ABSTRACT
A cloud storage system, consisting of a collection of
storage servers, provides long-term storage services over the Internet. Storing
data in a third party’s cloud system causes serious concern over data
confidentiality. General encryption schemes protect data confidentiality, but
also limit the functionality of the storage system because a few operations are
supported over encrypted data. Constructing a secure storage system that
supports multiple functions is challenging when the storage system is
distributed and has no central authority. We propose a threshold proxy
re-encryption scheme and integrate it with a decentralized erasure code such
that a secure distributed storage system is formulated. The distributed storage
system not only supports secure and robust data storage and retrieval, but also
lets a user forward his data in the storage servers to another user without
retrieving the data back. The main technical contribution is that the proxy
re-encryption scheme supports encoding operations over encrypted messages as
well as forwarding operations over encoded and encrypted messages. Our method
fully integrates encrypting, encoding, and forwarding. We analyze and suggest
suitable parameters for the number of copies of a message dispatched to storage
servers and the number of storage servers queried by a key server. These
parameters allow more flexible adjustment between the number of storage servers
and robustness.
ARCHITECTURE:
SCOPE OF
THE PROJECT:
Designing a cloud storage system for robustness,
confidentiality and functionality. The proxy re-encryption scheme supports
encoding operations over encrypted messages as well as forwarding operations
over encoded and encrypted messages. To provide data robustness is to replicate
a message such that each Storage server stores a copy of the message. It is
very robust because the message can be retrieved as long as one storage server
survives.
The number of failure servers is under the tolerance
threshold of the erasure code, the message can be recovered from the codeword
symbols stored in the available storage servers by the decoding process. This
provides a tradeoff between the storage size and the tolerance threshold of
failure servers.
A
decentralized erasure code is an erasure code that independently computes each
codeword symbol for a message. A decentralized erasure code is suitable for use
in a distributed storage system.
A storage server failure is modeled as an erasure
error of the stored codeword symbol.
We construct a secure cloud storage system that
supports the function of secure data forwarding by using a threshold proxy
re-encryption scheme. The encryption scheme supports decentralized erasure
codes over encrypted messages and forwarding operations over encrypted and
encoded messages. Our system is highly distributed where storage servers
independently encode and forward messages and key servers independently perform
partial decryption.
EXISTING
SYSTEM:
In Existing System we use a straightforward
integration method. In straightforward integration method Storing data in a
third party’s cloud system causes serious concern on data confidentiality. In
order to provide strong confidentiality for messages in storage servers, a user
can encrypt messages by a cryptographic method before applying an erasure code
method to encode and store messages. When he wants to use a message, he needs
to retrieve the codeword symbols from storage servers, decode them, and then
decrypt them by using cryptographic keys.
General encryption schemes protect data
confidentiality, but also limit the functionality of the storage system because
a few operations are supported over encrypted data.
A decentralized architecture for storage systems
offers good scalability, because a storage server can join or leave without
control of a central authority.
DISADVATAGES
OF EXISTING SYSTEM:
v The
user can perform more computation and communication traffic between the user
and storage servers is high.
v The
user has to manage his cryptographic keys otherwise the security has to be
broken.
v The
data storing and retrieving, it is hard for storage servers to directly support
other functions.
PROPOSED
SYSTEM:
In our proposed system we address the problem of forwarding data to another user by storage
servers directly under the command of the data owner. We consider the system
model that consists of distributed storage servers and key servers. Since
storing cryptographic keys in a single device is risky, a user distributes his
cryptographic key to key servers that shall perform cryptographic functions on
behalf of the user. These key servers are highly protected by security
mechanisms.
The distributed systems require independent servers
to perform all operations. We propose a new threshold proxy re-encryption
scheme and integrate it with a secure decentralized code to form a secure
distributed storage system. The encryption scheme supports encoding operations
over encrypted messages and forwarding operations over encrypted and encoded
messages.
ADVANTAGES
OF PROPOSED SYSTEM:
v Tight
integration of encoding, encryption, and forwarding makes the storage system
efficiently meet the requirements of data robustness, data confidentiality, and
data forwarding.
v The
storage servers independently perform encoding and re-encryption process and
the key servers independently perform partial decryption process.
v More
flexible adjustment between the number of storage servers and robustness.
METHODOLOGY
USED:
PROXY RE-ENCRYPTION
SCHEME WITH MULTIPLICATIVE HOMOMORPHIC PROPERTY:
In the proxy Re-encryption key the messages
are first encrypted by the owner and then stored in a storage server. When a
user wants to share his messages, he sends a re-encryption key to the storage
server. The storage server re-encrypts the encrypted messages for the
authorized user. Thus, their system has data confidentiality and supports the
data forwarding function.
