CHAPTER 1

INTRODUCTION

Cloud computing is considered as the next step in the evolution of on-

demand information technology which combines a set of existing and new
techniques from research areas such as service-oriented architectures (SOA) and
virtualization. With the rapid development of versatile cloud computing
technology and services, it is routine for users to leverage cloud storage services
to share data with others in a friend circle, e.g., Drop box, Google Drive and
AliCloud.
The shared data in cloud servers, however, usually contains users’ sensitive
information (e.g., personal profile, financial data, health records, etc.) and needs
to be well protected. As the ownership of the data is separated from the
administration of them, the cloud servers may migrate users’ data to other cloud
servers in outsourcing or share them in cloud searching. Therefore, it becomes a
big challenge to protect the privacy of those shared data in cloud, especially in
cross-cloud and big data environment. In order to meet this challenge, it is
necessary to design a comprehensive solution to support user-defined
authorization period and to provide fine-grained access control during this period.
The shared data should be self destroyed after the user-defined expiration time.
One of the methods to alleviate the problems is to store data as a common
encrypted form. The disadvantage of encrypting data is that the user cannot share
his/her encrypted data at a fine-grained level. When a data owner wants to share
someone his/her information, the owner must know exactly the one he/she wants
to share with. In many applications, the data owner wants to share information
with several users according to the security policy based on the users’ credentials.
Attribute-based encryption (ABE) has significant advantages based on the
1
 tradition public key encryption instead of one-to-one encryption because it
achieves flexible one-to-many encryption. ABE scheme provides a powerful
method to achieve both data security and fine grained access control. In the key-
policy ABE (KP-ABE) scheme to be elaborated in this paper, the cipher text is
labeled with set of descriptive attributes. Only when the set of descriptive
attributes satisfies the access structure in the key, the user can get the plaintext.
In general, the owner has the right to specify that certain sensitive
information is only valid for a limited period of time, or should not be released
before a particular time. Timed-release encryption (TRE) provides an interesting
encryption service where an encryption key is associated with a predefined release
time, and a receiver can only construct the corresponding decryption key in this
time instance. On this basis, Paterson and Quigley proposed a time specific
encryption (TSE) scheme, which is able to specify a suitable time interval such
that the cipher text can only be decrypted in this interval (decryption time interval,
DTI). It can be used in many applications, e.g., Internet programming contest,
electronic sealed-bid auction, etc. Electronic sealed-bid auction is a method to
establish the price of goods through the Internet while keeping the bids secret
during the bidding phase. That is, the bids (cipher text) should be kept secret
during the bidding phase (a specific time interval).
However, applying the ABE to the shared data will introduce several
problems with regard to time-specific constraint and self-destruction, while
applying the TSE will introduce problems with regard to fine-grained access
control. Thus, in this paper, we attempt to solve these problems by using KP-ABE
and adding a constraint of time interval to each attribute in the set of decryption
attributes.
1.1 Attribute-Based Encryption:

2
 Attribute-based encryption is one of the important applications of fuzzy
identity-based encryption . ABE comes in two flavors called KP-ABE , and cipher
text-policy ABE (CP-ABE) . In CP-ABE, the cipher text is associated with the
access structure while the private key contains a set of attributes. In KP-ABE, the
idea is reversed: the cipher text contains a set of attributes and the private key is
related to the access structure. The first construction of KP-ABE scheme was
proposed by Goyal et al. In their scheme, when a user made a secret request, the
trusted authority determined which combination of attributes must appear in the
cipher text for the user to decrypt.

1.2 Secure Self-Destruction Scheme:

Recently, Cachin employed a policy graph to describe the relationship

between attributes and the protection class and proposed a policy-based secure data
deletion scheme. Reardon leveraged the graph theory, B-tree structure and key
wrapping and proposed a novel approach to the design and analysis of secure
deletion for persistent storage devices. Because of the properties of physical
storage media, the above-mentioned methods are not suitable for the cloud
computing environment as the deleted data can be recovered easily in the cloud
servers A data self-destructing scheme, first proposed by Geambasu, it is a
promising approach which designs a Vanish system enables users to control over
the lifecycle of the sensitive data. Wang et al. improved the Vanish system and
proposed a secure self-destructing scheme for electronic data (SSDD) Boneh and
Franklin leveraged the DHT network and identity-based encryption (IBE) and
proposed an IBE-based secure self-destruction (ISS) scheme. In order to protect
the confidentiality and privacy security of the composite documents within the
whole lifecycle in cloud computing, Xiong applied the ABE algorithm to propose a
3
secure self-destruction scheme for composite documents (SelfDoc) Recently,
Xiong employed identity-based timed-release encryption (ID-TRE) algorithm and
the DHT network and proposed a full lifecycle privacy protection scheme for
sensitive data (FullPP), which is able to provide full lifecycle privacy protection
for users’ sensitive data by making it unreadable before a predefined time and
automatically destructed after expiration.

1.3 Time-Specific Encryption:

In the TSE scheme, a time severs broadcasts a time instant key (TIK), a data
owner encrypts a message into a cipher text during a time interval, and a receiver
can decrypt the cipher text if the TIK is valid in that interval. Kasamatsu designed
an efficient TSE scheme by using forward secure encryption (FSE) in which the
size of the cipher text is greatly small than that generated by the previous schemes.
The time interval may be considered as the authorization period of the protected
data, and TSE schemes are able to meet this requirement

CHAPTER 2
LITERATURE REVIEW

4
2.1 ATTRIBUTE-BASED ENCRYPTION FOR FINE-GRAINED ACCESS
CONTROL OF ENCRYPTED DATA

As more sensitive data is shared and stored by third-party sites on the

Internet, there will be a need to encrypt data stored at these sites. One drawback of
encrypting data, is that it can be selectively shared only at a coarse-grained level
(i.e., giving another party your private key). This develop a new cryptosystem for
fine-grained sharing of encrypted data that called as Key-Policy Attribute-Based
Encryption (KP-ABE). In this cryptosystem, ciphertexts are labeled with sets of
attributes and private keys are associated with access structures that control which
cipher texts a user is able to decrypt. Here demonstrate the applicability of this
construction to sharing of audit-log information and broadcast encryption. This
construction supports delegation of private keys which subsumes Hierarchical
Identity-Based Encryption (HIBE).

