Vtdcc03-Final With Future Ppt

PRIVACY PRESERVING DELEGATED ACCESS CONTROLIN PUBLIC CLOUDS

ABSTRACT

Current approaches to enforce fine-grained access control on confidential data hosted in the cloud are based on fine-grained encryption of the data. Under such approaches, data owners are in charge of encrypting the data before uploading them on the cloud and re-encrypting the data whenever user credentials change. Data owners thus incur high communication and computation costs. A better approach should delegate the enforcement of fine-grained access control to the cloud, so to minimize the overhead at the data owners, while assuring data confidentiality from the cloud. We propose an approach, based on two layers of encryption that addresses such requirement. Under our approach, the data owner performs a coarse-grained encryption, whereas the cloud performs a fine-grained encryption on top of the owner encrypted data. A challenging issue is how to decompose access control policies (ACPs) such that the two layer encryption can be performed. We show that this problem is NP-complete and propose novel optimization algorithms. We utilize an efficient group key management scheme that supports expressive ACPs. Our system assures the confidentiality of the data and preserves the privacy of users from the cloud while delegating most of the access control enforcement to the cloud.

SCOPE OF THE PROJECT

Our Objective is to providing security in accessing the documents from the cloud. Previously there is a single layer encryption is there in accessing documents. In these disadvantage is the owner has to re encrypt the document in his own storage there leads to more storage. Now we are implementing two layer encryption in this User have more security in accessing documents. But user has to decrypt two times and has to receives the secret key with the cloud as well as owner with user identity token.

LITERATURE SURVEYTitle: Privacy-Preserving Public Auditing for Secure Cloud StorageAuthor: Cong Wang , Sherman S.M. Chow, Qian Wang, Kui Ren, Wenjing LouYear:2013Description:Using Cloud Storage, users can remotely store their data and enjoy the on-demand high quality applications and services from a shared pool of configurable computing resources, without the burden of local data storage and maintenance. However, the fact that users no longer have physical possession of the outsourced data makes the data integrity protection in Cloud Computing a formidable task, especially for users with constrained computing resources. Moreover, users should be able to just use the cloud storage as if it is local, without worrying about the need to verify its integrity. Thus, enabling public auditability for cloud storage is of critical importance so that users can resort to a third party auditor (TPA) to check the integrity of outsourced data and be worry-free. To securely introduce an effective TPA, the auditing process should bring in no new vulnerabilities towards user data privacy, and introduce no additional online burden to user. In this paper, we propose a secure cloud storage system supporting privacy-preserving public auditing. We further extend our result to enable the TPA to perform audits for multiple users simultaneously and efficiently. Extensive security and performance analysis show the proposed schemes are provably secure and highly efficient. Our preliminary experiment conducted on Amazon EC2 instance further demonstrates the fast performance of the design.

Title: Secure and Selective Dissemination of XML DocumentsAuthor: ELISA BERTINO, ELENA FERRARIYear:2002Description:XML (eXtensible Markup Language) has emerged as a prevalent standard for document representation and exchange on the Web. It is often the case that XML documents contain information of different sensitivity degrees that must be selectively shared by (possibly large) user communities. There is thus the need for models and mechanisms enabling the specification and enforcement of access control policies for XML documents. Mechanisms are also required enabling a secure and selective dissemination of documents to users, according to the authorizations that these users have. In this article, we make several contributions to the problem of secure and selective dissemination of XML documents. First, we define a formal model of access control policies for XML documents. Policies that can be defined in our model take into account both user profiles, and document contentsand structures. We also propose an approach, based on an extension of the CryptolopeTM approach [Gladney and Lotspiech 1997], which essentially allows one to send the same document to all users, and yet to enforce the stated access control policies. Our approach consists of encrypting different portions of the same document according to different encryption keys, and selectively distributing these keys to the various users according to the access control policies. We show that the number of encryption keys that have to be generated under our approach is minimal and we present an architecture to support document distribution.

Title: Controlling Access to Published Data Using CryptographyAuthor: Gerome Miklau, Dan SuciuYear:2003Description:We propose a framework for enforcing access control policies on published XML documents using cryptography.In this framework the owner publishes a single data instance, which is partially encrypted, and which enforces all access control policies. Our contributions include a declarative language for access policies, and the resolution of these policies into a logical protection model which protects an XML tree with keys. The data owner enforces an access control policy by granting keys to users. The model is quite powerful, allowing the data owner to describe complex access scenarios, and is also quite elegant, allowing logical optimizations to be described as rewriting rules. Finally, we describe cryptographic techniques for enforcing the protection model on published data, and provide a performance analysis using real datasets.

Title: A Privacy-Preserving Approach to Policy-Based Content DisseminationAuthor: Ning Shang, Mohamed Nabeel, Federica PaciYear:2010Description:We propose a novel scheme for selective distribution of content, encoded as documents, that preserves the privacy of the users to whom the documents are delivered and is based on an efficient and novel group key management scheme. Our document broadcasting approach is based on access control policies specifying which users can access which documents, or subdocuments. Based on such policies, a broadcast document is segmented into multiple subdocuments, each encrypted with a different key. In line with modern attribute-based access control, policies are specified against identity attributes of users. However our broadcasting approach is privacy-preserving in that users are granted access to a specific document, or subdocument, according to the policies without the need of providing in clear information about their identity attributes to the document publisher. Under our approach, not only does the document publisher not learn the values of the identity attributes of users, but it also does not learn which policy conditions are verified by which users, thus inferences about the values of identity attributes are prevented. Moreover, our key management scheme on which the proposed broadcasting approach is based is efficient in that it does not require to send the decryption keys to the users along with the encrypted document. Users are able to reconstruct the keys to decrypt the authorized portions of a document based on subscription information they have received from the document publisher. The scheme also efficiently handles new subscription of users and revocation of subscriptions.

