SECURE STORAGE CLOUD

ABSTRACT

Benefited from cloud computing, users can achieve an effective and economical approach for data
sharing among group members in the cloud with the characters of low maintenance and little
management cost. Meanwhile, we must provide security guarantees for the sharing data files since
they are out-sourced. Unfortunately, because of the frequent change of the membership, sharing
data while providing privacy-preserving is still a challenging issue, especially for an untrusted
cloud due to the collusion attack. Moreover, for existing schemes, the security of key distribution
is based on the secure communication channel, however, to have such channel is a strong
assumption and is difficult for practice. In this paper, we propose a secure data sharing scheme for
dynamic members. Firstly, we propose a secure way for key distribution without any secure
communication channels, and the users can securely obtain their private keys from group manager.
Secondly, our scheme can achieve fine-grained access control, any user in the group can use the
source in the cloud and revoked users cannot access the cloud again after they are revoked.
Thirdly, we can protect the scheme from collusion attack, which means that revoked users cannot
get the original data file even if they conspire with the untrusted cloud. In our approach, by
leveraging polynomial function, we can achieve a secure user revocation scheme. Finally, our
scheme can achieve fine efficiency, which means previous users need not to update their private
keys for the situation either a new user joins in the group or a user is revoked from the group.
CHAPTER TITLE PAGE NO.

ACKNOWLEDGEMENT.........................................................................II

ABSTRACT……………………………………………………………..III

LIST OF FIGURES……………………………………………………...VI

LIST OF TABLES………………………………………………………VII

CHAPTER- I
1. INTRODUCTION...........................................................................................
......1
1.1 EXISTING SYSTEM………………………………………………..……….….1
1.2 PROPOSED SYSTEM……………………………………………………….….2
1.3 LIMITATIONS……………………………………………………………….…3
1.4 SCOPE…………………………………………………………………………..4
1.5 OUTLINE….........................................................................................................4
 CHAPTER- II
2. LITERATURE
SURVEY..................................................................................... 5
2.1 BACKGROUND..........................................................................................5
2.2 PREVIOUS SYSTEM.................................................................................7
2.3 APPROACHES OF DEDUPLICATION…………………………………8
2.4 METHODOLOGIES……………………………………………………...11

CHAPTER- III
3. SYSTEM ANALYSIS
3.1 INTRODUCTION CUM EXISTING STATEMENT…………………………9
3.2 OVER ALL DESCRIPTION…………………………………………………..10
3.3 EXTERNAL INTERFACE REQUIREMENTS……………………………….12
3.4 SYSTEM FEATURES………………………………………………………….13
3.5 NON FUNCTIONAL REQUIREMENTS……………………………………..14
3.6 SYSTEM ARCHITECTURE…………………………………………………...16

CHAPTER- IV
4. DESIGN
4.1 IMPORTANCE OF DESIGN…………………………………………………17
4.2 UML DIAGRAMS……………………………………………………………19
4.2.1 USE CASE DIAGRAM…………………………………...………......20
4.2.2 CLASS DIAGRAM…………………………………………………...22
4.2.3 SEQUENCE DIAGRAM……………………………………………...23
4.2.4 ACTIVITY DIAGRAM ………………………………………………24
4.2.5 STATECHART DIAGRAM…………………………………………..25
 4.3 DATA FLOW DIAGRAM…………………………………………………….26
4.4 DATA DICTIONARY………………………………………………………...28

CHAPTER- V
5. IMPLEMENTATION
5.1 MODULE DESCRIPTION………………………………………………30
5.1.1 CLOUD MODULE…………….………………………………...30
5.1.2 GROUP MANAGER MODULE………………………………...30
5.1.3 GROUP MEMBER MODULE….……………………………….31
5.1.4 FILE SECURITY MODULE………………..…………………..31
5.1.5 GROUP SIGNATURE MODULE…………..…………………..31
5.1.6 USER REVOCATION MODULE…………..…………………..31

5.2 ALGORITHMS/ PRINCIPLES…………………………………………..32

5.2.1 KEY GENERATION…………………………………………….32
5.2.2 RSA ALGORITHM……………………………………………...32

5.3 SAMPLE CODE……………………………………………………………….34

CHAPTER- VI
6. TESTING
6.1 IMPORTANCE OF TESTING…………………………………………..39
6.2 TYPES OF TESTING……………………………………………………39
6.3 TEST CASES…………………………………………………………………..41
6.4 SCREEN SHOTS…………………………………………………………45

CHAPTER- VII
 7. CONCLUSION AND FUTURE
SCOPE………………………………………59

CHAPTER- VIII
8. BIBLIOGRAPHY………………………………………………………………………60

List of Figures: 

