Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

1.1

SYNOPSIS

This project is entitled ―Cloud Documents Security Using Interactive ZeroKnowledge Proof Prevent” using Asp .Net as Front end and SQL Server as back end. Cloud-based outsourced storage relieves the client’s burden for storage management and maintenance by providing a comparably low-cost, scalable, location-independent platform. However, the fact that clients no longer have physical possession of data indicates that they are facing a potentially formidable risk for missing or corrupted data. To avoid the security risks, audit services are critical to ensure the integrity and availability of outsourced data and to achieve digital forensics and credibility on cloud computing. Provable data possession (PDP), which is a cryptographic technique for verifying the integrity of data without retrieving it at an untrusted server, can be used to realize audit services. In this project, profiting from the interactive zero-knowledge proof system, we address the construction of an interactive PDP protocol to prevent the fraudulence of prover (soundness property) and the leakage of verified data (zero-knowledge property). We prove that our construction holds these properties based on the computation Diffie–Hellman assumption and the rewind able black-box knowledge extractor. We also propose an efficient mechanism with respect to probabilistic queries and periodic verification to reduce the audit costs per verification and implement abnormal detection timely. In addition, we present an efficient method for selecting an optimal parameter value to minimize computational overheads of cloud audit services. Our experimental results demonstrate the effectiveness of our approach.

1

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

2.1 SYSTEM CONFIGURATION

SOFTWARE CONFIGURATION Operating System Environment .Net Framework Language Web Technology Web Server Back End : : : : : : : Windows XP Professional/7 Visual Studio .Net 2008 Version 3.5 C# Active Server Pages.Net (Asp .Net) Internet information Server 5.0 SQL Server 2005

HARDWARE CONFIGURATION

Processor RAM Monitor size Hard Disk Extra Device Keyboard Mouse

: : : : : : :

Pentium IV 512MB 17‖SVGA 80 GB CD-ROM 52x 104 standards Keyboard Optical

2

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

2.2 ABOUT WINDOWS XP
Windows XP is an operating system that was produced by Microsoft for use on personal computers, including home and business desktops, laptops, and media centers. It was first released in August 2001, and is the most popular version of Windows, based on installed user base. The name "XP" is short for "eXPerience." Windows XP was the successor to both Windows 2000 and was the first consumeroriented operating system produced by Microsoft to be built on the end. Windows XP was released for retail sale on October 25, 2001, and over 400 million copies were in use in January 2006, according to an estimate in that month by an analyst. It was succeeded by, which was released to volume license customers on November 8, 2006 and worldwide to the general public on January 30, 2007. Direct and retail sales of Windows XP ceased on June 30, 2008. Microsoft continued to sell Windows XP through their System Builders (smaller OEMs who sell assembled computers) program until January 31, 2009. XP may continue to be available as these sources run through their inventory or by purchasing Windows 7 Ultimate, Windows 7 Pro, Windows Vista Ultimate or Windows Vista Business, and then to Windows XP. The most common editions of the operating system were Windows XP Home Edition, which was targeted at home users, and Windows XP Professional, which offered additional features such as support for, and was targeted at, business and enterprise clients has additional multimedia features enhancing the ability to record and watch TV shows, view DVD movies, and listen to music. Was designed to run stylus applications built using the platform. Windows XP was eventually released for two additional architectures, for processors. There is also, a component version of the Windows XP Professional, and editions for specific markets such as Windows XP Starter Edition. The basic versions of Windows, which are programmed in, and, are known for their improved stability and efficiency over the versions. Windows XP presented a significantly redesigned, a change Microsoft promoted as more userfriendly than previous versions of Windows.

3

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent A new software management facility was introduced to ameliorate that plagues 9x versions of Windows. It is also the first version of Windows to use to combat. Windows XP had also been criticized by some users for security vulnerabilities, tight integration of applications such as, and for aspects of its default user interface. Later versions with, and addressed some of these concerns. According to data generated by as of December 2010, Windows XP is the most widely used operating system for accessing the Internet in the world with a 47.2% market share, having peaked at 76.1% in January 2007

EDITIONS
The two major editions are Windows XP Home Edition, designed for home users, and Windows XP Professional, designed for business and power-users. XP Professional contains advanced features that the average home user would not use. However, these features are not necessarily missing from XP Home. They are simply disabled, but are there and can become functional. These releases were made available at retail outlets that sell computer software and were preinstalled on computers sold by major computer manufacturers. As of mid-2008, both editions continue to be sold. A third edition, called Windows XP Media Center Edition was introduced in 2002 and was updated every year until 2006 to incorporate new digital media, broadcast television and capabilities. Unlike the Home and Professional edition, it was never made available for retail purchase, and was typically either sold through channels, or was preinstalled on computers that were typically marketed as "media center PCs". Two different editions were made available, one designed specifically for Itanium-based workstations, which was introduced in 2001 around the same time as the Home and Professional editions, but was discontinued a few years later when vendors of Itanium hardware stopped selling workstation-class machines due to low sales. The other, called Windows XP Professional x64 Edition supports the x86-64 extension. x86-64 was implemented first by AMD as "AMD64", found in AMD's and chips, and later implemented by Intel as (formerly known as IA-32e and EM64T), found in Intel's and later chips.

4

Windows XP Edition. but is limited to low-end hardware. Microsoft wanted to call this version Reduced Media Edition. but can't afford to purchase new hardware. In March 2004. including desktop backgrounds of popular locations. EDITIONS FOR SPECIFIC MARKETS It is similar to Windows XP Home. It is only available to customers. Microsoft released a version of Windows XP Embedded which targets older machines (as early as the original Pentium). medical devices. In July 2006. arcade video games. help features for those who may not speak English. The Malaysian version. but EU regulators objected and suggested the Edition N name. kiosks.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent Tablet PC Edition was produced for a class of specially designed notebook/laptop computers called. It is intended for corporate customers who would like to upgrade to Windows XP to take advantage of its security and management capabilities. the fined Microsoft €497 million (US$603 million) and ordered the company to provide a version of Windows without. contains a desktop background of the skyline. Microsoft also released an edition for specific consumer electronics. It is compatible with a pen-sensitive screen. can only run 3 programs at a time. The Commission concluded that Microsoft "broke competition law by leveraging it’s near in the market for PC operating systems onto the markets for work group operating systems and for media players". supporting handwritten notes and portrait-oriented screens. After unsuccessful appeals in 2004 and 2005. and Voice over Internet Protocol components. This version does not include the company's Windows Media Player but instead encourages users to pick and download their own media player. Each country's edition is also customized for that country. Microsoft reached an agreement with the Commission where it would release a courtcompliant version. and other default settings designed for easier use than typical Windows XP installations. for example. with the signifying "not with Media Player" for both Home and Professional editions of Windows XP. 5 . point-of-sale terminals. and has some other features either removed or disabled by default.

SERVICE PACKS Microsoft occasionally releases for its Windows operating systems to fix problems and add features. and have all adopted Microsoft Windows XP as their migration path from. packs and translating the user interface were also available for certain languages. but. switched to support XP Professional to match their primary competitor. Windows XP Professional x64 Edition was based on Service Pack 1 and claimed to be "SP1" in system properties from the initial release. Wincor Nixdorf. Vending machines run a modified version of XP designed for the full screen of the Vending Touch screen and the DVD vending itself. 6 . Each service pack is a superset of all previous service packs and patches so that only the latest service pack needs to be installed. ATMs and Vendors (ATM) vendors. The service pack details below only apply to the 32-bit editions. However if it is still have the earliest version of Windows XP on Retail CD (without any service packs included). who has been pushing for standardization for many years. NCR Corporation and Wincor Nixdorf. Older service packs need not be manually removed before application of the most recent one. before SP3 can be installed.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent LANGUAGES Windows XP was available in many languages. Diebold initially shipped XP Home Edition exclusively. Windows Update "normally" takes care of automatically removing unnecessary files. it will need to install SP1a or SP2. and also includes new revisions. following extensive pressure from customer banks to support a common operating system. In addition. began shipping ATMs with Windows when they first arrived on the scene. It is updated by the same service packs and hot fixes as the x64 edition of Windows Server 2003.

