Vtdcc03-Final With Future

PRIVACY PRESERVING
DELEGATED ACCESS
CONTROL
IN PUBLIC CLOUDS
ABSTRACT
Current approaches to enforce fine-grained access control on
confidential data hosted in the cloud are based on fine-grained
encryption of the data. Under such approaches, data owners are in
charge of encrypting the data before uploading them on the cloud and
re-encrypting the data whenever user credentials change. Data owners
thus incur high communication and computation costs. A better
approach should delegate the enforcement of fine-grained access control
to the cloud, so to minimize the overhead at the data owners, while
assuring data confidentiality from the cloud. We propose an approach,
based on two layers of encryption that addresses such requirement.
Under our approach, the data owner performs a coarse-grained
encryption, whereas the cloud performs a fine-grained encryption on top
of the owner encrypted data. A challenging issue is how to decompose
access control policies (ACPs) such that the two layer encryption can be
performed. We show that this problem is NP-complete and propose
novel optimization algorithms. We utilize an efficient group key
management scheme that supports expressive ACPs. Our system assures
the confidentiality of the data and preserves the privacy of users from
the cloud while delegating most of the access control enforcement to the
cloud.
SCOPE OF THE PROJECT

Our Objective is to providing security in accessing
the documents from the cloud. Previously there is a single layer
encryption is there in accessing documents. In these disadvantage
is the owner has to re encrypt the document in his own storage
there leads to more storage. Now we are implementing two layer
encryption in this User have more security in accessing
documents. But user has to decrypt two times and has to receives
the secret key with the cloud as well as owner with user identity
token.
LITERATURE SURVEY
Title: Privacy-Preserving Public Auditing for Secure Cloud Storage
Author: Cong Wang , Sherman S.M. Chow, Qian Wang, Kui Ren, Wenjing Lou
Year:2013
Description:
Using Cloud Storage, users can remotely store their data and enjoy the on-demand high
quality applications and services from a shared pool of configurable computing
resources, without the burden of local data storage and maintenance. However, the fact
that users no longer have physical possession of the outsourced data makes the data
integrity protection in Cloud Computing a formidable task, especially for users with
constrained computing resources. Moreover, users should be able to just use the cloud
storage as if it is local, without worrying about the need to verify its integrity. Thus,
enabling public auditability for cloud storage is of critical importance so that users can
resort to a third party auditor (TPA) to check the integrity of outsourced data and be
worry-free. To securely introduce an effective TPA, the auditing process should bring in
no new vulnerabilities towards user data privacy, and introduce no additional online
burden to user. In this paper, we propose a secure cloud storage system supporting
privacy-preserving public auditing. We further extend our result to enable the TPA to
perform audits for multiple users simultaneously and efficiently. Extensive security and
performance analysis show the proposed schemes are provably secure and highly
efficient. Our preliminary experiment conducted on Amazon EC2 instance further
demonstrates the fast performance of the design.
Title: Secure and Selective Dissemination of XML Documents

Author: ELISA BERTINO, ELENA FERRARI
Year:
2002
Description:
XML (eXtensible Markup Language) has emerged as a prevalent standard for
document representation and exchange on the Web. It is often the case that XML
documents contain information of different sensitivity degrees that must be
selectively shared by (possibly large) user communities. There is thus the need for
models and mechanisms enabling the specification and enforcement of access
control policies for XML documents. Mechanisms are also required enabling a
secure and selective dissemination of documents to users, according to the
authorizations that these users have. In this article, we make several contributions
to the problem of secure and selective dissemination of XML documents. First, we
define a formal model of access control policies for XML documents. Policies that
can be defined in our model take into account both user profiles, and document
contents
and structures. We also propose an approach, based on an extension of the
CryptolopeTM approach [Gladney and Lotspiech 1997], which essentially allows
one to send the same document to all users, and yet to enforce the stated access
control policies. Our approach consists of encrypting different portions of the same
document according to different encryption keys, and selectively distributing these
keys to the various users according to the access control policies. We show that the
number of encryption keys that have to be generated under our approach is
minimal and we present an architecture to support document distribution.
Title: Controlling Access to Published Data Using Cryptography

Author: Gerome Miklau, Dan Suciu
Year: 2003
Description:
We propose a framework for enforcing access control policies on
published XML documents using cryptography.In this framework the
owner publishes a single data instance, which is partially encrypted, and
which enforces all access control policies. Our contributions include a
declarative language for access policies, and the resolution of these
policies into a logical protection model which protects an XML tree with
keys. The data owner enforces an access control policy by granting keys to
users. The model is quite powerful, allowing the data owner to describe
complex access scenarios, and is also quite elegant, allowing logical
optimizations to be described as rewriting rules. Finally, we describe
cryptographic techniques for enforcing the protection model on published
data, and provide a performance analysis using real datasets.
Title: A Privacy-Preserving Approach to Policy-Based Content Dissemination

Author: Ning Shang, Mohamed Nabeel, Federica Paci
Year:
2010
Description:
We propose a novel scheme for selective distribution of content, encoded as
documents, that preserves the privacy of the users to whom the documents are
delivered and is based on an efficient and novel group key management scheme.
Our document broadcasting approach is based on access control policies specifying
which users can access which documents, or subdocuments. Based on such policies,
a broadcast document is segmented into multiple subdocuments, each encrypted
with a different key. In line with modern attribute-based access control, policies are
specified against identity attributes of users. However our broadcasting approach is
privacy-preserving in that users are granted access to a specific document, or
subdocument, according to the policies without the need of providing in clear
information about their identity attributes to the document publisher. Under our
approach, not only does the document publisher not learn the values of the identity
attributes of users, but it also does not learn which policy conditions are verified by
which users, thus inferences about the values of identity attributes are prevented.
Moreover, our key management scheme on which the proposed broadcasting
approach is based is efficient in that it does not require to send the decryption keys
to the users along with the encrypted document. Users are able to reconstruct the
keys to decrypt the authorized portions of a document based on subscription
information they have received from the document publisher. The scheme also
efficiently handles new subscription of users and revocation of subscriptions.
Title: Towards Privacy Preserving Access Control In the Cloud