Technique

To develop a new cryptosystem for fine-grained sharing of encrypted data

that we call Key-Policy Attribute-Based Encryption (KP-ABE). Cipher texts are
labeled with sets of attributes and private keys are associated with access
structures that control which cipher texts a user is able to decrypt. This
construction supports delegation of private keys which subsumes Hierarchical
Identity-Based Encryption (HIBE).

The data is stored on the server in an encrypted form while users are still
allowed to decrypt dierent pieces of data per the security policy. This selectively
eliminates the need to rely on the storage server for preventing unauthorized data

5
access.Secret-Sharing Schemes. Secret-sharing schemes (SSS) are used to divide a
secret among a number of parties. The information given to a party is called the
share (of the secret) forthat party. Every SSS realizes some access structure that
deones the sets of parties who should be able to reconstruct the secret by using
their shares.

Fine-grained Access Control. Fine-grained access control systems facilitate

granting differential access rights to a set of users and allow flexibility in
specifying the access rights of individual users. Several techniques are known for
implementing fine grained access control. The control relies on software checks to
ensure that a user can access a piece of data only if he is authorized to do so. This
situation is not particularly appealing from a security standpoint. In the event of
server compromise, for example, as a result of a software vulnerability exploit, the
potential for information theft is immense. Furthermore, there is always a danger
of “insider attacks” wherein a person having access to the server steals and leaks
the information, for example, for economic gains.

Issues

 Drawback of encrypting data , is that it can be selectively shared only

at a coarse-grained level.
 Each cipher text is labeled.
 Number of key generated.

2.2 TIME-SPECIFIC ENCRYPTION

This paper introduces and explores the new concept of Time-Specific

Encryption (TSE). In (Plain) TSE, a Time Server broadcasts a key at the
6
 beginning of each time unit, a Time Instant Key (TIK). The sender of a message
can specify any time interval during the encryption process; the receiver can
decrypt to recover the message only if it has a TIK that corresponds to a time in
that interval. This extend Plain TSE to the public-key and identity-based settings,
where receivers are additionally equipped with private keys and either public keys
or identities, and where decryption now requires the use of the private key as well
as an appropriate TIK. This introduce security models for the plain, public-key
and identity- based settings. This also provide constructions for schemes in the
different settings, showing how to obtain Plain TSE using identity-based
techniques, how to combine Plain TSE with public-key and identity-based
encryption schemes, and how to build schemes that are chosen-ciphertext secure
from schemes that are chosen-plaintext secure. Finally, this suggest applications
for our new primitive, and discuss its relationships with existing primitives, such
as Timed-Release Encryption and Broadcast Encryption.

Technique

The new concept of Time-Specific Encryption (TSE). In (Plain) TSE, a

Time Server broadcasts a key at the beginning of each time unit, a Time Instant
Key (TIK). The sender of a message can specify any time interval during the
encryption process; the receiver can decrypt to recover the message only if it has a
TIK that corresponds to a time in that interval.

Time Server broadcasting time-specific keys, but user from the limitation
that some back-up mechanism must be provided in case the receiver misses a key
broadcast by the server. In this sense, TRE represents the special case of TSE in
which the sender can specify only intervals of the form .Typically in the literature,

7
it is assumed that the Time Server (or some other agency) will make old keys
available on a public server .

Time has always played an important role in communication. Information

can become useless after a certain point, sensitive data may not be released before
a particular time, or we may wish to enable access to information for only a limited
period of time. In this context, being able to specify during what time interval a
ciphertext can be decrypted by a receiver is a useful and interesting property. To
introduce and develop a new cryptographic primitive called Time-Specific
Encryption (TSE) which addresses this problem. More specifically, we consider a
setting in which we have a (semi-)trusted Time Server (TS).

Issues

 Does not provide time instant.

 Securely does not broadcast message.

 Data loss during transmission.

2.3 CIPHER TEXT-POLICY ATTRIBUTE-BASED ENCRYPTION

In several distributed systems a user should only be able to access data if a

user posses a certain set of credentials or attributes. Currently, the only method for
8
enforcing such policies is to employ a trusted server to store the data and mediate
access control. However, if any server storing the data is compromised, then the
confidentiality of the data will be compromised. In this paper we present a system
for realizing complex access control on encrypted data that we call Cipher text-
Policy Attribute-Based Encryption. By using this techniques encrypted data can be
kept confidential even if the storage server is entrusted moreover, this methods are
secure against collusion attacks. Previous Attribute- Based Encryption systems
used attributes to describe the encrypted data and built policies into user’s keys;
while in this system attributes are used to describe a user’s credentials, and a party
encrypting data deter- mines a policy for who can decrypt. Thus, this methods are
conceptually closer to traditional access control methods such as Role-Based
Access Control (RBAC). In addition, we provide an implementation of our system
and give performance measurements.