It helps to specify the logical organization for a database and access and use the information within a database. etc. DBMS management component. managing concurrency. It provides facilities for controlling. Instead of having to write computer programs to extract information. a DBMS allows users and other software to store and retrieve data in a way. database language engine. It allows different user application programs to easily access the same database. many DBMS packages provide (4GLs) and other application development features. Some of the major components are external interface. storage engine. A DBMS is a system software package that helps the use of integrated collection of data records and files known as databases. query optimizer.3 DBMS AND RDBMS DBMS (DATABASE MANAGEMENT SYSTEM) Database management system is the means of controlling databases either in the hard disk in a desktop system or on a network. Thus. and restoring the database from backups. Database management system is used for creating database. management. The responses must be submitted and received according to a format that conforms to one or more applicable protocols. The DBMS accepts requests for data from an application program and instructs to the transfer the appropriate data. A DBMS also provides the ability to logically present database information to users.. user can ask simple questions. DBMS may use any of a variety of the large systems. This has led to severe performance problems when dealing with complex and high amount of data. Instead it will take the approach of manual navigation. 7 . maintained database and provides the means of using the database. It allows organizations to place control of database development in the hands of (DBA) and other specialists. database engine. External Interface is used to communicate with the DBMS as well as the databases. A Database Management System (DBMS) is a set of that controls the creation. DBMS doesn’t consider relationship between the tables. DBMS has several components. DBMS are categorized according to their data structures or types. enforcing. maintenance. A DBMS is a set of that controls the.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent 2.

so authorized users can apply the same relational language to its interrogation as they apply to regular data. SYSTEMATIC TREATMENT OF NULL VALUES Null values (distinct from empty character string or a string of blank characters and distinct from zero or any other number) are supported in the fully relational DBMS for representing missing information in a systematic way. However. INFORMATION RULE All information in the database should be represented in one and only one way . there must be at least one language whose statements are expressible. as character strings and whose ability to support all of the following is comprehensible:  data definition 8 .Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent DBMS RULES FOUNDATION RULE A relational database management system must manage its stored data using only its relational capabilities. primary key value and column name.as values in a table. independent of data type. DYNAMIC ON-LINE CATALOG BASED ON THE RELATIONAL MODEL The database description is represented at the logical level in the same way as ordinary data. GUARANTEED ACCESS RULE Each and every datum (atomic value) is guaranteed to be logically accessible by resorting to a combination of table name. COMPREHENSIVE DATA SUBLANGUAGE RULE A relational system may support several languages and various modes of terminal use. per some welldefined syntax.

VIEW UPDATING RULE All views that are theoretically updateable are also updateable by the system. and deletion of data. UPDATE. update.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent      view definition data manipulation (interactive and by program) integrity constraints authorization Transaction boundaries (begin. HIGH-LEVEL INSERT. 9 . PHYSICAL DATA INDEPENDENCE Application programs and terminal activities remain logically unimpaired whenever any changes are made in either storage representation or access methods. commit. AND DELETE The capability neither of handling a base relation or a derived relation as a single operand applies nor only to the retrieval of data but also to the insertion. and rollback).

for example the column postcode. Guarantee the Referential Integrity between rows of various tables. A key value cannot occur twice in one table. A Relational DataBase Management System (RDBMS) is software that:     Enables you to implement a database with tables. because one column is not sufficiently unique. and indexes. During 1970′s RDBMS or Relational database management system came into existence. Redundancy: Storing data twice. redundantly to make the system faster. So RDBMS widely used by the enterprises for storing complex and large amount of data. Update the indexes automatically. Foreign Key: A foreign key is the linking pin between two tables. RDBMS avoided the navigation model as in old DBMS and introduced Relational model. The relational model has relationship between tables using primary keys. columns. Row: A row (= tuple. A table in a database looks like a simple spreadsheet. entry or record) is a group of related data. Primary Key: A primary key is unique. With a key you can find at most one row.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent RDBMS (RELATIONAL DATABASE MANAGEMENT SYSTEM) RDBMS is the abbreviated form of Relational DataBase Management System. Column: One column (data element) contains data of one and the same kind. foreign keys and indexes. Relational database management system was introduced in 1970′s. for example the data of one subscription. 10 . Compound Key: A compound key (composite key) is a key that consists of multiple columns. Thus the fetching and storing of data become faster than the old Navigational model. with related data. RDBMS TERMINOLOGY Database: A database is a collection of tables. Table: A table is a matrix with data. Interprets an SQL query and combines information from various tables.

The . Visual Studio took the biggest leap in innovation since it was released. First. It changes almost every aspect of software development. 11 . AN OVERVIEW OF THE . But . New features have been added that cement this language’s position as a true object-oriented language.NET is portable to a wide variety of hardware and operating system foundations. the entire architecture has been created to make it as easy to develop Internet applications as it is to develop for the desktop. In some cases. This prepares for a possible future in which the software developed for .NET goes beyond an overhaul. component Technologies and data technologies ever seen on a Microsoft. Second. the same functionality is implemented in a different way. It provides the richest level of integration among presentation technologies. with the introduction of Visual Basic .Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent 2. With Visual Basic 2005. After more than a decade. platform. it is still going to be a challenge for the traditional VB6 developers to learn. But it must be prepared to unlearn old habits and form new ones.NET (as it was renamed).NET from most operating system specifics such as file handling and memory allocation. it’s necessary to learn the differences between Visual Basic 2005 and the older versions. or perhaps any.NET challenged traditional VB developers to learn dramatic new concepts and techniques. it must be open to the new concepts. Visual Basic was overdue for a major overhaul. 2005 brings us an enhanced Visual Basic language (renamed this time Visual Basic 2005).4 ABOUT ASP.NET FRAMEWORK .NET INTRODUCTION OF VISUAL STUDIO In 2002.NET Framework actually ―wraps‖ the operating system.NET is a framework that covers all the layers of software development above the operating system level. new component techniques. From integrating Internet functionality to creating objectoriented frameworks. Visual Basic . new visual tools for both local and Internet interfaces—all of these and more must become part of its skill. This was not done arbitrarily—there are good reasons for the changes. but it is an easy road and books like this are here to help IT on your path. insulating software developed with . Full object orientation. Next.

NET Framework can integrate with any other code. thread management. To make communication on distributed environment to ensure that code be accessed by the . and Windows Me. OBJECTIVES OF .NET FRAMEWORK The . The framework starts all the way down at the memory management and component loading level and goes all the way up to multiple ways of rendering user and program interfaces.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent VS. and all versions of Windows 2000. 2. THE COMMON LANGUAGE RUNTIME (CLR) The common language runtime is the foundation of the . and removing and also ensures more security and robustness.NET does not run on these systems. To provide a code-execution environment to minimizes software deployment and guarantees safe execution of code. It manages code at execution time.NET supports Windows 2003. or executed remotely. though VS. Programs created for .NET FRAMEWORK 1. THE . Windows XP. Windows 98. Eliminates the performance problems. providing important services such as memory management.NET can also run under Windows NT. Code that targets the runtime is known as managed code.NET Framework. 12 . The concept of code management is a fundamental principle of the runtime. 3. To provide a consistent object-oriented programming environment whether object codes is stored and executed locally on Internet-distributed. There are different types of application. such as Windows-based applications and Webbased applications. In between.NET Framework is a new computing platform that simplifies application development in the highly distributed environment of the Internet. there are layers that provide just about any system-level capability that a developer would need. Note that in some cases certain service packs are required to run .NET. while code that does not target the runtime is known as unmanaged code.

NET Framework not only provides several runtime hosts.NET FRAME WORK CLASS LIBRARY It is a comprehensive.     Security.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent THE . With regards to security. but also supports the development of third-party runtime hosts. thereby creating a software environment that can exploit both managed and unmanaged features. Robustness. and other system services these are all run on CLR. Productivity. code safety verification. The . compilation. registry-access operations. 13 .NET. Internet Explorer is an example of an unmanaged application that hosts the runtime (in the form of a MIME type extension). such as Web Forms and XML Web services. code execution. Performance. FEATURES OF THE COMMON LANGUAGE RUNTIME The common language runtime manages memory. managed components are awarded varying degrees of trust. The . thread execution. Using Internet Explorer to host the runtime to enables embeds managed components or Windows Forms controls in HTML documents. or other sensitive functions. object-oriented collection of reusable types used to develop applications ranging from traditional command-line or graphical user interface (GUI) applications to applications based on the latest innovations provided by ASP. SECURITY The runtime enforces code access security.NET Framework can be hosted by unmanaged components that load the common language runtime into their processes and initiate the execution of managed code. The security features of the runtime thus enable legitimate Internet-deployed software to be exceptionally featuring rich. depending on a number of factors that include their origin to perform file-access operations.