FIGURE NUMBER NAME OF FIGURE PAGE NUMBER

USECASE DIAGRAM FOR
4.2.1.1
USER
21

4.2.2.1 CLASS DIAGRAM 22

4.2.3.1 SEQUENCE DIAGRAM 23
4.2.4.1 ACTIVITY DIAGRAM 24
4.2.5.1 STATECHART DIAGRAM 25
 4.3.1 DATAFLOW DIAGRAM 27

List of Tables:
S.NO NAME OF TABLE PAGE NO
6.3.1 HOME PAGE 42
VERIFICATION LINKS
6.3.2 ADMIN LOGIN PAGE 42
6.3.3 PRIVATE CLOUD 43
6.3.4 USER REGISTRATION 48
List of Screenshots:
S NO FIGURE PAGE NO
6.4.1 HOME PAGE 45
GROUP MANAGER LOGIN
6.4.2 46
PAGE
GROUP MEMBER LOGIN
6.4.3 47
PAGE
GROUP MEMBER
6.4.4 48
REGISTRATION PAGE
6.4.5 MANAGER HOME PAGE 49
MANAGER VIEW GROUP
6.4.6 50
PAGE
MANAGER VIEW LOG
6.4.7 51
DETAILS PAGE
MANAGER VIEW FILE
6.4.8 52
DETAILS PAGE
6.4.9 GROUP MEMBER LOGIN 53
6.4.10 SIGNATURE SENT TO MAIL 54
SIGNATURE
6.4.11 55
AUTHENTICATION
 GROUP MEMBER HOME
6.4.12 56
PAGE
GROUP MEMBER FILE
6.4.13 57
UPLOAD PAGE
GROUP MEMBER FILE
6.4.14 58
DOWNLOAD PAGE
 CHAPTER- I

1. INTRODUCTION
Benefited from cloud computing, users can achieve an effective and economical approach for data
sharing among group members in the cloud with the characters of low maintenance and little
management cost. Meanwhile, we must provide security guarantees for the sharing data files since
they are outsourced. Unfortunately, because of the frequent change of the membership, sharing data
while providing privacy-preserving is still a challenging issue, especially for an untrusted cloud due
to the collusion attack. Moreover, for existing schemes, the security of key distribution is based on
the secure communication channel, however, to have such channel is a strong assumption and is
difficult for practice. In this paper, we propose a secure data sharing scheme for dynamic members.
Firstly, we propose a secure way for key distribution without any secure communication channels,
and the users can securely obtain their private keys from group manager. Secondly, our scheme can
achieve fine-grained access control, any user in the group can use the source in the cloud and
revoked users cannot access the cloud again after they are revoked. Thirdly, we can protect the
scheme from collusion attack, which means that revoked users cannot get the original data file even
if they conspire with the untrusted cloud. In our approach, by leveraging polynomial function, we
can achieve a secure user revocation scheme. Finally, our scheme can achieve fine efficiency, which
means previous users need not to update their private keys for the situation either a new user joins in
the group or a user is revoked from the group.

1.1 EXISTING SYSTEM:

▪ Kallahalla et al presented a cryptographic storage system that enables secure data sharing on
untrustworthy servers based on the techniques that dividing files into file groups and
encrypting each file group with a file-block key.
▪ Yu et al exploited and combined techniques of key policy attribute-based encryption, proxy
re-encryption and lazy re-encryption to achieve fine-grained data access control without
disclosing data contents.

1
DISADVANTAGES OF EXISTING SYSTEM:

● The file-block keys need to be updated and distributed for a user revocation; therefore,
the system had a heavy key distribution overhead.
● The complexities of user participation and revocation in these schemes are linearly
increasing with the number of data owners and the revoked users.
● The single-owner manner may hinder the implementation of applications, where any
member in the group can use the cloud service to store and share data files with others.

1.2 PROPOSED SYSTEM:

● In this paper, we propose a secure data sharing scheme, which can achieve secure key
distribution and data sharing for dynamic group.
● We provide a secure way for key distribution without any secure communication
channels. The users can securely obtain their private keys from group manager without
any Certificate Authorities due to the verification for the public key of the user.
● Our scheme can achieve fine-grained access control, with the help of the group user list,
any user in the group can use the source in the cloud and revoked users cannot access the
cloud again after they are revoked.
● We propose a secure data sharing scheme which can be protected from collusion attack.
The revoked users can not be able to get the original data files once they are revoked
even if they conspire with the untrusted cloud. Our scheme can achieve secure user
revocation with the help of polynomial function.
● Our scheme is able to support dynamic groups efficiently, when a new user joins in the
group or a user is revoked from the group, the private keys of the other users do not need
to be recomputed and updated.
● We provide security analysis to prove the security of our scheme.

ADVANTAGES OF PROPOSED SYSTEM:

2
 ● The computation cost is irrelevant to the number of revoked users in RBAC scheme. The
reason is that no matter how many users are revoked, the operations for members to
decrypt the data files almost remain the same.
● The cost is irrelevant to the number of the revoked users. The reason is that the
computation cost of the cloud for file upload in our scheme consists of two verifications
for signature, which is irrelevant to the number of the revoked users. The reason for the
small computation cost of the cloud in the phase of file upload in RBAC scheme is that
the verifications between communication entities are not concerned in this scheme.
● In our scheme, the users can securely obtain their private keys from group manager
Certificate Authorities and secure communication channels. Also, our scheme is able to
support dynamic groups efficiently, when a new user joins in the group or a user is
revoked from the group, the private keys of the other users do not need to be recomputed
and updated.

1.3 Limitations:
● The user is only allowed to perform the duplicate check for files marked with the
corresponding privileges.
● This project works only under the access of internet.
● To enhance the security of data and protect the data confidentiality.