Technique

It present a system for realizing complex access control on encrypted data

that we call Cipher text-Policy Attribute-Based Encryption. By using our
techniques encrypted data can be kept confidential even if the storage server is un
trusted; moreover, our methods are secure against collusion attacks. Previous
Attribute- Based Encryption systems used attributes to describe the encrypted data
and built policies into user’s keys; while in our system attributes are used to
describe a user’s credentials, and a party encrypting data deter- mines a policy for
who can decrypt. Thus, our methods are conceptually closer to traditional access
control methods such as Role-Based Access Control (RBAC).

Access control is enforced by employing a trusted server to store data

locally. The server is entrusted as a reference monitor that checks that a user
9
presents proper certification before allowing him to access records or files.
However, services are increasingly storing data in a distributed fashion across
many servers. Replicating data across several locations has advantages in both
performance and reliability. The drawback of this trend is that it is increasingly
difficult to guarantee the security of data using traditional methods; when data is
stored at several locations, the chances that one of them has been compromised
increases dramatically.

In many situations, when a user encrypts sensitive data, it is imperative that

she establish a specific access control policy on who can decrypt this data.access
control is enforced by employing a trusted server to store data locally. The server
is entrusted as a reference monitor that checks that a user presents proper
certification before allowing him to access records or files. However, services are
increasingly storing data in a distributed fashion across many servers. Replicating
data across several locations has advantages in both performance and reliability.
The drawback of this trend is that it is increasingly difficult to guarantee the
security of data using traditional methods; when data is stored at several
locations, the chances that one of them has been compromised increases
dramatically.

Issues

 Large key size.

 Role-Based Access Control (RBAC) does not suitable.

2.4 FUZZY IDENTITY-BASED ENCRYPTION

10
 To introduce a new type of Identity-Based Encryption (IBE) scheme that we
call Fuzzy Identity-Based Encryption. In Fuzzy IBE we view an identity as set of
descriptive attributes. A Fuzzy IBE scheme allows for a private key for an
identity, to decrypt a cipher text encrypted with an identity, if and only if the
identities and are close to each other as measured by the “set overlap” distance
metric. A Fuzzy IBE scheme can be applied to enable encryption using biometric
inputs as identities; the error-tolerance property of a Fuzzy IBE scheme is
precisely what allows for the use of biometric identities, which inherently will
have some noise each time they are sampled. Additionally, this shows that Fuzzy-
IBE can be used for a type of application that we term “attribute-based
encryption”. In this paper we present two constructions of Fuzzy IBE schemes.
These constructions can be viewed as an Identity-Based Encryption of a message
under several attributes that compose a (fuzzy) identity.This IBE schemes are
both error-tolerant and secure against collusion attacks. Additionally, our basic
construction does not use random oracles.This prove the security of our schemes
under the Selective-ID security model.

Technique

It present two constructions of Fuzzy IBE schemes. Our constructions can

be viewed as an Identity-Based Encryption of a message under several attributes
that compose a (fuzzy) identity. Our IBE schemes are both error-tolerant and
secure against collusion attacks. Additionally, our basic construction does not use

11
random oracles. We prove the security of our schemes under the Selective-ID
security model .

The primary technique is that construct a user’s private key as a set of

private key components, one for each attribute in the user’s identity. We share use
Shamir’s method of secret sharing to distribute shares of a master secret in the
exponents of the user’s private key components. Shamir’s secret sharing within the
exponent gives our scheme the crucial property of being error-tolerant since only a
subset of the private key components are needed to decrypt a message.
Additionally, our scheme is resistant to collusion attacks. Different users have their
private key components generated with different random polynomials. If multiple
users collude they will be unable to combine their private key components in any
useful way. In the first version of our scheme, the public key size grows linearly
with the number of potential attributes in the universe. The public parameter
growth is manageable for a biometric system where all the possible attributes are
defined at the system creation time. However, this becomes a limitation in a more
general system where we might like an attribute to be defined by an arbitrary
string. To accommodate these more general requirements we additionally provide a
Fuzzy-IBE system for large universes, where attributes are defined by arbitrary
strings.

Issues

 Possible of duplicate information

 Noise is created during sampled.

 Introduce random number

12
2.5 CLOUD MIGRATION RESEARCH: A SYSTEMATIC REVIEW:

By leveraging cloud services, organizations can deploy their software

systems over a pool of resources. However, organizations heavily depend on
their business-critical systems, which have been developed over long periods.
These legacy applications are usually deployed on-premise. In recent years,
research in cloud migration has been carried out. However, there is no secondary
study to consolidate this research. This paper aims to identify, taxonomically
classify and systematically compare existing research on cloud migration. We
conducted a systematic literature review (SLR) of 23 selected studies. We
classified and compared the selected studies based on a characterization
framework that we also introduce in this paper. The research synthesis results in
a knowledge base of current solutions for legacy-to-cloud migration. This review
also identifies research gaps and directions for future research. This review
reveals that cloud migration research is still in early stages of maturity, but is
advancing. It identifies the needs for a migration framework to help improving
the maturity level and consequently trust into cloud migration. This review
shows a lack of tool support to automate migration tasks. This study also
identifies needs for architectural adaptation and self-adaptive cloud-enabled
systems.

Technique

It aims to identify, taxonomically classify and systematically compare

existing research on cloud migration. The research synthesis results in a knowledge
base of current solutions for legacy-to-cloud migration. This review also identifies
13
research gaps and directions for future research. This review reveals that cloud
migration research is still in early stages of maturity, but is advancing. It identifies
the needs for a migration framework to help improving the maturity level and
consequently trust into cloud migration.