Author: Mohamed Nabeel, Murat Kantarcioglu
Year: 2011
Description:
It is very costly and cumbersome to manage database systems in-house
especially for small or medium organizations. Data-as-a-Service (DaaS)
hosted in the cloud provides an attractive solution, which is flexible,
reliable, easy and economical to operate, for such organizations. However
security and privacy issues concerning the storage of the data in the cloud
and access via the Internet have been major concerns for many
organizations. The data and the human resources are the life blood of any
organization. Hence, they should be strongly protected. In this paper, we
identify the challenges in securing DaaS model and propose a system
called CloudMask that lays the
foundation for organizations to enjoy all the benefits of hosting their data
in the cloud while at the same time supporting finegrained and flexible
access control for shared data hosted in the cloud.
Title: Overencryption:Management of Access Control Evolution on

Outsourced DataAuthor: Sabrina De Capitani di Vimercati, Sara
Foresti, Sushil Jajodia
Year: 2007
Description:
Data outsourcing is emerging today as a successful paradigm allowing
users and organizations to exploit external services for the distribution of
resources. A crucial problem to be addressed in this context concerns the
enforcement of selective authorization policies and the support of policy
updates in dynamic scenarios. In this paper, we present a novel solution to
the enforcement of access control and the management of its evolution.
Our proposal is based on the application of selective encryption as a
means to enforce authorizations. Two layers of encryption are imposed on
data: the inner layer is imposed by the owner for providing initial
protection, the outer layer is imposed by the server to reflect policy
modifications. The combination of the two layers provides an efficient
and robust solution. The paper presents a model, an algorithm for the
management of the two layers, and an analysis to identify and therefore
counteract possible information exposure risks.
Title: Controlling Access to an Oblivious Database using Stateful

Anonymous Credentials Data
Author: Scott Coull, Matthew Green, and Susan Hohenberger
Year: 2007
Description:
In this work, we consider the task of allowing a content provider to enforce
complex access control policies on oblivious protocols conducted with
anonymous users. As our primary application, we show how to construct
privacy-preserving databases by combining oblivious transfer with an
augmented anonymous credential system. This permits a database operator to
restrict which items each user may access, without learning anything about
users' identities or item choices. This strong privacy guarantee holds even
when users are assigned di_erent access control policies and are allowed to
adaptively make many queries. To do so, we show how to augment existing
anonymous credential systems so that, in addition to certifying a user's
attributes, they also store state about the user's database access history. Our
construction supports a wide range of access control policies, including
e_cient and private realizations of the Brewer-Nash (Chinese Wall) and BellLaPadula (Multilevel Security) policies, which are used for _nancial and
defense applications. In addition, our system is based on standard
assumptions in the standard model and, after an initial setup phase, each
transaction requires only constant time.
Title: Revocation and Tracing Schemes for Stateless Receivers

Author: Dalit Naor, Moni Naor, Jeff Lotspiech
Year:
2001
Description:
We deal with the problem of a center sending a message to a group of users such that
some subset of the users is considered revoked and should not be able to obtain the
content of the message. We concentrate on the stateless receiver case, where the users
do not (necessarily) update their state from session to session. We present a framework
called the Subset-Cover framework, which abstracts a variety of revocation schemes
including some previously known ones. We provide sufficient conditions that
guarantees the security of a revocation algorithm in this class. We describe two
explicit Subset-Cover revocation algorithms; these algorithms are very flexible and
work for any number of revoked users. The schemes require storage at the receiver of
and keys respectively ( is the total number of users), and in order to revoke users the
required message lengths are of and keys respectively. We also provide a general
traitor tracing mechanism that can be integrated with any Subset-Cover revocation
scheme that satisfies a bifurcation property. This mechanism does not need an a
priori bound on the number of traitors and does not expand the message length by
much compared to the revocation of the same set of traitors. The main improvements
of these methods over previously suggested methods, when adopted to the stateless
scenario, are: (1) reducing the message length to regardless of the coalition size while
maintaining a single decryption at the users end (2) provide a seamless integration
between the revocation and tracing so that the tracing mechanisms does not require
any change to the revocation algorithm.
Title: OACerts: Oblivious Attribute Certificates

Author: Jiangtao Li and Ninghui Li
Year: 2006
Description:
We propose Oblivious Attribute Certificates (OACerts), an
attribute certificate scheme in which a certificate holder can select which
attributes to use and how to use them. In particular, a user can use attribute
values stored in an OACert obliviously, i.e., the user obtains a service if
and only if the attribute values satisfy the policy of the service provider, yet
the service provider learns nothing about these attribute values. This way,
the service providers access control policy is enforced in an oblivious
fashion. To enable the oblivious access control using OACerts, we propose
a new cryptographic primitive called Oblivious Commitment-Based
Envelope (OCBE). In an OCBE scheme, Bob has an attribute value
committed to Alice and Alice runs a protocol with Bob to send an envelope
(encrypted message) to Bob such that: (1) Bob can open the envelope if and
only if his committed attribute value satisfies a predicate chosen by Alice,
(2) Alice learns nothing about Bobs attribute value.We develop provably
secure and efficient OCBE protocols for the Pedersen commitment scheme
and predicates such as =,_,_, >, <, 6= as well as logical combinations of
them.
Title: Attribute-Based Encryption for Fine-Grained Access Control of