1.4 Scope:
This will be developed using IDE NetBeans, written in Java and is a reusable framework for
simplifying the development of Java Swing desktop applications. The database used is MYSQL. We
provide a secure way for key distribution without any secure communication channels. The users can

3
securely obtain their private keys from group manager without any Certificate Authorities due to the
verification for the public key of the user.

1.5 Outline:
The Proposed system does deduplication techniques that is it eliminates the repeating copies of
data present in the files. Users must register and the details are securely stored into the database. All
the files being uploaded by the data user are kept on the cloud in the encrypted form and uploading
is done by using the respective token id. Thus, more security is provided to the files present on the
server.

CHAPTER- II

2. LITERATURE SURVEY

1 “Oruta: Privacy-Preserving Public Auditing for Shared Data in the Cloud,”

4
AUTHORS: B. Wang, B. Li, and H. Li,
With cloud data services, it is commonplace for data to be not only stored in the cloud, but also
shared across multiple users. Unfortunately, the integrity of cloud data is subject to skepticism due to
the existence of hardware/software failures and human errors. Several mechanisms have been
designed to allow both data owners and public verifiers to efficiently audit cloud data integrity
without retrieving the entire data from the cloud server. However, public auditing on the integrity of
shared data with these existing mechanisms will inevitably reveal confidential information-identity
privacy-to public verifiers. In this paper, we propose a novel privacy-preserving mechanism that
supports public auditing on shared data stored in the cloud. In particular, we exploit ring signatures
to compute verification metadata needed to audit the correctness of shared data. With our
mechanism, the identity of the signer on each block in shared data is kept private from public
verifiers, who are able to efficiently verify shared data integrity without retrieving the entire file. In
addition, our mechanism is able to perform multiple auditing tasks simultaneously instead of
verifying them one by one. Our experimental results demonstrate the effectiveness and efficiency of
our mechanism when auditing shared data integrity.

2. “Security Challenges for the Public Cloud,”

AUTHORS: K. Ren, C. Wang, and Q. Wang,

In this talk, I will first discuss a number of pressing security challenges in Cloud Computing,
including data service outsourcing security and secure computation outsourcing. Then, I will focus
on data storage security in Cloud Computing. As one of the primitive services, cloud storage allows
data owners to outsource their data to cloud for its appealing benefits. However, the fact that owners
no longer have physical possession of the outsourced data raises big security concerns on the storage
correctness. Hence, enabling secure storage auditing in the cloud environment with new approaches
becomes imperative and challenging. In this talk, I will present our recent research efforts towards

5
storage outsourcing security in cloud computing and describe both our technical approaches and
security & performance evaluations.

3. “Privacy-Preserving Public Auditing for Data Storage Security in Cloud

Computing,”

AUTHORS: C. Wang, Q. Wang, K. Ren, and W. Lou

Cloud computing is the long dreamed vision of computing as a utility, where users can remotely
store their data into the cloud so as to enjoy the on-demand high quality applications and services
from a shared pool of configurable computing resources. By data outsourcing, users can be relieved
from the burden of local data storage and maintenance. However, the fact that users no longer have
physical possession of the possibly large size of outsourced data makes the data integrity protection
in Cloud Computing a very challenging and potentially formidable task, especially for users with
constrained computing resources and capabilities. Thus, enabling public audit ability for cloud data
storage security is of critical importance so that users can resort to an external audit party to check
the integrity of outsourced data when needed. To securely introduce an effective third party auditor
(TPA), the following two fundamental requirements have to be met: 1) TPA should be able to
efficiently audit the cloud data storage without demanding the local copy of data, and introduce no
additional on-line burden to the cloud user; 2) The third party auditing process should bring in no
new vulnerabilities towards user data privacy. In this paper, we utilize and uniquely combine the
public key based homomorphic authenticator with random masking to achieve the privacy-
preserving public cloud data auditing system, which meets all above requirements. To support
efficient handling of multiple auditing tasks, we further explore the technique of bilinear aggregate
signature to extend our main result into a multi-user setting, where TPA can perform multiple
auditing tasks simultaneously. Extensive security and performance analysis shows the proposed
schemes are provably secure and highly efficient.

4. “Computing Encrypted Cloud Data Efficiently under Multiple Keys,”

6
AUTHORS: B. Wang, M. Li, S.S. Chow, and H. Li,
The emergence of cloud computing brings users abundant opportunities to utilize the power of cloud
to perform computation on data contributed by multiple users. These cloud data should be encrypted
under multiple keys due to privacy concerns. However, existing secure computation techniques are
either limited to single key or still far from practical. In this paper, we design two efficient schemes
for secure outsourced computation over cloud data encrypted under multiple keys. Our schemes
employ two non-colluding cloud servers to jointly compute polynomial functions over multiple
users' encrypted cloud data without learning the inputs, intermediate or final results, and require only
minimal interactions between the two cloud servers but not the users. We demonstrate our schemes'
efficiency experimentally via applications in machine learning. Our schemes are also applicable to
privacy-preserving data aggregation such as in smart metering.

