You are on page 1of 86

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

1.1

SYNOPSIS

This project is entitled Cloud Documents Security Using Interactive ZeroKnowledge Proof Prevent using Asp .Net as Front end and SQL Server as back end. Cloud-based outsourced storage relieves the clients burden for storage management and maintenance by providing a comparably low-cost, scalable, location-independent platform. However, the fact that clients no longer have physical possession of data indicates that they are facing a potentially formidable risk for missing or corrupted data. To avoid the security risks, audit services are critical to ensure the integrity and availability of outsourced data and to achieve digital forensics and credibility on cloud computing. Provable data possession (PDP), which is a cryptographic technique for verifying the integrity of data without retrieving it at an untrusted server, can be used to realize audit services. In this project, profiting from the interactive zero-knowledge proof system, we address the construction of an interactive PDP protocol to prevent the fraudulence of prover (soundness property) and the leakage of verified data (zero-knowledge property). We prove that our construction holds these properties based on the computation DiffieHellman assumption and the rewind able black-box knowledge extractor. We also propose an efficient mechanism with respect to probabilistic queries and periodic verification to reduce the audit costs per verification and implement abnormal detection timely. In addition, we present an efficient method for selecting an optimal parameter value to minimize computational overheads of cloud audit services. Our experimental results demonstrate the effectiveness of our approach.

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

2.1 SYSTEM CONFIGURATION

SOFTWARE CONFIGURATION Operating System Environment .Net Framework Language Web Technology Web Server Back End : : : : : : : Windows XP Professional/7 Visual Studio .Net 2008 Version 3.5 C# Active Server Pages.Net (Asp .Net) Internet information Server 5.0 SQL Server 2005

HARDWARE CONFIGURATION

Processor RAM Monitor size Hard Disk Extra Device Keyboard Mouse

: : : : : : :

Pentium IV 512MB 17SVGA 80 GB CD-ROM 52x 104 standards Keyboard Optical

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

2.2 ABOUT WINDOWS XP


Windows XP is an operating system that was produced by Microsoft for use on personal computers, including home and business desktops, laptops, and media centers. It was first released in August 2001, and is the most popular version of Windows, based on installed user base. The name "XP" is short for "eXPerience." Windows XP was the successor to both Windows 2000 and was the first consumeroriented operating system produced by Microsoft to be built on the end. Windows XP was released for retail sale on October 25, 2001, and over 400 million copies were in use in January 2006, according to an estimate in that month by an analyst. It was succeeded by, which was released to volume license customers on November 8, 2006 and worldwide to the general public on January 30, 2007. Direct and retail sales of Windows XP ceased on June 30, 2008. Microsoft continued to sell Windows XP through their System Builders (smaller OEMs who sell assembled computers) program until January 31, 2009. XP may continue to be available as these sources run through their inventory or by purchasing Windows 7 Ultimate, Windows 7 Pro, Windows Vista Ultimate or Windows Vista Business, and then to Windows XP. The most common editions of the operating system were Windows XP Home Edition, which was targeted at home users, and Windows XP Professional, which offered additional features such as support for, and was targeted at, business and enterprise clients has additional multimedia features enhancing the ability to record and watch TV shows, view DVD movies, and listen to music. Was designed to run stylus applications built using the platform. Windows XP was eventually released for two additional architectures, for processors. There is also, a component version of the Windows XP Professional, and editions for specific markets such as Windows XP Starter Edition. The basic versions of Windows, which are programmed in, and, are known for their improved stability and efficiency over the versions. Windows XP presented a significantly redesigned, a change Microsoft promoted as more userfriendly than previous versions of Windows.

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent A new software management facility was introduced to ameliorate that plagues 9x versions of Windows. It is also the first version of Windows to use to combat. Windows XP had also been criticized by some users for security vulnerabilities, tight integration of applications such as, and for aspects of its default user interface. Later versions with, and addressed some of these concerns. According to data generated by as of December 2010, Windows XP is the most widely used operating system for accessing the Internet in the world with a 47.2% market share, having peaked at 76.1% in January 2007

EDITIONS
The two major editions are Windows XP Home Edition, designed for home users, and Windows XP Professional, designed for business and power-users. XP Professional contains advanced features that the average home user would not use. However, these features are not necessarily missing from XP Home. They are simply disabled, but are there and can become functional. These releases were made available at retail outlets that sell computer software and were preinstalled on computers sold by major computer manufacturers. As of mid-2008, both editions continue to be sold. A third edition, called Windows XP Media Center Edition was introduced in 2002 and was updated every year until 2006 to incorporate new digital media, broadcast television and capabilities. Unlike the Home and Professional edition, it was never made available for retail purchase, and was typically either sold through channels, or was preinstalled on computers that were typically marketed as "media center PCs". Two different editions were made available, one designed specifically for Itanium-based workstations, which was introduced in 2001 around the same time as the Home and Professional editions, but was discontinued a few years later when vendors of Itanium hardware stopped selling workstation-class machines due to low sales. The other, called Windows XP Professional x64 Edition supports the x86-64 extension. x86-64 was implemented first by AMD as "AMD64", found in AMD's and chips, and later implemented by Intel as (formerly known as IA-32e and EM64T), found in Intel's and later chips.

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent Tablet PC Edition was produced for a class of specially designed notebook/laptop computers called. It is compatible with a pen-sensitive screen, supporting handwritten notes and portrait-oriented screens. Microsoft also released an edition for specific consumer electronics, kiosks, medical devices, arcade video games, point-of-sale terminals, and Voice over Internet Protocol components. In July 2006, Microsoft released a version of Windows XP Embedded which targets older machines (as early as the original Pentium). It is only available to customers. It is intended for corporate customers who would like to upgrade to Windows XP to take advantage of its security and management capabilities, but can't afford to purchase new hardware.

EDITIONS FOR SPECIFIC MARKETS


It is similar to Windows XP Home, but is limited to low-end hardware, can only run 3 programs at a time, and has some other features either removed or disabled by default. Each country's edition is also customized for that country, including desktop backgrounds of popular locations, help features for those who may not speak English, and other default settings designed for easier use than typical Windows XP installations. The Malaysian version, for example, contains a desktop background of the skyline. In March 2004, the fined Microsoft 497 million (US$603 million) and ordered the company to provide a version of Windows without. The Commission concluded that Microsoft "broke competition law by leveraging its near in the market for PC operating systems onto the markets for work group operating systems and for media players". After unsuccessful appeals in 2004 and 2005, Microsoft reached an agreement with the Commission where it would release a courtcompliant version, Windows XP Edition. This version does not include the company's Windows Media Player but instead encourages users to pick and download their own media player. Microsoft wanted to call this version Reduced Media Edition, but EU regulators objected and suggested the Edition N name, with the signifying "not with Media Player" for both Home and Professional editions of Windows XP.

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

LANGUAGES
Windows XP was available in many languages. In addition, packs and translating the user interface were also available for certain languages. ATMs and Vendors (ATM) vendors, and have all adopted Microsoft Windows XP as their migration path from. Wincor Nixdorf, who has been pushing for standardization for many years, began shipping ATMs with Windows when they first arrived on the scene. Diebold initially shipped XP Home Edition exclusively, but, following extensive pressure from customer banks to support a common operating system, switched to support XP Professional to match their primary competitor, NCR Corporation and Wincor Nixdorf. Vending machines run a modified version of XP designed for the full screen of the Vending Touch screen and the DVD vending itself.

SERVICE PACKS
Microsoft occasionally releases for its Windows operating systems to fix problems and add features. Each service pack is a superset of all previous service packs and patches so that only the latest service pack needs to be installed, and also includes new revisions. However if it is still have the earliest version of Windows XP on Retail CD (without any service packs included), it will need to install SP1a or SP2, before SP3 can be installed. Older service packs need not be manually removed before application of the most recent one. Windows Update "normally" takes care of automatically removing unnecessary files. The service pack details below only apply to the 32-bit editions. Windows XP Professional x64 Edition was based on Service Pack 1 and claimed to be "SP1" in system properties from the initial release. It is updated by the same service packs and hot fixes as the x64 edition of Windows Server 2003.