Encrypted Data
Author: Vipul Goyal, Omkant Pandey, Amit Sahai, Brent Waters
Year: 2006
Description:
As more sensitive data is shared and stored by third-party sites on
the Internet, there will be a need to encrypt data stored at these sites. One
drawback of encrypting data, is that it can be selectively shared only at a
coarse-grained level (i.e., giving another party your private key). We
develop a new cryptosystem for ne-grained sharing of encrypted data that
we call Key-Policy Attribute-Based Encryption (KP-ABE). In our
cryptosystem, ciphertexts are labeled with sets of attributes and private
keys are associated with access structures that control which ciphertexts a
user is able to decrypt. We demonstrate the applicability of our construction
to sharing of audit-log information and broadcast encryption. Our
construction supports delegation of private keys which subsumes
Hierarchical Identity-Based Encryption (HIBE).
SYSTEM ANALYSIS
EXISTING SYSTEM
In the approaches subdocuments are encrypted with different
keys, which are provided to users at the registration phase. The
encrypted subdocuments are then broadcasted to all users. However,
such approaches require that all or some keys be distributed in advance
during user registration phase. This requirement makes it difficult to
assure forward and backward key secrecy when user groups are
dynamic. Further, the rekey process is not transparent, thus shifting the
burden of acquiring new keys on users. It lays the foundation to make
rekey transparent to users and protect the privacy of the users who
access the content.
DRAWBACK IN EXISTING SYSTEM

In this approaches incur high communication and computation cost
to manage keys and encryptions whenever user credentials change.
In such approaches, the data owner has to enforce the ACPs and the
privacy of the users from the content publisher is not protected.
In some approaches, multiple encryptions of the same document
are required which is inefficient.
EXISTING ALGORITHM
Single Layer Encryption Approach
PROPOSED SYSTEM
In this system, we propose a new approach to address this
shortcoming. The approach is based on two layers of encryption applied
to each data item uploaded to the cloud. Under this approach, referred to
as two layer encryption (TLE), the data owner performs a coarse grained
encryption over the data in order to assure the confidentiality of the data
from the cloud. Then the cloud performs fine grained encryption over the
encrypted data provided by the data owner based on the ACPs provided
by the data owner. However, the way we perform coarse and fine grained
encryption is novel and provides a better solution than existing solutions
based on two layers of encryption.
ADVANTAGES IN PROPOSED SYSTEM

It provides a better way to handle data updates, and user dynamics
changes.
To support expressive access control policies.
When user dynamics changes, only the outer layer of the
encryption needs to be updated.
Outer layer encryption is performed at the cloud, no data
transmission is required between the data owner and the cloud.
PROPOSED ALGORITHM
Two Layer Encryption (TLE)
SYSTEM REQUIREMENTS
HARDWARE REQUIREMENTS:
System
: Pentium IV 2.4 GHZ
Hard disk
: 40 GB
Mouse
: Logitech.
RAM
: 2GB(minimum)
Keyboard
: 110 keys enhanced.
SOFTWARE REQUIREMENTS:
Operating system
:- Windows7
Front End
:- Microsoft Visual Studio .Net 2010
Coding Language
:- C#
Backend
:- SQL Server 2008
1.
MODULES
User Authentication and ID Providing

Issuing token ID based on User Registration
Data Owner
Authentication
Key Generate
Upload Encrypted Data in cloud
Cloud Service
Encrypt the Data Owner files
User Access
Download keys
Decrypt Data
2. MODULE DESCRIPTIONS
Identity Provider:
In this Identity module it is responsible for registering the users and
submitting the identity tokens to the users who are registered only.
Data Owner:
In this Data Owner module it is responsible for storing the documents in
the cloud storage services in the encrypted format .whenever the user searches the
data by using identity token. Data owner submits the security key regarding for the
searched document.
Cloud Storage:
In this Cloud storage module it stores the data of the data owner. And
whenever user search for some document if is found and cloud storage re-encrypt
the encrypted document and submits a key to the user.
User:
In this user module it is responsible for registering with his details in
identity protocol and receiving identity tokens from the identity protocol .And then
he searches the relative documents in the data owner and as well as Cloud storage
and receives keys from two modules and then he downloads the relative document
and decrypt with the two keys.
3. Module Diagram
Identity Protocol:
Data Owner:
Cloud Storage :
User Access :
Cloud Storage
4. GIVEN INPUT AND EXPECTED OUTPUT