Many organizations still rely on so-called legacy systems - software

developed over the lifetime of an organization using traditional development
methods. Despite maintainability issues, on-premise legacy systems are still crucial
as they support core business processes that cannot simply be replaced. Some
software-intensive applications cannot easily utilize cloud-based environments
such as safety-critical software Some other applications such as embedded systems
cannotnecessarily benefit from this type of environment. Some software
applications are specifically developed to operate in the cloud Motivated by the
promised benefits of cloud environments,there has been significant research on
cloud-enabled software and facilitating the migration of legacy on-premise
software to the cloud These approaches particularly focus on existing methods,
techniques, processes and frameworks directly enabling migration or indirectly
contributing towards justifying the decision of migrating to the cloud. The
assumption for each of the approaches is that in its initial state, the software
application is hosted on-premise in a non-cloud environment on a local server,
before the migration is applied to it. Therefore, migration between cloud providers,
deployment models and virtual resources known as live migration is outside the
scope of this work.

Issues

14
  Software migration (or legacy modernization or software modernization) is
a process of moving or adapting an existing system from one operating
environment to another.

CHAPTER 3

EXISTING SYSTEM

With the rapid development of versatile cloud services, it becomes

increasingly susceptible to use cloud services to share data in a friend circle in the
cloud computing environment. Since it is not feasible to implement full lifecycle

15
privacy security, access control becomes a challenging task. Possible of
introducing random numbers, key updation for the already visited users. Data loss
during transmission, no user specified time. Keys are not generated with user
attributes.

3.1 ISSUES:

 The user’s details are not fully verified.

 It’s difficult to share sensitive data on cloud server.

 Files are self destructed without the permission of the user.

 Time specific is not allotted.

 Number of keys generated.

CHAPTER 4

PROPOSED SYSTEM:

A key-policy attribute-based encryption with time-specified attributes (KP-

TSABE), a novel secure data self-destructing scheme in cloud computing. In the
KP-TSABE scheme, every ciphertext is labeled with a time interval while private

16
key is associated with a time instant. The ciphertext can only be decrypted if both
the time instant is in the allowed time interval and the attributes associated with the
ciphertext satisfy the key’s access structure.

The KP-TSABE is able to solve some important security problems by

supporting user defined authorization period and by providing fine-grained access
control during the period. The sensitive data will be securely self-destructed after a
user-specified expiration time. The KP-TSABE scheme is proved to be secure
under the decision l-bilinear Diffie-Hellman inversion (l-Expanded BDHI)
assumption. Comprehensive comparisons of the security properties indicate that
the KP-TSABE scheme proposed by satisfies the security requirements and is
superior to other existing schemes.

The shared data in cloud servers, however, usually contains users’ sensitive
information (e.g., personal profile, financial data, health records, etc.) and needs to
be well protected.As the ownership of the data is separated from the administration
of them , the cloud servers may migrate users’ data to other cloud servers in
outsourcing or share them in cloud searching.Therefore, it becomes a big challenge
to protect the privacy of those shared data in cloud, especially in cross-cloud and
big data environment. In order to meet this challenge, it is necessary to design a
comprehensive solution to support user-defined authorization period and to provide
fine-grained access control during this period. The shared data should be self
destroyed after the user-defined expiration time.
One of the methods to alleviate the problems is to store data as a common
encrypted form. The disadvantage of encrypting data is that the user cannot share
his/her encrypted data at a fine-grained level. When a data owner wants to share
someone his/her information, the owner must know exactly the one he/she wants to
share .In many applications, the data owner wants to share information with
17
several users according to the security policy based on the users’ credentials.
Attribute-based encryption (ABE) has significant advantages based on the tradition
public key encryption instead of one-to-one encryption because it achieves flexible
one-to-many encryption.ABE scheme provides a powerful method to achieve both
data security and fine-grained access control. In the key-policy ABE (KP-ABE)
scheme to be elaborated here, the ciphertext is labeled with set of descriptive
attributes. Only when the set of descriptive attributes satisfies the access struct in
the key, the user can get the plaintext.

The owner has the right to specify that certain sensitive information is only
valid for a limited period of time, or should not be released before a particular
time. Timed-release encryption (TRE) provides an interesting encryption service
where an encryption key is associated with a predefined release time, and a
receiver can only construct the corresponding decryption key in this time instance.

CHAPTER 5
SYSTEM ARCHITECTURE

18
 Fig. no 5.1 System Architecture

CHAPTER 6

MODULES

There are five modules,

6.1 Authorization file upload

6.2 Time-Specific Encryption

19
 6.3 KP-TSABE

6.4 Cloud Service Provider

6.5 Secure Self-Destruction

6.1 AUTHORIZATION FILE UPLOAD

Authentication is the act of confirming the truth of an attribute of a single

piece of data (a datum) claimed true by an entity. In contrast with identification
which refers to the act of stating or otherwise indicating a claim purportedly
attesting to a person or thing's identity, authentication is the process of actually
confirming that identity. It might involve confirming the identity of a person by
validating their identity documents verifying the authenticity determining the age
of an artifact or ensuring that a product is what it’s packaging and labeling claim to
be. In other words, authentication often involves verifying the validity of at least
one form of identification.

The first type of authentication is accepting proof of identity given by a

credible person who has first-hand evidence that the identity is genuine. When
authentication is required of art or physical objects, this proof could be a friend,
family member or colleague attesting to the item's provenance, perhaps by having
witnessed the item in its creator's possession. With autographed sports
memorabilia, this could involve someone attesting that they witnessed the object
being signed. A vendor selling branded items implies authenticity, while he or she
may not have evidence that every step in the supply chain was authenticated.
Centralized authority-based trust relationships back most secure internet
communication through known public certificate authorities decentralized peer-

20
based trust, also known as ais used for personal services such as email or files and
trust is established by known individuals signing each, for instance.