Title: Towards Privacy Preserving Access Control In the CloudAuthor: Mohamed Nabeel, Murat KantarciogluYear:2011Description:It is very costly and cumbersome to manage database systems in-house especially for small or medium organizations. Data-as-a-Service (DaaS) hosted in the cloud provides an attractive solution, which is flexible, reliable, easy and economical to operate, for such organizations. However security and privacy issues concerning the storage of the data in the cloud and access via the Internet have been major concerns for many organizations. The data and the human resources are the life blood of any organization. Hence, they should be strongly protected. In this paper, we identify the challenges in securing DaaS model and propose a system called CloudMask that lays thefoundation for organizations to enjoy all the benefits of hosting their data in the cloud while at the same time supporting finegrained and flexible access control for shared data hosted in the cloud.

Title: Overencryption:Management of Access Control Evolution on Outsourced DataAuthor: Sabrina De Capitani di Vimercati, Sara Foresti, Sushil JajodiaYear:2007Description:Data outsourcing is emerging today as a successful paradigm allowing users and organizations to exploit external services for the distribution of resources. A crucial problem to be addressed in this context concerns the enforcement of selective authorization policies and the support of policy updates in dynamic scenarios. In this paper, we present a novel solution to the enforcement of access control and the management of its evolution. Our proposal is based on the application of selective encryption as a means to enforce authorizations. Two layers of encryption are imposed on data: the inner layer is imposed by the owner for providing initial protection, the outer layer is imposed by the server to reflect policy modifications. The combination of the two layers provides an efficient and robust solution. The paper presents a model, an algorithm for the management of the two layers, and an analysis to identify and therefore counteract possible information exposure risks.

Title: Controlling Access to an Oblivious Database using Stateful Anonymous Credentials DataAuthor: Scott Coull, Matthew Green, and Susan HohenbergerYear:2007Description:In this work, we consider the task of allowing a content provider to enforce complex access control policies on oblivious protocols conducted with anonymous users. As our primary application, we show how to construct privacy-preserving databases by combining oblivious transfer with an augmented anonymous credential system. This permits a database operator to restrict which items each user may access, without learning anything about users' identities or item choices. This strong privacy guarantee holds even when users are assigned di_erent access control policies and are allowed to adaptively make many queries. To do so, we show how to augment existing anonymous credential systems so that, in addition to certifying a user's attributes, they also store state about the user's database access history. Our construction supports a wide range of access control policies, including e_cient and private realizations of the Brewer-Nash (Chinese Wall) and Bell-LaPadula (Multilevel Security) policies, which are used for _nancial and defense applications. In addition, our system is based on standard assumptions in the standard model and, after an initial setup phase, each transaction requires only constant time.

Title: Revocation and Tracing Schemes for Stateless ReceiversAuthor: Dalit Naor, Moni Naor, Jeff LotspiechYear:2001Description:We deal with the problem of a center sending a message to a group of users such that some subset of the users is considered revoked and should not be able to obtain the content of the message. We concentrate on the stateless receiver case, where the users do not (necessarily) update their state from session to session. We present a framework called the Subset-Cover framework, which abstracts a variety of revocation schemes including some previously known ones. We provide sufficient conditions that guarantees the security of a revocation algorithm in this class. We describe two explicit Subset-Cover revocation algorithms; these algorithms are very flexible and work for any number of revoked users. The schemes require storage at the receiver of and keys respectively ( is the total number of users), and in order to revoke users the required message lengths are of and keys respectively. We also provide a general traitor tracing mechanism that can be integrated with any Subset-Cover revocation scheme that satisfies a bifurcation property. This mechanism does not need an a priori bound on the number of traitors and does not expand the message length by much compared to the revocation of the same set of traitors. The main improvements of these methods over previously suggested methods, when adopted to the stateless scenario, are: (1) reducing the message length to regardless of the coalition size while maintaining a single decryption at the users end (2) provide a seamless integration between the revocation and tracing so that the tracing mechanisms does not require any change to the revocation algorithm.

Title: OACerts: Oblivious Attribute CertificatesAuthor: Jiangtao Li and Ninghui LiYear:2006Description:We propose Oblivious Attribute Certificates (OACerts), an attribute certificate scheme in which a certificate holder can select which attributes to use and how to use them. In particular, a user can use attribute values stored in an OACert obliviously, i.e., the user obtains a service if and only if the attribute values satisfy the policy of the service provider, yet the service provider learns nothing about these attribute values. This way, the service providers access control policy is enforced in an oblivious fashion. To enable the oblivious access control using OACerts, we propose a new cryptographic primitive called Oblivious Commitment-Based Envelope (OCBE). In an OCBE scheme, Bob has an attribute value committed to Alice and Alice runs a protocol with Bob to send an envelope (encrypted message) to Bob such that: (1) Bob can open the envelope if and only if his committed attribute value satisfies a predicate chosen by Alice, (2) Alice learns nothing about Bobs attribute value.We develop provably secure and efficient OCBE protocols for the Pedersen commitment scheme and predicates such as =,_,_, >,

Title: Attribute-Based Encryption for Fine-Grained Access Control of Encrypted DataAuthor: Vipul Goyal, Omkant Pandey, Amit Sahai, Brent WatersYear:2006Description:As more sensitive data is shared and stored by third-party sites on the Internet, there will be a need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be selectively shared only at a coarse-grained level (i.e., giving another party your private key). We develop a new cryptosystem for ne-grained sharing of encrypted data that we call Key-Policy Attribute-Based Encryption (KP-ABE). In our cryptosystem, ciphertexts are labeled with sets of attributes and private keys are associated with access structures that control which ciphertexts a user is able to decrypt. We demonstrate the applicability of our construction to sharing of audit-log information and broadcast encryption. Our construction supports delegation of private keys which subsumes Hierarchical Identity-Based Encryption (HIBE).