Identity Protocol:
Input: Username and password
OutPut: Sending Token Key
Data Owner:
Input:Uploading Documents With Process of Encryption
OutPut: Allow to next process
Input: User searches with Identity tokens
OutPut: Sending keys to the user
User:
Input: Searching with Identity Tokens
OutPut : Receiving the keys from cloud storage and data owner
Cloud Storage:
Input: Storing the materials and receiving identity tokens from the user
OutPut : Sending key to the user
SYSTEM DESIGN
Use Case Diagram
A use case diagram is a graph of actors, a set of use cases enclosed by a
system boundary, communication (participation) association between the
actors and the use cases, and generalization among the use cases.
A use case diagram shows the relationship among the actors
(Sender) and use cases within a system.
In our project this diagram indicates the interaction between user and web
search interface. In this diagram shows the process of searching and
retrieve information as quickly, relevant informations. Here users enter the
query that query is process by neighborhood and incremental query
construction method then they form new query. This query is processing
and retrieves accurate data from database.
Class Diagram
A class diagram in the UML is a type of static structure diagram that
describes the structure of a system by showing the systems classes, their
attributes, and the relationships between the classes.
Private visibility hides information from anything outside the class
partition. Public visibility allows all other classes to view the marked
information.
Protected visibility allows child classes to access information they
inherited from a parent class.
Object Diagram
An object diagram in the Unified Modeling Language (UML) is a diagram
that shows a complete or partial view of the structure of a modeled system at
a specific time.
An Object diagram focuses on some particular set of object instances and
attributes, and the links between the instances. A correlated set of object
diagrams provides insight into how an arbitrary view of a system is
expected to evolve over time.
Object diagrams are more concrete than class diagrams, and are often used
to provide examples, or act as test cases for the class diagrams. Only those
aspects of a model that are of current interest need be shown on an object
diagram
search interface. In this diagram shows the process of searching and retrieve
information as quickly, relevant informations. Here users enter the query
that query is process by neighborhood and incremental query construction
method then they form new query. This query is processing and retrieves
accurate data from database.
State Diagram
A state diagram is a type of diagram used in computer science and related
fields to describe the behavior of systems. State diagrams require that the
system described is composed of a finite number of states; sometimes, this
is indeed the case, while at other times this is a reasonable abstraction.
There are many forms of state diagrams, which differ slightly and have
different semantics
ACTIVITY DIAGRAM:
Activity diagram are a loosely defined diagram to show workflows of
stepwise activities and actions, with support for choice, iteration and
concurrency. UML, activity diagrams can be used to describe the business
and operational step-by-step workflows of components in a system. UML
activity diagrams could potentially model the internal logic of a complex
operation. In many ways UML activity diagrams are the object-oriented
equivalent of flow charts and data flow diagrams (DFDs) from structural
development.
In our project this diagram indicates the interaction between user and
web search interface. In this diagram shows the process of searching and
SEQUENCE DIAGRAM:
A sequence diagram in UML is a kind of interaction diagram that
shows how processes operate with one another and in what order.
It is a construct of a message sequence chart. Sequence diagrams are
sometimes called Event-trace diagrams, event scenarios, and timing
diagrams.
UML sequence diagrams model the flow of logic within your system in
a visual manner, enabling you both to document and validate your logic,
and are commonly used for both analysis and design purposes. Sequence
diagrams are the most popular UML artifact for dynamic modeling, which
focuses on identifying the behavior within your system.
COLLABORATION DIAGRAM:
A collaboration diagram show the objects and relationships involved in
an interaction, and the sequence of messages exchanged among the objects
during the interaction.
The collaboration diagram can be a decomposition of a class, class
diagram, or part of a class diagram. It can be the decomposition of a use
case, use case diagram, or part of a use case diagram.
The collaboration diagram shows messages being sent between classes
and object (instances). A diagram is created for each system operation that
relates to the current development cycle (iteration).
COMPONENT DIAGRAM:
Components are wired together by using an assembly connector to
connect the required interface of one component with the provided
interface of another component. This illustrates the service consumer
service provider relationship between the two components. An assembly
connector is a "connector between two components that defines that one
component provides the services that another component requires. An
assembly connector is a connector that is defined from a required interface
or port to a provided interface or port." When using a component diagram
to show the internal structure of a component, the provided and required
interfaces of the encompassing component can delegate to the
corresponding interfaces of the contained components.
DATA FLOW DIAGRAM:

A data flow diagram (DFD) is a graphical representation of the
flow of data through an information system. It differs from the
flowchart as it shows the data flow instead of the control flow of the
program. A data flow diagram can also be used for the visualization of
data processing. The DFD is designed to show how a system is divided
into smaller portions and to highlight the flow of data between those
parts.
retrieve information as quickly, relevant informations. Here users enter
the query that query is process by neighborhood and incremental query
LEVEL 0
LEVEL 1
All Levels
E-R DIAGRAM:
In software engineering, an entity-relationship model (ERM) is an
abstract and conceptual representation of data. Entity-relationship
modeling is a database modeling method, used to produce a type
of conceptual schema or semantic data model of a system, often
a relational database, and its requirements in a top-down fashion.
Diagrams
created
by
this
process
are
called entity-relationship
diagrams, ER diagrams, or ERDs.

retrieve information as quickly, relevant informations. Here users enter
the query that query is process by neighborhood and incremental query
5. IMPLEMENTATION
5.1.User Authentication :
public partial class UserRegistration : System.Web.UI.Page
{
bo bo_obj = new bo();
bal bal_obj = new bal();
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
ViewState["ID"] = bal_obj.BAL_User_ID();
}
}
protected void btn_register_Click(object sender, EventArgs e)
{
if (txt_password.Text == txt_conf_pass.Text)
{try
{
string a = string.Empty;
bo_obj.Username = txt_username.Text;
bo_obj.Empid = txt_empid.Text;
bo_obj.Designation = drop_designation.Text;
bo_obj.Age = Convert.ToInt32(txt_age.Text);
bo_obj.Gender = drop_gender.Text;
bo_obj.Password = txt_password.Text;
bo_obj.Sec_ques = drop_securityques.Text;
bo_obj.Sec_ans = txt_answer.Text;
bo_obj.Mobile = Convert.ToDouble(txt_mobile.Text);
bo_obj.Idprovider=ViewState["ID"].ToString();
bal_obj.user_reg(bo_obj);
a= ViewState["ID"].ToString();
Response.Write("<script>alert('Your Registration id is : "+a+" ')</script>");
txt_age.Text = "";
txt_answer.Text = "";
txt_empid.Text = "";
txt_mobile.Text = "";
txt_username.Text = "";
drop_designation.Text = "";
drop_gender.Text = "";
drop_securityques.Text = "";
}
catch (Exception)
{
throw;
}
}
else
{
Response.Write("<script>alert('Registration failed! password mismatch')</script>");
}
}
protected void btn_reset_Click(object sender, EventArgs e)