For example. yet take full advantage of the runtime.NET.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent ROBUSTNESS The runtime also enforces code robustness by implementing a strict type. it will have different requirements for working with data. such as Microsoft SQL Server™ and Internet Information Services (IIS) DATA ACCESS WITH ADO. and components written in other languages by other developers. The CTS ensures that all managed code is self-describing. programmers can write applications in their development language of choice. It might never need to directly edit an XML file containing data . server-side applications.NET When developing applications using ADO. ADO. The managed environment of the runtime eliminates many common software issues.NET. PERFORMANCE The runtime is designed to enhance performance. managed code is never interpreted. A feature called just-in-time (JIT) compiling enables all managed code to run in the native machine language of the system on which it is executing. PRODUCTIVITY The runtime also accelerates developer productivity.NET offers several advantages over previous versions of ADO:     Interoperability Maintainability Programmability Performance Scalability 14 . the class library. Finally. Although the common language runtime provides many standard runtime services.and codeverification infrastructure called the common type system (CTS). the runtime can be hosted by highperformance.but it is very useful to understand the data architecture in ADO.

In addition.NET all use the same integrated development environment (IDE). Visual C++ . SCALABILITY ADO.NET datasets offer performance advantages over ADO disconnected record sets. Because XML is the format for transmitting datasets across the network. and deployment of Enterprise solutions.NET Visual Studio . VISUAL STUDIO . any component that can read the XML format can process data. modest changes are possible.NET data-type conversion is not necessary. which allows them to share tools and facilitates in the creation of mixed-language solutions.NET is a complete set of development tools for building ASP Web applications. these 15 . it does not retain database locks or active database connections for long durations. and mobile applications In addition to building high-performing desktop applications. but substantial.NET. The receiving component need not be an ADO.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent INTEROPERABILITY ADO. PERFORMANCE ADO. and Visual C# . As the performance load on a deployed application server grows. MAINTAINABILITY In the life of a deployed system. Visual Basic .NET accommodates scalability by encouraging programmers to conserve limited resources. it can use Visual Studio's powerful componentbased development tools and other technologies to simplify team-based design. Any ADO. In ADO.NET component. development.NET applications can take advantage of the flexibility and broad acceptance of XML. desktop applications. system resources can become scarce and response time or throughput can suffer.NET application employs disconnected access to data. Architectural changes are rarely attempted because they are so difficult.NET. XML Web services.

such as the Connection and Command objects. it manages the execution of the code and also makes the development process easier by providing services. and also introduces new objects. ADO. which contains all the documentation for these development tools. DataReader. and DATA ADAPTER The important distinction between this evolved stage of ADO.the DataSet -.NET is an evolution of the ADO data access model that directly addresses user requirements for developing scalable applications. Also it includes MSDN Library. which provides a common language runtime and unified programming classes. statelessness. Visual Studio supports the . JScript. Managed Extensions for C++.NET Framework. component model. it can quickly create and include XML Web services using Visual Basic. ASP. or operating system. XML Web services are not tied to a particular component technology or object-calling convention but it can be accessed by any language. or ATL Server. and XML in mind. XML WEB SERVICES XML Web services are applications that can receive the requested data using XML over HTTP.NET and previous data architectures is that there exists an object -.NET is also compliant with CLS (Common Language Specification) and supports structured exception handling.NET objects include the DataSet. COMMON LANGUAGE SPECIFICATION (CLS) Visual Basic.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent languages leverage the functionality of the .NET Framework and simplify the development of ASP Web applications and XML Web services.NET uses these components to create ASP Web applications and XML Web services. Visual C#.NET uses some ADO objects. CLR is the runtime environment provided by the . It was designed specifically for the web with scalability.NET Framework. Key new ADO.NET. CLS is set of rules and constructs that are supported by the CLR (Common Language Runtime). ADO.NET OVERVIEW ADO. In Visual Studio .that is separate and distinct from any 16 .

data processing is turning to a message-based approach that revolves around chunks of information. The following sections will introduce some objects that have evolved. the DataSet functions as a standalone entity. For pushing data into a DataSet. Data Readers.  DataSets. which provides a bridge to retrieve and save data between a DataSet and its source data store. columns. It accomplishes this by means of requests to the appropriate SQL commands made against the data store. The DataSet as an always disconnected recordset that knows nothing about the source or destination of the data it contains. These objects are:    Connections. or pushed into a DataSet object.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent data stores. Commands travel over connections and resultsets are returned in the form of streams which can be read by a Data Reader object. and some that are new. Inside a DataSet. For issuing SQL commands against a database. In the past. relationships. A Data Adapter is the object that connects to the database to fill the DataSet. XML data and relational data. constraints. For storing. data processing has been primarily connection-based. and are represented by provider-specific classes such as SqlConnection. in an effort to make multi-tiered apps more efficient. based on operations performed while the DataSet held the data. Now. Then. there are tables. views. Connections: Connections are used to 'talk to' databases. Commands. much like in a database. it connects back to the database to update the data there. For reading a forward-only stream of data records from a SQL Server data source.  Data Adapters. For connection to and managing transactions against a database. Remoting and programming against flat data. Because of that. and reconciling data against a database. At the center of this approach is the Data Adapter. and so forth. 17 .

or a statement that returns results. A DataReader object is returned after executing a command against a database. The Data Reader API supports flat as well as hierarchical data. The DataSet object represents a cache of data. but more powerful. and constraints. This allows the developer to work with a programming model that is always consistent. and return values as part of your command syntax. relationships. The format of the returned Data Reader object is different from a recordset. it is important to remember that DataSet objects do not interact directly with databases. Data Readers: The Data Reader object is somewhat synonymous with a read-only/forward-only cursor over data. However. the use of DataReader is to show the results of a search list in a web page. or other source data. and are represented by provider-specific classes such as SqlCommand. For example. though a DataSet can and does behave much like a database. 18 . columns. It can also use input and output parameters. an UPDATE statement. regardless of where the source data resides. DATASETS AND DATA ADAPTERS DataSets The DataSet object is similar to the ADO Recordset object.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent Commands: Commands contain the information that is submitted to a database. with database-like structures such as tables. The example below shows how to issue an INSERT statement against the Northwind database. A command can be a stored procedure call. and with one other important distinction: the DataSet is always disconnected.

These systems allow users to create. Each record is made up of a number of fields. called a record (it can also be referred to as raw or an occurrence).5 ABOUT SQL SERVER SQL SERVER 2005 A database management. gives the user access to their data and helps them transform the data into information. or simply the Key. PRIMARY KEY Every table in SQL Server has a field or a combination of fields that uniquely identifies each record in the table. The primary key provides the means to distinguish one record from all other in a table. SQL Server stores each data item in its own fields. It allows the user and the database system to identify. No two fields in a record can have the same field name. A database is a structured collection of data. paradox. 19 .Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent 2. the analysis of your business needs identifies all the fields or attributes of interest. or DBMS. the fields relating to a particular person. Data refers to the characteristics of people. thing or event are bundled together to form a single complete unit of data. update and extract information from their database. IMS. During an SQL Server Database design project. SQL Server and SQL Server. things and events. it define any additional fields or change the definition of existing fields. The Unique identifier is called the Primary Key. Such database management systems include dBase. In SQL Server. Related tables are grouped together to form a database. If your business needs change over time. SQL SERVER TABLES SQL Server stores records relating to each other in a table. Different tables are created for the various groups of information. locate and refer to one particular record in the database.

