider should be redundantly store in multiple Data that is generated during running of program on instances is all Control of Administrator on Databases. physical locations. customer data and therefore provider should not perform backups.
Data Sanitization: device. Sanitization is the process of removing sensitive information from a storage
Page: 44
Ravi K
What happens to data stored in a cloud computing environment once it has What data sanitization practices does the cloud computing service provider
passed its users use by date propose to implement for redundant and retiring data storage devices as and when these devices are retired or taken out of service. Network Security: Denial of Service: where servers and networks are brought down by a huge amount of network traffic and users are denied the access to a certain Internet based service. Like DNS Hacking, Routing Table Poisoning, XDoS attacks QoS Violation: through congestion, delaying or dropping packets, or Man in the Middle Attack: To overcome it always use SSL IP Spoofing: Spoofing is the creation of TCP/IP packets using somebody Solution: Infrastructure will not permit an instance to send traffic with a
through resource hacking.
else's IP address. source IP or MAC address other than its own. How secure is encryption Scheme: Is it possible for all of my data to be fully encrypted? What algorithms are used? Who holds, maintains and issues the keys? Problem: Encryption accidents can make data totally unusable. Encryption can complicate availability Solution The cloud provider should provide evidence that encryption schemes were
designed and tested by experienced specialists.
Information Security:
Page: 45
Ravi K
Security related to the information exchanged between different hosts or This issues pertaining to secure communication, authentication, and issues Secure communication issues include those security concerns that arise These include confidentiality and integrity issues. Confidentiality indicates
between hosts and users. concerning single sign on and delegation. during the communication between two entities. that all data sent by users should be accessible to only legitimate receivers, and integrity indicates that all data received should only be sent/modified by legitimate senders. Solution: public key encryption, X.509 certificates, and the Secure Sockets Layer (SSL) enables secure authentication and communication over computer networks.
Page: 46

Cloud - Final Term-Report

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cloud - Final Term-Report

Uploaded by

Copyright:

Available Formats

Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing

Core technical area in the project Project area 20 20 21

Details of the work done Details of the proposed work Bibliography

i. Utility Computing- The combination of computing resources as a

ii. Scalability- The ability of a computing system to grow relatively

iii. Elasticity- The ability of a system to dynamically acquire or

v. Deployment- Placing your software application into a technology

vi. Software Application- An arrangement of programming code

vii. Technology Stack- The Hardware and Software layers underlying a

1.2.1 System Analysis

1.2.3 General Description 1.1 Product Functions

1.3 General Constraints

1.4 Models and Assumptions

1) Key Policy Attribute-Based Encryption (KP-ABE):

Secret key generation:

2) Proxy Re-Encryption (PRE):

Upload files User Data owner Search files

Generate secret key

Cloud server Maintain secret keys

Displays required datas

Fig: Use case for data-access control for cloud computing.

Cloud server User

Create account Maintain file details Generate Keys

If secret key does not matches

If secret key matches

Fig: Sequence diagram for data-access control for cloud computing.

5. Data Design 5.1 Data Objects or Data Structures

U p lo a d file s F ile id F ile n a m e u p lo a d e d d a te d o w n lo a d e d d a t e s e n d t o c lo u d ( ) v ie w file d e t a ils ( )

S e a r c h file s F ile id F ile n a m e U s e r d a ta d o w n lo a d f ile s ( ) s h o w d u p lic a t e s ( ) S e c u re U s e r d a ta U s e r id E n c r y p te d d a t a D e c r y p te d d a t a p u b li c k e y p r iv a te k e y e n c r y p t io n () d e c r y p t io n ()

Figure: Data Flow Diagram of the project

6.4 Modules Used 6.5 Comments/Restrictions/Limitations

Figure: Activity Diagram

Details of the work done

Implementation Cloud server (database server) on the local

Details of the proposed work

UI Screen: New User File

UI Screen: User File Management:

UI Screen: File Management:

UI Screen: User File:

Conclusion and scope for future work.

C#: Windows Forms and Custom Controls Framework Programming (Pro-Developer).

7. [M. Armbrust 2009 ], M. Armbrust, A. Fox, R. Griffith, A. D. Joseph,

Google App Engine, Online at http://code.google.com/appengine/.

12. [H. Harney, 2001] H. Harney, A. Colgrove, and P. D. McDaniel,

13. [P. D. McDaniel, 2002] P. D. McDaniel and A. Prakash, Methods

[M. Kallahalla] M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu

18. Scalable secure file sharing on untrusted storage, in Proc. of

19. [E. 2003 Goh] E. Goh, H. Shacham, N. Modadugu, and D. Boneh,

20. [ G. Ateniese 2005] G. Ateniese, K. Fu, M. Green, and S.

http://www.sourcefordgde.com 2. http://www.networkcomputing.com/ 3. http://www.ieee.org 4. http://www.almaden.ibm.com/software/quest/Resources/ 5. http://www.computer.org/publications/dlib 6. http://www.ceur-ws.org/Vol-90/

12. Literature Survey

through resource hacking.

designed and tested by experienced specialists.

You might also like