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

2.3 DBMS AND RDBMS


DBMS (DATABASE MANAGEMENT SYSTEM)
Database management system is the means of controlling databases either in the hard disk in a desktop system or on a network. Database management system is used for creating database, maintained database and provides the means of using the database. DBMS doesnt consider relationship between the tables. Instead it will take the approach of manual navigation. This has led to severe performance problems when dealing with complex and high amount of data. DBMS has several components. Some of the major components are external interface, database language engine, query optimizer, database engine, storage engine, DBMS management component, etc.. External Interface is used to communicate with the DBMS as well as the databases. A Database Management System (DBMS) is a set of that controls the creation,

maintenance. It allows organizations to place control of database development in the hands of (DBA) and other specialists. A DBMS is a system software package that helps the use of integrated collection of data records and files known as databases. It allows different user application programs to easily access the same database. DBMS may use any of a variety of the large systems, a DBMS allows users and other software to store and retrieve data in a way. Instead of having to write computer programs to extract information, user can ask simple questions. Thus, many DBMS packages provide (4GLs) and other application development

features. It helps to specify the logical organization for a database and access and use the information within a database. It provides facilities for controlling, enforcing, managing concurrency, and restoring the database from backups. A DBMS also provides the ability to logically present database information to users. A DBMS is a set of that controls the,

management. DBMS are categorized according to their data structures or types. The DBMS accepts requests for data from an application program and instructs to the transfer the appropriate data. The responses must be submitted and received according to a format that conforms to one or more applicable protocols.

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

DBMS RULES
FOUNDATION RULE A relational database management system must manage its stored data using only its relational capabilities. INFORMATION RULE All information in the database should be represented in one and only one way - as values in a table. GUARANTEED ACCESS RULE Each and every datum (atomic value) is guaranteed to be logically accessible by resorting to a combination of table name, primary key value and column name. SYSTEMATIC TREATMENT OF NULL VALUES Null values (distinct from empty character string or a string of blank characters and distinct from zero or any other number) are supported in the fully relational DBMS for representing missing information in a systematic way, independent of data type. DYNAMIC ON-LINE CATALOG BASED ON THE RELATIONAL MODEL The database description is represented at the logical level in the same way as ordinary data, so authorized users can apply the same relational language to its interrogation as they apply to regular data. COMPREHENSIVE DATA SUBLANGUAGE RULE A relational system may support several languages and various modes of terminal use. However, there must be at least one language whose statements are expressible, per some welldefined syntax, as character strings and whose ability to support all of the following is comprehensible: data definition
8

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent view definition data manipulation (interactive and by program) integrity constraints authorization Transaction boundaries (begin, commit, and rollback).

VIEW UPDATING RULE All views that are theoretically updateable are also updateable by the system. HIGH-LEVEL INSERT, UPDATE, AND DELETE The capability neither of handling a base relation or a derived relation as a single operand applies nor only to the retrieval of data but also to the insertion, update, and deletion of data. PHYSICAL DATA INDEPENDENCE Application programs and terminal activities remain logically unimpaired whenever any changes are made in either storage representation or access methods.

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

RDBMS (RELATIONAL DATABASE MANAGEMENT SYSTEM)


RDBMS is the abbreviated form of Relational DataBase Management System. Relational database management system was introduced in 1970s. RDBMS avoided the navigation model as in old DBMS and introduced Relational model. The relational model has relationship between tables using primary keys, foreign keys and indexes. Thus the fetching and storing of data become faster than the old Navigational model. So RDBMS widely used by the enterprises for storing complex and large amount of data. During 1970s RDBMS or Relational database management system came into existence.

A Relational DataBase Management System (RDBMS) is software that: Enables you to implement a database with tables, columns, and indexes. Guarantee the Referential Integrity between rows of various tables. Update the indexes automatically. Interprets an SQL query and combines information from various tables.

RDBMS TERMINOLOGY
Database: A database is a collection of tables, with related data. Table: A table is a matrix with data. A table in a database looks like a simple spreadsheet. Column: One column (data element) contains data of one and the same kind, for example the column postcode. Row: A row (= tuple, entry or record) is a group of related data, for example the data of one subscription. Redundancy: Storing data twice, redundantly to make the system faster. Primary Key: A primary key is unique. A key value cannot occur twice in one table. With a key you can find at most one row. Foreign Key: A foreign key is the linking pin between two tables. Compound Key: A compound key (composite key) is a key that consists of multiple columns, because one column is not sufficiently unique.

10

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

2.4 ABOUT ASP.NET


INTRODUCTION OF VISUAL STUDIO
In 2002, Visual Studio took the biggest leap in innovation since it was released, with the introduction of Visual Basic .NET (as it was renamed). After more than a decade, Visual Basic was overdue for a major overhaul. But .NET goes beyond an overhaul. It changes almost every aspect of software development. From integrating Internet functionality to creating objectoriented frameworks, Visual Basic .NET challenged traditional VB developers to learn dramatic new concepts and techniques. 2005 brings us an enhanced Visual Basic language (renamed this time Visual Basic 2005). New features have been added that cement this languages position as a true object-oriented language. With Visual Basic 2005, it is still going to be a challenge for the traditional VB6 developers to learn, but it is an easy road and books like this are here to help IT on your path. First, its necessary to learn the differences between Visual Basic 2005 and the older versions. In some cases, the same functionality is implemented in a different way. This was not done arbitrarilythere are good reasons for the changes. But it must be prepared to unlearn old habits and form new ones. Next, it must be open to the new concepts. Full object orientation, new component techniques, new visual tools for both local and Internet interfacesall of these and more must become part of its skill.

AN OVERVIEW OF THE .NET FRAMEWORK


.NET is a framework that covers all the layers of software development above the operating system level. It provides the richest level of integration among presentation technologies, component Technologies and data technologies ever seen on a Microsoft, or perhaps any, platform. Second, the entire architecture has been created to make it as easy to develop Internet applications as it is to develop for the desktop. The .NET Framework actually wraps the operating system, insulating software developed with .NET from most operating system specifics such as file handling and memory allocation. This prepares for a possible future in which the software developed for .NET is portable to a wide variety of hardware and operating system foundations.
11

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent VS.NET supports Windows 2003, Windows XP, and all versions of Windows 2000. Programs created for .NET can also run under Windows NT, Windows 98, and Windows Me, though VS.NET does not run on these systems. Note that in some cases certain service packs are required to run .NET. The framework starts all the way down at the memory management and component loading level and goes all the way up to multiple ways of rendering user and program interfaces. In between, there are layers that provide just about any system-level capability that a developer would need.

THE .NET FRAMEWORK


The .NET Framework is a new computing platform that simplifies application development in the highly distributed environment of the Internet.

OBJECTIVES OF .NET FRAMEWORK


1. To provide a consistent object-oriented programming environment whether object codes is stored and executed locally on Internet-distributed, or executed remotely. 2. To provide a code-execution environment to minimizes software deployment and guarantees safe execution of code. 3. Eliminates the performance problems. There are different types of application, such as Windows-based applications and Webbased applications. To make communication on distributed environment to ensure that code be accessed by the .NET Framework can integrate with any other code.

THE COMMON LANGUAGE RUNTIME (CLR)


The common language runtime is the foundation of the .NET Framework. It manages code at execution time, providing important services such as memory management, thread management, and removing and also ensures more security and robustness. The concept of code management is a fundamental principle of the runtime. Code that targets the runtime is known as managed code, while code that does not target the runtime is known as unmanaged code.

12

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

THE .NET FRAME WORK CLASS LIBRARY


It is a comprehensive, object-oriented collection of reusable types used to develop applications ranging from traditional command-line or graphical user interface (GUI) applications to applications based on the latest innovations provided by ASP.NET, such as Web Forms and XML Web services. The .NET Framework can be hosted by unmanaged components that load the common language runtime into their processes and initiate the execution of managed code, thereby creating a software environment that can exploit both managed and unmanaged features. The .NET Framework not only provides several runtime hosts, but also supports the development of third-party runtime hosts. Internet Explorer is an example of an unmanaged application that hosts the runtime (in the form of a MIME type extension). Using Internet Explorer to host the runtime to enables embeds managed components or Windows Forms controls in HTML documents.