Ensuring that the data among related tables is correctly matched is referred to as maintaining referential integrity. Physical level: This is the lowest level of abstraction at which one describes how the data are actually stored. View level: This is the highest level of abstraction at which one describes only part of the database. Conceptual Level: At this level of database abstraction all the attributed and what data are actually stored is described and entries and relationship among them. Matching an employee to the department in which they work is one example. SQL Server makes it very easy to link the data in multiple tables. it also maintains consistency between them. 20 . This is what makes SQL Server a relational database management system. It stores data in two or more tables and enables to define relationships between the table and enables to define relationships between the tables. This system hides certain details of how the data is stored and maintained. or RDBMS. FOREIGN KEY When a field is one table matches the primary key of another field is referred to as a foreign key. DATA ABSTRACTION A major purpose of a database system is to provide users with an abstract view of the data. A foreign key is a field or a group of fields in one table whose values match those of the primary key of another table. REFERENTIAL INTEGRITY Not only does SQL Server allow to link multiple tables. Data abstraction is divided into three levels.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent RELATIONAL DATABASE Sometimes all the information of interest to a business operation can be stored in one table.

even application that require simultaneous DSS and OLTP access to the same critical data. the hardware has to be upgraded to allow for the extensive programs and the workspace required for their execution and storage. While centralization reduces duplication. In addition to the cost of purchasing of developing the software.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent ADVANTAGES OF RDBMS         Redundancy can be avoided Inconsistency can be eliminated Data can be Shared Standards can be enforced Security restrictions can be applied Integrity can be maintained Conflicting requirements can be balanced Data independence can be achieved. and open DBMS that delivers unmatched performance. SQL Server leads the industry in both performance and capability SQL SERVER is a truly portable. 21 . distributed. From complex decision support systems (DSS) to the most rigorous online transaction processing (OLTP) application. FEATURES OF SQL SERVER (RDBMS) SQL SERVER is one of the leading database management systems (DBMS) because it is the only Database that meets the uncompromising requirements of today’s most demanding information systems. DISADVANTAGES OF DBMS A significant disadvantage of the DBMS system is cost. continuous operation and support for every database. the lack of duplication requires that the database be adequately backed up so that in case of failure the data can be recovered. SQL SERVER RDBMS is high performance fault tolerant DBMS which is specially designed for online transactions processing and for handling large database application.

which are  The row level lock manager ENTERPRISE WIDE DATA SHARING The unrivaled portability and connectivity of the SQL SERVER DBMS enables all the systems in the organization to be linked into a singular.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent SQL SERVER with transactions processing option offers two features which contribute to very high level of transaction processing throughput. PORTABILITY SQL SERVER is fully portable to more than 80 distinct hardware and operating systems platforms. and third party software products SQL Server’s Open architecture provides transparent access to data from other relational database and even non-relational database. Macintosh and dozens of proprietary platforms. This portability gives complete freedom to choose the database server platform that meets the system requirements. 22 . OS/2. A single SQL statement can access data at multiple sites. OPEN SYSTEMS SQL SERVER offers a leading implementation of industry –standard SQL. security or availability dictate. The data can store where system requirements such as performance. MSDOS. integrated computing resource. including UNIX. SQL Server’s open architecture integrates SQL SERVER and non –SQL SERVER DBMS with industries most comprehensive collection of tools. DISTRIBUTED DATA SHARING SQL Server’s networking and distributed database capabilities to access data stored on remote server with the same ease as if the information was stored on a single local computer. application.

SOPHISTICATED CONCURRENCY CONTROL Real World applications demand access to critical data. With most database Systems application becomes ―contention bound‖ – which performance is limited not by the CPU power or by disk I/O. modified blocks are written back to the database independently of the transaction commit.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent UNMATCHED PERFORMANCE The most advanced architecture in the industry allows the SQL SERVER DBMS to deliver unmatched performance. Since fast commits write all data necessary to the recovery to the log file. but user waiting on one another for data access. While some database write whole data block to disk at commit time. On high throughput systems. when written from memory to disk. 23 . SQL Server commits transactions with at most sequential log file on disk at commit time. SQL Server employs full. NO I/O BOTTLENECKS SQL Server’s fast commit groups commit and deferred write technologies dramatically reduce disk I/O bottlenecks. one sequential writes typically group commit multiple transactions. unrestricted row-level locking and contention free queries to minimize and in many cases entirely eliminates contention wait times. Data read by the transaction remains as shared memory so that other transactions may access that data without reading it again from disk.

Although their solution is not suitable for practical applications because of lack of support for dynamic operations and rigorous performance analysis. This work is motivated by the public audit systems of data storages and provided a privacy-preserving auditing protocol. audit services are critical to ensure the integrity and availability of outsourced data and to achieve digital forensics and credibility on cloud computing. which is a cryptographic technique for verifying the integrity of data without retrieving it at an untrusted server. In this project.Net as Front end and SQL Server as back end. as well as information leakage of verified data in verification process. These drawbacks greatly affect the impact of cloud audit services. it points out a promising research direction for checking the integrity of outsourced data in untrusted storage. this scheme achieves batch auditing to support efficient handling of multiple auditing tasks. Cloud-based outsourced storage relieves the client’s burden for storage management and maintenance by providing a comparably low-cost. However.1 PROBLEM DESCRIPTION This project is entitled ―Cloud Documents Security Using Interactive ZeroKnowledge Proof Prevent” using Asp . the fact that clients no longer have physical possession of data indicates that they are facing a potentially formidable risk for missing or corrupted data. Moreover. Provable data possession (PDP). profiting from the interactive zero-knowledge proof system. new frameworks or models are desirable to enable the security of public verification protocol in cloud audit services. scalable.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent 3. Although PDP/POR schemes evolved around untrusted storage offer a publicly accessible remote interface to check and manage tremendous amount of data. To avoid the security risks. Thus. location-independent platform. 24 . We prove that our construction holds these properties based on the computation Diffie–Hellman assumption and the rewind able black-box knowledge extractor. we address the construction of an interactive PDP protocol to prevent the fraudulence of prover (soundness property) and the leakage of verified data (zero-knowledge property). most of existing schemes cannot give a strict security proof against the untrusted CSP’s deception and forgery. can be used to realize audit services.

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

3.2 EXISTING SYSTEM

To securely introduce an effective third party auditor (TPA), the following two fundamental requirements have to be met: 1) TPA should be able to efficiently audit the cloud data storage without demanding the local copy of data, and introduce no additional on-line burden to the cloud user 2) The third party auditing process should bring in no new vulnerabilities towards user data privacy.

25

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

3.3 PROPOSED SYSTEM

We utilize the public Provable data possession (PDP), which is a cryptographic technique for verifying the integrity of data without retrieving it at an untrusted server; can be used to realize audit services. It is with random mask technique to achieve a privacy-preserving public auditing system for cloud data storage security while keeping all above requirements in mind. To support efficient Handling of multiple auditing tasks, we further explore the technique of bilinear aggregate signature to extend our main result into a multi-user setting, where TPA can perform multiple auditing tasks simultaneously. Extensive security and performance analysis shows the proposed schemes are provably secure and highly efficient. We also show how to extent our main scheme to support batch auditing for TPA upon delegations from multi-users.

26

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

4.1 SYSTEM FLOW CHART

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

Admin

Audit Head

Junior Auditor

View Audit Details

Login

Login

View Auditors

Set Audit Schedule

View Audit Schedule

View Audit Reports

Set Auditor

Get Documents

Send Audit Documents

Send Reports

View Reports

27

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent

4.2 DATA FLOW DIAGRAM
LEVEL 1

Entry Admin

Admin Entry Audit Schedule

Display/View Audit Schedule

Entry

Auditor

CLOUD DOCUMENTS SECURITY USING INTERACTIVE ZERO Get Clarify of Audit Details Auditor Get Clarify of Audit

28

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent LEVEL 2 Add Audit Details Admin Add new Auditor Add Auditor details View Audit details Auditor Head Head Select any Auditor Select Auditor View Details of Audit Schedule Auditor View Audit Documents Enter Document s View Documents Add Audit Documents Get Clarify of Audit View Audits View stored Audits Store Audit Schedule Add new Audits Store DB Enter Audit Schedule Send Audit Documents 29 .

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent LEVEL 3 Login from DB Admin Entry Admin Login Add new Audits DB Add new Auditor View Auditors Feed back Get Auditors Documents Retrieve Auditor Documents Display/View performance Index Check Auditor Documents 30 .

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent LEVEL 4 Login from DB Auditor Entry Auditor Head Login Get User Query View Audit Schedule View admin’s Information View admin Announcement Select Auditor DB Search for Auditor Reply to Auditor Send Documents to Auditor Get reply for new Audit Schedules 31 .

