Professional Documents
Culture Documents
INTRODUCTION
2
Attribute-based encryption is one of the important applications of fuzzy
identity-based encryption . ABE comes in two flavors called KP-ABE , and cipher
text-policy ABE (CP-ABE) . In CP-ABE, the cipher text is associated with the
access structure while the private key contains a set of attributes. In KP-ABE, the
idea is reversed: the cipher text contains a set of attributes and the private key is
related to the access structure. The first construction of KP-ABE scheme was
proposed by Goyal et al. In their scheme, when a user made a secret request, the
trusted authority determined which combination of attributes must appear in the
cipher text for the user to decrypt.
In the TSE scheme, a time severs broadcasts a time instant key (TIK), a data
owner encrypts a message into a cipher text during a time interval, and a receiver
can decrypt the cipher text if the TIK is valid in that interval. Kasamatsu designed
an efficient TSE scheme by using forward secure encryption (FSE) in which the
size of the cipher text is greatly small than that generated by the previous schemes.
The time interval may be considered as the authorization period of the protected
data, and TSE schemes are able to meet this requirement
CHAPTER 2
LITERATURE REVIEW
4
2.1 ATTRIBUTE-BASED ENCRYPTION FOR FINE-GRAINED ACCESS
CONTROL OF ENCRYPTED DATA
Technique
The data is stored on the server in an encrypted form while users are still
allowed to decrypt dierent pieces of data per the security policy. This selectively
eliminates the need to rely on the storage server for preventing unauthorized data
5
access.Secret-Sharing Schemes. Secret-sharing schemes (SSS) are used to divide a
secret among a number of parties. The information given to a party is called the
share (of the secret) forthat party. Every SSS realizes some access structure that
deones the sets of parties who should be able to reconstruct the secret by using
their shares.
Issues
Technique
Time Server broadcasting time-specific keys, but user from the limitation
that some back-up mechanism must be provided in case the receiver misses a key
broadcast by the server. In this sense, TRE represents the special case of TSE in
which the sender can specify only intervals of the form .Typically in the literature,
7
it is assumed that the Time Server (or some other agency) will make old keys
available on a public server .
Issues
Technique
Issues
10
To introduce a new type of Identity-Based Encryption (IBE) scheme that we
call Fuzzy Identity-Based Encryption. In Fuzzy IBE we view an identity as set of
descriptive attributes. A Fuzzy IBE scheme allows for a private key for an
identity, to decrypt a cipher text encrypted with an identity, if and only if the
identities and are close to each other as measured by the “set overlap” distance
metric. A Fuzzy IBE scheme can be applied to enable encryption using biometric
inputs as identities; the error-tolerance property of a Fuzzy IBE scheme is
precisely what allows for the use of biometric identities, which inherently will
have some noise each time they are sampled. Additionally, this shows that Fuzzy-
IBE can be used for a type of application that we term “attribute-based
encryption”. In this paper we present two constructions of Fuzzy IBE schemes.
These constructions can be viewed as an Identity-Based Encryption of a message
under several attributes that compose a (fuzzy) identity.This IBE schemes are
both error-tolerant and secure against collusion attacks. Additionally, our basic
construction does not use random oracles.This prove the security of our schemes
under the Selective-ID security model.
Technique
11
random oracles. We prove the security of our schemes under the Selective-ID
security model .
Issues
Technique
Issues
14
Software migration (or legacy modernization or software modernization) is
a process of moving or adapting an existing system from one operating
environment to another.
CHAPTER 3
EXISTING SYSTEM
15
privacy security, access control becomes a challenging task. Possible of
introducing random numbers, key updation for the already visited users. Data loss
during transmission, no user specified time. Keys are not generated with user
attributes.
3.1 ISSUES:
CHAPTER 4
PROPOSED SYSTEM:
16
key is associated with a time instant. The ciphertext can only be decrypted if both
the time instant is in the allowed time interval and the attributes associated with the
ciphertext satisfy the key’s access structure.