SYSTEM ANALYSISEXISTING SYSTEM In the approaches subdocuments are encrypted with different keys, which are provided to users at the registration phase. The encrypted subdocuments are then broadcasted to all users. However, such approaches require that all or some keys be distributed in advance during user registration phase. This requirement makes it difficult to assure forward and backward key secrecy when user groups are dynamic. Further, the rekey process is not transparent, thus shifting the burden of acquiring new keys on users. It lays the foundation to make rekey transparent to users and protect the privacy of the users who access the content.

DRAWBACK IN EXISTING SYSTEM

In this approaches incur high communication and computation cost to manage keys and encryptions whenever user credentials change. In such approaches, the data owner has to enforce the ACPs and the privacy of the users from the content publisher is not protected. In some approaches, multiple encryptions of the same document are required which is inefficient.

EXISTING ALGORITHM

Single Layer Encryption Approach

PROPOSED SYSTEM

In this system, we propose a new approach to address this shortcoming. The approach is based on two layers of encryption applied to each data item uploaded to the cloud. Under this approach, referred to as two layer encryption (TLE), the data owner performs a coarse grained encryption over the data in order to assure the confidentiality of the data from the cloud. Then the cloud performs fine grained encryption over the encrypted data provided by the data owner based on the ACPs provided by the data owner. However, the way we perform coarse and fine grained encryption is novel and provides a better solution than existing solutions based on two layers of encryption.

ADVANTAGES IN PROPOSED SYSTEM

It provides a better way to handle data updates, and user dynamics changes. To support expressive access control policies. When user dynamics changes, only the outer layer of the encryption needs to be updated. Outer layer encryption is performed at the cloud, no data transmission is required between the data owner and the cloud.

PROPOSED ALGORITHM

Two Layer Encryption (TLE)

SYSTEM REQUIREMENTS

HARDWARE REQUIREMENTS:System: Pentium IV 2.4 GHZHard disk: 40 GBMouse: Logitech. RAM: 2GB(minimum) Keyboard: 110 keys enhanced.

SOFTWARE REQUIREMENTS:Operating system :- Windows7Front End:- Microsoft Visual Studio .Net 2010Coding Language :- C# Backend:- SQL Server 2008

MODULES

User Authentication and ID ProvidingIssuing token ID based on User Registration

Data OwnerAuthenticationKey GenerateUpload Encrypted Data in cloud

Cloud Service Encrypt the Data Owner files

User AccessDownload keysDecrypt Data

2. MODULE DESCRIPTIONSIdentity Provider: In this Identity module it is responsible for registering the users and submitting the identity tokens to the users who are registered only.

Data Owner: In this Data Owner module it is responsible for storing the documents in the cloud storage services in the encrypted format .whenever the user searches the data by using identity token. Data owner submits the security key regarding for the searched document.

Cloud Storage: In this Cloud storage module it stores the data of the data owner. And whenever user search for some document if is found and cloud storage re-encrypt the encrypted document and submits a key to the user.

User: In this user module it is responsible for registering with his details in identity protocol and receiving identity tokens from the identity protocol .And then he searches the relative documents in the data owner and as well as Cloud storage and receives keys from two modules and then he downloads the relative document and decrypt with the two keys.

3. Module Diagram

Identity Protocol:

Data Owner:

Cloud Storage :

User Access :

Cloud Storage

4. GIVEN INPUT AND EXPECTED OUTPUTIdentity Protocol:Input: Username and passwordOutPut: Sending Token KeyData Owner:Input:Uploading Documents With Process of EncryptionOutPut: Allow to next processInput: User searches with Identity tokensOutPut: Sending keys to the userUser:Input: Searching with Identity TokensOutPut : Receiving the keys from cloud storage and data ownerCloud Storage:Input: Storing the materials and receiving identity tokens from the userOutPut : Sending key to the user

SYSTEM DESIGNUse Case DiagramA use case diagram is a graph of actors, a set of use cases enclosed by a system boundary, communication (participation) association between the actors and the use cases, and generalization among the use cases. A use case diagram shows the relationship among the actors (Sender) and use cases within a system.In our project this diagram indicates the interaction between user and web search interface. In this diagram shows the process of searching and retrieve information as quickly, relevant informations. Here users enter the query that query is process by neighborhood and incremental query construction method then they form new query. This query is processing and retrieves accurate data from database.

Class DiagramA class diagram in the UML is a type of static structure diagram that describes the structure of a system by showing the systems classes, their attributes, and the relationships between the classes. Private visibility hides information from anything outside the class partition. Public visibility allows all other classes to view the marked information. Protected visibility allows child classes to access information they inherited from a parent class.In our project this diagram indicates the interaction between user and web search interface. In this diagram shows the process of searching and retrieve information as quickly, relevant informations. Here users enter the query that query is process by neighborhood and incremental query construction method then they form new query. This query is processing and retrieves accurate data from database.

Object DiagramAnobject diagramin theUnified Modeling Language(UML) is adiagram that shows a complete or partial view of the structure of a modeledsystemat a specific time.