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent LEVEL 5 Login from DB Auditor Entry Auditor Login View Audit Documents DB Store Documents Select Audit Docum ents Select Audit Documents Send Documents Get Clarify of Audit Documents Enter Details Audit Documents View Documents 32 .

3 DATABASE STRUCTURE AUDITOR REGISTRATION COLUMN NAME Aud_Id Aud_Name Dept Aud_Type Experience Email Mob_No Address DATA TYPE Varchar(30) Varchar(30) Varchar(30) Varchar(30) Varchar(30) Varchar(30) Numeric Text DESCRIPTION Auditor Id Auditor Name Department Auditor Type Experience Email Contact Number Address 33 .Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent 4.

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent SCHEDULE AUDIT COLUMN NAME Aud_Id Org_Name Org_Type Description Address Aud_Date Doc_To_Audit Aud_Team To_Aud Auditor_Name Aud_Type Aud_Key DATA TYPE Varchar(30) Varchar(30) Varchar(30) Text Text Varchar(30) Text Varchar(30) Varchar (30) Varchar(30) Varchar(30) Varchar(30) DESCRIPTION Auditor Id Organization Name Organization Type Description Address Audit Date Documents to Audit Audit Team To Auditor Auditor Name Auditor Type Secret Key 34 .

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent SET AUDIT COLUMN NAME Org_Name Org_Type Description Address Audit_Date Aud_Doc Aud_Id Aud_Name DATA TYPE Varchar(30) Varchar(30) Varchar(30) Varchar(30) Text Varchar(30) Varchar(30) Varchar(30) DESCRIPTION Organization Name Organization Type Desgination Address Audit Date Documents to Audit Auditor Id Auditor Name 35 .

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent AUDITOR REPORT COLUMN NAME Aud_Id Aud_Name Org_Name Org_Type Description Aud_Doc Doc_Aud Aud_Report Status Aud_Date DATA TYPE Varchar(30) Varchar(30) Varchar(30) Varchar(30) Text Text Text Varchar(30) Varchar(30) Varchar(30) DESCRIPTION Auditor Id Auditor Name Organization Name Organization Type Description Documents to Audit Audited Documents Audited Report Status Audited Date 36 .

audit services are critical to ensure the integrity and availability of outsourced data and to achieve digital forensics and credibility on cloud computing.Net as Front end and SQL Server as back end. the fact that clients no longer have physical possession of data indicates that they are facing a potentially formidable risk for missing or corrupted data. These two properties ensure 37 . which is a cryptographic technique for verifying the integrity of data without retrieving it at an untrusted server. location-independent platform. We provide an efficient and secure cryptographic interactive retains the soundness property and zero-knowledge property of proof systems. The following modules are MODULES     Audit Service System Data Storage Service System Audit Outsourcing Service System Secure and Performance Analysis Audit Service System In this module we provide an efficient and secure cryptographic interactive audit scheme for public audit ability. SYSTEM DESIGN AND DEVELOPMENT This project is entitled ―Cloud Documents Security Using Interactive ZeroKnowledge Proof Prevent” using Asp . scalable. We prove that our construction holds these properties based on the computation Diffie–Hellman assumption and the rewind able black-box knowledge extractor.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent 5. we address the construction of an interactive PDP protocol to prevent the fraudulence of prover (soundness property) and the leakage of verified data (zero-knowledge property). To avoid the security risks. can be used to realize audit services. Provable data possession (PDP). Cloud-based outsourced storage relieves the client’s burden for storage management and maintenance by providing a comparably low-cost. profiting from the interactive zero-knowledge proof system. However. In this project.

Data owner (DO) Has a large amount of data to be stored in the cloud. Granted applications (GA) Who have the right to access and manipulate stored data. generates a set of public verification information that is stored in TPA. 4. which consists of a collection of blocks. Audit Outsourcing Service System In this module the client (data owner) uses the secret key to preprocess the file. TPA (as an audit agent of clients) issues a challenge to audit (or check) the integrity and availability of the outsourced data in terms of the public verification information.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent that our scheme can not only prevent the deception and forgery of cloud storage providers. It is necessary to give an alarm for abnormal events. Third party auditor (TPA) Have capabilities to manage or monitor – outsourced data under the delegation of data owner. These applications can be either inside clouds or outside clouds according to the specific requirements. transmits the file and some verification tags to Cloud service provider CSP. we considered FOUR entities to store the data in secure manner: 1. 3. At a later time. Cloud service provider (CSP) Provides data storage service and have enough storage spaces and computation resources. Data Storage Service System In this module. 38 . using a protocol of proof of retrievability. but also prevent the leakage of outsourced data in the process of verification. 2. and may delete its local copy.

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent Secure and Performance Analysis In this module. we considered to secure the data and give performance to the following:   Audit-without-downloading Verification-correctness To ensure there exists no cheating CSP that can pass the audit from TPA without indeed storing users’ data intact.  Privacy-preserving To ensure that there exists no way for TPA to derive users’ data from the information collected during the auditing process. communication and computation. and to support statistical audit sampling and optimized audit schedule with a long enough period of time. 39 .  High-performance To allow TPA to perform auditing with minimum overheads in storage.

although some development methodologies work from use cases or user stories. most of the test execution occurs after the requirements have been defined and the coding process has been completed. SYSTEM TESTING AND MAINTANANCE SYSTEM TESTING Software testing is an investigation conducted to provide stakeholders with information about the quality of the product or service under test. Software testing can also be stated as the process of validating and verifying that a software program/application/product:    meets the business and technical requirements that guided its design and development works as expected Can be implemented with the same characteristics. Different software development models will focus the test effort at different points in the development process. but are not limited to. FUNCTIONAL VS NON-FUNCTIONAL TESTING Functional testing refers to activities that verify a specific action or function of the code. the process of executing a program or application with the intent of finding software bugs. depending on the testing method employed. Newer development models. These are usually found in the code requirements documentation. In a more traditional model. such as Agile. 40 . independent view of the software to allow the business to appreciate and understand the risks of software implementation. Software testing also provides an objective.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent 6. most of the test effort occurs after the requirements have been defined and the coding process has been completed. Functional tests tend to answer the question of "can the user do this" or "does this particular feature work". As such. before it reaches a formal team of testers. often employ test driven development and place an increased portion of the testing in the hands of the developer. Software testing. can be implemented at any time in the development process. However. the methodology of the test is governed by the software development methodology adopted. Test techniques include.

such as scalability or security. As a rule. mock objects. Unit tests find problems early in the development cycle. each test case is independent from the others: substitutes like method stubs. written contract that the piece of code must satisfy. In procedural programming a unit may be an individual function or procedure. Unit tests are typically written and run by software developers to ensure that code meets its design and behaves as intended. integrated system to evaluate the system's compliance with its specified requirements.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent Non-functional testing refers to aspects of the software that may not be related to a specific function or user action. Unit tests are created by programmers or occasionally by white box testers. A unit is the smallest testable part of an application. Non-functional testing tends to answer such questions as "how many people can log in at once". system testing takes as its input all of the "integrated" software components that have successfully passed integration testing and also the software system itself integrated with any applicable hardware system(s). The purpose of integration testing is to detect any inconsistencies between the software units that are integrated together (called assemblages) or between any of the assemblages and the hardware. SYSTEM TESTING System testing of software or hardware is testing conducted on a complete. UNIT TESTING In computer programming. Its implementation can vary from being very manual (pencil and paper) to being formalized as part of build automation. As a result it affords several benefits. fakes and test harnesses can be used to assist testing a module in isolation. System testing is a more limited type of testing it seeks to detect defects both within the "inter-assemblages" and also within the system as a whole. The goal of unit testing is to isolate each part of the program and show that the individual parts are correct. Ideally. 41 . System testing falls within the scope of black box testing and as such should require no knowledge of the inner design of the code or logic. unit testing is a method by which individual units of source code are tested to determine if they are fit for use. A unit test provides a strict.

exercises a particular operating condition of the user's environment or feature of the system. outcome. • Testing and debugging are different activities. Each module in every file is tested completely for execution of each operation. All provide the software development with the procedure for testing and all have the following characteristics. • Different testing techniques are appropriated at different point of time. but debugging must be accommodated in any testing strategy. MODULE TESTING A module is the collection of dependant components such as an object class. SOFTWARE TESTING STRATEGIES A number of software testing strategies have been proposed. an abstract data type or some collection of procedures and functions. • Testing begins at the module level and works towards the integration of entire component based system. There is generally no degree of success or failure. WHITE BOX TESTING The Project is tested for its execution step by step for every file that is used in this project. The test environment is usually designed to be identical or as close as possible to the anticipated user's environment including extremes of such. or Boolean. and will result in a pass or fail. These test cases must each be accompanied by test case input data or a formal description of the operational activities (or both) to be performed intended to thoroughly exercise the specific case and a formal description of the expected results.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent ACCEPTANCE TESTING Acceptance testing generally involves running a suite of tests on the completed system. 42 . • The developer of the software and an independent test group conducts the testing. The module encapsulates related components that can be tested without other system modules. Each individual test known as a case.