A well-known method for addressing this problem is secure deletion of

sensitive data after expiration when the data was used a novel approach to the
design and analysis of secure deletion for persistent storage devices the properties
of physical storage media, the above-mentioned methods are not suitable for the
cloud computing environment as the deleted data can be recovered easily in the
cloud servers. Data owner can provide data or files that contain some sensitive
information, which are used for sharing with his/her friends (data users). All these
shared data are outsourced to the cloud servers to stored.

21
 Fig. no 6.1 Authorization file upload

6.2 TIME-SPECIFIC ENCRYPTION

The TSE scheme, a time sever broadcasts a time instant key (TIK), a data
owner encrypts a message into a ciphertext during a time interval, and a receiver
can decrypt the ciphertext if the TIK is valid in that interval designed an efficient
TSE scheme by using forward secure encryption (FSE) in which the size of the
ciphertext is greatly small than that generated by the previous schemes .The time
interval may be considered as the authorization period of the protected data, and

22
TSE schemes are able to meet this requirement. However, it is a tricky problem
when the traditional TSE is used in the cloud computing environment.
It needs a fine-grained access control which cannot be provided by the
traditional TSE schemes.Data users are some people who passed the identity
authentication and access to the data outsourced by the data owner that the shared
data can only be accessed by the authorized users during its authorization period. It
mainly focuses on how to achieve self-destruction after expiration. Data owner can
provide data or files that contain some sensitive information, which are used for
sharing with his/her friends (data users).
All these shared data are outsourced to the cloud servers to store. It is an
indispensable entity which is responsible for generating, distributing and managing
all the private keys, and is trusted by all the other entities involved in the system is
a time reference server without any interaction with other entities involved in the
system. It is responsible for a precise release time specification. Data users are
some people who passed the identity authentication and access to the data
outsourced by the data owner. Notice that the shared data can only be accessed by
the authorized users during its authorization period. It contains almost unlimited
storage space which is able to store and manage all the data or files in the system.
Other entities with limited storage space can store their data to the cloud servers.
Potential adversary is a polynomial time adversary and described in the security
model of the KPTSABE scheme.

23
 Fig. no 6.2 Time-Specific Encryption

6.3 SECURE SELF-DESTRUCTION

It is a time interval predefined by a data owner, starting from the desired

release time and ending at the expiration time. The ciphertext is associated with
this interval; the user can construct the decryption key only when the time instant
is within this interval expiration time. It is a threshold time instant predefined by
the owner. The shared data can only be accessed by the user before this time
instant because the shared data will be self-destructed after expiration. Full
lifecycle. It is a time interval from the creation of the shared data, authorization
period to expiration time.

A well-known method for addressing this problem is secure deletion of

sensitive data after expiration when the data was used recently to describe the
relationship between attributes and the protection class and proposed a policy-
based secure data deletion scheme theory of, B-tree structure and key wrapping

24
and proposed a novel approach to the design and analysis of secure deletion for
persistent storage devices. Because of the properties of physical storage media, the
above-mentioned methods are not suitable for the cloud computing environment as
the deleted data can be recovered easily in the cloud servers.
A data self-destructing scheme, approach which designs a Vanish system
enables users to control over the lifecycle of the sensitive data. Wang et al.
improved the Vanish system and proposed a secure self-destructing scheme for
electronic data scheme, data is encrypted into a ciphertext, which is then associated
and extracted to make it incomplete to resist against the traditional cryptanalysis
and the brute-force attack.
Then, both the decryption key and the extracted ciphertext are distributed
into a distributed hash table to implement self-destruction after the update period
of the network. However, made a lot of experiments and confirmed that the Vanish
system is vulnerable to attacks by using the network. So the security of the SSDD
scheme is also to address this problem. Proposed a SeDas system, which is a novel
integration of cryptographic techniques with active storage techniques IBE-based
secure self-destruction (ISS) scheme.
In order to protect the confidentiality and privacy security of the composite
documents within the whole lifecycle in cloud computing applied the ABE
algorithm to propose a secure self-destruction scheme for composite documents
(SelfDoc). Identity-based timed release encryption (ID-TRE) algorithm and the
network and proposed a full lifecycle privacy protection scheme for sensitive data
(FullPP), which is able to provide full lifecycle privacy protection for users’
sensitive data by making it unreadable before a predefined time and automatically
destructed after expiration.

25
 Fig. no 6.3 Secure self-destruction

6.4 CLOUD SERVER:

CLOUD evolution of on-demand information technology which computing

is considered as the next step in the combines a set of existing and new
techniques from research areas such as service-oriented architectures (SOA) and
virtualization. With the rapid development of versatile cloud computing
technology and services, it is routine for users to leverage cloud storage services
to share data with others in a friend circle, e.g., Dropbox, Google Drive.
The shared data in cloud servers, however, usually contains users’ sensitive
information (e.g., personal profile, financial data, health records, etc.) and needs
to be well protected. As the ownership of the data is separated from the
administration of them the cloud servers may migrate users’ data to other cloud
servers in outsourcing or share them in cloud searching. To support user-defined
authorization period and to provide access control during this period. The shared
data should be self destroyed after the user-defined expiration time. One of the
methods to alleviate the problems is to store data as a common encrypted form.
The encryption data is that the user cannot share encrypted data. When a data

26
 owner wants to share someone information, the owner must know exactly the
one wants to share with many applications, the data owner wants to share
information with several users according to the security policy used on the users’
credentials.
Attribute-based encryption (ABE) has significant advantages based on the
tradition public key encryption instead of one-to-one encryption because it
achieves flexible one-to-many encryption ABE scheme provides a powerful
method to achieve both data security and fine-grained access control.
Cloud servers it contains almost unlimited storage space which is able to store
and manage all the data or files in the system. Other entities with limited storage
space can store their data to the cloud servers. Potential adversary. It is a
polynomial time adversary and described in the security model of the KPTSABE
scheme. And it also contains the information about available file information
requesting user information.