{
txt_age.Text = "";
txt_answer.Text = "";
txt_empid.Text = "";
txt_mobile.Text = "";
txt_username.Text = "";
drop_designation.Text = "";
drop_gender.Text = "";
drop_securityques.Text = "";
}
}
5.2.User Login :
public partial class UserLogin : System.Web.UI.Page
{
bal bal_log= new bal();
bo bo_log = new bo();
{
MsgLbl.Visible = false;
}
protected void btn_login_Click(object sender, EventArgs e)
{
MsgLbl.Visible = true;
string des;
try
{
Session["name"] = txt_usrlogin.Text;
bo_log.Username = txt_usrlogin.Text;
bo_log.Password = txt_usrpass.Text;
des = bal_log.login(bo_log);
if (des == "Doctor" || des == "Senior Doctor")
{
Response.Redirect("Doctor.aspx");
}
else if (des == "Nurse" || des == "Senior Nurse")
{
Response.Redirect("Nurse.aspx");
}
else if (des.Equals("Receptionist"))
{
Response.Redirect("Receptionist.aspx");
}
else
{
MsgLbl.Text = "Invalid user ID or Password";
}
}
catch (Exception)
{
throw;
}
}
}
Data Owner :
5.3.Authentication :
public partial class Admin : System.Web.UI.Page
{
bal balob = new bal();
bo bo_ob = new bo();
{
}
protected void btn_admin_Click(object sender, EventArgs e)
{
Session["admin"] = txt_adm_name.Text;
bo_ob.Username = txt_adm_name.Text;
bo_ob.Password = txt_adm_pass.Text;
balob.adlog(bo_ob);
Response.Redirect("AdminPage.aspx");
}
}
5.4.Key Generate :
public partial class AdminPage : System.Web.UI.Page
{
bal bal_ob = new bal();
bo bo_ob = new bo();
DataSet ds = new DataSet();
dal dal_ob = new dal();
{
lb_username.Text = Session["admin"].ToString();
if (!IsPostBack)
{
bind();
}
}
public void bind()
{
ds = bal_ob.ad_grid(bo_ob);
gv_userdet.DataSource = ds;
gv_userdet.DataBind();
}
protected void btn_private_Click(object sender, EventArgs e)

{
try
{
string filename = Session["admin"].ToString() + ".sk";
string absolutePath = Server.MapPath("~/Keys/" + Session["admin"].ToString() + "/" + filename);
Response.ContentType = "text/plain";
Response.AddHeader("Content-Disposition", "attachment;filename=" + filename);
Response.TransmitFile(absolutePath);
Response.End();
}
catch (Exception)
{
throw;
}
finally
{
}
}
protected void btn_public_Click(object sender, EventArgs e)

{
try
{
string filename = Session["admin"].ToString() + ".pk";
string absolutePath = Server.MapPath("~/Keys/" + Session["admin"].ToString() + "/" +
filename);
Response.End();
}
catch (Exception)
{
throw;
}
finally
{
}
}
protected void btn_key_generate_Click(object sender, EventArgs e)

{
bool a;
try
{
Keygeneration obj_RSAKey = new Keygeneration();
obj_RSAKey.generatekey(Convert.ToInt32(keysize.SelectedValue));
bo_ob.Pkkey=obj_RSAKey.Privatekey;
bo_ob.Pbkey=obj_RSAKey.Publickey;
a = bal_ob.keygen(bo_ob);
writeKeys(obj_RSAKey.Publickey, Session["admin"].ToString() + ".pk", Server.MapPath("~/Keys/"));
writeKeys(obj_RSAKey.Privatekey, Session["admin"].ToString() + ".sk", Server.MapPath("~/Keys/"));
Response.Write("<script>alert('Key Generated Successfully')</script>");
}
catch (Exception)
{
throw;
}
}
private void writeKeys(string Data, string fName, string Path)

{
try
{
Path += "/" + Session["admin"].ToString();
if (!System.IO.Directory.Exists(Path))
{
System.IO.Directory.CreateDirectory(Path);
}
System.IO.StreamWriter streamWriter = new System.IO.StreamWriter(Path + "/" + fName, false);
if (Data != null)
{
streamWriter.Write(Data);
}
streamWriter.Close();
}
catch (Exception Ex)
{
Response.Write("<script type='text/javascript'>alert('" + Ex.Message + "');</script>");
}
}
}
5.5.Encrypt Data :
public partial class FileEncrypt : System.Web.UI.Page
{
EncryptionService es = new EncryptionService();
{
// lb_usrrequest.Visible = false;
lb_encrypt.Visible = false;
}
protected void btn_encrypt_Click(object sender, EventArgs e)
{
lb_encrypt.Visible = true;
try
{
string FileName = Path.GetFileName(file_upld.FileName);
Session["FileName"] = FileName;
string FileExtension = Path.GetExtension(FileName);
if (FileExtension == ".docx" || FileExtension == ".doc" || FileExtension == ".txt" ||
FileExtension == ".pdf" || FileExtension == ".jpg")
{
if (!System.IO.Directory.Exists(Server.MapPath("~/Temp/" + Session["admin"])))
System.IO.Directory.CreateDirectory(Server.MapPath("~/Temp/" + Session["admin"]));
file_upld.SaveAs(Server.MapPath("~/Temp/" + Session["admin"] + "/" + FileName));
}
else
{
ClientScript.RegisterStartupScript(Page.GetType(), "validation",
<script language='javascript'>alert('file format not supported')</script>");}
string FilePath = Server.MapPath("~/Temp/" + Session["admin"] + "/" + FileName);

string KeyPath = Server.MapPath("~/Keys/" + Session["admin"] + "/" + Session["admin"] + ".pk");
string id = Session["admin"].ToString();
es.EncryptFile(KeyPath, FilePath, id);
//Session["encrypt_path"] = a;
lb_encrypt.Text = "File Encrypted Successfully";
}
catch (Exception)
{
throw;
}
finally
{
}
}
protected void btn_cancel_Click(object sender, EventArgs e)
{
Response.Redirect("AdminPage.aspx");
}
protected void btn_viewreq_Click(object sender, EventArgs e)
{
Response.Redirect("ForwardKey.aspx");
}
}
Cloud Encryption :
5.6.Key Generation and Encryption in Cloud :
public partial class CloudEncrypt : System.Web.UI.Page
{
bal bal_ob=new bal();
bo bo_ob=new bo();
ReEncryption re = new ReEncryption();
{
}
protected void btn_keygen_Click(object sender, EventArgs e)
{
bool a;
try
{
Secondkeygen obj_RSAKey = new Secondkeygen();
obj_RSAKey.skeygen(Convert.ToInt32(DropDownList1.SelectedValue));
bo_ob.Pkkey=obj_RSAKey.Privatekey;
bo_ob.Pbkey=obj_RSAKey.Publickey;
a = bal_ob.keygen(bo_ob);
writeKeys(obj_RSAKey.Publickey, Session["admin"].ToString() + ".cpk",
Server.MapPath("~/Cloud Keys/"));
writeKeys(obj_RSAKey.Privatekey, Session["admin"].ToString() + ".csk",
Server.MapPath("~/Cloud Keys/"));
}
catch (Exception)
{
throw;}}
private void writeKeys(string Data, string fName, string Path)