The error messaging system was also checked by giving improper values to check if the validation processes are done properly. For the appropriate input values the corresponding outputs were seen.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent The testing operation was successful and every module works properly. of the maintenance effort is used for non-corrective actions (Pigosky 1997). BLACK BOX TESTING The project is tested with the various input and output test cases. A common perception of maintenance is that it is merely fixing bugs. and maintainability measurement. Over a period of twenty years. impact analysis. estimating costs. studies and surveys over the years have indicated that the majority. As they evolve. Key findings of his research include that maintenance is really evolutionary developments and that maintenance decisions are aided by understanding what happens to systems (and software) over time. 43 . they grow more complex unless some action such as code recapturing is taken to reduce the complexity. Lehman demonstrated that systems continue to evolve over time. This perception is perpetuated by users submitting problem reports that in reality are functionality enhancements to the system. Software maintenance and evolution of systems was first addressed by Meir M. staffing. Key technical issues are: limited understanding. to improve performance or other attributes. However. Key management issues are: alignment with customer priorities. over 80%. The key software maintenance issues are both managerial and technical. his research led to the formulation of eight Laws of Evolution (Lehman 1997). MAINTANANCE Software maintenance in software engineering is the modification of a software product after delivery to correct faults. testing. which organization does maintenance. Lehman in 1969. INTEGRATION TESTING The whole system which has been divided into modules has been integrated into a single system and the testing operation is done to the whole system to find if any error has occurred to the project due to integrating it or joining the various modules of the system.

and the follow-up on product configuration management. the tailoring of the post delivery process. by confirming the modified work with the individual who submitted the request in order to make sure the modification provided a solution. The problem and modification analysis process. an estimate of the lifecycle costs. The migration process (platform migration. the preparation for handling problems identified during development. 3. confirm it (by reproducing the situation) and check its validity. 4. The maintenance programmer must analyze each request. The process considering the implementation of the modification itself. SOFTWARE MAINTENANCE PROCESSES This section describes the six software maintenance processes as: 1. 2. The process acceptance of the modification. for example) is exceptional. document the request and the solution proposal. which is executed once the application has become the responsibility of the maintenance group. The implementation processes contains software preparation and transition activities.The software maintenance which can last for 5-6 years after the development calls for an effective planning which addresses the scope of software maintenance.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent SOFTWARE MAINTENANCE PLANNING The integral part of software is the maintenance part which requires accurate maintenance plan to be prepared during software development and should specify how users will request modifications or report problems and the estimation of resources such as cost should be included in the budget and a new decision should address to develop a new system and its quality objectives . investigate it and propose a solution. and is not part of daily maintenance tasks. If the software must be ported to another platform without any 44 . and. obtain all the required authorizations to apply the modifications. such as the conception and creation of the maintenance plan. finally. the designation of who will provide maintenance. 5.

A simple operating procedure is included so that the user can understand the different functions clearly and quickly. the computer system and its environment is tested to the satisfaction of the user. The system that has been developed is accepted and proved to be satisfactory for the user. provide there are no major changes in the system. Finally. 6.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent change in functionality. this process will be used and a maintenance project team is likely to be assigned to this task. Initially as a first step the executable form of the application is to be created and loaded in the common server machine which is accessible to the entire user and the server is to be connected to a network. Each program is tested individually at the time of development using the data and has verified that this program linked together in the way specified in the programs specification. And so the system is going to be implemented very soon. The final stage is to document the entire system which provides components and the operating procedures of the system. Implementation is the most crucial stage in achieving a successful system and giving the user’s confidence that the new system is workable and effective. is the retirement of a piece of software. Implementation of a modified application is to replace an existing one. This type of conversation is relatively easy to handle. 45 . the last maintenance process. also an event which does not occur on a daily basis.

using System. EventArgs e) { } protected void ImageButton1_Click(object sender.WebControls. using System. using System. using System.UI. using System. } } 46 .Web. using System.Data. using System.HtmlControls. public partial class AdminLogin : System.Linq.Redirect("Admin.Xml.UI.Web.Text == "Admin" && TextBox2.Web.WebControls.UI. using System.aspx").Web.Linq.Security. using System.Page { protected void Page_Load(object sender. using System.Write("Invalid Login").Web. SAMPLE CODE ADMIN LOGIN using System.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent 7. ImageClickEventArgs e) { if (TextBox1.UI.Text == "Admin") { Response. using System.UI. } else { Response.Configuration.WebParts.Collections.Web.Web.

Text + "')".'" + TextBox4.'" + TextBox2.'" + DropDownList2.Web.UI. using System.SelectedItem.Web.Text + "'.UI.Xml.HtmlControls.'" + TextBox5.Configuration. public partial class Registration : System.Web.UI.WebControls.'" + TextBox3.Linq.UI.'" + DropDownList1. using System.Web.Data.UI.Web.Text + "'.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent AUDITOR REGISTRATION using System.SqlClient. if (i != -1) { 47 . using System. using System. EventArgs e) { } protected void ImageButton1_Click(object sender.InserEditDelete(Query). using System.ToString() + "'.'" + TextBox6. i = _objDb.Web. using System.Web.SelectedItem.WebControls.Text + "'.ToString() + "'. protected void Page_Load(object sender.WebParts. using System. using System.Data.Security.Text + "'. ImageClickEventArgs e) { string Query = "insert into Audit_Reg values('" + TextBox1.Linq. using System. int i.Text + "'. using System. using System.Page { ClsDbLayer _objDb = new ClsDbLayer().Collections. using System.

using System.Data. using System.Linq.UI.HtmlControls.UI. using System.Web.Collections.Web.Web.Web. 48 . using System.Web. public partial class ScheduleAudit : System.Security. int i.Page { ClsDbLayer _objDB = new ClsDbLayer().Cryptography.Data.UI. using System.WebControls. using System. using System. using System.Configuration.WebParts.Linq.UI.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent Response.Web.UI. } else { Response.SqlClient. using System.Web. using System. } } } SCHEDULE AUDIT using System. using System.WebControls. using System.Security. using System.Write("Saved Successfully").Text. using System. DataSet ds.Xml.Write("Not Saved").

DropDownList2. EventArgs e) { if (IsPostBack.DataBind(). ds = _objDB.Text + "')". ImageClickEventArgs e) { string Query = "insert into Schedule_Audit values('" + TextBox1.DataTextField = "Aud_Id".Text + "'.Write("Not Success").Insert(0.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent SqlDataReader dr.Text + "'. protected void Page_Load(object sender.Items.InserEditDelete(Query).Text + "'.Text + "'.SelectedItem. } } 49 . "-Select-").SelectedItem.'" + TextBox2.Text + "'.Text + "'.'" + TextBox7.Text + "'.DataValueField="Aud_Id".'" + Label1.Equals(false)) { string Query = "select Aud_Id from Audit_Reg". DropDownList2. DropDownList2.'" + DropDownList1.Text + "'.'" + TextBox10.'" + DropDownList2. i = _objDB. DropDownList2.'" + TextBox8.DataSource = ds. DropDownList2. } } protected void ImageButton1_Click(object sender.ToString() + "'.Write("Sucessfull"). } else { Response.Text + "'.'" + TextBox4.Display(Query).'" + TextBox3.ToString() + "'.'" + TextBox9. if (i != -1) { Response.'" + TextBox5.