Fig. no 6.4 Cloud server

27
6.5 KP-TSABE:

The KP-TSABE scheme can be described as a collection of the following

process Setup, Encrypt, KeyGen, and Decrypt. This is run by the Authority and
takes as input the security parameter and attribute generates system public
parameters. The encryption Used to calculate the initial allocation and every data
in encrypted with T-time.
o KP-TSABE supports the function of user-defined authorization period
and ensures that the sensitive data cannot be read both before its
desired releasetime and after its expiration.
o KP-TSABE does not require the ideal assumption of “No attacks on
VDO before it expires”.
o KP-TSABE is able to implement fine-grained access control during
the authorization period and to make the sensitive data self-
destruction after expiration without any human intervention.
o KP-TSABE is proven to be secure under the standard model by using
the l-bilinear Diffie-Hellman inversion (BDHI) assumption.

The initialization phase, a data owner chooses a large security parameter k

and attribute universe and invokes the algorithm belonging to the level of
generate system parameter key. Encryption with time constraint the data owner
chooses an attribute set for the shared message and defines a time interval set .
Then, the data owner invokes the Encrypt file to convert its ciphertext CT, which
is associated with the set of key value, sent to cloud servers.During the
authorization period when a user wants to access the shared data during its
authorization period, he must pass the identity authentication and

28
Firstly, the current time instant is provided by the time server with , which is
associated with each attribute set of the user matches the access tree . Then, the
authority runs the algorithm to generate the private key and sends it to the user.
Once the user received the shared key , he will get the cipher text from the cloud
servers and invokes the algorithm decrypt cipher text to obtain the shared data.
Because each attribute is associated with a current time instant matches , the user
can obtain the correct private key to decrypt CT .Data self-destruction after
expiration once the current time instant behind after the
threshold value (expiration time) of the valid time interval the user cannot obtain
the true private key. Therefore, the cyphertext is not able to be decrypted in
polynomial time, facilitating the self-destruction of the shared data after expiration.

Fig. no 6.5 KP-TSABE

CHAPTER 7

29
 CONCLUSION AND FUTURE ENHANCEMENT

7. 1 CONCLUSION

With the rapid development of versatile cloud services, a lot of new

challenges have emerged. One of the most important problems is how to securely
delete the outsourced data stored in the cloud severs.It proposed a novel KP-
TSABE scheme which is able to achieve the time-specified cipher text in order to
solve these problems by implementing flexible fine-grained access control during
the authorization period and time-controllable self-destruction after expiration to
the shared and outsourced data in cloud computing.

7.2 FUTURE ENHANCEMENT:

The authorization period and time-controllable self-destruction after
expiration to the shared and outsourced data in cloud computing in future
automatic controlled without manual.

APPENDIX A
30
 SOURCE CODING

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Windows.Forms;
using MySql.Data.MySqlClient;
using System.Data;

public partial class datauserlogin : System.Web.UI.Page

{
protected void Page_Load(object sender, EventArgs e)
{

}
protected void login_Click(object sender, EventArgs e)
{
MySqlConnection conn = new
MySqlConnection("server=127.0.0.1;database=self_destruction;uid=root;
password=root123;");
MySqlCommand cmd = new MySqlCommand("SELECT * FROM
datauserreg where name='" + txtuser.Text + "'", conn);
conn.Open();
DataTable dt = new DataTable();

31
 MySqlDataReader dr = cmd.ExecuteReader();
if (dr.Read() == true)
{
if (dr[4].ToString() == txtpwd.Text)
{
Session["datausername"] = dr[0].ToString();
conn.Close();

//MySqlCommand cmd1 = new MySqlCommand();

//conn.Open();
//string cn = "insert into clogin values('" + txtuser.Text + "','" +
txtpwd.Text + "')";
//cmd1 = new MySqlCommand(cn, conn);
//cmd1.ExecuteNonQuery();
//conn.Close();
MessageBox.Show("valid user");
Response.Redirect("datauser.aspx");
}
else
{
MessageBox.Show("invalid user");

}
conn.Close();
txtuser.Text = "";
txtpwd.Text = "";
}
32
 }
}

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using MySql.Data.MySqlClient;
using System.Windows.Forms;
using System.Data;

public partial class datauserreg : System.Web.UI.Page

{
protected void Page_Load(object sender, EventArgs e)
{

}
protected void Button1_Click(object sender, EventArgs e)
{
MySqlConnection conn = new
MySqlConnection("server=127.0.0.1;database=self_destruction;uid=root;pas
sword=root123;");
MySqlCommand cmd = new MySqlCommand("SELECT * FROM
datauserreg", conn);
MySqlCommand cmd1;
33
 conn.Open();
DataTable dt = new DataTable();
MySqlDataReader dr = cmd.ExecuteReader();
while (dr.Read() == true)
{

if (dr["Password"].ToString() == txtpwd.Text)
{
MessageBox.Show(" already user");
Response.Redirect("datauserreg.aspx");
conn.Close();
}

else
{
conn.Open();
string cn = "insert into cspregistration values('" + txtname.Text + "','"
+ txtage.Text + "','"+txtgender.Text+"','" + txtid.Text + "','" + txtpwd.Text +
"')";
cmd1 = new MySqlCommand(cn, conn);
cmd1.ExecuteNonQuery();
conn.Close();
MessageBox.Show("Register success");
Response.Redirect("datauserlogin.aspx");
}
}
}
34
 }
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Windows.Forms;
using MySql.Data.MySqlClient;

namespace WebApplication1
{
public partial class search : System.Web.UI.Page
{

protected void Page_Load(object sender, EventArgs e)

