identity based secure distributed storage scheme
DESCRIPTION
Secure distributed data storage can shift the burden of maintaining a large number of files from the owner to proxy servers. Proxy servers can convert encrypted files for the owner to encrypted files for the receiver without the necessity of knowing the content of the original files. In practice, the original files will be removed by the owner for the sake of space efficiency. Hence, the issues on confidentiality and integrity of the outsourced data must be addressed carefully. In this paper, we propose two identity-based secure distributed data storage (IBSDDS) schemes. Our schemes can capture the following properties: (1) The file owner can decide the access permission independently without the help of the private key generator (PKG). (2) For one query, a receiver can only access one file, instead of all files of the owner. (3) Our schemes are secure against the collusion attacks, namely even if the receiver can compromise the proxy servers, he cannot obtain the owner’s secret key. Although the first scheme is only secure against the chosen plaintext attacks (CPA), the second scheme is secure against the chosen ciphertext attacks (CCA). To the best of our knowledge, it is the first IBSDDS schemes where an access permissions is made by the owner for an exact file and collusion attacks can be protected in the standard model.TRANSCRIPT
Identity-Based Secure Distributed Data Storage Schemes
PRESENTED BY INTERNAL GUIDE:
VENKATESH DEVAM 1CR10CS112 Ms. MANIMOZHI
Assoc. Professor(CSE)
Department of Computer Science & Engineering
AGENDA
Abstract IntroductionExisting SystemObjectiveProposed SystemLiterature SurveySystem RequirementsSystem DesignData flow diagramClass diagramSequence diagramTestingResult and performance evaluationConclusion and future workReferences
ABSTRACT
Identity-based secure distributed data storage (IBSDDS) schemes is for distributed data.
Our schemes can capture the following properties:
The file owner can decide the access permission independently without the help of the
private key generator (PKG)
For one query, a receiver can only access one file, instead of all files of the owner
Our schemes are secure against the collusion attacks, namely even if the receiver can compromise the proxy servers, he cannot obtain the owner’s secret key.
INTRODUCTION
Structure of cloud computing
SERVICES MODELS
Cloud Computing comprises of three different service models, namely Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS).
A cloud user can access services on the infrastructure layer, for instance, users can run their applications and is responsible for the support and maintenance.
User can access a service on the application layer, these tasks are normally taken care of by the cloud service provider.
EXISTING SYSTEM
Cloud computing provides users with a convenient mechanism to manage their personal files with the notion called database-as-a-service (DAS).
In DATABASE AS A SERVICE(DAS) schemes, a user can outsource his encrypted files to untrusted proxy servers.
Proxy servers can perform some functions on the outsourced ciphertexts without knowing anything about the original files.
DISADVANTAGES OF EXISTING SYSTEM
Users are especially concerned on the confidentiality, integrity and query of the outsourced files.
Cloud computing is a lot more complicated than the local data storage systems, as the cloud is managed by an untrusted third party.
The outsourced files are accessed by the unauthorized users.
OBJECTIVE OF THE PROJECT
To provide confidentiality for the outsourced data, an efficient IBSDDS scheme should provide the following properties:
• Unidirectional
• Non-interactive
• Collusion-safe
• Non-transitive
• File based access
PROPOSED SYSTEM
There are two identity-based secure distributed data storage (IBSDDS) schemes in standard model where,
For one query, the receiver can access only one of the owner’s files, instead of all files.
An access permission (re-encryption key) is bound not only to the identity of the receiver but also the file.
ADVANTAGES OF PROPOSED SYSTEM
It has two schemes of security:
the first scheme is CPA(CHOOSEN PLAINTEXT ATTACK) secure,
the second scheme achieves CCA (CHOOSEN CYPHERTEXT ATTACK) security.
It is the first IBSDDS schemes where an access permission is made by the owner for an exact file.
Collusion attacks can be protected in the standard model.
LITERATURE SURVEY
Chip-secured data access: Confidential data on untrusted servers(2011), L. Bouganim and P. Pucheral
It provides a solution which enforces data confidentiality and controls personal privileges.
How to build a trusted database system on untrusted storage(2009),U. Maheshwari, R. Vingralek, and W. Shapiro
The database is encrypted and validated against a collision-resistant hash kept in trusted storage.
Efficient and private access to outsourced data,S. D. C. di Vimercati, S. Foresti, S. Paraboschi, G. Pelosi, P.Samarati(2012)
A technique for guaranteeing content, access, and pattern confidentiality in the data outsourcing scenario with limited performance.
HARDWARE REQUIREMENTS
Processor - Pentium –IV
Speed - 1.1 Ghz
RAM - 256 MB(min)
Hard Disk - 20 GB
Key Board - Standard Windows Keyboard
Mouse - Two or Three Button Mouse
Monitor - SVGA
SOFTWARE REQUIREMENTS
Operating System : Windows XP
Programming Language : JAVA
Java Version : JDK 1.6 & above.
IDE : NETBEANS
Database : SQL
SYSTEM DESIGN
ALGORITHM-TRIPLE DES
Triple DES uses a "key bundle" that comprises three DES keys, K1, K2 and K3, each of 56 bits
(excluding parity bits).
The encryption algorithm is:cipher text = EK3(DK2(EK1(plain text)))
i.e., DES encrypt with K1, DES decrypt with K2, then DES encrypt with K3.
Decryption is the reverse:plaintext = DK1(EK2(DK3(cipher text)))
I.e., decrypt with K3, encrypt with K2, then decrypt with K1.
Each triple encryption encrypts one block of 64 bits of data.In each case the middle operation is the reverse of the first and last. This improves the strength of the algorithm when using keying option 2, and provide backward compatibility with DES with keying option 3..