An Object diagram focuses on some particular set of object instances and attributes, and the links between the instances. A correlated set of object diagrams provides insight into how an arbitrary view of a system is expected to evolve over time.

Object diagrams are more concrete than class diagrams, and are often used to provide examples, or act as test cases for the class diagrams. Only those aspects of a model that are of current interest need be shown on an object diagram

In our project this diagram indicates the interaction between user and web search interface. In this diagram shows the process of searching and retrieve information as quickly, relevant informations. Here users enter the query that query is process by neighborhood and incremental query construction method then they form new query. This query is processing and retrieves accurate data from database.

State DiagramAstate diagramis a type ofdiagramused incomputer scienceand related fields to describe the behavior of systems. State diagrams require that the system described is composed of a finite number ofstates; sometimes, this is indeed the case, while at other times this is a reasonableabstraction. There are many forms of state diagrams, which differ slightly and have differentsemanticsIn our project this diagram indicates the interaction between user and web search interface. In this diagram shows the process of searching and retrieve information as quickly, relevant informations. Here users enter the query that query is process by neighborhood and incremental query construction method then they form new query. This query is processing and retrieves accurate data from database.

ACTIVITY DIAGRAM:Activity diagram are a loosely defined diagram to show workflows of stepwise activities and actions, with support for choice, iteration and concurrency. UML, activity diagrams can be used to describe the business and operational step-by-step workflows of components in a system. UML activity diagrams could potentially model the internal logic of a complex operation. In many ways UML activity diagrams are the object-oriented equivalent of flow charts and data flow diagrams (DFDs) from structural development.In our project this diagram indicates the interaction between user and web search interface. In this diagram shows the process of searching and retrieve information as quickly, relevant informations. Here users enter the query that query is process by neighborhood and incremental query construction method then they form new query. This query is processing and retrieves accurate data from database.

SEQUENCE DIAGRAM:

A sequence diagram in UML is a kind of interaction diagram that shows how processes operate with one another and in what order. It is a construct of a message sequence chart. Sequence diagrams are sometimes called Event-trace diagrams, event scenarios, and timing diagrams.UML sequence diagrams model the flow of logic within your system in a visual manner, enabling you both to document and validate your logic, and are commonly used for both analysis and design purposes. Sequence diagrams are the most popular UML artifact for dynamic modeling, which focuses on identifying the behavior within your system.In our project this diagram indicates the interaction between user and web search interface. In this diagram shows the process of searching and retrieve information as quickly, relevant informations. Here users enter the query that query is process by neighborhood and incremental query construction method then they form new query. This query is processing and retrieves accurate data from database.

COLLABORATION DIAGRAM:

A collaboration diagram show the objects and relationships involved in an interaction, and the sequence of messages exchanged among the objects during the interaction.

The collaboration diagram can be a decomposition of a class, class diagram, or part of a class diagram. It can be the decomposition of a use case, use case diagram, or part of a use case diagram.

The collaboration diagram shows messages being sent between classes and object (instances). A diagram is created for each system operation that relates to the current development cycle (iteration).


COMPONENT DIAGRAM:Components are wired together by using anassembly connectorto connect the requiredinterfaceof one component with the provided interface of another component. This illustrates theservice consumer service providerrelationship between the two components. Anassembly connectoris a "connector between two components that defines that one component provides the services that another component requires. An assembly connector is a connector that is defined from a required interface or port to a provided interface or port." When using a component diagram to show the internal structure of a component, the provided and required interfaces of the encompassing component can delegate to the corresponding interfaces of the contained components.


DATA FLOW DIAGRAM:A data flow diagram (DFD) is a graphical representation of the flow of data through an information system. It differs from the flowchart as it shows the data flow instead of the control flow of the program. A data flow diagram can also be used for the visualization of data processing. The DFD is designed to show how a system is divided into smaller portions and to highlight the flow of data between those parts.In our project this diagram indicates the interaction between user and web search interface. In this diagram shows the process of searching and retrieve information as quickly, relevant informations. Here users enter the query that query is process by neighborhood and incremental query construction method then they form new query. This query is processing and retrieves accurate data from database.

LEVEL 0

LEVEL 1

All Levels

E-R DIAGRAM:Insoftware engineering, anentity-relationship model(ERM) is an abstract and conceptual representation ofdata. Entity-relationship modeling is adatabase modelingmethod, used to produce a type ofconceptual schemaor semantic data modelof a system, often arelational database, and its requirements in atop-downfashion. Diagrams created by this process are calledentity-relationship diagrams,ER diagrams, orERDs.In our project this diagram indicates the interaction between user and web search interface. In this diagram shows the process of searching and retrieve information as quickly, relevant informations. Here users enter the query that query is process by neighborhood and incremental query construction method then they form new query. This query is processing and retrieves accurate data from database.

5. IMPLEMENTATION5.1.User Authentication :public partial class UserRegistration : System.Web.UI.Page{ bo bo_obj = new bo(); bal bal_obj = new bal(); protected void Page_Load(object sender, EventArgs e) { if (!IsPostBack) { ViewState["ID"] = bal_obj.BAL_User_ID(); } } protected void btn_register_Click(object sender, EventArgs e) { if (txt_password.Text == txt_conf_pass.Text) {try { string a = string.Empty; bo_obj.Username = txt_username.Text; bo_obj.Empid = txt_empid.Text; bo_obj.Designation = drop_designation.Text;