FEATURES OF THE COMMON LANGUAGE RUNTIME


The common language runtime manages memory; thread execution, code execution, code safety verification, compilation, and other system services these are all run on CLR. Security. Robustness. Productivity. Performance.

SECURITY
The runtime enforces code access security. The security features of the runtime thus enable legitimate Internet-deployed software to be exceptionally featuring rich. With regards to security, managed components are awarded varying degrees of trust, depending on a number of factors that include their origin to perform file-access operations, registry-access operations, or other sensitive functions.

13

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

ROBUSTNESS
The runtime also enforces code robustness by implementing a strict type- and codeverification infrastructure called the common type system (CTS). The CTS ensures that all managed code is self-describing. The managed environment of the runtime eliminates many common software issues.

PRODUCTIVITY
The runtime also accelerates developer productivity. For example, programmers can write applications in their development language of choice, yet take full advantage of the runtime, the class library, and components written in other languages by other developers.

PERFORMANCE
The runtime is designed to enhance performance. Although the common language runtime provides many standard runtime services, managed code is never interpreted. A feature called just-in-time (JIT) compiling enables all managed code to run in the native machine language of the system on which it is executing. Finally, the runtime can be hosted by highperformance, server-side applications, such as Microsoft SQL Server and Internet Information Services (IIS)

DATA ACCESS WITH ADO.NET


When developing applications using ADO.NET, it will have different requirements for working with data. It might never need to directly edit an XML file containing data - but it is very useful to understand the data architecture in ADO.NET. ADO.NET offers several advantages over previous versions of ADO: Interoperability Maintainability Programmability Performance Scalability

14

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

INTEROPERABILITY
ADO.NET applications can take advantage of the flexibility and broad acceptance of XML. Because XML is the format for transmitting datasets across the network, any component that can read the XML format can process data. The receiving component need not be an ADO.NET component.

MAINTAINABILITY
In the life of a deployed system, modest changes are possible, but substantial, Architectural changes are rarely attempted because they are so difficult. As the performance load on a deployed application server grows, system resources can become scarce and response time or throughput can suffer.

PERFORMANCE
ADO.NET datasets offer performance advantages over ADO disconnected record sets. In ADO.NET data-type conversion is not necessary.

SCALABILITY
ADO.NET accommodates scalability by encouraging programmers to conserve limited resources. Any ADO.NET application employs disconnected access to data; it does not retain database locks or active database connections for long durations.

VISUAL STUDIO .NET


Visual Studio .NET is a complete set of development tools for building ASP Web applications, XML Web services, desktop applications, and mobile applications In addition to building high-performing desktop applications, it can use Visual Studio's powerful componentbased development tools and other technologies to simplify team-based design, development, and deployment of Enterprise solutions. Visual Basic .NET, Visual C++ .NET, and Visual C# .NET all use the same integrated development environment (IDE), which allows them to share tools and facilitates in the creation of mixed-language solutions. In addition, these

15

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent languages leverage the functionality of the .NET Framework and simplify the development of ASP Web applications and XML Web services. Visual Studio supports the .NET Framework, which provides a common language runtime and unified programming classes; ASP.NET uses these components to create ASP Web applications and XML Web services. Also it includes MSDN Library, which contains all the documentation for these development tools. XML WEB SERVICES XML Web services are applications that can receive the requested data using XML over HTTP. XML Web services are not tied to a particular component technology or object-calling convention but it can be accessed by any language, component model, or operating system. In Visual Studio .NET, it can quickly create and include XML Web services using Visual Basic, Visual C#, JScript, Managed Extensions for C++, or ATL Server.

COMMON LANGUAGE SPECIFICATION (CLS)


Visual Basic.NET is also compliant with CLS (Common Language Specification) and supports structured exception handling. CLS is set of rules and constructs that are supported by the CLR (Common Language Runtime). CLR is the runtime environment provided by the .NET Framework; it manages the execution of the code and also makes the development process easier by providing services.

ADO.NET OVERVIEW
ADO.NET is an evolution of the ADO data access model that directly addresses user requirements for developing scalable applications. It was designed specifically for the web with scalability, statelessness, and XML in mind.

ADO.NET uses some ADO objects, such as the Connection and Command objects, and also introduces new objects. Key new ADO.NET objects include the DataSet, DataReader, and

DATA ADAPTER
The important distinction between this evolved stage of ADO.NET and previous data architectures is that there exists an object -- the DataSet -- that is separate and distinct from any

16

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent data stores. Because of that, the DataSet functions as a standalone entity. The DataSet as an always disconnected recordset that knows nothing about the source or destination of the data it contains. Inside a DataSet, much like in a database, there are tables, columns, relationships, constraints, views, and so forth.

A Data Adapter is the object that connects to the database to fill the DataSet. Then, it connects back to the database to update the data there, based on operations performed while the DataSet held the data. In the past, data processing has been primarily connection-based. Now, in an effort to make multi-tiered apps more efficient, data processing is turning to a message-based approach that revolves around chunks of information. At the center of this approach is the Data Adapter, which provides a bridge to retrieve and save data between a DataSet and its source data store. It accomplishes this by means of requests to the appropriate SQL commands made against the data store.

The following sections will introduce some objects that have evolved, and some that are new. These objects are:

Connections. For connection to and managing transactions against a database. Commands. For issuing SQL commands against a database. Data Readers. For reading a forward-only stream of data records from a SQL Server data source.

DataSets. For storing, Remoting and programming against flat data, XML data and relational data.

Data Adapters. For pushing data into a DataSet, and reconciling data against a database.

Connections: Connections are used to 'talk to' databases, and are represented by provider-specific classes such as SqlConnection. Commands travel over connections and resultsets are returned in the form of streams which can be read by a Data Reader object, or pushed into a DataSet object.
17

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent Commands: Commands contain the information that is submitted to a database, and are represented by provider-specific classes such as SqlCommand. A command can be a stored procedure call, an UPDATE statement, or a statement that returns results. It can also use input and output parameters, and return values as part of your command syntax. The example below shows how to issue an INSERT statement against the Northwind database. Data Readers:

The Data Reader object is somewhat synonymous with a read-only/forward-only cursor over data. The Data Reader API supports flat as well as hierarchical data. A DataReader object is returned after executing a command against a database. The format of the returned Data Reader object is different from a recordset. For example, the use of DataReader is to show the results of a search list in a web page.

DATASETS AND DATA ADAPTERS


DataSets The DataSet object is similar to the ADO Recordset object, but more powerful, and with one other important distinction: the DataSet is always disconnected. The DataSet object represents a cache of data, with database-like structures such as tables, columns, relationships, and constraints. However, though a DataSet can and does behave much like a database, it is important to remember that DataSet objects do not interact directly with databases, or other source data. This allows the developer to work with a programming model that is always consistent, regardless of where the source data resides.

18

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

2.5 ABOUT SQL SERVER


SQL SERVER 2005
A database management, or DBMS, gives the user access to their data and helps them transform the data into information. Such database management systems include dBase, paradox, IMS, SQL Server and SQL Server. These systems allow users to create, update and extract information from their database. A database is a structured collection of data. Data refers to the characteristics of people, things and events. SQL Server stores each data item in its own fields. In SQL Server, the fields relating to a particular person, thing or event are bundled together to form a single complete unit of data, called a record (it can also be referred to as raw or an occurrence). Each record is made up of a number of fields. No two fields in a record can have the same field name. During an SQL Server Database design project, the analysis of your business needs identifies all the fields or attributes of interest. If your business needs change over time, it define any additional fields or change the definition of existing fields.

SQL SERVER TABLES


SQL Server stores records relating to each other in a table. Different tables are created for the various groups of information. Related tables are grouped together to form a database.