5. “Achieving Secure, Scalable, and Fine-Grained Data Access Control in Cloud

Computing,”

AUTHORS: S. Yu, C. Wang, K. Ren, and W. Lou,

Cloud computing is an emerging computing paradigm in which resources of the computing
infrastructure are provided as services over the Internet. As promising as it is, this paradigm also
brings forth many new challenges for data security and access control when users outsource sensitive
data for sharing on cloud servers, which are not within the same trusted domain as data owners. To
keep sensitive user data confidential against untrusted servers, existing solutions usually apply
cryptographic methods by disclosing data decryption keys only to authorized users. However, in
doing so, these solutions inevitably introduce a heavy computation overhead on the data owner for
key distribution and data management when fine-grained data access control is desired, and thus do
not scale well. The problem of simultaneously achieving fine-grainedness, scalability, and data
confidentiality of access control actually still remains unresolved. This paper addresses this
challenging open issue by, on one hand, defining and enforcing access policies based on data
attributes, and, on the other hand, allowing the data owner to delegate most of the computation tasks

7
involved in fine-grained data access control to untrusted cloud servers without disclosing the
underlying data contents. We achieve this goal by exploiting and uniquely combining techniques of
attribute-based encryption (ABE), proxy re-encryption, and lazy re-encryption. Our proposed
scheme also has salient properties of user access privilege confidentiality and user secret key
accountability. Extensive analysis shows that our proposed scheme is highly efficient and provably
secure under existing security models.

CHAPTER- III

3. SYSTEM ANALYSIS

8
3.1 Introduction:
Benefited from cloud computing, users can achieve an effective and economical approach for
data sharing among group members in the cloud with the characters of low maintenance and little
management cost. Meanwhile, we must provide security guarantees for the sharing data files since
they are outsourced.

3.1.1 Purpose:
The purpose of this document is to provide the software requirement specification report for
a secure data sharing scheme for dynamic members and a secure way for key distribution without
any secure communication channels.

3.1.2 Document Conventions:

The Conventions used in the document are:

Conventions Meaning

⮚ DB Database
⮚ JS Java Script
⮚ JSP Java Server Pages
⮚ SQL Structured Query Language
⮚ CSS Cascading Style sheets

3.1.3 Intended Audience and Reading Suggestions:

This Documentation is intended for developers, project managers and testers. And it is
suggested to read in the sequence mentioned in the table of contents.

9
3.1.4 Reference:
Zhongma Zhu, Rui Jiang, “A Secure Anti-Collusion Data Sharing Scheme for Dynamic Groups in
the Cloud”, IEEE Transactions on Parallel and Distributed Systems, 2015.

3.2 Overall Description:

3.2.1 Product Perspective:
This cloud based application is a new, self-contained product which can achieve fine-grained
access control, any user in the group can use the source in the cloud and revoked users cannot access
the cloud again after they are revoked.

3.2.2 Product Functions:

● Cloud Module
● Group Manager Module
● Group Member Module

3.2.3 User Classes and Characteristics :

The users for this product are a group of team where the users are differentiated as group
managers and group members.
Group Manager
● The user has more features.
● They have complete facilities to manipulate.
● The user need minimum computer and internet knowledge.

Group Member
● These user utilize the service more frequently than the others.
● They have lesser privileges.
● Basic knowledge to use computer and internet is enough.
● They are the primary users.

10
3.2.4 Operating Environment:
Let us look into the software and hardware requirements of the software.
Software Requirements:
● Operating System : Windows 7 or above
● Background Software : Java 7
● Database : SQL
Hardware Requirements:
● Processor :Pentium Processor or above
● RAM : 1GB RAM
● Hard Disk: 80GB.

3.2.5 Design and Implementation Constraints

Identifying important product aspects will improve the usability of numerous reviews and is
beneficial to both consumers and firms. Consumers can conveniently make wise purchasing decision
by paying more attentions to the important aspects, while firms can focus on improving the quality
of these aspects and this enhance product reputation effectively.

3.2.6 User Documentation

The user would be provided with a help option in the website to learn how things work and
how they can utilize the service.

3.2.7 Assumptions and Dependencies

The product is expected to work only with those minimum requirements. The software would
not be installed into the computer without satisfying the minimum requirements. The chances of
computer taking long time to run will happen if the user somehow manages to install the software.

3.3 External Interface Requirements

3.3.1 User Interfaces

11
Browser
3.3.2 Hardware Interfaces
Not applicable.
3.3.3 Software Interfaces
● SQL
● Windows 7 or above
● Netbeans IDE
● Java 7
● Chrome
3.3.4 Communications Interfaces
The Hypertext transfer protocol is an application protocol distributed, collaborative, hypermedia
information systems. HTTP is the foundation of data communication for the World Wide Web. It is
a structured text that uses logical links between nodes containing text. It is a protocol to exchange of
transfer hypertext.

3.4 System Features

3.4.1 Cloud Module
In this module, we create a local Cloud and provide priced abundant storage services. The users
can upload their data in the cloud.
● Description and Priority
We develop this module, where the cloud storage can be made secure. However, the
cloud is not fully trusted by users since the CSPs are very likely to be outside of the
cloud users’ trusted domain.
● Functional Requirements
Login for group members and group managers for accessing the cloud. Group
signature verification for group members file uploading and downloading.