bo_obj.Age = Convert.ToInt32(txt_age.Text); bo_obj.Gender = drop_gender.Text; bo_obj.Password = txt_password.Text; bo_obj.Sec_ques = drop_securityques.Text; bo_obj.Sec_ans = txt_answer.Text; bo_obj.Mobile = Convert.ToDouble(txt_mobile.Text); bo_obj.Idprovider=ViewState["ID"].ToString(); bal_obj.user_reg(bo_obj); a= ViewState["ID"].ToString(); Response.Write("alert('Your Registration id is : "+a+" ')"); txt_age.Text = ""; txt_answer.Text = ""; txt_empid.Text = ""; txt_mobile.Text = ""; txt_username.Text = ""; drop_designation.Text = ""; drop_gender.Text = ""; drop_securityques.Text = ""; } catch (Exception) { throw; } } else { Response.Write("alert('Registration failed! password mismatch')"); } }

protected void btn_reset_Click(object sender, EventArgs e) { txt_age.Text = ""; txt_answer.Text = ""; txt_empid.Text = ""; txt_mobile.Text = ""; txt_username.Text = ""; drop_designation.Text = ""; drop_gender.Text = ""; drop_securityques.Text = ""; }}

5.2.User Login :public partial class UserLogin : System.Web.UI.Page{ bal bal_log= new bal(); bo bo_log = new bo(); protected void Page_Load(object sender, EventArgs e) { MsgLbl.Visible = false; } protected void btn_login_Click(object sender, EventArgs e) { MsgLbl.Visible = true; string des; try { Session["name"] = txt_usrlogin.Text; bo_log.Username = txt_usrlogin.Text; bo_log.Password = txt_usrpass.Text; des = bal_log.login(bo_log); if (des == "Doctor" || des == "Senior Doctor") { Response.Redirect("Doctor.aspx"); } else if (des == "Nurse" || des == "Senior Nurse") { Response.Redirect("Nurse.aspx"); }

else if (des.Equals("Receptionist")) { Response.Redirect("Receptionist.aspx"); } else { MsgLbl.Text = "Invalid user ID or Password"; } } catch (Exception) { throw; } }}

Data Owner :5.3.Authentication :public partial class Admin : System.Web.UI.Page{ bal balob = new bal(); bo bo_ob = new bo(); protected void Page_Load(object sender, EventArgs e) { } protected void btn_admin_Click(object sender, EventArgs e) { Session["admin"] = txt_adm_name.Text; bo_ob.Username = txt_adm_name.Text; bo_ob.Password = txt_adm_pass.Text; balob.adlog(bo_ob); Response.Redirect("AdminPage.aspx"); }}

5.4.Key Generate :public partial class AdminPage : System.Web.UI.Page{ bal bal_ob = new bal(); bo bo_ob = new bo(); DataSet ds = new DataSet(); dal dal_ob = new dal(); protected void Page_Load(object sender, EventArgs e) { lb_username.Text = Session["admin"].ToString(); if (!IsPostBack) { bind(); } } public void bind() { ds = bal_ob.ad_grid(bo_ob); gv_userdet.DataSource = ds; gv_userdet.DataBind(); }

protected void btn_private_Click(object sender, EventArgs e) { try { string filename = Session["admin"].ToString() + ".sk"; string absolutePath = Server.MapPath("~/Keys/" + Session["admin"].ToString() + "/" + filename); Response.ContentType = "text/plain"; Response.AddHeader("Content-Disposition", "attachment;filename=" + filename); Response.TransmitFile(absolutePath); Response.End(); } catch (Exception) { throw; } finally { } }

protected void btn_public_Click(object sender, EventArgs e) { try { string filename = Session["admin"].ToString() + ".pk"; string absolutePath = Server.MapPath("~/Keys/" + Session["admin"].ToString() + "/" + filename); Response.ContentType = "text/plain"; Response.AddHeader("Content-Disposition", "attachment;filename=" + filename); Response.TransmitFile(absolutePath); Response.End(); } catch (Exception) { throw; } finally { } }

protected void btn_key_generate_Click(object sender, EventArgs e) { bool a; try { Keygeneration obj_RSAKey = new Keygeneration(); obj_RSAKey.generatekey(Convert.ToInt32(keysize.SelectedValue)); bo_ob.Pkkey=obj_RSAKey.Privatekey; bo_ob.Pbkey=obj_RSAKey.Publickey; a = bal_ob.keygen(bo_ob); writeKeys(obj_RSAKey.Publickey, Session["admin"].ToString() + ".pk", Server.MapPath("~/Keys/")); writeKeys(obj_RSAKey.Privatekey, Session["admin"].ToString() + ".sk", Server.MapPath("~/Keys/")); Response.Write("alert('Key Generated Successfully')"); } catch (Exception) { throw; } }

private void writeKeys(string Data, string fName, string Path) { try { Path += "/" + Session["admin"].ToString(); if (!System.IO.Directory.Exists(Path)) { System.IO.Directory.CreateDirectory(Path); } System.IO.StreamWriter streamWriter = new System.IO.StreamWriter(Path + "/" + fName, false); if (Data != null) { streamWriter.Write(Data); } streamWriter.Close(); } catch (Exception Ex) { Response.Write("alert('" + Ex.Message + "');"); } }}