PRIMARY KEY
Every table in SQL Server has a field or a combination of fields that uniquely identifies each record in the table. The Unique identifier is called the Primary Key, or simply the Key. The primary key provides the means to distinguish one record from all other in a table. It allows the user and the database system to identify, locate and refer to one particular record in the database.

19

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

RELATIONAL DATABASE
Sometimes all the information of interest to a business operation can be stored in one table. SQL Server makes it very easy to link the data in multiple tables. Matching an employee to the department in which they work is one example. This is what makes SQL Server a relational database management system, or RDBMS. It stores data in two or more tables and enables to define relationships between the table and enables to define relationships between the tables.

FOREIGN KEY
When a field is one table matches the primary key of another field is referred to as a foreign key. A foreign key is a field or a group of fields in one table whose values match those of the primary key of another table.

REFERENTIAL INTEGRITY
Not only does SQL Server allow to link multiple tables, it also maintains consistency between them. Ensuring that the data among related tables is correctly matched is referred to as maintaining referential integrity.

DATA ABSTRACTION
A major purpose of a database system is to provide users with an abstract view of the data. This system hides certain details of how the data is stored and maintained. Data abstraction is divided into three levels. Physical level: This is the lowest level of abstraction at which one describes how the data are actually stored. Conceptual Level: At this level of database abstraction all the attributed and what data are actually stored is described and entries and relationship among them. View level: This is the highest level of abstraction at which one describes only part of the database.

20

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

ADVANTAGES OF RDBMS
Redundancy can be avoided Inconsistency can be eliminated Data can be Shared Standards can be enforced Security restrictions can be applied Integrity can be maintained Conflicting requirements can be balanced Data independence can be achieved.

DISADVANTAGES OF DBMS
A significant disadvantage of the DBMS system is cost. In addition to the cost of purchasing of developing the software, the hardware has to be upgraded to allow for the extensive programs and the workspace required for their execution and storage. While

centralization reduces duplication, the lack of duplication requires that the database be adequately backed up so that in case of failure the data can be recovered.

FEATURES OF SQL SERVER (RDBMS)


SQL SERVER is one of the leading database management systems (DBMS) because it is the only Database that meets the uncompromising requirements of todays most demanding information systems. From complex decision support systems (DSS) to the most rigorous online transaction processing (OLTP) application, even application that require simultaneous DSS and OLTP access to the same critical data, SQL Server leads the industry in both performance and capability SQL SERVER is a truly portable, distributed, and open DBMS that delivers unmatched performance, continuous operation and support for every database. SQL SERVER RDBMS is high performance fault tolerant DBMS which is specially designed for online transactions processing and for handling large database application.
21

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent SQL SERVER with transactions processing option offers two features which contribute to very high level of transaction processing throughput, which are The row level lock manager

ENTERPRISE WIDE DATA SHARING


The unrivaled portability and connectivity of the SQL SERVER DBMS enables all the systems in the organization to be linked into a singular, integrated computing resource.

PORTABILITY
SQL SERVER is fully portable to more than 80 distinct hardware and operating systems platforms, including UNIX, MSDOS, OS/2, Macintosh and dozens of proprietary platforms. This portability gives complete freedom to choose the database server platform that meets the system requirements.

OPEN SYSTEMS
SQL SERVER offers a leading implementation of industry standard SQL. SQL

Servers open architecture integrates SQL SERVER and non SQL SERVER DBMS with industries most comprehensive collection of tools, application, and third party software products SQL Servers Open architecture provides transparent access to data from other relational database and even non-relational database.

DISTRIBUTED DATA SHARING


SQL Servers networking and distributed database capabilities to access data stored on remote server with the same ease as if the information was stored on a single local computer. A single SQL statement can access data at multiple sites. The data can store where system requirements such as performance, security or availability dictate.

22

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

UNMATCHED PERFORMANCE
The most advanced architecture in the industry allows the SQL SERVER DBMS to deliver unmatched performance.

SOPHISTICATED CONCURRENCY CONTROL


Real World applications demand access to critical data. With most database Systems application becomes contention bound which performance is limited not by the CPU power or by disk I/O, but user waiting on one another for data access. SQL Server employs full, unrestricted row-level locking and contention free queries to minimize and in many cases entirely eliminates contention wait times.

NO I/O BOTTLENECKS
SQL Servers fast commit groups commit and deferred write technologies dramatically reduce disk I/O bottlenecks. While some database write whole data block to disk at commit time, SQL Server commits transactions with at most sequential log file on disk at commit time, On high throughput systems, one sequential writes typically group commit multiple transactions. Data read by the transaction remains as shared memory so that other transactions may access that data without reading it again from disk. Since fast commits write all data necessary to the recovery to the log file, modified blocks are written back to the database independently of the transaction commit, when written from memory to disk.

23

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

3.1 PROBLEM DESCRIPTION


This project is entitled Cloud Documents Security Using Interactive ZeroKnowledge Proof Prevent using Asp .Net as Front end and SQL Server as back end. Cloud-based outsourced storage relieves the clients burden for storage management and maintenance by providing a comparably low-cost, scalable, location-independent platform. However, the fact that clients no longer have physical possession of data indicates that they are facing a potentially formidable risk for missing or corrupted data. To avoid the security risks, audit services are critical to ensure the integrity and availability of outsourced data and to achieve digital forensics and credibility on cloud computing. Provable data possession (PDP), which is a cryptographic technique for verifying the integrity of data without retrieving it at an untrusted server, can be used to realize audit services. In this project, profiting from the interactive zero-knowledge proof system, we address the construction of an interactive PDP protocol to prevent the fraudulence of prover (soundness property) and the leakage of verified data (zero-knowledge property). We prove that our construction holds these properties based on the computation DiffieHellman assumption and the rewind able black-box knowledge extractor. This work is motivated by the public audit systems of data storages and provided a privacy-preserving auditing protocol. Moreover, this scheme achieves batch auditing to support efficient handling of multiple auditing tasks. Although their solution is not suitable for practical applications because of lack of support for dynamic operations and rigorous performance analysis, it points out a promising research direction for checking the integrity of outsourced data in untrusted storage. Although PDP/POR schemes evolved around untrusted storage offer a publicly accessible remote interface to check and manage tremendous amount of data, most of existing schemes cannot give a strict security proof against the untrusted CSPs deception and forgery, as well as information leakage of verified data in verification process. These drawbacks greatly affect the impact of cloud audit services. Thus, new frameworks or models are desirable to enable the security of public verification protocol in cloud audit services.

24

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

3.2 EXISTING SYSTEM

To securely introduce an effective third party auditor (TPA), the following two fundamental requirements have to be met: 1) TPA should be able to efficiently audit the cloud data storage without demanding the local copy of data, and introduce no additional on-line burden to the cloud user 2) The third party auditing process should bring in no new vulnerabilities towards user data privacy.

25

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

3.3 PROPOSED SYSTEM

We utilize the public Provable data possession (PDP), which is a cryptographic technique for verifying the integrity of data without retrieving it at an untrusted server; can be used to realize audit services. It is with random mask technique to achieve a privacy-preserving public auditing system for cloud data storage security while keeping all above requirements in mind. To support efficient Handling of multiple auditing tasks, we further explore the technique of bilinear aggregate signature to extend our main result into a multi-user setting, where TPA can perform multiple auditing tasks simultaneously. Extensive security and performance analysis shows the proposed schemes are provably secure and highly efficient. We also show how to extent our main scheme to support batch auditing for TPA upon delegations from multi-users.