REQ-1: Username, email id and password for registration.

REQ-2: Username and password for Login.

12
3.4.2 Group Manager Module

Description and Priority

Group manager takes charge of followings:
1. System parameters generation,
2. User registration,
3. User revocation, and
4. Revealing the real identity of a dispute data owner.
Therefore, we assume that the group manager is fully trusted by the other parties.

Functional Requirements
Login for group managers for accessing the cloud. Group account activation for group
members file uploading and downloading.
REQ-1: Username, email id and password for registration.
REQ-2: Username and password for Login.

3.4.3 Group Member Module

3.4.3.1 Description and Priority

Group members are a set of registered users that will
● Store their private data into the cloud server and
● Share them with others in the group.

The group membership is dynamically changed, due to the staff resignation and new employee
participation in the company. The group member has the ownership of changing the files in the
group.

3.4.3.2 Functional Requirements

13
 Login for group members for accessing the cloud. Group signature verification for group
members file uploading and downloading.
REQ-1: Username, email id and password for registration.
REQ-2: Username and password for Login.

3.5 Other Nonfunctional Requirements

3.5.1 Performance Requirements
The performance of the product has to be taken care as the users would obviously not want a
software which would take a lot of their time to perform any activity. The product should be
developed to make sure it takes less time to react and perform faster. The search results and time
taken to to download a file should be less as the download speed of the file would depend on the
server configurations.

3.5.2 Safety Requirements

If there is extensive damage to a wide portion of the database due to catastrophic failure,
such as a disk crash, the recovery method restores a past copy of the database that was backed up to
archival storage (typically tape) and reconstructs a more current state by reapplying or redoing the
operations of committed transactions from the backed up log, up to the time of failure.

3.5.3 Security Requirements

Security systems need database storage just like many other applications. However, the special
requirements of the security market mean that vendors must choose their database partner carefully.

3.5.4 Software Quality Attributes

14
Availability – What percentage of time does the cloud vendor guarantee cloud services will be
available.
Elasticity (Scalability) – How easy is it to bring on line or take down compute resources (CPU,
memory, network) as workload increases or decreases.

3.5.5 Business Rules

The economic impact that the system will have on the organization. The amount of fund that
the company can pour into the research and development of the system is limited. The expenditures
must be justified, thus the developed system as well within the budget and this was achieved because
most of the technologies used are freely available. Only the customized products had to be
purchased.

3.6 System Architecture:

15
 fig 3.6.1 System Architecture

There are three entities defined in our system that is cloud, group manager and group manager as
shown here. First group manager is given a login and then he permits the group member module for
accessing the files for that to process from group manager a verification mail is sent to the registered
group member. Now group member will access the signature which is auto generated while registering
that particular signature need to be copied for the access and the same process continues for file
accessing too. And all these information are stored with the help of cloud as shown in the system
architecture the above process describe proceeds.

CHAPTER- IV
4. DESIGN

16
4.1 IMPORTANCE OF DESIGN:
● INPUT DESIGN:

The input design is the link between the information system and the user. It comprises the
developing specification and procedures for data preparation and those steps are necessary to put
transaction data in to a usable form for processing can be achieved by inspecting the computer to
read data from a written or printed document or it can occur by having people keying the data
directly into the system. The design of input focuses on controlling the amount of input required,
controlling the errors, avoiding delay, avoiding extra steps and keeping the process simple. The input
is designed in such a way so that it provides security and ease of use with retaining the privacy. Input
Design considered the following things:

⮚ What data should be given as input?

⮚ How the data should be arranged or coded?
⮚ The dialog to guide the operating personnel in providing input.
⮚ Methods for preparing input validations and steps to follow when error occur.

OBJECTIVES:

1. Input Design is the process of converting a user-oriented description of the input into a computer-
based system. This design is important to avoid errors in the data input process and show the correct
direction to the management for getting correct information from the computerized system.

2. It is achieved by creating user-friendly screens for the data entry to handle large volume of data.
The goal of designing input is to make data entry easier and to be free from errors. The data entry
screen is designed in such a way that all the data manipulates can be performed. It also provides
record viewing facilities.

3. When the data is entered it will check for its validity. Data can be entered with the help of screens.
Appropriate messages are provided as when needed so that the user will not be in maize of instant.
Thus the objective of input design is to create an input layout that is easy to follow

17
OUTPUT DESIGN:

A quality output is one, which meets the requirements of the end user and presents the information
clearly. In any system results of processing are communicated to the users and to other system
through outputs. In output design it is determined how the information is to be displaced for
immediate need and also the hard copy output. It is the most important and direct source information
to the user. Efficient and intelligent output design improves the system’s relationship to help user
decision-making.

1. Designing computer output should proceed in an organized, well thought out manner; the right
output must be developed while ensuring that each output element is designed so that people will
find the system can use easily and effectively. When analysis design computer output, they should
Identify the specific output that is needed to meet the requirements.

2. Select methods for presenting information.

3. Create document, report, or other formats that contain information produced by the system.

The output form of an information system should accomplish one or more of the following
objectives.

❖ Convey information about past activities, current status or projections of the

❖ Future.
❖ Signal important events, opportunities, problems, or warnings.
❖ Trigger an action.
❖ Confirm an action.