GetBytes(TextBox6.ToString(). } } VIEW AUDITORS using System.Aud_Type from Audit_Reg where Aud_Id like '" + DropDownList2. 50 . int myrnd = rnd.ToString() + "'".Text = Convert.ToBase64String(Encoding. TextBox9.Configuration. using System. using System.Text = dr[0]. EventArgs e) { Label1. EventArgs e) { Random rnd = new Random(). dr = _objDB.Select(Query).ToString(). EventArgs e) { string Query = "select Aud_Name.Data. using System.Linq. TextBox10.ToString().Read()) { TextBox8. using System.Unicode.SelectedItem. } protected void Button2_Click(object sender. } } protected void Button1_Click(object sender.Text = dr[1].Collections.Text = myrnd.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent protected void DropDownList2_SelectedIndexChanged(object sender. if (dr. 99).Text)).Next(1.

Web. using System.Web.Equals(false)) { string Query = "select * from Audit_reg". 51 . EventArgs e) { if (IsPostBack.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent using System.Web.Linq. ds = _objDb.Web. using System. using System. using System. protected void Page_Load(object sender.HtmlControls.DataSource = ds.UI. using System.Web.Configuration.Security.Collections. public partial class ViewAuditors : System.DataBind(). using System. } } } VIEW AUDIT REPORT using System.Display(Query).Page { ClsDbLayer _objDb = new ClsDbLayer(). using System.WebControls.UI.WebParts. using System. using System.SqlClient. GridView1. using System.WebControls.UI.UI.UI.Xml. DataSet ds. using System. GridView1.Linq.Web.Data.Data.Web.

SqlClient.Xml.DataTextField = "Org_Name". DropDownList1.HtmlControls.WebControls. GridView1.Web.Display(Query). using System. EventArgs e) { if (IsPostBack.WebControls. EventArgs e) { string Query = "select * from Audit_Report where Org_Name like '" + DropDownList1.WebParts.SelectedItem.Linq.Display(Query). ds = _objDb.DataBind().DataSource = ds.Equals(false)) { string Query = "select Org_Name from Schedule_Audit".Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent using System.UI.Web.Web.Page { ClsDbLayer _objDb = new ClsDbLayer().Web. public partial class ViewAuditReport : System. SqlDataReader dr. using System.ToString() + "'". using System. DataSet ds. DropDownList1.UI.Web.UI. ds = _objDb. using System. DropDownList1.UI. using System. } } protected void DropDownList1_SelectedIndexChanged(object sender. protected void Page_Load(object sender. using System.Web.DataValueField = "Org_Name". using System. 52 .Web.DataSource = ds.Data.Security.UI. DropDownList1.

using System. using System. using System.Web.HtmlControls. using System.Collections.DataBind(). using System. using System.Data.Web.SelectedItem. protected void Page_Load(object sender.Xml.SqlClient. EventArgs e) { } protected void ImageButton1_Click(object sender.Configuration. using System.Web.WebControls.UI.Web. using System.WebParts.UI. } } AUDITOR LOGIN using System.Page { ClsDbLayer _objDb = new ClsDbLayer().Security. using System.Linq.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent GridView1.Data. using System. using System. public partial class AuditorLogin : System.Web.UI.UI.Linq.Value == "Head") { 53 . using System. SqlDataReader dr.Web. ImageClickEventArgs e) { if (DropDownList1.WebControls.Web.UI.

Text + "' and Aud_Type like '" + DropDownList1. DropDownList1.ToString(). TextBox2. } } else { string Query = "select Aud_Id. Response.Text = dr[1].SelectedItem. dr = _objDb. if (dr. Session["2"] = TextBox2.Write("Invalid Login").SelectedValue = dr[3].Text. dr = _objDb. TextBox3.aspx").ToString().Text + "' and Dept like '" + TextBox3.Text + "' and Aud_Name like '" + TextBox2.ToString().Text = dr[1].ToString().Aud_Name.Redirect("AuditorHead.ToString().Dept. if (dr.Read()) { TextBox1.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent string Query = "select Aud_Id.ToString(). TextBox2.Text + "' and Aud_Type like '" + DropDownList1.Text.Text = dr[2].ToString() + "'". Session["1"] = TextBox1. Session["3"] = TextBox3. Session["4"] = DropDownList1.Aud_Name.Aud_Type from Audit_Reg where Aud_Id like '" + TextBox1.Dept.Select(Query).Text = dr[0].Select(Query). } else { Response.SelectedItem.Text + "' and Aud_Name like '" + TextBox2. 54 .Text = dr[0].Text.ToString().SelectedItem.Read()) { TextBox1.Text + "' and Dept like '" + TextBox3.Aud_Type from Audit_Reg where Aud_Id like '" + TextBox1.ToString() + "'".

Xml. DropDownList1. using System. using System. using System.SqlClient. 55 .SelectedItem. using System.Configuration.Text. using System. Response. using System.Write("Invalid Login").ToString().Web.WebControls.UI.UI.Collections.HtmlControls. Session["1"] = TextBox1.Web. using System.ToString(). Session["4"] = DropDownList1.WebParts.WebControls.Text.aspx").Security.ToString(). Session["3"] = TextBox3. using System.Text = dr[2].Text. } else { Response.Web. } } } } VIEW SCHEDULE using System.Web. using System.Linq.Web.SelectedValue = dr[3]. using System.Linq. using System.UI.Redirect("AuditJunior. using System.Web.Data.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent TextBox3.UI.Data. Session["2"] = TextBox2.

Visible = false. EventArgs e) { Label3. Label1.DataValueField = "Aud_Id".Page { ClsDbLayer _objDb = new ClsDbLayer(). Panel2. Button1. Label2. public partial class ViewSchedule : System. DropDownList1.DataSource = ds. TextBox1.SelectedItem.Text + "'".Cryptography.Text = "Welcome " + Session["2"].ToString() + "' ".Display(Query).Security. DataSet ds.ToString().Visible = false. if (IsPostBack.Text = Session["1"].Visible = false. DropDownList1. } } protected void Button1_Click(object sender.Visible = false. 56 . DropDownList1.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent using System. DropDownList1.Equals(false)) { Panel1.DataBind(). using System. EventArgs e) { string Query = "select Aud_Key from Schedule_Audit where Aud_Id like '" + DropDownList1. protected void Page_Load(object sender.Select(Query).ToString(). string Query = "select Aud_Id from Schedule_Audit where To_Aud like '" + Label3.DataTextField = "Aud_Id".Visible = false. ds = _objDb.UI.Web.Text. SqlDataReader dr = _objDb.

Text+"'". Panel1. } protected void Button3_Click(object sender.Visible = true.Visible = true.ToString(). } } protected void Button2_Click(object sender.ToString().Visible = true.RegisterStartupScript(GetType(). TextBox5. "alert('" + dr[0]. EventArgs e) { string Query = "select Aud_Id.Write("Invalid Key").ToString() + "')". Panel2.Select(Query). "Onload". EventArgs e) { Panel1. } else { Response.Aud_Name from Audit_Reg where Aud_Id like '"+TextBox4. Panel2.Visible = false. TextBox1. if (dr.Visible = true.Text = dr[0].Read()) { ClientScript.Text+"' and Aud_Name like '"+TextBox5.Text = dr[1].Visible = true.Visible = false.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent if (dr. Label1.Read()) { TextBox4. SqlDataReader dr = _objDb. } else 57 . true). Button1.

Session["d"]=Description. Session["c"]=Org_Type.Rows[e.ToString().Rows[e.Text. } protected void GridView1_SelectedIndexChanging(object sender.Cells[6]. string Address = GridView1.ToString(). Session["a"]=Aud_Id.Rows[e.Rows[e.Unicode.Write("Invalid Login").Cells[4].SelectedItem.NewSelectedIndex].Cells[2].ToString().Text.FromBase64String(TextBox2.Select(Query). Session["e"]=Address. string Org_Name = GridView1.Cells[5]. Session["b"]=Org_Name.Text)).Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent { Response.Text. GridViewSelectEventArgs e) { string Aud_Id=GridView1.aspx").NewSelectedIndex].NewSelectedIndex].ToString() + "'".Redirect("SetAuditor. } protected void DropDownList1_SelectedIndexChanged1(object sender.Text.Cells[3].ToString().Read()) { 58 . Response.GetString(Convert.Rows[e. if (dr.Text = Encoding.NewSelectedIndex].Text.NewSelectedIndex]. string Description = GridView1. EventArgs e) { string Query = "select Doc_To_Audit from Schedule_Audit where Aud_Id like '" + DropDownList1. } } protected void TextBox1_TextChanged(object sender. EventArgs e) { TextBox3. SqlDataReader dr = _objDb.ToString(). string Org_Type = GridView1.