The shared data in cloud servers, however, usually contains users’ sensitive
information (e.g., personal profile, financial data, health records, etc.) and needs to
be well protected.As the ownership of the data is separated from the administration
of them , the cloud servers may migrate users’ data to other cloud servers in
outsourcing or share them in cloud searching.Therefore, it becomes a big challenge
to protect the privacy of those shared data in cloud, especially in cross-cloud and
big data environment. In order to meet this challenge, it is necessary to design a
comprehensive solution to support user-defined authorization period and to provide
fine-grained access control during this period. The shared data should be self
destroyed after the user-defined expiration time.
One of the methods to alleviate the problems is to store data as a common
encrypted form. The disadvantage of encrypting data is that the user cannot share
his/her encrypted data at a fine-grained level. When a data owner wants to share
someone his/her information, the owner must know exactly the one he/she wants to
share .In many applications, the data owner wants to share information with
17
several users according to the security policy based on the users’ credentials.
Attribute-based encryption (ABE) has significant advantages based on the tradition
public key encryption instead of one-to-one encryption because it achieves flexible
one-to-many encryption.ABE scheme provides a powerful method to achieve both
data security and fine-grained access control. In the key-policy ABE (KP-ABE)
scheme to be elaborated here, the ciphertext is labeled with set of descriptive
attributes. Only when the set of descriptive attributes satisfies the access struct in
the key, the user can get the plaintext.
The owner has the right to specify that certain sensitive information is only
valid for a limited period of time, or should not be released before a particular
time. Timed-release encryption (TRE) provides an interesting encryption service
where an encryption key is associated with a predefined release time, and a
receiver can only construct the corresponding decryption key in this time instance.
CHAPTER 5
SYSTEM ARCHITECTURE
18
Fig. no 5.1 System Architecture
CHAPTER 6
MODULES
20
based trust, also known as ais used for personal services such as email or files and
trust is established by known individuals signing each, for instance.
21
Fig. no 6.1 Authorization file upload
The TSE scheme, a time sever broadcasts a time instant key (TIK), a data
owner encrypts a message into a ciphertext during a time interval, and a receiver
can decrypt the ciphertext if the TIK is valid in that interval designed an efficient
TSE scheme by using forward secure encryption (FSE) in which the size of the
ciphertext is greatly small than that generated by the previous schemes .The time
interval may be considered as the authorization period of the protected data, and
22
TSE schemes are able to meet this requirement. However, it is a tricky problem
when the traditional TSE is used in the cloud computing environment.
It needs a fine-grained access control which cannot be provided by the
traditional TSE schemes.Data users are some people who passed the identity
authentication and access to the data outsourced by the data owner that the shared
data can only be accessed by the authorized users during its authorization period. It
mainly focuses on how to achieve self-destruction after expiration. Data owner can
provide data or files that contain some sensitive information, which are used for
sharing with his/her friends (data users).
All these shared data are outsourced to the cloud servers to store. It is an
indispensable entity which is responsible for generating, distributing and managing
all the private keys, and is trusted by all the other entities involved in the system is
a time reference server without any interaction with other entities involved in the
system. It is responsible for a precise release time specification. Data users are
some people who passed the identity authentication and access to the data
outsourced by the data owner. Notice that the shared data can only be accessed by
the authorized users during its authorization period. It contains almost unlimited
storage space which is able to store and manage all the data or files in the system.
Other entities with limited storage space can store their data to the cloud servers.
Potential adversary is a polynomial time adversary and described in the security
model of the KPTSABE scheme.
23
Fig. no 6.2 Time-Specific Encryption
24
and proposed a novel approach to the design and analysis of secure deletion for
persistent storage devices. Because of the properties of physical storage media, the
above-mentioned methods are not suitable for the cloud computing environment as
the deleted data can be recovered easily in the cloud servers.
A data self-destructing scheme, approach which designs a Vanish system
enables users to control over the lifecycle of the sensitive data. Wang et al.
improved the Vanish system and proposed a secure self-destructing scheme for
electronic data scheme, data is encrypted into a ciphertext, which is then associated
and extracted to make it incomplete to resist against the traditional cryptanalysis
and the brute-force attack.
Then, both the decryption key and the extracted ciphertext are distributed
into a distributed hash table to implement self-destruction after the update period
of the network. However, made a lot of experiments and confirmed that the Vanish
system is vulnerable to attacks by using the network. So the security of the SSDD
scheme is also to address this problem. Proposed a SeDas system, which is a novel
integration of cryptographic techniques with active storage techniques IBE-based
secure self-destruction (ISS) scheme.