Data flow diagram is a structure analysis tool that is used for graphical representation of
Data processes through any organization. The data flow approach emphasizes on the logic
underlying the system, by using combination of four symbols. It follows a top down approach. A full
description of a system actually consists of set of DFD’s, which comprises of various levels. An

18
initial overview model is exploded further in lower level diagrams that show additional feature of the
system. Further each process can be broken down into a more detailed DFD’s. This occurs
repeatedly until sufficient details are described.

4.2 UML DIAGRAMS:

UML stands for Unified Modeling Language. UML is a standardized general-purpose
modeling language in the field of object-oriented software engineering. The standard is managed,
and was created by, the Object Management Group.
The goal is for UML to become a common language for creating models of object oriented
computer software. In its current form UML is comprised of two major components: a Meta-model
and a notation. In the future, some form of method or process may also be added to; or associated
with, UML.
The Unified Modeling Language is a standard language for specifying, Visualization,
Constructing and documenting the artifacts of software system, as well as for business modeling and
other non-software systems.
The UML represents a collection of best engineering practices that have proven successful in
the modeling of large and complex systems.
The UML is a very important part of developing objects oriented software and the software
development process. The UML uses mostly graphical notations to express the design of software
projects.

GOALS:
The Primary goals in the design of the UML are as follows:
1. Provide users a ready-to-use, expressive visual modeling Language so that they can develop and
exchange meaningful models.
2. Provide extendibility and specialization mechanisms to extend the core concepts.
3. Be independent of particular programming languages and development process.
4. Provide a formal basis for understanding the modeling language.
5. Encourage the growth of OO tools market.

19
6. Support higher level development concepts such as collaborations, frameworks, patterns and
components.
7. Integrate best practices.

4.2.1 USE CASE DIAGRAM:

A use case diagram in the Unified Modeling Language (UML) is a type of behavioral
diagram defined by and created from a Use-case analysis. Its purpose is to present a graphical
overview of the functionality provided by a system in terms of actors, their goals (represented as use
cases), and any dependencies between those use cases. The main purpose of a use case diagram is to
show what system functions are performed for which actor. Roles of the actors in the system can be
depicted.

20
 4.1.2.1 Use Case diagram

4.2.2 CLASS DIAGRAM:

21
 In software engineering, a class diagram in the Unified Modeling Language (UML) is a type
of static structure diagram that describes the structure of a system by showing the system's classes,
their attributes, operations (or methods), and the relationships among the classes. It explains which
class contains information.

4.2.2.1 Class diagram

4.2.3 SEQUENCE DIAGRAM:

22
A sequence diagram in Unified Modeling Language (UML) is a kind of interaction diagram that
shows how processes operate with one another and in what order. It is a construct of a Message
Sequence Chart. Sequence diagrams are sometimes called event diagrams, event scenarios, and
timing diagrams.

4.2.3.1 Sequence diagram

4.2.4 ACTIVITY DIAGRAM:

23
Activity diagrams are graphical representations of workflows of stepwise activities and actions with
support for choice, iteration and concurrency. In the Unified Modeling Language, activity diagrams
can be used to describe the business and operational step-by-step workflows of components in a
system. An activity diagram shows the overall flow of control.

4.2.4.1 Activity diagram

4.2.5 STATECHART DIAGRAM:

24
 A state diagram resembles a flowchart in which the initial state is represented by a large
black dot and subsequent states are portrayed as boxes with rounded corners. There may be one or
two horizontal lines through a box, dividing it into stacked sections. In that case, the upper section
contains the name of the state, the middle section (if any) contains the state variables and the lower
section contains the actions performed in that state.

4.2.5.1 State chart diagram

4.3 DATA FLOW DIAGRAM:

25
DFD symbols

Square

It defines a source (originator) or destination of system data.

Arrow

It indicates data flow-data in motion. It is a pipeline through which information flows.

Circle or Bubble

It represents a process that transforms incoming data flow(s) to outgoing data flow(s).

Open Rectangle

It is a data store-data at rest, or a temporary repository of data.

26
 CLOUD

Group Member Group Manager

error error
Login Login

Login Failed Login Failed

success
success

Group Member
Group Signature error
Account Activate
Verification

Signature failed
success

Group details

File Upload

File Details
File Download

File Delete
File Edit and Save

Account Revoke

End

4.3.1 Data flow diagram

27
4.4 DATA DICTIONARY:
4.4.1 MYSQL:
The designers felt that their main goal was to define a SQL interface for Java. Although not the
lowest database interface level possible, it is at a low enough level for higher-level tools and APIs to
be created. Conversely, it is at a high enough level for application programmers to use it confidently.
Attaining this goal allows for future tool vendors to “generate” JDBC code and to hide many of
JDBC’s complexities from the end user.

● JDBC must be implemental on top of common database interfaces

The JDBC SQL API must “sit” on top of other common SQL level APIs. This goal
allows JDBC to use existing ODBC level drivers by the use of a software interface. This
interface would translate JDBC calls to ODBC and vice versa.
● Provide a Java interface that is consistent with the rest of the Java system
Because of Java’s acceptance in the user community thus far, the designers feel that they
should not stray from the current design of the core Java system.