5.5.Encrypt Data :public partial class FileEncrypt : System.Web.UI.Page{ EncryptionService es = new EncryptionService(); protected void Page_Load(object sender, EventArgs e) { // lb_usrrequest.Visible = false; lb_encrypt.Visible = false; } protected void btn_encrypt_Click(object sender, EventArgs e) { lb_encrypt.Visible = true; try { string FileName = Path.GetFileName(file_upld.FileName); Session["FileName"] = FileName; string FileExtension = Path.GetExtension(FileName); if (FileExtension == ".docx" || FileExtension == ".doc" || FileExtension == ".txt" || FileExtension == ".pdf" || FileExtension == ".jpg") { if (!System.IO.Directory.Exists(Server.MapPath("~/Temp/" + Session["admin"]))) System.IO.Directory.CreateDirectory(Server.MapPath("~/Temp/" + Session["admin"])); file_upld.SaveAs(Server.MapPath("~/Temp/" + Session["admin"] + "/" + FileName)); } else { ClientScript.RegisterStartupScript(Page.GetType(), "validation", alert('file format not supported')");}

string FilePath = Server.MapPath("~/Temp/" + Session["admin"] + "/" + FileName); string KeyPath = Server.MapPath("~/Keys/" + Session["admin"] + "/" + Session["admin"] + ".pk"); string id = Session["admin"].ToString(); es.EncryptFile(KeyPath, FilePath, id); //Session["encrypt_path"] = a; lb_encrypt.Text = "File Encrypted Successfully"; } catch (Exception) { throw; } finally { } } protected void btn_cancel_Click(object sender, EventArgs e) { Response.Redirect("AdminPage.aspx"); } protected void btn_viewreq_Click(object sender, EventArgs e) { Response.Redirect("ForwardKey.aspx"); }}

Cloud Encryption :5.6.Key Generation and Encryption in Cloud :public partial class CloudEncrypt : System.Web.UI.Page{ bal bal_ob=new bal(); bo bo_ob=new bo(); ReEncryption re = new ReEncryption(); protected void Page_Load(object sender, EventArgs e) { } protected void btn_keygen_Click(object sender, EventArgs e) { bool a; try { Secondkeygen obj_RSAKey = new Secondkeygen(); obj_RSAKey.skeygen(Convert.ToInt32(DropDownList1.SelectedValue)); bo_ob.Pkkey=obj_RSAKey.Privatekey; bo_ob.Pbkey=obj_RSAKey.Publickey; a = bal_ob.keygen(bo_ob); writeKeys(obj_RSAKey.Publickey, Session["admin"].ToString() + ".cpk", Server.MapPath("~/Cloud Keys/")); writeKeys(obj_RSAKey.Privatekey, Session["admin"].ToString() + ".csk", Server.MapPath("~/Cloud Keys/")); } catch (Exception) { throw;}}

private void writeKeys(string Data, string fName, string Path) { try { Path += "/" + Session["admin"].ToString(); if (!System.IO.Directory.Exists(Path)) { System.IO.Directory.CreateDirectory(Path); } System.IO.StreamWriter streamWriter = new System.IO.StreamWriter(Path + "/" + fName, false); if (Data != null) { streamWriter.Write(Data); } streamWriter.Close(); } catch (Exception Ex) { Response.Write("alert('" + Ex.Message + "');"); } }

protected void btn_privatekey_Click(object sender, EventArgs e){ try { string filename = Session["admin"].ToString() + ".csk"; string absolutePath = Server.MapPath("~/Cloud Keys/" + Session["admin"].ToString() + "/" + filename); Response.ContentType = "text/plain"; Response.AddHeader("Content-Disposition", "attachment;filename=" + filename); Response.TransmitFile(absolutePath); Response.End(); } catch (Exception) { throw; } finally { }}

protected void btn_publickey_Click(object sender, EventArgs e){ try { string filename = Session["admin"].ToString() + ".cpk"; string absolutePath = Server.MapPath("~/Cloud Keys/" + Session["admin"].ToString() + "/" + filename); Response.ContentType = "text/plain"; Response.AddHeader("Content-Disposition", "attachment;filename=" + filename); Response.TransmitFile(absolutePath); Response.End(); } catch (Exception) { throw; } finally { }}protected void btn_cloud_encrypt_Click(object sender, EventArgs e){ try { string FileName = Path.GetFileName(fileupld_cloud.FileName); Session["FileName"] = FileName; string FileExtension = Path.GetExtension(FileName);

if (FileExtension == ".docx" || FileExtension == ".doc" || FileExtension == ".txt" || FileExtension == ".pdf" || FileExtension == ".jpg") { if (!System.IO.Directory.Exists(Server.MapPath("~/Cloud/" + Session["admin"]))) System.IO.Directory.CreateDirectory(Server.MapPath("~/Cloud/" + Session["admin"])); fileupld_cloud.SaveAs(Server.MapPath("~/Cloud/" + Session["admin"] + "/" + FileName)); } else { ClientScript.RegisterStartupScript(Page.GetType(), "validation", "alert('file format not supported')"); } string FilePath = Server.MapPath("~/Cloud/" + Session["admin"] + "/" + FileName); string KeyPath = Server.MapPath("~/Cloud Keys/" + Session["admin"] + "/" + Session["admin"] + ".cpk"); string id = Session["admin"].ToString(); re.Reencrypt(KeyPath, FilePath, id); } catch (Exception) { throw; } finally { }}}

User Access :