{
try
{
Path += "/" + Session["admin"].ToString();
if (!System.IO.Directory.Exists(Path))
{
System.IO.Directory.CreateDirectory(Path);
}
System.IO.StreamWriter streamWriter = new System.IO.StreamWriter(Path + "/" + fName, false);
if (Data != null)
{
streamWriter.Write(Data);
}
streamWriter.Close();
}
catch (Exception Ex)
{
Response.Write("<script type='text/javascript'>alert('" + Ex.Message + "');</script>");
}
}
protected void btn_privatekey_Click(object sender, EventArgs e)

{
try
{
string filename = Session["admin"].ToString() + ".csk";
string absolutePath = Server.MapPath("~/Cloud Keys/" + Session["admin"].ToString() + "/" +
filename);
Response.End();
}
catch (Exception)
{
throw;
}
finally
{
}
}
protected void btn_publickey_Click(object sender, EventArgs e)

{
try
{
string filename = Session["admin"].ToString() + ".cpk";
string absolutePath = Server.MapPath("~/Cloud Keys/" + Session["admin"].ToString() + "/" +
filename);
Response.End();
}
catch (Exception)
{
throw;
}
finally
{
}
}
protected void btn_cloud_encrypt_Click(object sender, EventArgs e)
{
try
{
string FileName = Path.GetFileName(fileupld_cloud.FileName);
Session["FileName"] = FileName;
string FileExtension = Path.GetExtension(FileName);
if (FileExtension == ".docx" || FileExtension == ".doc" || FileExtension == ".txt" || FileExtension ==

".pdf" || FileExtension == ".jpg")
{
if (!System.IO.Directory.Exists(Server.MapPath("~/Cloud/" + Session["admin"])))
System.IO.Directory.CreateDirectory(Server.MapPath("~/Cloud/" + Session["admin"]));
fileupld_cloud.SaveAs(Server.MapPath("~/Cloud/" + Session["admin"] + "/" + FileName));
}
else
{
ClientScript.RegisterStartupScript(Page.GetType(), "validation", "<script
language='javascript'>alert('file format not supported')</script>");
}
string FilePath = Server.MapPath("~/Cloud/" + Session["admin"] + "/" + FileName);
string KeyPath = Server.MapPath("~/Cloud Keys/" + Session["admin"] + "/" + Session["admin"] +
".cpk");
string id = Session["admin"].ToString();
re.Reencrypt(KeyPath, FilePath, id);
}
catch (Exception)
{
throw;
}
finally
{ }}}
User Access :
5.7 Requesting Key :
protected void btn_send_Click(object sender, EventArgs e)
{
Session["request"] = txt_doc_request.Text.ToString();
ClientScript.RegisterStartupScript(Page.GetType(), "validation", "<script
language='javascript'>alert('Request Sucessfully Send to Owner...')</script>");
}
protected void btn_download_record_Click(object sender, EventArgs e)
{
Response.Redirect("UserDownloadKey.aspx");
}
5.8 Key From Data Owner :
{
lnk_cloud.Visible = false;
lb_usrreq.Text = " ";
if (Session["request"]== null)
{ Response.Write("<script>alert('There are no request from user ')</script>");
Response.Redirect("CloudEncrypt.aspx");
}
else
{
lb_usrreq.Text = Session["name"].ToString() + " : " + Session["request"].ToString();
}
// lb_usrreq.Text = Session["request"].ToString();
lb_key_send.Visible = false;
// string s = Path.GetFileName(upld_key.PostedFile.FileName);
}
protected void btn_forwardkey_Click(object sender, EventArgs e)

{
string a = Path.GetFileName(upld_key.PostedFile.FileName);
Session["keyname"] = a;
if (!System.IO.Directory.Exists(Server.MapPath("~/UsersKey/" + Session["name"])))
System.IO.Directory.CreateDirectory(Server.MapPath("~/UsersKey/" + Session["name"]));
lb_key_send.Visible=true;
// string filename = Session["admin"].ToString() + ".sk";
string filename = a ;
string absolutePath = Server.MapPath("~/Keys/" + Session["admin"].ToString() + "/" +
filename);
string[] arr = File.ReadAllLines(absolutePath);
StringBuilder strbul = new StringBuilder();
System.IO.StreamWriter write = new System.IO.StreamWriter(Server.MapPath("~/UsersKey/" +
"/" + Session["name"] + "/" + filename));
foreach (string i in arr)
{
strbul.Append(i);
write.Write(strbul);
}
write.Dispose();
lnk_cloud.Visible = true;
lb_key_send.Text = "Key Send Successfully";
}
5.9 Key From Cloud :

protected void btn_forwardkey_Click(object sender, EventArgs e)
{
string a = Path.GetFileName(fupld_cldkey.PostedFile.FileName);
Session["cldkeyname"] = a;
if (!System.IO.Directory.Exists(Server.MapPath("~/UsersKey/" + Session["name"])))
System.IO.Directory.CreateDirectory(Server.MapPath("~/UsersKey/" +
Session["name"]));
string filename = a;
string absolutePath = Server.MapPath("~/Cloud Keys/" + Session["admin"].ToString() +
"/" + filename);
string[] arr = File.ReadAllLines(absolutePath);
StringBuilder strbul = new StringBuilder();
System.IO.StreamWriter write = new
System.IO.StreamWriter(Server.MapPath("~/UsersKey" + "/" + Session["name"] + "/" +
filename));
foreach (string i in arr)
{
strbul.Append(i);
write.Write(strbul);
}
write.Dispose();
Response.Write("<script>alert('Key from Cloud Successfully Sent')</script>");
}
5.8 User Downloading Keys :