In order to protect the confidentiality and privacy security of the composite
documents within the whole lifecycle in cloud computing applied the ABE
algorithm to propose a secure self-destruction scheme for composite documents
(SelfDoc). Identity-based timed release encryption (ID-TRE) algorithm and the
network and proposed a full lifecycle privacy protection scheme for sensitive data
(FullPP), which is able to provide full lifecycle privacy protection for users’
sensitive data by making it unreadable before a predefined time and automatically
destructed after expiration.
25
Fig. no 6.3 Secure self-destruction
26
owner wants to share someone information, the owner must know exactly the
one wants to share with many applications, the data owner wants to share
information with several users according to the security policy used on the users’
credentials.
Attribute-based encryption (ABE) has significant advantages based on the
tradition public key encryption instead of one-to-one encryption because it
achieves flexible one-to-many encryption ABE scheme provides a powerful
method to achieve both data security and fine-grained access control.
Cloud servers it contains almost unlimited storage space which is able to store
and manage all the data or files in the system. Other entities with limited storage
space can store their data to the cloud servers. Potential adversary. It is a
polynomial time adversary and described in the security model of the KPTSABE
scheme. And it also contains the information about available file information
requesting user information.
27
6.5 KP-TSABE:
28
Firstly, the current time instant is provided by the time server with , which is
associated with each attribute set of the user matches the access tree . Then, the
authority runs the algorithm to generate the private key and sends it to the user.
Once the user received the shared key , he will get the cipher text from the cloud
servers and invokes the algorithm decrypt cipher text to obtain the shared data.
Because each attribute is associated with a current time instant matches , the user
can obtain the correct private key to decrypt CT .Data self-destruction after
expiration once the current time instant behind after the
threshold value (expiration time) of the valid time interval the user cannot obtain
the true private key. Therefore, the cyphertext is not able to be decrypted in
polynomial time, facilitating the self-destruction of the shared data after expiration.
CHAPTER 7
29
CONCLUSION AND FUTURE ENHANCEMENT
7. 1 CONCLUSION
APPENDIX A
30
SOURCE CODING
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Windows.Forms;
using MySql.Data.MySqlClient;
using System.Data;
}
protected void login_Click(object sender, EventArgs e)
{
MySqlConnection conn = new
MySqlConnection("server=127.0.0.1;database=self_destruction;uid=root;
password=root123;");
MySqlCommand cmd = new MySqlCommand("SELECT * FROM
datauserreg where name='" + txtuser.Text + "'", conn);
conn.Open();
DataTable dt = new DataTable();
31
MySqlDataReader dr = cmd.ExecuteReader();
if (dr.Read() == true)
{
if (dr[4].ToString() == txtpwd.Text)
{
Session["datausername"] = dr[0].ToString();
conn.Close();
}
conn.Close();
txtuser.Text = "";
txtpwd.Text = "";
}
32
}
}
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using MySql.Data.MySqlClient;
using System.Windows.Forms;
using System.Data;
}
protected void Button1_Click(object sender, EventArgs e)
{
MySqlConnection conn = new
MySqlConnection("server=127.0.0.1;database=self_destruction;uid=root;pas
sword=root123;");
MySqlCommand cmd = new MySqlCommand("SELECT * FROM
datauserreg", conn);
MySqlCommand cmd1;
33
conn.Open();
DataTable dt = new DataTable();
MySqlDataReader dr = cmd.ExecuteReader();
while (dr.Read() == true)
{
if (dr["Password"].ToString() == txtpwd.Text)
{
MessageBox.Show(" already user");
Response.Redirect("datauserreg.aspx");