{
if (!IsPostBack)

BindGridviewData();
}
private void BindGridviewData()
{
MySqlConnection conn = new
MySqlConnection("server=127.0.0.1;database=self_destruction;uid=root;pas
sword=root123;");
35
 string query;
MySqlCommand SqlCommand;
MySqlDataReader reader;

MySqlDataAdapter adapter = new MySqlDataAdapter();

//Open the connection to db
conn.Open();

//Generating the query to fetch the contact details

query = "SELECT filename,filetype,curdate FROM upl";

SqlCommand = new MySqlCommand(query, conn);

adapter.SelectCommand = new MySqlCommand(query, conn);
//execute the query
reader = SqlCommand.ExecuteReader();
//Assign the results
GridView1.DataSource = reader;
GridView1.DataBind();
}
}
}
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
36
 using System.Data;
using System.IO;
using System.Windows.Forms;
using MySql.Data.MySqlClient;
using System.Security;
using System.Security.Cryptography;
using System.Text;
using MySql.Data.MySqlClient;

namespace WebApplication1
{
public partial class download : System.Web.UI.Page
{
MySqlConnection conn = new
MySqlConnection("server=127.0.0.1;database=self_destruction;uid=root;pas
sword=root123;");

protected void Page_Load(object sender, EventArgs e)

{

Label1.Text = Session["datausername"].ToString();

string query;
MySqlCommand SqlCommand;
conn.Close();
MySqlDataReader reader;
MySqlDataAdapter adapter = new MySqlDataAdapter();
37
 //Open the connection to db
conn.Open();
//Generating the query to fetch the contact details
query = "SELECT filename,filetype FROM upl";
SqlCommand = new MySqlCommand(query, conn);
adapter.SelectCommand = new MySqlCommand(query, conn);
//execute the query
reader = SqlCommand.ExecuteReader();
//Assign the results
GridView1.DataSource = reader;
GridView1.DataBind();
conn.Close();
}

protected void Button5_Click(object sender, EventArgs e)

{
MySqlCommand cmd1;
conn.Open();
string slect = "select * from upl where filename='" +
TextBox1.Text"'";
cmd1 = new MySqlCommand(slect, conn);
MySqlDataReader dr = cmd1.ExecuteReader();
dr.Read();
string content = dr[5].ToString();
Session["privatekey"] = dr[2].ToString();
byte[] recv = Encoding.ASCII.GetBytes(content);
string floc = "F:\\downloaded\\" + TextBox1.Text;
38
 File.WriteAllBytes(floc, recv);
MessageBox.Show("downloaded successfully");

Session["filename"] = TextBox1.Text;

protected void GridView1_SelectedIndexChanged(object sender,

EventArgs e)
{
TextBox1.Text = GridView1.SelectedRow.Cells[1].Text;
}

protected void Button6_Click(object sender, EventArgs e)

{

//string aess = Session["data20"].ToString();

string inputContent;
string fname = "F:\\downloaded\\" + TextBox1.Text;
using (StreamReader inputStreamReader = new
StreamReader(fname))
{
inputContent = inputStreamReader.ReadToEnd();

39
 MySqlConnection conn = new
MySqlConnection("server=127.0.0.1;database=self_destruction;uid=root;pas
sword=root123;");
string cipherText = inputContent;
string query2;
MySqlCommand SqlCommand3;
query2 = ("select keyfield from upl where filename='" +
TextBox1.Text + "'");
SqlCommand3 = new MySqlCommand(query2, conn);

conn.Open();
MySqlDataReader reader = SqlCommand3.ExecuteReader();
reader.Read();
Session["privatekey"] = reader[0].ToString();

conn.Close();

string EncryptionKey = Session["privatekey"].ToString();

string ciphertext = inputContent;
byte[] cipherBytes = Convert.FromBase64String(cipherText);
using (Aes encryptor = Aes.Create())
{
Rfc2898DeriveBytes pdb = new
Rfc2898DeriveBytes(EncryptionKey, new byte[] { 0x49, 0x76, 0x61, 0x6e,
0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
encryptor.Key = pdb.GetBytes(32);
encryptor.IV = pdb.GetBytes(16);
40
 using (MemoryStream ms = new MemoryStream())
{
using (CryptoStream cs = new CryptoStream(ms,
encryptor.CreateDecryptor(), CryptoStreamMode.Write))
{
cs.Write(cipherBytes, 0, cipherBytes.Length);
cs.Close();
}
cipherText = Encoding.Unicode.GetString(ms.ToArray());
}
}

byte[] recv = Encoding.ASCII.GetBytes(cipherText);

string filelocation = "D:\\decrypted\\" + TextBox1.Text;
File.WriteAllBytes(filelocation, recv);

MySqlCommand SqlCommand2 = new MySqlCommand("insert into

download values('"+ Label1.Text+"','" + TextBox1.Text + "')", conn);
conn.Open();
SqlCommand2.ExecuteNonQuery();
MessageBox.Show("decrypted successfully");
conn.Close();
Response.Redirect("timecontrol.aspx");
}
}
}
41
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.IO;
using System.Security;
using System.Security.Cryptography;
using System.Runtime.InteropServices;
using System.Text;
using System.Data;
using System.Windows.Forms;
using System.Configuration;
using System.Web.Configuration;
using MySql.Data.MySqlClient;

namespace WebApplication1
{
public partial class upload : System.Web.UI.Page
{

protected void Page_Load(object sender, EventArgs e)