TRIPLE DES –KEYING OPTION
The standards define three keying options:
Keying option 1: All three keys are independent.
Keying option 2: K1 and K2 are independent, and K3 = K1.
Keying option 3: All three keys are identical, i.e. K1 = K2 = K3.
Keying option 1 is the strongest, with 3 × 56 = 168 independent key bits.
Keying option 2 provides less security, with 2 × 56 = 112 key bits. This option is stronger than simply DES encrypting twice, e.g. with K1 and K2, because it protects against meet-in-the-middle attacks.
Keying option 3 is equivalent to DES, with only 56 key bits. This option provides backward compatibility with DES, because the first and second DES operations cancel out.
DATA OWNER
In this module, first the new data owner registers and then get a valid login credentials.
After logged in, the data owner has the permission to upload their file into the Cloud Server.
The data owner encrypts his data and outsources the cipher texts to the proxy servers.
PRIVATE KEY GENERATOR
In this module, the private key generator (PKG) validates the users’ identities and issues secret keys to them.
The key is generated and sent to their respective mail id’s with the file name and the corresponding key values.
PROXY SERVER
Proxy servers store the encrypted data and transfer the cipher text from the owner to the receiver when they obtain access permission (re-encryption key) from the owner.
In these systems, proxy servers are assumed to be trusted. They authenticate receivers and validate access permissions.
RECEIVER MODULE
The receiver authenticates himself to the owner and decrypts the re-encrypted Cipher text to obtain the data.
An end to-end security is provided by cryptographic protocols which are executed by the file owner to prevent proxy servers and unauthorized users from modifying and accessing the sensitive files.
These systems can be divided into two types:
shared file system and
non-shared system.
DATA FLOW DIAGRAM
CLASS DIAGRAM
USE CASE DIAGRAM
SEQUENCE DIAGRAM
TEST CASES FOR LOGIN
Test Case Check Item Test case Objective Steps to Execute Test Data / Input Expected Result
TC-001 Log-in PageLeave all fields as blank and click Log-in button
Click Log-in
By leaving all fields as blank and on click Log-in button then mandatory symbol ( * ) should appear in front of Username and Password fields
TC-002 UsernameEnter Invalid Username
NABy entering invalid Username then an error message should appear as " Please Enter Valid Username "
TC-003 Username Enter valid Username NA It should allow the user to proceed
TC-004 Password NAThe password field should display the encrypted format of the text typed as (****)
TC-005 PasswordEnter wrong password
NA Password : ***By entering invalid password then an error message should appear as " Please Enter Correct Password "
TC-006 PasswordEnter Correct password
NA Password : ******* It should allow the user to proceed
TC-007 Log-in button Correct Inputs Click Log-inIt should lead the user to the respect page
TC-008 Forgot PasswordCheck hyperlink on Forgot Password label
while mouse over of the label an hand icon should display
TC-009 Forgot PasswordClick Forgot Password
User can recover the password using the “Forgot Password” link page
TC-010 RegistrationCheck hyperlink on Registration label
while mouse over of the label an hand icon should display
TC-011 Registration Click RegistrationOn click " Registration " page should redirect to the User Registration page
Test Case Check Item Test case ObjectiveSteps to Execute Test Data / Input
Expected Result
TC-012 File UploadLeave upload file fields as blank and click submit button
Click submit File not uploaded
TC-013Enter file name to download file
Enter Invalid filename NA File name
By entering invalid filename then an error message should appear as " Incorrect Filename"
TC-014Enter file name to download file
Enter valid Filename NA File nameIt should allow the user to proceed
TC-015Enter secret key to download file
Enter Invalid secretkey
NA Secret Key
By entering invalid secret key then an error message should appear as " Incorrect Secret key"
TC-016Enter secret key to download file
Enter valid secretkey
NA Secret keyIt should allow the user to download
TC-017 File Upload Upload correct file Click submit File to uploadFile uploaded successfully
Test Case Check Item Test case Objective Steps to Execute Test Data / Input Expected Result
RESULT AND PERFORMANCE EVALUATION
RESULT AND PERFORMANCE EVALUATION
CONCLUSION & FUTURE SCOPE
Distributed data storage schemes provide the users with convenience to outsource their files to untrusted proxy servers.
Identity-based secure distributed data storage (IBSDDS) schemes are a special kind of distributed data storage schemes.
In IBSDDS users are identified by their identities and can communicate without the need of verifying the public key certificates.
The future of IBSDDS is very good, as it provides data integrity and confidentiality. The owner have the full access on sharing of file. It also secures the data from unauthorized access and collusion attacks.
REFERENCES
[1] H. Hacig¨um¨us, B. R. Iyer, C. Li, and S. Mehrotra, “Executing SQL over encrypted data in the database-service-provider model,” in Proceedings: SIGMOD Conference - SIGMOD’02 (M. J. Franklin, B. Moon, and A. Ailamaki, eds.), vol. 2002, (Madison, Wisconsin, USA), pp. 216–227, ACM, Jun. 2002.
[2] L. Bouganim and P. Pucheral, “Chip-secured data access: Confidential data on untrusted servers,” in Proc. International Conference on Very Large Data Bases - VLDB’02, (Hong Kong, China), pp. 131– 142, Morgan Kaufmann, Aug. 2002.
[3] U. Maheshwari, R. Vingralek, and W. Shapiro, “How to build a trusted database system on untrusted storage,” in Proc. Symposium on Operating System Design and Implementation - OSDI’00, (San Diego, California, USA), pp. 135–150, USENIX, Oct. 2000.
[4] A. Ivan and Y. Dodis, “Proxy cryptography revisited,” in Proc. Network and Distributed System Security Symposium - NDSS’03, (San Diego, California, USA), pp. 1–20, The Internet Society, Feb. 2003.
THANK YOU