UI.Linq.Address. using System.Web. ds = _objDb. GridView1.Web.Data.Org_Name.Web.DataBind(). 59 . using System.Data. using System. using System. using System. using System.Org_Type.Configuration.Display(Query1). using System. } else { Response.Collections. using System.SelectedItem. using System. using System.Linq.Description.WebControls.WebParts.Web.Security. GridView1.Web.DataSource = ds. } } } SET AUDITOR FOR SCHEDULE using System.Text = dr[0].ToString().UI.Web. using System.UI. TextBox2.SqlClient.Visible = true.Aud_Date.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent Panel1. using System.WebControls.Xml.ToString()+ "'". string Query1 = "select Aud_Id.Write("No Values").Aud_Team from Schedule_Audit where Aud_Id like '" + DropDownList1.HtmlControls.UI.

DataSet ds.Page { ClsDbLayer _objDb = new ClsDbLayer().ToString(). int i.DataTextField = "Aud_Id".ToString() + "'". protected void Page_Load(object sender. EventArgs e) { string Query = "select Aud_Name from Audit_Reg where Aud_Id like '" + DropDownList1.Text = Session["c"]. TextBox3.Select(Query). DropDownList1. TextBox5.ToString().DataValueField = "Aud_Id".DataSource = ds.Text = Session["e"].Read()) { TextBox7. TextBox2.UI. EventArgs e) { if (IsPostBack. if (dr. SqlDataReader dr.Text = Session["b"].ToString(). ds = _objDb. } TextBox1.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent public partial class SetAuditor : System.ToString().Web.Equals(false)) { string Query = "select Aud_Id from Audit_Reg where Aud_Type like 'Junior'". } protected void DropDownList1_SelectedIndexChanged(object sender. DropDownList1. DropDownList1.ToString().Text = Session["d"]. 60 .DataBind().ToString().SelectedItem. DropDownList1.Text = dr[0]. TextBox4.Text = Session["a"]. dr = _objDb.Display(Query).

} } protected void Button1_Click(object sender.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent } else { Response.Text + "'.'" + TextBox6.'" + TextBox5.Text + "')".'" + TextBox7.Write("Not Submitted").Data.Text + "'. } } } JUNIOR AUDITOR SCHEDULE using System.Configuration.Web. using System. using System.Write("Submitted Successfully"). } else { Response.InserEditDelete(Query).Write("No Values").Text + "'. EventArgs e) { string Query = "insert into Set_Audit values('" + TextBox1.'" + TextBox3.Text + "'.Text + "'. using System.Text + "'.'" + TextBox4. 61 . i = _objDb. using System.Linq.SelectedItem. if (i != -1) { Response.'" + TextBox2.ToString() + "'.Collections. using System.'" + DropDownList1.

} } protected void GridView1_SelectedIndexChanging(object sender. using System.Linq.ToString().Equals(false)) { string Query = "select Org_Name.WebControls.Text = Session["1"]. GridView1. Label2.WebParts.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent using System.Xml.Web.Web.Cells[2]. using System.Text = "Welcome "+Session["2"].UI.Web.Org_Type.Text = OrgName.Web. ds = _objDb.Security.Cells[1]. using System.SqlClient. using System.Rows[e.Text. public partial class ViewAudit : System.Display(Query). 62 .NewSelectedIndex].Text. using System. protected void Page_Load(object sender. if (IsPostBack.ToString(). using System.UI.WebControls.UI.Aud_Doc from Set_Audit where Aud_Id like '" + Label1. TextBox1.Text + "'".HtmlControls.Web.Audit_Date.ToString().Web.Data.DataSource = ds. GridViewSelectEventArgs e) { string OrgName = GridView1.DataBind().NewSelectedIndex].UI. string OrgType = GridView1. int i.Description. EventArgs e) { Label1.Page { ClsDbLayer _objDb = new ClsDbLayer(). DataSet ds.Address. GridView1.UI.Rows[e.

'" + TextBox6.Text + "'.NewSelectedIndex]. TextBox4.'" + TextBox4.Text + "'. if (i != -1) { Response. EventArgs e) { string Query = "insert into Audit_Report values('" + Label1.Text + "'.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent TextBox2.Cells[6].Text + "'.Text.Write("Not Saved").Write("Saved Successfully").Text + "'. } } } 63 .Text = Desc.'" + TextBox2.Text = Doc.'" + TextBox5.InserEditDelete(Query). } else { Response.ToString().'" + TextBox1.'" + TextBox8.Text + "'. string Doc = GridView1.'" + Label2.Text = OrgType. string Desc = GridView1.Text + "'.NewSelectedIndex].Text.'" + TextBox7.Cells[3].ToString().Text + "'.Text + "'.Rows[e.ToString().Rows[e. } protected void Button1_Click(object sender.'" + TextBox3.Text + "')". TextBox3. i = _objDb.

SAMPLE SCREEN DISPLAY HOME PAGE 64 .Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent 8.

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent ADMIN LOGIN 65 .

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent ADMIN PAGE 66 .

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent AUDITOR REGISTRATION 67 .

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent SCHEDULE AUDIT 68 .

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent VIEW AUDIOTRS 69 .

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent VIEW AUDIT REPORTS 70 .

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent AUDITOR LOGIN 71 .

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent AUDITOR PAGE 72 .

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent VIEW AUDIT SCHEDULE 73 .

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent ENCRYPTION DOCUMENT VERIFICATION 74 .

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent GET KEY TO DECRYPT 75 .

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent DECRYPTION OF DOCUMENTS 76 .

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent SET AUDITOR FOR AUDIT 77 .

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent AUDITOR JUNIOR LOGIN 78 .

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent JUNIOR AUDITOR PAGE 79 .

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent DOCUMENTS AUDITED 80 .

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent VIEW AUDIT REPORT 81 .

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent 9. REPORTS AUDITORS 82 .

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent AUDIT SCHEDULE 83 .

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent AUDIT REPORTS 84 .

Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent 10. We leave the fullfledged implementation of the mechanism on commercial public cloud as an important future extension. we only need to maintain the security of the third party auditor and deploy a lightweight daemon to execute the verification protocol. we addressed the construction of an efficient audit service for data integrity in clouds. which is expected to robustly cope with very large scale data and thus encourage users to adopt cloud storage services more confidently 85 . the third party auditor. can issue a periodic verification to monitor the change of outsourced data by providing an optimized schedule. To realize the audit model. In this audit service. Extensive analysis shows that our schemes are provably secure and highly efficient. CONCLUSION In this project. known as an agent of data owners. Our preliminary experiment conducted on Amazon EC2 instance further demonstrates the fast performance of our design on both the cloud and the auditor side. Profiting from the standard interactive proof system. our technology can be easily adopted in a cloud computing environment to replace the traditional Hash-based solution. we proposed an interactive audit protocol to implement the audit service based on a third party auditor. where the TPA can perform multiple auditing tasks in a batch manner for better efficiency. Hence. we further extend our privacy preserving public auditing protocol into a multiusersetting. Considering TPA may concurrently handle multiple audit sessions from different users for their outsourced data files.

Pressman. McGraw-Hill International  MS SQL Server 2000. Second Edition.csharpcorner.dotnetspider.w3schools. Sums Publishing 2003 Active Server Page 2.com/net/quickstart/aspplus/default. Software Engineering A Parishioners Approach. Queue 2003 Roger S. Kaleen Delaney JOE Cello’s SQL for smartens.com www.com http://www. Ken Henderson WEB REFERENCE     http://www. 1997.msdn.Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent 11. JOE  Cello The Guru’s Guide to Transact SQL. Fourth Edition. Richard Launcher. Second Reprint.com http://www. Stephen Walther. BIBLIOGRAPHY    Active Server Page Unleashed.com 86 .0.microsoft.

Sign up to vote on this title
UsefulNot useful