26

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

4.1 SYSTEM FLOW CHART

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

Admin

Audit Head

Junior Auditor

View Audit Details

Login

Login

View Auditors

Set Audit Schedule

View Audit Schedule

View Audit Reports

Set Auditor

Get Documents

Send Audit Documents

Send Reports

View Reports

27

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

4.2 DATA FLOW DIAGRAM


LEVEL 1

Entry Admin

Admin Entry Audit Schedule

Display/View Audit Schedule

Entry

Auditor

CLOUD DOCUMENTS SECURITY USING INTERACTIVE ZERO Get Clarify of Audit Details Auditor Get Clarify of Audit

28

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent LEVEL 2 Add Audit Details Admin Add new Auditor Add Auditor details View Audit details Auditor Head Head Select any Auditor Select Auditor View Details of Audit Schedule Auditor View Audit Documents Enter Document s View Documents Add Audit Documents Get Clarify of Audit View Audits View stored Audits Store Audit Schedule Add new Audits Store

DB

Enter Audit Schedule

Send Audit Documents

29

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent LEVEL 3

Login from DB Admin Entry Admin Login Add new Audits

DB

Add new Auditor View Auditors Feed back Get Auditors Documents

Retrieve Auditor Documents

Display/View performance Index

Check Auditor Documents

30

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent LEVEL 4

Login from DB Auditor Entry Auditor Head Login Get User Query View Audit Schedule View admins Information View admin Announcement Select Auditor

DB

Search for Auditor Reply to Auditor

Send Documents to Auditor

Get reply for new Audit Schedules

31

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent LEVEL 5

Login from DB Auditor Entry Auditor Login View Audit Documents

DB Store Documents Select Audit Docum ents Select Audit Documents Send Documents

Get Clarify of Audit Documents

Enter Details Audit Documents View Documents

32

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

4.3 DATABASE STRUCTURE


AUDITOR REGISTRATION

COLUMN NAME Aud_Id Aud_Name Dept Aud_Type Experience Email Mob_No Address

DATA TYPE Varchar(30) Varchar(30) Varchar(30) Varchar(30) Varchar(30) Varchar(30) Numeric Text

DESCRIPTION Auditor Id Auditor Name Department Auditor Type Experience Email Contact Number Address

33

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

SCHEDULE AUDIT

COLUMN NAME Aud_Id Org_Name Org_Type Description Address Aud_Date Doc_To_Audit Aud_Team To_Aud Auditor_Name Aud_Type Aud_Key

DATA TYPE Varchar(30) Varchar(30) Varchar(30) Text Text Varchar(30) Text Varchar(30) Varchar (30) Varchar(30) Varchar(30) Varchar(30)

DESCRIPTION Auditor Id Organization Name Organization Type Description Address Audit Date Documents to Audit Audit Team To Auditor Auditor Name Auditor Type Secret Key

34

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

SET AUDIT

COLUMN NAME Org_Name Org_Type Description Address Audit_Date Aud_Doc Aud_Id Aud_Name

DATA TYPE Varchar(30) Varchar(30) Varchar(30) Varchar(30) Text Varchar(30) Varchar(30) Varchar(30)

DESCRIPTION Organization Name Organization Type Desgination Address Audit Date Documents to Audit Auditor Id Auditor Name

35

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

AUDITOR REPORT

COLUMN NAME Aud_Id Aud_Name Org_Name Org_Type Description Aud_Doc Doc_Aud Aud_Report Status Aud_Date

DATA TYPE Varchar(30) Varchar(30) Varchar(30) Varchar(30) Text Text Text Varchar(30) Varchar(30) Varchar(30)

DESCRIPTION Auditor Id Auditor Name Organization Name Organization Type Description Documents to Audit Audited Documents Audited Report Status Audited Date

36

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

5. SYSTEM DESIGN AND DEVELOPMENT


This project is entitled Cloud Documents Security Using Interactive ZeroKnowledge Proof Prevent using Asp .Net as Front end and SQL Server as back end. Cloud-based outsourced storage relieves the clients burden for storage management and maintenance by providing a comparably low-cost, scalable, location-independent platform. However, the fact that clients no longer have physical possession of data indicates that they are facing a potentially formidable risk for missing or corrupted data. To avoid the security risks, audit services are critical to ensure the integrity and availability of outsourced data and to achieve digital forensics and credibility on cloud computing. Provable data possession (PDP), which is a cryptographic technique for verifying the integrity of data without retrieving it at an untrusted server, can be used to realize audit services. In this project, profiting from the interactive zero-knowledge proof system, we address the construction of an interactive PDP protocol to prevent the fraudulence of prover (soundness property) and the leakage of verified data (zero-knowledge property). We prove that our construction holds these properties based on the computation DiffieHellman assumption and the rewind able black-box knowledge extractor. The following modules are

MODULES
Audit Service System Data Storage Service System Audit Outsourcing Service System Secure and Performance Analysis

Audit Service System In this module we provide an efficient and secure cryptographic interactive audit scheme for public audit ability. We provide an efficient and secure cryptographic interactive retains the soundness property and zero-knowledge property of proof systems. These two properties ensure
37

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent that our scheme can not only prevent the deception and forgery of cloud storage providers, but also prevent the leakage of outsourced data in the process of verification. Data Storage Service System In this module, we considered FOUR entities to store the data in secure manner: 1. Data owner (DO) Has a large amount of data to be stored in the cloud. 2. Cloud service provider (CSP) Provides data storage service and have enough storage spaces and computation resources. 3. Third party auditor (TPA) Have capabilities to manage or monitor outsourced data under the delegation of data owner. 4. Granted applications (GA) Who have the right to access and manipulate stored data. These applications can be either inside clouds or outside clouds according to the specific requirements. Audit Outsourcing Service System In this module the client (data owner) uses the secret key to preprocess the file, which consists of a collection of blocks, generates a set of public verification information that is stored in TPA, transmits the file and some verification tags to Cloud service provider CSP, and may delete its local copy. At a later time, using a protocol of proof of retrievability, TPA (as an audit agent of clients) issues a challenge to audit (or check) the integrity and availability of the outsourced data in terms of the public verification information. It is necessary to give an alarm for abnormal events.

38

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent Secure and Performance Analysis In this module, we considered to secure the data and give performance to the following: Audit-without-downloading Verification-correctness To ensure there exists no cheating CSP that can pass the audit from TPA without indeed storing users data intact. Privacy-preserving To ensure that there exists no way for TPA to derive users data from the information collected during the auditing process. High-performance To allow TPA to perform auditing with minimum overheads in storage, communication and computation, and to support statistical audit sampling and optimized audit schedule with a long enough period of time.

39

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

6. SYSTEM TESTING AND MAINTANANCE


SYSTEM TESTING
Software testing is an investigation conducted to provide stakeholders with information about the quality of the product or service under test. Software testing also provides an objective, independent view of the software to allow the business to appreciate and understand the risks of software implementation. Test techniques include, but are not limited to, the process of executing a program or application with the intent of finding software bugs. Software testing can also be stated as the process of validating and verifying that a software program/application/product: meets the business and technical requirements that guided its design and development works as expected Can be implemented with the same characteristics.

Software testing, depending on the testing method employed, can be implemented at any time in the development process. However, most of the test effort occurs after the requirements have been defined and the coding process has been completed. As such, the methodology of the test is governed by the software development methodology adopted. Different software development models will focus the test effort at different points in the development process. Newer development models, such as Agile, often employ test driven development and place an increased portion of the testing in the hands of the developer, before it reaches a formal team of testers. In a more traditional model, most of the test execution occurs after the requirements have been defined and the coding process has been completed. FUNCTIONAL VS NON-FUNCTIONAL TESTING Functional testing refers to activities that verify a specific action or function of the code. These are usually found in the code requirements documentation, although some development methodologies work from use cases or user stories. Functional tests tend to answer the question of "can the user do this" or "does this particular feature work".
40