5.7 Requesting Key :protected void btn_send_Click(object sender, EventArgs e) { Session["request"] = txt_doc_request.Text.ToString(); ClientScript.RegisterStartupScript(Page.GetType(), "validation", "alert('Request Sucessfully Send to Owner...')"); } protected void btn_download_record_Click(object sender, EventArgs e) { Response.Redirect("UserDownloadKey.aspx"); }5.8 Key From Data Owner :protected void Page_Load(object sender, EventArgs e) { lnk_cloud.Visible = false; lb_usrreq.Text = " "; if (Session["request"]== null) { Response.Write("alert('There are no request from user ')"); Response.Redirect("CloudEncrypt.aspx"); } else { lb_usrreq.Text = Session["name"].ToString() + " : " + Session["request"].ToString(); } // lb_usrreq.Text = Session["request"].ToString(); lb_key_send.Visible = false; // string s = Path.GetFileName(upld_key.PostedFile.FileName); }

protected void btn_forwardkey_Click(object sender, EventArgs e) { string a = Path.GetFileName(upld_key.PostedFile.FileName); Session["keyname"] = a; if (!System.IO.Directory.Exists(Server.MapPath("~/UsersKey/" + Session["name"]))) System.IO.Directory.CreateDirectory(Server.MapPath("~/UsersKey/" + Session["name"])); lb_key_send.Visible=true; // string filename = Session["admin"].ToString() + ".sk"; string filename = a ; string absolutePath = Server.MapPath("~/Keys/" + Session["admin"].ToString() + "/" + filename); string[] arr = File.ReadAllLines(absolutePath); StringBuilder strbul = new StringBuilder(); System.IO.StreamWriter write = new System.IO.StreamWriter(Server.MapPath("~/UsersKey/" + "/" + Session["name"] + "/" + filename)); foreach (string i in arr) { strbul.Append(i); write.Write(strbul); } write.Dispose(); lnk_cloud.Visible = true; lb_key_send.Text = "Key Send Successfully"; }

5.9 Key From Cloud : protected void btn_forwardkey_Click(object sender, EventArgs e) { string a = Path.GetFileName(fupld_cldkey.PostedFile.FileName); Session["cldkeyname"] = a; if (!System.IO.Directory.Exists(Server.MapPath("~/UsersKey/" + Session["name"]))) System.IO.Directory.CreateDirectory(Server.MapPath("~/UsersKey/" + Session["name"])); string filename = a; string absolutePath = Server.MapPath("~/Cloud Keys/" + Session["admin"].ToString() + "/" + filename); string[] arr = File.ReadAllLines(absolutePath); StringBuilder strbul = new StringBuilder(); System.IO.StreamWriter write = new System.IO.StreamWriter(Server.MapPath("~/UsersKey" + "/" + Session["name"] + "/" + filename)); foreach (string i in arr) { strbul.Append(i); write.Write(strbul); } write.Dispose(); Response.Write("alert('Key from Cloud Successfully Sent')"); }

5.8 User Downloading Keys :Owners Key :protected void btn_seckey_download_Click(object sender, EventArgs e) { if (Session["keyname"] != null) { string a = Session["keyname"].ToString(); // string filename = Session["admin"].ToString() + ".sk"; string filename = a; string absolutePath = Server.MapPath("~/UsersKey/" + Session["name"] + "/" + filename); Response.ContentType = "text/plain"; Response.AddHeader("Content-Disposition", "attachment;filename=" + filename); Response.TransmitFile(absolutePath); Response.End(); } else { Response.Write("alert('Send a Request to DataOwner to download key')"); Response.Redirect("DoctorEntries.aspx"); } }

Clouds Key :

protected void btn_cld_key_Click(object sender, EventArgs e) { if (Session["cldkeyname"] != null) { string a = Session["cldkeyname"].ToString(); // string filename = Session["admin"].ToString() + ".sk"; string filename = a; string absolutePath = Server.MapPath("~/UsersKey/" + Session["name"] + "/" + filename); //~/UsersKey/UserCldKey" + "/" + Session["name"] + "/" + filename Response.ContentType = "text/plain"; Response.AddHeader("Content-Disposition", "attachment;filename=" + filename); Response.TransmitFile(absolutePath); Response.End(); } else { Response.Write("alert('Send a Request to DataOwner to download key')"); Response.Redirect("DoctorEntries.aspx"); } }

5.9 Cloud Level Of Decryption : protected void btn_cld_decrypt_Click(object sender, EventArgs e) { try { string Filename = Path.GetFileName(fupld_file.FileName); string FilePath = Server.MapPath("~/Cloud/Recrypt/" + Session["admin"] + "/" + Filename); string KeyName = Path.GetFileName(fupld_key.FileName); string FileFormat = Path.GetExtension(KeyName); if (FileFormat == ".csk") { if (!System.IO.Directory.Exists(Server.MapPath("~/Userskey/" + Session["name"]))) System.IO.Directory.CreateDirectory(Server.MapPath("~/Userskey/" + Session["name"])); fupld_key.SaveAs(Server.MapPath("~/Userskey/" + Session["name"] + "/" + KeyName)); } string KeyPath = Server.MapPath("~/UsersKey/" + Session["name"] + "/" + KeyName); string id = Session["name"].ToString(); ds.DecryptFile(KeyPath, FilePath, id); } catch (Exception) { throw; } Response.Redirect("FileDecrypt.aspx"); }}

6. DATABASE DESIGN STRUCTUREDatabase design is the process of producing a detailed data model of a database. This logical data model contains all the needed logical and physical design choices and physical storage parameters needed to generate a design in a Data Definition Language, which can then be used to create a database. A fully attributed data model contains detailed attributes for each entity.6.1. Table Name: Register :This table is used for maintaining the details of users for authentication purpose.This Information are viewed at admin side.

6.2. Table Name: Admin :This table is used for admin authentication.

6.3.3: Table Name:key generationIn this table admin generate the key for encryption

6.3.4: Table Name:Secret keyIn this table admin maintaining secret key

Home Page :

User Registration :

User Profile :

Admin Login

Admin Login :

Admins Page(Data Owner) : Here, the data owner generates a key size and with the public key, he encrypts the data and stores at cloud.

Data Owner Encryption :

Cloud Side Encryption : Cloud generated the same key size which data owner has mention and encrypts the data once again inside the cloud with public key.