An encryption scheme is multiplicative homomorphic if it supports a
group operation on encrypted plaintexts
without decryption. The multiplicative homomorphic encryption scheme supports
the encoding operation over encrypted messages. We then convert a proxy
re-encryption scheme with multiplicative homomorphic property into a threshold
version. A secret key is shared to key servers with a threshold value t. To
decrypt for a set of k message symbols, each key server independently queries 2
storage servers and partially decrypts two encrypted codeword symbols. As long
as t key servers are available, k codeword symbols are obtained from the
partially decrypted cipher texts.
In order to preserve
privacy, the clients will encrypt their data when they out- source it to the
cloud. However, the encrypted form of data greatly impedes the utilization due
to its randomness. Many efforts have been done for the purpose of data usage
but without undermining the data privacy.
Homomorphism: Given two cipher texts c1 and c2 on plaintexts m1 and m2
respectively, one can obtain the cipher text on the plaintext m1 +m2 and/or m1
·m2 by evaluating c1 and c2 without decrypting cipher texts. Proxy re-encryption: Given a proxy
re-encryption key, the proxy can transform a cipher text of one user to a
cipher text of the target user. Threshold
decryption: By dividing the private key into several pieces of secret shares,
all clients can work together to decrypt the cipher text – the output of the
function.
MODULES:
·
Construction of Cloud Data Storage Module
·
Data Encryption Module
·
Data Forwarding Module
·
Data Retrieval Module
MODULES DESCRIPTION:
Construction of Cloud
Data Storage Module
In Admin Module the admin can login to give his
username and password. Then the server setup method can be opened. In server
setup process the admin first set the remote servers Ip-address for send that
Ip-address to the receiver. Then the server can skip the process to activate or
Dis-activate the process. For activating the process the storage server can
display the Ip-address. For Dis-activating the process the storage server
cannot display the Ip-address. These details can be viewed by clicking the key
server. The activated Ip-addresses are stored in available storage server. By
clicking the available storage server button we can view the currently available
Ip-addresses.
Data Encryption Module
In cloud login module the user can login his own
details. If the user cannot have the account for that cloud system first the
user can register his details for using and entering into the cloud system. The
Registration process details are Username, E-mail, password, confirm password,
date of birth, gender and also the location. After entering the registration
process the details can be stored in database of the cloud system. Then the
user has to login to give his corrected username and password the code has to
be send his/her E-mail. Then the user will go to open his account and view the
code that can be generated from the cloud system.
In Upload Module the new folder can be create for
storing the files. In folder creation process the cloud system may ask one
question for that user. The user should answer the question and must remember
that answer for further usage. Then enter the folder name for create the folder
for that user. In file upload process the user has to choose one file from
browsing the system and enter the upload option. Now, the server from the cloud
can give the encrypted form of the uploading file.
Data Forwarding Module
In forward
module first we can see the storage details for the uploaded files. When click
the storage details option we can see the file name, question, answer, folder
name, forward value (true or false), forward E-mail. If the forward column
display the forwarded value is true the user cannot forward to another person.
If the forward column display the forwarded value is false the user can forward
the file into another person. In file forward processes contains the selected
file name, E-mail address of the forwarder and enter the code to the forwarder.
Now, another user can check his account properly and view the code forwarded
from the previous user. Then the current user has login to the cloud system and
to check the receive details. In receive details the forwarded file is present
then the user will go to the download process.
Data Retrieval Module
In Download
module contains the following details. There are username and file name. First,
the server process can be run which means the server can be connected with its
particular client. Now, the client has to download the file to download the
file key. In file key downloading process the fields are username, filename,
question, answer and the code. Now clicking the download option the client can
view the encrypted key. Then using that key the client can view the file and
use that file appropriately.
SYSTEM CONFIGURATION:-
HARDWARE REQUIREMENTS:-
ü Processor - Pentium
–III
ü Speed - 1.1
Ghz
ü RAM - 256 MB(min)
ü Hard
Disk - 20 GB
ü Floppy
Drive - 1.44 MB
ü Key
Board - Standard
Windows Keyboard
ü Mouse - Two
or Three Button Mouse
ü Monitor - SVGA
SOFTWARE REQUIREMENTS:-
v
Operating System :
Windows95/98/2000/XP
v
Application
Server : Tomcat5.0/6.X
v
Front End :
Java, JSP
v
Script : JavaScript.
v
Server side Script : Java Server Pages.
v
Database :
MYSQL
No comments:
Post a Comment