Owners Key :
protected void btn_seckey_download_Click(object sender, EventArgs e)
{
if (Session["keyname"] != null)
{
string a = Session["keyname"].ToString();
string absolutePath = Server.MapPath("~/UsersKey/" + Session["name"] + "/" +
filename);
Response.End();
}
else
{
Response.Write("<script>alert('Send a Request to DataOwner to download
key')</script>");
Response.Redirect("DoctorEntries.aspx");
}
}
Clouds Key :
protected void btn_cld_key_Click(object sender, EventArgs e)
{
if (Session["cldkeyname"] != null)
{
string a = Session["cldkeyname"].ToString();
string absolutePath = Server.MapPath("~/UsersKey/" + Session["name"] + "/" + filename);
//~/UsersKey/UserCldKey" + "/" + Session["name"] + "/" + filename
Response.End();
}
else
{
Response.Write("<script>alert('Send a Request to DataOwner to download key')</script>");
Response.Redirect("DoctorEntries.aspx");
}
}
5.9 Cloud Level Of Decryption :

protected void btn_cld_decrypt_Click(object sender, EventArgs e)
{
try
{
string Filename = Path.GetFileName(fupld_file.FileName);
string FilePath = Server.MapPath("~/Cloud/Recrypt/" + Session["admin"] + "/" +
Filename);
string KeyName = Path.GetFileName(fupld_key.FileName);
string FileFormat = Path.GetExtension(KeyName);
if (FileFormat == ".csk")
{
if (!System.IO.Directory.Exists(Server.MapPath("~/Userskey/" + Session["name"])))
System.IO.Directory.CreateDirectory(Server.MapPath("~/Userskey/" +
Session["name"]));
fupld_key.SaveAs(Server.MapPath("~/Userskey/" + Session["name"] + "/" +
KeyName));
}
string KeyPath = Server.MapPath("~/UsersKey/" + Session["name"] + "/" + KeyName);
string id = Session["name"].ToString();
ds.DecryptFile(KeyPath, FilePath, id);
}
catch (Exception)
{
throw;
}
Response.Redirect("FileDecrypt.aspx");
}
}
6. DATABASE DESIGN STRUCTURE

Database design is the process of producing a detailed data model of a database. This logical
data model contains all the needed logical and physical design choices and physical storage
parameters needed to generate a design in a Data Definition Language, which can then be
used to create a database. A fully attributed data model contains detailed attributes for each
entity.
6.1. Table Name: Register :
This table is used for maintaining the details of users for authentication purpose.This
Information are viewed at admin side.
6.2. Table Name: Admin :

This table is used for admin authentication.
6.3.3: Table Name:key generation

In this table admin generate the key for encryption
6.3.4: Table Name:Secret key

In this table admin maintaining secret key
Home Page :
User Registration :
Admin Login
User Profile :
Admin Login :
Admins Page(Data Owner) :

Here, the data owner generates a key size and with the public key, he encrypts the data and stores at
cloud.
Data Owner Encryption :
Cloud Side Encryption :

Cloud generated the same key size which data owner has mention and encrypts the data once
again inside the cloud with public key.
User Requesting Key :
Secret Key Forward(Data Owner) :
Secret Key Forward(Cloud) :
User Downloading Key from Data Owner :
User Downloading Key from Cloud :
Validating Registration ID :
Cloud Level Decryption :
9.FUTURE ENHANCEMENT
We plan to investigate the alternative choices for the TLE approach
further. We also plan to further reduce the computational cost by exploiting partial
relationships among ACPs.
Advantages
It provides a better way to handle data updates, and user dynamics changes.
To support expressive access control policies.
When user dynamics changes, only the outer layer of the encryption needs to be
updated.
Outer layer encryption is performed at the cloud, no data transmission is required
between the data owner and the cloud.
Applications:
In big organizations (Amazon,IBM) are maintaining the clouds to store the
data.To provide privacy we can implement.
Storage As a Service Based Cloud Applications