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent Non-functional testing refers to aspects of the software that may not be related to a specific function or user action, such as scalability or security. Non-functional testing tends to answer such questions as "how many people can log in at once". UNIT TESTING In computer programming, unit testing is a method by which individual units of source code are tested to determine if they are fit for use. A unit is the smallest testable part of an application. In procedural programming a unit may be an individual function or procedure. Unit tests are created by programmers or occasionally by white box testers. Ideally, each test case is independent from the others: substitutes like method stubs, mock objects, fakes and test harnesses can be used to assist testing a module in isolation. Unit tests are typically written and run by software developers to ensure that code meets its design and behaves as intended. Its implementation can vary from being very manual (pencil and paper) to being formalized as part of build automation. The goal of unit testing is to isolate each part of the program and show that the individual parts are correct. A unit test provides a strict, written contract that the piece of code must satisfy. As a result it affords several benefits. Unit tests find problems early in the development cycle. SYSTEM TESTING System testing of software or hardware is testing conducted on a complete, integrated system to evaluate the system's compliance with its specified requirements. System testing falls within the scope of black box testing and as such should require no knowledge of the inner design of the code or logic. As a rule, system testing takes as its input all of the "integrated" software components that have successfully passed integration testing and also the software system itself integrated with any applicable hardware system(s). The purpose of integration testing is to detect any inconsistencies between the software units that are integrated together (called assemblages) or between any of the assemblages and the hardware. System testing is a more limited type of testing it seeks to detect defects both within the "inter-assemblages" and also within the system as a whole.
41

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent ACCEPTANCE TESTING Acceptance testing generally involves running a suite of tests on the completed system. Each individual test known as a case, exercises a particular operating condition of the user's environment or feature of the system, and will result in a pass or fail, or Boolean, outcome. There is generally no degree of success or failure. The test environment is usually designed to be identical or as close as possible to the anticipated user's environment including extremes of such. These test cases must each be accompanied by test case input data or a formal description of the operational activities (or both) to be performed intended to thoroughly exercise the specific case and a formal description of the expected results. MODULE TESTING A module is the collection of dependant components such as an object class, an abstract data type or some collection of procedures and functions. The module encapsulates related components that can be tested without other system modules. SOFTWARE TESTING STRATEGIES A number of software testing strategies have been proposed. All provide the software development with the procedure for testing and all have the following characteristics. Testing begins at the module level and works towards the integration of entire component based system. Different testing techniques are appropriated at different point of time. The developer of the software and an independent test group conducts the testing. Testing and debugging are different activities, but debugging must be accommodated in any testing strategy. WHITE BOX TESTING The Project is tested for its execution step by step for every file that is used in this project. Each module in every file is tested completely for execution of each operation.

42

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent The testing operation was successful and every module works properly. BLACK BOX TESTING The project is tested with the various input and output test cases. For the appropriate input values the corresponding outputs were seen. The error messaging system was also checked by giving improper values to check if the validation processes are done properly. INTEGRATION TESTING The whole system which has been divided into modules has been integrated into a single system and the testing operation is done to the whole system to find if any error has occurred to the project due to integrating it or joining the various modules of the system.

MAINTANANCE
Software maintenance in software engineering is the modification of a software product after delivery to correct faults, to improve performance or other attributes. A common perception of maintenance is that it is merely fixing bugs. However, studies and surveys over the years have indicated that the majority, over 80%, of the maintenance effort is used for non-corrective actions (Pigosky 1997). This perception is perpetuated by users submitting problem reports that in reality are functionality enhancements to the system. Software maintenance and evolution of systems was first addressed by Meir M. Lehman in 1969. Over a period of twenty years, his research led to the formulation of eight Laws of Evolution (Lehman 1997). Key findings of his research include that maintenance is really evolutionary developments and that maintenance decisions are aided by understanding what happens to systems (and software) over time. Lehman demonstrated that systems continue to evolve over time. As they evolve, they grow more complex unless some action such as code recapturing is taken to reduce the complexity. The key software maintenance issues are both managerial and technical. Key management issues are: alignment with customer priorities, staffing, which organization does maintenance, estimating costs. Key technical issues are: limited understanding, impact analysis, testing, and maintainability measurement.
43

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent SOFTWARE MAINTENANCE PLANNING The integral part of software is the maintenance part which requires accurate maintenance plan to be prepared during software development and should specify how users will request modifications or report problems and the estimation of resources such as cost should be included in the budget and a new decision should address to develop a new system and its quality objectives .The software maintenance which can last for 5-6 years after the development calls for an effective planning which addresses the scope of software maintenance, the tailoring of the post delivery process, the designation of who will provide maintenance, an estimate of the lifecycle costs. SOFTWARE MAINTENANCE PROCESSES This section describes the six software maintenance processes as: 1. The implementation processes contains software preparation and transition activities, such as the conception and creation of the maintenance plan, the preparation for handling problems identified during development, and the follow-up on product configuration management. 2. The problem and modification analysis process, which is executed once the application has become the responsibility of the maintenance group. The maintenance programmer must analyze each request, confirm it (by reproducing the situation) and check its validity, investigate it and propose a solution, document the request and the solution proposal, and, finally, obtain all the required authorizations to apply the modifications. 3. The process considering the implementation of the modification itself. 4. The process acceptance of the modification, by confirming the modified work with the individual who submitted the request in order to make sure the modification provided a solution. 5. The migration process (platform migration, for example) is exceptional, and is not part of daily maintenance tasks. If the software must be ported to another platform without any

44

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent change in functionality, this process will be used and a maintenance project team is likely to be assigned to this task. 6. Finally, the last maintenance process, also an event which does not occur on a daily basis, is the retirement of a piece of software. Implementation is the most crucial stage in achieving a successful system and giving the users confidence that the new system is workable and effective. Implementation of a modified application is to replace an existing one. This type of conversation is relatively easy to handle, provide there are no major changes in the system. Each program is tested individually at the time of development using the data and has verified that this program linked together in the way specified in the programs specification, the computer system and its environment is tested to the satisfaction of the user. The system that has been developed is accepted and proved to be satisfactory for the user. And so the system is going to be implemented very soon. A simple operating procedure is included so that the user can understand the different functions clearly and quickly. Initially as a first step the executable form of the application is to be created and loaded in the common server machine which is accessible to the entire user and the server is to be connected to a network. The final stage is to document the entire system which provides components and the operating procedures of the system.

45

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

7. SAMPLE CODE
ADMIN LOGIN
using System; using System.Collections; using System.Configuration; using System.Data; using System.Linq; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.HtmlControls; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Xml.Linq; public partial class AdminLogin : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { } protected void ImageButton1_Click(object sender, ImageClickEventArgs e) { if (TextBox1.Text == "Admin" && TextBox2.Text == "Admin") { Response.Redirect("Admin.aspx"); } else { Response.Write("Invalid Login"); } }
46

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

AUDITOR REGISTRATION
using System; using System.Collections; using System.Configuration; using System.Data; using System.Linq; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.HtmlControls; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Xml.Linq; using System.Data.SqlClient; public partial class Registration : System.Web.UI.Page { ClsDbLayer _objDb = new ClsDbLayer(); int i; protected void Page_Load(object sender, EventArgs e) { } protected void ImageButton1_Click(object sender, ImageClickEventArgs e) { string Query = "insert into Audit_Reg values('" + TextBox1.Text + "','" + TextBox2.Text + "','" + TextBox3.Text + "','" + DropDownList1.SelectedItem.ToString() + "','" + DropDownList2.SelectedItem.ToString() + "','" + TextBox4.Text + "','" + TextBox5.Text + "','" + TextBox6.Text + "')"; i = _objDb.InserEditDelete(Query); if (i != -1) {

47

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent Response.Write("Saved Successfully"); } else { Response.Write("Not Saved"); } } }

SCHEDULE AUDIT
using System; using System.Collections; using System.Configuration; using System.Data; using System.Linq; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.HtmlControls; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Xml.Linq; using System.Data.SqlClient; using System.Security.Cryptography; using System.Text; public partial class ScheduleAudit : System.Web.UI.Page { ClsDbLayer _objDB = new ClsDbLayer(); int i; DataSet ds;
48