{
int i=0;
Button6.Enabled= false;
if (IsPostBack)
42
{
if (i == 2)
{
Session["filelocation"] = Session["path"].ToString();
}
i = 2;
}

protected void Button6_Click(object sender, EventArgs e)

{
string fs1 = Path.GetDirectoryName("d:" );

string fn = Path.GetFileName(fs1);

string ext = Path.GetExtension(Session["path"].ToString());

string contenttype = string.Empty;

//Set the contenttype based on File Extension

switch (ext)
{

case ".doc":
43
contenttype = "application/vnd.ms-word";

break;

case ".docx":

contenttype = "application/vnd.ms-word";

break;

case ".xls":

contenttype = "application/vnd.ms-excel";

break;

case ".xlsx":

contenttype = "application/vnd.ms-excel";

break;

case ".jpg":

contenttype = "image/jpg";

44
break;

case ".png":

contenttype = "image/png";

break;

case ".gif":

contenttype = "image/gif";

break;

case ".txt":

contenttype = "application/pdf";

break;

case ".pptx":

contenttype = "application/vnd.PowerPoint";

break;

}
45
 //Stream fs = FileUpload1.PostedFile.InputStream;

//BinaryReader br = new BinaryReader(fs);

//Byte[] cnt = br.ReadBytes((Int32)fs.Length);

//string snt1 = Convert.ToString(cnt);

string inputContent;
string fname = Session["fname1"].ToString();
using (StreamReader inputStreamReader = new
StreamReader(Session["path"].ToString()))
{
inputContent = inputStreamReader.ReadToEnd();

MySqlConnection con = new

MySqlConnection("server=127.0.0.1;database=self_destruction;uid=root;pas
sword=root123;");
con.Open();
string str11 = "insert into upl values ('" + fname + "', '" + contenttype
+ "', '" + key1.Text + "','" + txtdate.Text + "','" + TextBox1.Text +
"','"+inputContent+"')";
MySqlCommand comd = new MySqlCommand(str11, con);

comd.ExecuteNonQuery();
46
 con.Close();
con.Open();

string str2="insert into availlable(Name,contenttype,cdate)

values('"+fname+"','"+contenttype+"','"+txtdate.Text+"')";
MySqlCommand cmd3 = new MySqlCommand(str2,con);
cmd3.ExecuteNonQuery();
con.Close();
MessageBox.Show("file Upload Sucess");
txtdate.Text = "";
key1.Text = "";
}

protected void encrypt_Click(object sender, EventArgs e)

{
string inputContent;
string fname = FileUpload1.FileName;
using (StreamReader inputStreamReader = new
StreamReader(FileUpload1.PostedFile.InputStream))
{
inputContent = inputStreamReader.ReadToEnd();
}
string inText = inputContent;
string key = key1.Text;

byte[] bytesBuff = Encoding.Unicode.GetBytes(inText);

using (Aes aes = Aes.Create())
47
 {
Rfc2898DeriveBytes crypto = new Rfc2898DeriveBytes(key, new
byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64,
0x65, 0x76 });
aes.Key = crypto.GetBytes(32);
aes.IV = crypto.GetBytes(16);
using (MemoryStream mStream = new MemoryStream())
{
using (CryptoStream cStream = new CryptoStream(mStream,
aes.CreateEncryptor(), CryptoStreamMode.Write))
{
cStream.Write(bytesBuff, 0, bytesBuff.Length);
cStream.Close();
}
inText = Convert.ToBase64String(mStream.ToArray());
}
}

string fn = "";
byte[] recv = Encoding.ASCII.GetBytes(inText);
fn = "D:\\encrypted\\" + FileUpload1.PostedFile.FileName.ToString()
;
Session["path"] = fn;
Session["fname1"] = FileUpload1.PostedFile.FileName.ToString();

File.WriteAllBytes(fn, recv);
txtdate.Text = System.DateTime.Now.ToString();
48
 MessageBox.Show("File is Encrypted Successfully");
Button6.Enabled = true;
}

}
}
APPENDIX B
SCREEN SHOTS

Homepage

Fg.B.1 homepage
Data Owner login

49
 Fg.B.2 Data Owner login
Upload the file

Fg.B.3 Upload the file

Login CloudMe

50
 Fg.B.4 Login CloudMe

Uploaded file

Fg.B.5 Uploaded file

51
Data user login

Fg.B.6 Data user login

Select the file

52
 Fg.B.7 Select the file

File is downloaded

Fg.B.8 File is downloaded

File is decrypted

53
 Fg.B.9 File is decrypted

Timer starts

Fg.B.9 Timer starts

Encrypted file is obtained

54
 Fig.B.10 Encrypted file is obtained

8. REFERENCE:

55
1 P. Jamshidi, A. Ahmad, and C. Pahl, “Cloud migration research:
Asystematic review,” IEEE Trans. Cloud Comput., vol. 1, no. 2,pp. 142–
157, Jul.–Dec. 2013.

2 X. Liu, J. Ma, J. Xiong, and G. Liu, “Ciphertext-policy hierarchicalattribute-

based encryption for fine-grained access control ofencryption data,” Int. J.
Netw. Security, vol. 16, no. 4, pp. 351–357,2014.

3 A. Sahai and B. Waters, “Fuzzy identity-based encryption,” inProc. Adv.

Cryptol., 2005, pp. 457–473.

4 V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-basedencryption

for fine-grained access control of encrypted data,” inProc. 13th ACM Conf.
Comput. Commun. Security, 2006, pp. 89–98.

5 K. G. Paterson and E. A. Quaglia, “Time-specific encryption,” inProc. 7th

Int. Conf. Security Cryptography Netw., 2010, pp. 1–16.

56