conn.Close();
}
else
{
conn.Open();
string cn = "insert into cspregistration values('" + txtname.Text + "','"
+ txtage.Text + "','"+txtgender.Text+"','" + txtid.Text + "','" + txtpwd.Text +
"')";
cmd1 = new MySqlCommand(cn, conn);
cmd1.ExecuteNonQuery();
conn.Close();
MessageBox.Show("Register success");
Response.Redirect("datauserlogin.aspx");
}
}
}
34
}
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Windows.Forms;
using MySql.Data.MySqlClient;
namespace WebApplication1
{
public partial class search : System.Web.UI.Page
{
BindGridviewData();
}
private void BindGridviewData()
{
MySqlConnection conn = new
MySqlConnection("server=127.0.0.1;database=self_destruction;uid=root;pas
sword=root123;");
35
string query;
MySqlCommand SqlCommand;
MySqlDataReader reader;
namespace WebApplication1
{
public partial class download : System.Web.UI.Page
{
MySqlConnection conn = new
MySqlConnection("server=127.0.0.1;database=self_destruction;uid=root;pas
sword=root123;");
Label1.Text = Session["datausername"].ToString();
string query;
MySqlCommand SqlCommand;
conn.Close();
MySqlDataReader reader;
MySqlDataAdapter adapter = new MySqlDataAdapter();
37
//Open the connection to db
conn.Open();
//Generating the query to fetch the contact details
query = "SELECT filename,filetype FROM upl";
SqlCommand = new MySqlCommand(query, conn);
adapter.SelectCommand = new MySqlCommand(query, conn);
//execute the query
reader = SqlCommand.ExecuteReader();
//Assign the results
GridView1.DataSource = reader;
GridView1.DataBind();
conn.Close();
}
Session["filename"] = TextBox1.Text;
39
MySqlConnection conn = new
MySqlConnection("server=127.0.0.1;database=self_destruction;uid=root;pas
sword=root123;");
string cipherText = inputContent;
string query2;
MySqlCommand SqlCommand3;
query2 = ("select keyfield from upl where filename='" +
TextBox1.Text + "'");
SqlCommand3 = new MySqlCommand(query2, conn);
conn.Open();
MySqlDataReader reader = SqlCommand3.ExecuteReader();
reader.Read();
Session["privatekey"] = reader[0].ToString();
conn.Close();
namespace WebApplication1
{
public partial class upload : System.Web.UI.Page
{
string fn = Path.GetFileName(fs1);
switch (ext)
{
case ".doc":
43
contenttype = "application/vnd.ms-word";
break;
case ".docx":
contenttype = "application/vnd.ms-word";
break;
case ".xls":
contenttype = "application/vnd.ms-excel";
break;
case ".xlsx":
contenttype = "application/vnd.ms-excel";
break;
case ".jpg":
contenttype = "image/jpg";
44
break;
case ".png":
contenttype = "image/png";
break;
case ".gif":
contenttype = "image/gif";
break;
case ".txt":
contenttype = "application/pdf";
break;
case ".pptx":
contenttype = "application/vnd.PowerPoint";
break;
}
45
//Stream fs = FileUpload1.PostedFile.InputStream;
string inputContent;
string fname = Session["fname1"].ToString();
using (StreamReader inputStreamReader = new
StreamReader(Session["path"].ToString()))
{
inputContent = inputStreamReader.ReadToEnd();
comd.ExecuteNonQuery();
46
con.Close();
con.Open();
string fn = "";
byte[] recv = Encoding.ASCII.GetBytes(inText);
fn = "D:\\encrypted\\" + FileUpload1.PostedFile.FileName.ToString()
;
Session["path"] = fn;
Session["fname1"] = FileUpload1.PostedFile.FileName.ToString();
File.WriteAllBytes(fn, recv);
txtdate.Text = System.DateTime.Now.ToString();
48
MessageBox.Show("File is Encrypted Successfully");
Button6.Enabled = true;
}
}
}
APPENDIX B
SCREEN SHOTS
Homepage
Fg.B.1 homepage
Data Owner login
49
Fg.B.2 Data Owner login
Upload the file
Login CloudMe
50
Fg.B.4 Login CloudMe
Uploaded file
51
Data user login
52
Fg.B.7 Select the file
File is downloaded
File is decrypted
53
Fg.B.9 File is decrypted
Timer starts
54
Fig.B.10 Encrypted file is obtained
8. REFERENCE:
55
1 P. Jamshidi, A. Ahmad, and C. Pahl, “Cloud migration research:
Asystematic review,” IEEE Trans. Cloud Comput., vol. 1, no. 2,pp. 142–
157, Jul.–Dec. 2013.
56