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent SqlDataReader dr; protected void Page_Load(object sender, EventArgs e) { if (IsPostBack.Equals(false)) { string Query = "select Aud_Id from Audit_Reg"; ds = _objDB.Display(Query); DropDownList2.DataTextField = "Aud_Id"; DropDownList2.DataValueField="Aud_Id"; DropDownList2.DataSource = ds; DropDownList2.DataBind(); DropDownList2.Items.Insert(0, "-Select-"); } } protected void ImageButton1_Click(object sender, ImageClickEventArgs e) { string Query = "insert into Schedule_Audit values('" + TextBox1.Text + "','" + TextBox2.Text + "','" + DropDownList1.SelectedItem.ToString() + "','" + TextBox3.Text + "','" + TextBox4.Text + "','" + TextBox5.Text + "','" + Label1.Text + "','" + TextBox7.Text + "','" + DropDownList2.SelectedItem.ToString() + "','" + TextBox8.Text + "','" + TextBox9.Text + "','" + TextBox10.Text + "')"; i = _objDB.InserEditDelete(Query); if (i != -1) { Response.Write("Sucessfull"); } else { Response.Write("Not Success"); } }
49

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent protected void DropDownList2_SelectedIndexChanged(object sender, EventArgs e) { string Query = "select Aud_Name,Aud_Type from Audit_Reg where Aud_Id like '" + DropDownList2.SelectedItem.ToString() + "'"; dr = _objDB.Select(Query); if (dr.Read()) { TextBox8.Text = dr[0].ToString(); TextBox9.Text = dr[1].ToString(); } } protected void Button1_Click(object sender, EventArgs e) { Label1.Text = Convert.ToBase64String(Encoding.Unicode.GetBytes(TextBox6.Text)); } protected void Button2_Click(object sender, EventArgs e) { Random rnd = new Random(); int myrnd = rnd.Next(1, 99);

TextBox10.Text = myrnd.ToString(); } }

VIEW AUDITORS
using System; using System.Collections; using System.Configuration; using System.Data; using System.Linq;
50

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.HtmlControls; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Xml.Linq; using System.Data.SqlClient; public partial class ViewAuditors : System.Web.UI.Page { ClsDbLayer _objDb = new ClsDbLayer(); DataSet ds; protected void Page_Load(object sender, EventArgs e) { if (IsPostBack.Equals(false)) { string Query = "select * from Audit_reg"; ds = _objDb.Display(Query); GridView1.DataSource = ds; GridView1.DataBind(); } } }

VIEW AUDIT REPORT


using System; using System.Collections; using System.Configuration; using System.Data; using System.Linq;
51

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.HtmlControls; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Xml.Linq; using System.Data.SqlClient; public partial class ViewAuditReport : System.Web.UI.Page { ClsDbLayer _objDb = new ClsDbLayer(); DataSet ds; SqlDataReader dr; protected void Page_Load(object sender, EventArgs e) { if (IsPostBack.Equals(false)) { string Query = "select Org_Name from Schedule_Audit"; ds = _objDb.Display(Query); DropDownList1.DataTextField = "Org_Name"; DropDownList1.DataValueField = "Org_Name"; DropDownList1.DataSource = ds; DropDownList1.DataBind(); } } protected void DropDownList1_SelectedIndexChanged(object sender, EventArgs e) { string Query = "select * from Audit_Report where Org_Name like '" + DropDownList1.SelectedItem.ToString() + "'"; ds = _objDb.Display(Query); GridView1.DataSource = ds;
52

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent GridView1.DataBind(); } }

AUDITOR LOGIN
using System; using System.Collections; using System.Configuration; using System.Data; using System.Linq; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.HtmlControls; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Xml.Linq; using System.Data.SqlClient; public partial class AuditorLogin : System.Web.UI.Page { ClsDbLayer _objDb = new ClsDbLayer(); SqlDataReader dr; protected void Page_Load(object sender, EventArgs e) { } protected void ImageButton1_Click(object sender, ImageClickEventArgs e) { if (DropDownList1.SelectedItem.Value == "Head") {

53

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent string Query = "select Aud_Id,Aud_Name,Dept,Aud_Type from Audit_Reg where Aud_Id like '" + TextBox1.Text + "' and Aud_Name like '" + TextBox2.Text + "' and Dept like '" + TextBox3.Text + "' and Aud_Type like '" + DropDownList1.SelectedItem.ToString() + "'"; dr = _objDb.Select(Query); if (dr.Read()) { TextBox1.Text = dr[0].ToString(); TextBox2.Text = dr[1].ToString(); TextBox3.Text = dr[2].ToString(); DropDownList1.SelectedValue = dr[3].ToString(); Session["1"] = TextBox1.Text; Session["2"] = TextBox2.Text; Session["3"] = TextBox3.Text; Session["4"] = DropDownList1.SelectedItem.ToString(); Response.Redirect("AuditorHead.aspx"); } else { Response.Write("Invalid Login"); } } else { string Query = "select Aud_Id,Aud_Name,Dept,Aud_Type from Audit_Reg where Aud_Id like '" + TextBox1.Text + "' and Aud_Name like '" + TextBox2.Text + "' and Dept like '" + TextBox3.Text + "' and Aud_Type like '" + DropDownList1.SelectedItem.ToString() + "'"; dr = _objDb.Select(Query); if (dr.Read()) { TextBox1.Text = dr[0].ToString(); TextBox2.Text = dr[1].ToString();
54

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent TextBox3.Text = dr[2].ToString(); DropDownList1.SelectedValue = dr[3].ToString(); Session["1"] = TextBox1.Text; Session["2"] = TextBox2.Text; Session["3"] = TextBox3.Text; Session["4"] = DropDownList1.SelectedItem.ToString(); Response.Redirect("AuditJunior.aspx"); } else { Response.Write("Invalid Login"); } } } }

VIEW SCHEDULE
using System; using System.Collections; using System.Configuration; using System.Data; using System.Linq; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.HtmlControls; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Xml.Linq; using System.Data.SqlClient;
55

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent using System.Security.Cryptography; using System.Text; public partial class ViewSchedule : System.Web.UI.Page { ClsDbLayer _objDb = new ClsDbLayer(); DataSet ds; protected void Page_Load(object sender, EventArgs e) { Label3.Text = Session["1"].ToString(); Label2.Text = "Welcome " + Session["2"].ToString(); if (IsPostBack.Equals(false)) { Panel1.Visible = false; Panel2.Visible = false; Button1.Visible = false; Label1.Visible = false; TextBox1.Visible = false; string Query = "select Aud_Id from Schedule_Audit where To_Aud like '" + Label3.Text + "'"; ds = _objDb.Display(Query); DropDownList1.DataTextField = "Aud_Id"; DropDownList1.DataValueField = "Aud_Id"; DropDownList1.DataSource = ds; DropDownList1.DataBind(); } } protected void Button1_Click(object sender, EventArgs e) { string Query = "select Aud_Key from Schedule_Audit where Aud_Id like '" + DropDownList1.SelectedItem.ToString() + "' "; SqlDataReader dr = _objDb.Select(Query);
56

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent if (dr.Read()) { ClientScript.RegisterStartupScript(GetType(), "Onload", "alert('" + dr[0].ToString() + "')", true); Label1.Visible = true; TextBox1.Visible = true; } else { Response.Write("Invalid Key"); } } protected void Button2_Click(object sender, EventArgs e) { Panel1.Visible = false; Panel2.Visible = true; } protected void Button3_Click(object sender, EventArgs e) { string Query = "select Aud_Id,Aud_Name from Audit_Reg where Aud_Id like '"+TextBox4.Text+"' and Aud_Name like '"+TextBox5.Text+"'"; SqlDataReader dr = _objDb.Select(Query); if (dr.Read()) { TextBox4.Text = dr[0].ToString(); TextBox5.Text = dr[1].ToString(); Button1.Visible = true; Panel2.Visible = false; Panel1.Visible = true; } else
57