● Keep it simple
This goal probably appears in all software design goal listings. JDBC is no exception. Sun
felt that the design of JDBC should be very simple, allowing for only one method of completing
a task per mechanism. Allowing duplicate functionality only serves to confuse the users of the
API.

● Use strong, static typing wherever possible

Strong typing allows for more error checking to be done at compile time; also, less errors
appear at runtime.

● Keep the common cases simple

Because more often than not, the usual MYSQL calls used by the programmer are simple
SELECT’s, INSERT’s, DELETE’s and UPDATE’s, these queries should be simple to perform
with JDBC. However, more complex MYSQL statements should also be possible.

28
Java Interpreter
Program

Compilers My Program

Fig 4.4.1 : Execution of Java Program

CHAPTER- V

29
 5. IMPLEMENTATION
5.1 MODULE DESCRIPTION
The following the core modules essential for the project:

5.1.1 Cloud Module

5.1.2 Group Manager Module
5.1.3 Group Member Module
5.1.4 File Security Module
5.1.5 Group Signature Module
5.1.6 User Revocation Module

5.1.1 Cloud Module:

In this module, we create a local Cloud and provide priced abundant storage services. The users can
upload their data in the cloud. We develop this module, where the cloud storage can be made secure.
However, the cloud is not fully trusted by users since the CSPs are very likely to be outside of the
cloud users’ trusted domain. Similar to we assume that the cloud server is honest but curious. That
is, the cloud server will not maliciously delete or modify user data due to the protection of data
auditing schemes, but will try to learn the content of the stored data and the identities of cloud users.

5.1.2 Group Manager Module:

Group manager takes charge of followings:

1. System parameters generation

2. User registration

3. User revocation

4. Revealing the real identity of a dispute data owner

Therefore, we assume that the group manager is fully trusted by the other parties. The Group
manager is the admin. The group manager has the logs of each and every process in the cloud. The
group manager is responsible for user registration and also user revocation too.

5.1.3 Group Member Module:

30
Group members are a set of registered users that will

1. Store their private data into the cloud server and

2. Share them with others in the group.

Note that, the group membership is dynamically changed, due to the staff resignation and new
employee participation in the company. The group member has the ownership of changing the files
in the group. Whoever in the group can view the files which are uploaded in their group and also
modify it.

5.1.4 File Security Module:

1. Encrypting the data file.
2. File stored in the cloud can be deleted by either the group manager or the data owner.
(i.e., the member who uploaded the file into the server).

5.1.5 Group Signature Module:

A group signature scheme allows any member of the group to sign messages while keeping the
identity secret from verifiers. Besides, the designated group manager can reveal the identity of the
signature’s originator when a dispute occurs, which is denoted as traceability.

5.1.6 User Revocation Module:

User revocation is performed by the group manager via a public available revocation list (RL), based
on which group members can encrypt their data files and ensure the confidentiality against the
revoked users.

5.2 ALGORITHMS/PRINCIPLE:

5.2.1 Key Generation Algorithm:

Symmetric-key algorithms use the same (secret) key to both apply cryptographic protection
to information8 and to remove or verify the protection. Keys used with symmetric-key algorithms

31
must be known by only the entities authorized to apply, remove or verify the protection, and are
commonly known as secret keys. A secret key is often known by multiple entities that are said to
share or own the secret key, although it is not uncommon for a key to be generated, owned and used
by a single entity (e.g., for secure storage). A secret key shall be generated by:

● One or more of the entities that will share the key.

● A Trusted Party that provides the key to the intended sharing entities in a secure manner. The
Trusted Party must be trusted by all entities that will share the key not to disclose the key to
unauthorized parties or otherwise misuse the key.

● A symmetric key kpi for each pi ∈ P will be selected and the set of keys {kpi }pi∈P will be
sent to the private cloud. An identification protocol II=( proof, verify) is also defined, where proof
and verify are the proof and verification algorithm respectively.

5.2.2 RSA Algorithm:

RSA is an algorithm used by modern computers to encrypt and decrypt messages. It is an

asymmetric cryptographic algorithm. Asymmetric means that there are two different keys. This is
also called public key cryptography, because one of them can be given to everyone.

A user of RSA creates and then publishes a public key based on two large prime numbers, along
with an auxiliary value. The prime numbers must be kept secret. Anyone can use the public key to
encrypt a message, but with currently published methods, if the public key is large enough, only
someone with knowledge of the prime numbers can feasibly decode the message. Breaking RSA
encryption is known as the RSA problem; whether it is as hard as the factoring problem remains an
open question.

RSA is a relatively slow algorithm, and because of this it is less commonly used to directly encrypt
user data. More often, RSA passes encrypted shared keys for symmetric key cryptography which in
turn can perform bulk encryption-decryption operations at much higher speed.

RSA is a cryptosystem for public-key encryption, and is widely used for securing sensitive data,
particularly when being sent over an insecure network such as the Internet.