User Requesting Key :

Secret Key Forward(Data Owner) :

Secret Key Forward(Cloud) :

User Downloading Key from Data Owner :

User Downloading Key from Cloud :

Validating Registration ID :

Cloud Level Decryption :

9.FUTURE ENHANCEMENTWe plan to investigate the alternative choices for the TLE approach further. We also plan to further reduce the computational cost by exploiting partial relationships among ACPs.AdvantagesIt provides a better way to handle data updates, and user dynamics changes.To support expressive access control policies.When user dynamics changes, only the outer layer of the encryption needs to be updated.Outer layer encryption is performed at the cloud, no data transmission is required between the data owner and the cloud.

Applications: In big organizations (Amazon,IBM) are maintaining the clouds to store the data.To provide privacy we can implement.

Storage As a Service Based Cloud ApplicationsCloud storage is a model of networked enterprise storage where data is stored not only in the user's computer, but in virtualized pools of storage which are generally hosted by third parties, too. Users can perform manipulations on stored data like insert update and append through blocks. Block level updating and deletions are allowed with token checking. If user has not having enough resources to compute tokens or required hardware support then he can easily delegate the work to a third party auditor called as TPA. He is responsible to generate homomorphic token and stores the token persistently and securely for further verification. In ourscheme we assume that TPA is secure and he is responsible to protect from threats, users will pay some incentives to TPA for maintenance.HospitalAhospitalis ahealth careinstitution providingpatienttreatment by specialized staff and equipment. Hospitals are usuallyfunded by the public sector, by health organizations (for profitornonprofit),health insurancecompanies, orcharities, including direct charitable donations. Historically, hospitals were often founded and funded byreligious ordersor charitable individuals and leaders. In this hospital application we can implement this concept for security purpose.

Conclusion:In this paper, we proposed a two layer encryption based approach to solve this problem by delegating as much of the access control enforcement responsibilities as possible to the Cloud while minimizing the information exposure risks due to colluding Usrs and Cloud. A key problem in this regard is how to decompose acps so that the Owner has to handle a minimum number of attribute conditions while hiding the content from the Cloud. We showed that the policy decomposition problem is NP-Complete and provided approximation algorithms. Based on the decomposed acps, we proposed a novel approach to privacy preserving finegrained delegated access control to data in public clouds. Our approach is based on a privacy preserving attribute based key management scheme that protects the privacy of users while enforcing attribute based acps. As the experimental results show, decomposing The acps and utilizing the two layer of encryption reduce the overhead at the Owner.

CHAPTER 1010.1 CONCLUSION In this paper, we proposed a two layer encryption based approach to solve this problem by delegating as much of the access control enforcement responsibilities as possible to the Cloud while minimizing the information exposure risks due to colluding Usrs and Cloud. A key problem in this regard is how to decompose acps so that the Owner has to handle a minimum number of attribute conditions while hiding the content from the Cloud. We showed that the policy decomposition problem is NP-Complete and provided approximation algorithms. Based on the decomposed acps, we proposed a novel approach to privacy preserving finegrained delegated access control to data in public clouds. Our approach is based on a privacy preserving attribute based key management scheme that protects the privacy of users while enforcing attribute based acps. As the experimental results show, decomposing The acps and utilizing the two layer of encryption reduce the overhead at the Owner.

REFERENCES OR BIBLIOGRAPHY[1] M. Nabeel and E. Bertino, Privacy preserving delegated access control in the storage as a service model, in EEE International Conference on Information Reuse and Integration (IRI), 2012.[2] E. Bertino and E. Ferrari, Secure and selective dissemination of XML documents, ACM Trans. Inf. Syst. Secur., vol. 5, no. 3, pp. 290331, 2002.[3] G. Miklau and D. Suciu, Controlling access to published data using cryptography, in VLDB 2003: Proceedings of the 29th international conference on Very large data bases. VLDB Endowment, 2003, pp. 898909.[4] N. Shang, M. Nabeel, F. Paci, and E. Bertino, A privacypreserving approach to policy-based content dissemination, in ICDE 10: Proceedings of the 2010 IEEE 26th International Conference on Data Engineering, 2010.[5] M. Nabeel, E. Bertino, M. Kantarcioglu, and B. M. Thuraisingham,Towards privacy preserving access control in the cloud, in Proceedings of the 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing, ser. CollaborateCom 11, 2011, pp. 172180.[6] M. Nabeel, N. Shang, and E. Bertino, Privacy preserving policy based content sharing in public clouds, IEEE Transactions on Knowledge and Data Engineering, 2012.

[7] S. D. C. di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati, Over-encryption: Management of access control evolution on outsourced data, in Proceedings of the 33rd International Conference on Very Large Data Bases, ser. VLDB 07. VLDB Endowment, 2007, pp. 123134.[8] M. Nabeel and E. Bertino, Towards attribute based group key management, in Proceedings of the 18th ACM conference on Computer and communications security, Chicago, Illinois, USA, 2011.[9] A. Fiat and M. Naor, Broadcast encryption, in Proceedings of the 13th Annual International Cryptology Conference on Advances in Cryptology, ser. CRYPTO 93. London, UK: Springer-Verlag, 1994, pp. 480491.[10] D. Naor, M. Naor, and J. B. Lotspiech, Revocation and tracing schemes for stateless receivers, in Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology, ser. CRYPTO 01. London, UK: Springer-Verlag, 2001, pp. 4162.[11] J. Li and N. Li, OACerts: Oblivious attribute certificates, IEEE Transactions on Dependable and Secure Computing, vol. 3, no. 4, pp. 340352, 2006.