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent { Response.Write("Invalid Login"); } } protected void TextBox1_TextChanged(object sender, EventArgs e) { TextBox3.Text = Encoding.Unicode.GetString(Convert.FromBase64String(TextBox2.Text)); } protected void GridView1_SelectedIndexChanging(object sender, GridViewSelectEventArgs e) { string Aud_Id=GridView1.Rows[e.NewSelectedIndex].Cells[2].Text; Session["a"]=Aud_Id.ToString(); string Org_Name = GridView1.Rows[e.NewSelectedIndex].Cells[3].Text; Session["b"]=Org_Name.ToString(); string Org_Type = GridView1.Rows[e.NewSelectedIndex].Cells[4].Text; Session["c"]=Org_Type.ToString(); string Description = GridView1.Rows[e.NewSelectedIndex].Cells[5].Text; Session["d"]=Description.ToString(); string Address = GridView1.Rows[e.NewSelectedIndex].Cells[6].Text; Session["e"]=Address.ToString(); Response.Redirect("SetAuditor.aspx"); } protected void DropDownList1_SelectedIndexChanged1(object sender, EventArgs e) { string Query = "select Doc_To_Audit from Schedule_Audit where Aud_Id like '" + DropDownList1.SelectedItem.ToString() + "'"; SqlDataReader dr = _objDb.Select(Query); if (dr.Read()) {
58

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent Panel1.Visible = true; TextBox2.Text = dr[0].ToString(); string Query1 = "select Aud_Id,Org_Name,Org_Type,Description,Address,Aud_Date,Aud_Team from Schedule_Audit where Aud_Id like '" + DropDownList1.SelectedItem.ToString()+ "'"; ds = _objDb.Display(Query1); GridView1.DataSource = ds; GridView1.DataBind(); } else { Response.Write("No Values"); } } }

SET AUDITOR FOR SCHEDULE


using System; using System.Collections; using System.Configuration; using System.Data; using System.Linq; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.HtmlControls; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Xml.Linq; using System.Data.SqlClient;
59

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent public partial class SetAuditor : System.Web.UI.Page { ClsDbLayer _objDb = new ClsDbLayer(); DataSet ds; int i; SqlDataReader dr; protected void Page_Load(object sender, EventArgs e) { if (IsPostBack.Equals(false)) { string Query = "select Aud_Id from Audit_Reg where Aud_Type like 'Junior'"; ds = _objDb.Display(Query); DropDownList1.DataTextField = "Aud_Id"; DropDownList1.DataValueField = "Aud_Id"; DropDownList1.DataSource = ds; DropDownList1.DataBind(); } TextBox1.Text = Session["a"].ToString(); TextBox2.Text = Session["b"].ToString(); TextBox3.Text = Session["c"].ToString(); TextBox4.Text = Session["d"].ToString(); TextBox5.Text = Session["e"].ToString(); } protected void DropDownList1_SelectedIndexChanged(object sender, EventArgs e) { string Query = "select Aud_Name from Audit_Reg where Aud_Id like '" + DropDownList1.SelectedItem.ToString() + "'"; dr = _objDb.Select(Query); if (dr.Read()) { TextBox7.Text = dr[0].ToString();
60

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent } else { Response.Write("No Values"); } } protected void Button1_Click(object sender, EventArgs e) { string Query = "insert into Set_Audit values('" + TextBox1.Text + "','" + TextBox2.Text + "','" + TextBox3.Text + "','" + TextBox4.Text + "','" + TextBox5.Text + "','" + TextBox6.Text + "','" + DropDownList1.SelectedItem.ToString() + "','" + TextBox7.Text + "')"; i = _objDb.InserEditDelete(Query); if (i != -1) { Response.Write("Submitted Successfully"); } else { Response.Write("Not Submitted"); } } }

JUNIOR AUDITOR SCHEDULE


using System; using System.Collections; using System.Configuration; using System.Data; using System.Linq; using System.Web;
61

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent using System.Web.Security; using System.Web.UI; using System.Web.UI.HtmlControls; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Xml.Linq; using System.Data.SqlClient; public partial class ViewAudit : System.Web.UI.Page { ClsDbLayer _objDb = new ClsDbLayer(); DataSet ds; int i; protected void Page_Load(object sender, EventArgs e) { Label1.Text = Session["1"].ToString(); Label2.Text = "Welcome "+Session["2"].ToString(); if (IsPostBack.Equals(false)) { string Query = "select Org_Name,Org_Type,Description,Address,Audit_Date,Aud_Doc from Set_Audit where Aud_Id like '" + Label1.Text + "'"; ds = _objDb.Display(Query); GridView1.DataSource = ds; GridView1.DataBind(); } } protected void GridView1_SelectedIndexChanging(object sender, GridViewSelectEventArgs e) { string OrgName = GridView1.Rows[e.NewSelectedIndex].Cells[1].Text; TextBox1.Text = OrgName.ToString(); string OrgType = GridView1.Rows[e.NewSelectedIndex].Cells[2].Text;
62

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent TextBox2.Text = OrgType.ToString(); string Desc = GridView1.Rows[e.NewSelectedIndex].Cells[3].Text; TextBox3.Text = Desc.ToString(); string Doc = GridView1.Rows[e.NewSelectedIndex].Cells[6].Text; TextBox4.Text = Doc.ToString(); } protected void Button1_Click(object sender, EventArgs e) { string Query = "insert into Audit_Report values('" + Label1.Text + "','" + Label2.Text + "','" + TextBox1.Text + "','" + TextBox2.Text + "','" + TextBox3.Text + "','" + TextBox4.Text + "','" + TextBox5.Text + "','" + TextBox6.Text + "','" + TextBox7.Text + "','" + TextBox8.Text + "')"; i = _objDb.InserEditDelete(Query); if (i != -1) { Response.Write("Saved Successfully"); } else { Response.Write("Not Saved"); } } }

63

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

8. SAMPLE SCREEN DISPLAY


HOME PAGE

64

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

ADMIN LOGIN

65

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

ADMIN PAGE

66

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

AUDITOR REGISTRATION

67

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

SCHEDULE AUDIT

68

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

VIEW AUDIOTRS

69

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

VIEW AUDIT REPORTS

70

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

AUDITOR LOGIN

71

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

AUDITOR PAGE

72

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

VIEW AUDIT SCHEDULE

73

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

ENCRYPTION DOCUMENT VERIFICATION

74

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

GET KEY TO DECRYPT

75

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

DECRYPTION OF DOCUMENTS

76

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

SET AUDITOR FOR AUDIT

77

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

AUDITOR JUNIOR LOGIN

78

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

JUNIOR AUDITOR PAGE

79

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

DOCUMENTS AUDITED

80

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

VIEW AUDIT REPORT

81

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

9. REPORTS
AUDITORS

82

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

AUDIT SCHEDULE

83

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

AUDIT REPORTS

84

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

10. CONCLUSION
In this project, we addressed the construction of an efficient audit service for data integrity in clouds. Profiting from the standard interactive proof system, we proposed an interactive audit protocol to implement the audit service based on a third party auditor. In this audit service, the third party auditor, known as an agent of data owners, can issue a periodic verification to monitor the change of outsourced data by providing an optimized schedule. To realize the audit model, we only need to maintain the security of the third party auditor and deploy a lightweight daemon to execute the verification protocol. Hence, our technology can be easily adopted in a cloud computing environment to replace the traditional Hash-based solution.

Considering TPA may concurrently handle multiple audit sessions from different users for their outsourced data files, we further extend our privacy preserving public auditing protocol into a multiusersetting, where the TPA can perform multiple auditing tasks in a batch manner for better efficiency. Extensive analysis shows that our schemes are provably secure and highly efficient. Our preliminary experiment conducted on Amazon EC2 instance further demonstrates the fast performance of our design on both the cloud and the auditor side. We leave the fullfledged implementation of the mechanism on commercial public cloud as an important future extension, which is expected to robustly cope with very large scale data and thus encourage users to adopt cloud storage services more confidently

85

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

11. BIBLIOGRAPHY
Active Server Page Unleashed, Stephen Walther, Second Edition, Sums Publishing 2003

Active Server Page 2.0, Richard Launcher, Second Reprint, Queue 2003

Roger S. Pressman, 1997, Software Engineering A Parishioners Approach, Fourth Edition, McGraw-Hill International

MS SQL Server 2000, Kaleen Delaney JOE Cellos SQL for smartens, JOE

Cello The Gurus Guide to Transact SQL, Ken Henderson

WEB REFERENCE http://www.csharpcorner.com http://www.dotnetspider.com http://www.w3schools.com www.msdn.microsoft.com/net/quickstart/aspplus/default.com

86