Cloud storage is a model of networked enterprise storage where data is stored
not only in the user's computer, but in virtualized pools of storage which are
generally hosted by third parties, too. Users can perform manipulations on stored
data like insert update and append through blocks. Block level updating and
deletions are allowed with token checking. If user has not having enough
resources to compute tokens or required hardware support then he can easily
delegate the work to a third party auditor called as TPA. He is responsible to
generate homomorphic token and stores the token persistently and securely for
further verification. In our
scheme we assume that TPA is secure and he is responsible to protect from
threats, users will pay some incentives to TPA for maintenance.
Hospital
A hospital is a health care institution providing patient treatment by specialized
staff and equipment. Hospitals are usually funded by the public sector, by health
organizations (for profit or nonprofit), health insurance companies, or charities,
including direct charitable donations. Historically, hospitals were often founded
and funded by religious orders or charitable individuals and leaders. In this
hospital application we can implement this concept for security purpose.
Conclusion:
In this paper, we proposed a two layer encryption based approach to solve this
problem by delegating as much of the access control enforcement
responsibilities as possible to the Cloud while minimizing the information
exposure risks due to colluding Usrs and Cloud. A key problem in this regard is
how to decompose acps so that the Owner has to handle a minimum number of
attribute conditions while hiding the content from the Cloud. We showed that the
policy decomposition problem is NP-Complete and provided approximation
algorithms. Based on the decomposed acps, we proposed a novel approach to
privacy preserving finegrained delegated access control to data in public clouds.
Our approach is based on a privacy preserving attribute based key management
scheme that protects the privacy of users while enforcing attribute based acps.
As the experimental results show, decomposing The acps and utilizing the two
layer of encryption reduce the overhead at the Owner.
CHAPTER 10
10.1 CONCLUSION
In this paper, we proposed a two layer encryption based approach to solve
this problem by delegating as much of the access control enforcement
responsibilities as possible to the Cloud while minimizing the information
exposure risks due to colluding Usrs and Cloud. A key problem in this regard is
how to decompose acps so that the Owner has to handle a minimum number of
attribute conditions while hiding the content from the Cloud. We showed that the
policy decomposition problem is NP-Complete and provided approximation
algorithms. Based on the decomposed acps, we proposed a novel approach to
privacy preserving finegrained delegated access control to data in public clouds.
Our approach is based on a privacy preserving attribute based key management
scheme that protects the privacy of users while enforcing attribute based acps. As
the experimental results show, decomposing The acps and utilizing the two layer
of encryption reduce the overhead at the Owner.
REFERENCES OR BIBLIOGRAPHY
[1] M. Nabeel and E. Bertino, Privacy preserving delegated access control in
the storage as a service model, in EEE International Conference on
Information Reuse and Integration (IRI), 2012.
[2] E. Bertino and E. Ferrari, Secure and selective dissemination of XML
documents, ACM Trans. Inf. Syst. Secur., vol. 5, no. 3, pp. 290331, 2002.
[3] G. Miklau and D. Suciu, Controlling access to published data using
cryptography, in VLDB 2003: Proceedings of the 29th international
conference on Very large data bases. VLDB Endowment, 2003, pp. 898909.
[4] N. Shang, M. Nabeel, F. Paci, and E. Bertino, A privacypreserving
approach to policy-based content dissemination, in ICDE 10: Proceedings of
the 2010 IEEE 26th International Conference on Data Engineering, 2010.
[5] M. Nabeel, E. Bertino, M. Kantarcioglu, and B. M.
Thuraisingham,Towards privacy preserving access control in the cloud, in
Proceedings of the 7th International Conference on Collaborative Computing:
Networking, Applications and Worksharing, ser. CollaborateCom 11, 2011,
pp. 172180.
[6] M. Nabeel, N. Shang, and E. Bertino, Privacy preserving policy based
content sharing in public clouds, IEEE Transactions on Knowledge and Data
Engineering, 2012.
[7] S. D. C. di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P.

Samarati, Over-encryption: Management of access control evolution on
outsourced data, in Proceedings of the 33rd International Conference on
Very Large Data Bases, ser. VLDB 07. VLDB Endowment, 2007, pp.
123134.
[8] M. Nabeel and E. Bertino, Towards attribute based group key
management, in Proceedings of the 18th ACM conference on Computer
and communications security, Chicago, Illinois, USA, 2011.
[9] A. Fiat and M. Naor, Broadcast encryption, in Proceedings of the
13th Annual International Cryptology Conference on Advances in
Cryptology, ser. CRYPTO 93. London, UK: Springer-Verlag, 1994, pp.
480491.
[10] D. Naor, M. Naor, and J. B. Lotspiech, Revocation and tracing
schemes for stateless receivers, in Proceedings of the 21st Annual
International Cryptology Conference on Advances in Cryptology, ser.
CRYPTO 01. London, UK: Springer-Verlag, 2001, pp. 4162.
[11] J. Li and N. Li, OACerts: Oblivious attribute certificates, IEEE
Transactions on Dependable and Secure Computing, vol. 3, no. 4, pp. 340
352, 2006.

Vtdcc03-Final With Future

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Vtdcc03-Final With Future

Uploaded by

Copyright:

Available Formats

PRIVACY PRESERVING

SCOPE OF THE PROJECT

Title: Secure and Selective Dissemination of XML Documents

Title: Controlling Access to Published Data Using Cryptography

Title: A Privacy-Preserving Approach to Policy-Based Content Dissemination

Title: Towards Privacy Preserving Access Control In the Cloud

Title: Overencryption:Management of Access Control Evolution on

Title: Controlling Access to an Oblivious Database using Stateful

Title: Revocation and Tracing Schemes for Stateless Receivers

Title: OACerts: Oblivious Attribute Certificates

Title: Attribute-Based Encryption for Fine-Grained Access Control of

DRAWBACK IN EXISTING SYSTEM

Single Layer Encryption Approach

ADVANTAGES IN PROPOSED SYSTEM

User Authentication and ID Providing

4. GIVEN INPUT AND EXPECTED OUTPUT

DATA FLOW DIAGRAM:

diagrams, ER diagrams, or ERDs.

protected void btn_reset_Click(object sender, EventArgs e)

protected void btn_private_Click(object sender, EventArgs e)

protected void btn_public_Click(object sender, EventArgs e)

protected void btn_key_generate_Click(object sender, EventArgs e)

private void writeKeys(string Data, string fName, string Path)

string FilePath = Server.MapPath("~/Temp/" + Session["admin"] + "/" + FileName);

private void writeKeys(string Data, string fName, string Path)

protected void btn_privatekey_Click(object sender, EventArgs e)

protected void btn_publickey_Click(object sender, EventArgs e)

if (FileExtension == ".docx" || FileExtension == ".doc" || FileExtension == ".txt" || FileExtension ==

protected void btn_forwardkey_Click(object sender, EventArgs e)

5.9 Key From Cloud :

5.8 User Downloading Keys :

5.9 Cloud Level Of Decryption :

6. DATABASE DESIGN STRUCTURE

6.2. Table Name: Admin :

6.3.3: Table Name:key generation

6.3.4: Table Name:Secret key

Admins Page(Data Owner) :

Data Owner Encryption :

Cloud Side Encryption :

User Requesting Key :

Secret Key Forward(Data Owner) :

Secret Key Forward(Cloud) :

User Downloading Key from Data Owner :

User Downloading Key from Cloud :

Cloud Level Decryption :

Storage As a Service Based Cloud Applications

[7] S. D. C. di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P.

You might also like