32
5.3 SAMPLE CODE:

<!DOCTYPE HTML>
<HTML LANG="EN">

<HEAD>
<TITLE>ANTI-COLLISION_DATA_SHARING</TITLE>
<META CHARSET="UTF-8">
<META NAME="DESCRIPTION" CONTENT="YOUR DESCRIPTION">
<META NAME="KEYWORDS" CONTENT="YOUR KEYWORDS">

33
 <META NAME="AUTHOR" CONTENT="YOUR NAME">

<LINK REL="STYLESHEET" HREF="CSS/BOOTSTRAP.CSS">

<LINK REL="STYLESHEET" HREF="CSS/RESPONSIVE.CSS">
<LINK REL="STYLESHEET" HREF="CSS/CAMERA.CSS">
<LINK REL="STYLESHEET" HREF="STYLES.CSS">

<SCRIPT SRC="JS/JQUERY.JS"></SCRIPT>
<SCRIPT SRC="JS/JQUERY-MIGRATE-1.1.1.JS"></SCRIPT>
<SCRIPT SRC="JS/JQUERY.EASING.1.3.JS"></SCRIPT>
<SCRIPT SRC="JS/SUPERFISH.JS"></SCRIPT>
<SCRIPT SRC="JS/JQUERY.MOBILEMENU.JS"></SCRIPT>
<SCRIPT SRC="JS/JQUERY.COOKIE.JS"></SCRIPT>
<SCRIPT SRC="JS/JQUERY.UI.TOTOP.JS"></SCRIPT>

<!-- //////// -->

<SCRIPT SRC="JS/CAMERA.JS"></SCRIPT>
<!--[IF (GT IE 9)|!(IE)]><!-->
<SCRIPT SRC="JS/JQUERY.MOBILE.CUSTOMIZED.MIN.JS"></SCRIPT>
<!--<![ENDIF]-->
<SCRIPT SRC="JS/JQUERY.EQUALHEIGHTS.JS"></SCRIPT>
<!--[IF LT IE 8]>
<DIV STYLE='TEXT-ALIGN:CENTER'><A
HREF="HTTP://WWW.MICROSOFT.COM/WINDOWS/INTERNET-
EXPLORER/DEFAULT.ASPX?OCID=IE6_COUNTDOWN_BANNERCODE"><IMG
SRC="HTTP://WWW.THEIE6COUNTDOWN.COM/IMG/UPGRADE.JPG"BORDER="0"AL
T=""/></A></DIV>
<![ENDIF]-->
</HEAD>

34
<!-- -->
<BODY>
<DIV STYLE="HEIGHT: 600PX;BACKGROUND-COLOR: WHITE">
<!-- HEADER -->
<HEADER>
<DIV CLASS="WRAP EXTRABG2">
<DIV CLASS="CONTAINER">
<H1 CLASS="BRAND"><A HREF="#" CLASS="LOGO">A SECURE ANTI-
COLLUSION DATA SHARING SCHEME FOR DYNAMIC GROUPS IN THE
CLOUD</A></H1>
</DIV>
</DIV>
<DIV CLASS="EXTRABG3">
<DIV CLASS="CONTAINER">
<!--MENU-->
<DIV CLASS="NAVBAR">
<DIV CLASS="NAVBAR-INNER">
<DIV CLASS="NAV-COLLAPSE NAV-COLLAPSE_ COLLAPSE"
STYLE="MARGIN-LEFT: 200PX">
<UL CLASS="SF-MENU">
<LI CLASS="ACTIVE"><A HREF="INDEX.HTML"><DIV
CLASS="BASE_TEXT">HOME</DIV><DIV CLASS="OVER"></DIV></A></LI>
<LI><A HREF="GROUPMANAGER.JSP"><DIV
CLASS="BASE_TEXT">GROUP MANAGER</DIV><DIV
CLASS="OVER"></DIV></A></LI>
<LI><A HREF="MEMBER_LOGIN.JSP"><DIV
CLASS="BASE_TEXT">GROUP MEMBERS</DIV><DIV
CLASS="OVER"></DIV></A></LI>
<LI><A HREF="REGISTER.JSP"><DIV
CLASS="BASE_TEXT">MEMBER REGISTER</DIV><DIV
CLASS="OVER"></DIV></A></LI>

35
 </UL>
</DIV>
</DIV>
</DIV>
</DIV>
</DIV>
</HEADER>
<!-- CONTENT -->
<DIV STYLE="WIDTH: 100%; HEIGHT: 500PX;BACKGROUND-IMAGE:
URL('IMG/BANHM.JPG')">
<BR><BR><H2 STYLE="COLOR: WHITE;FONT-FAMILY: CURSIVE">ABSTRACT:
</H2>
<P STYLE="COLOR: WHITE;TEXT-ALIGN: JUSTIFY;PADDING: 20PX;FONT-
FAMILY: CURSIVE; FONT-SIZE: 15PX">BENEFITED FROM CLOUD COMPUTING,
USERS CAN ACHIEVE AN EFFECTIVE AND
ECONOMICAL APPROACH FOR DATA SHARING AMONG GROUP MEMBERS
IN THE CLOUD
WITH THE CHARACTERS OF LOW MAINTENANCE AND LITTLE
MANAGEMENT COST. MEANWHILE,
WE MUST PROVIDE SECURITY GUARANTEES FOR THE SHARING DATA
FILES SINCE THEY ARE
OUT-SOURCED. UNFORTUNATELY, BECAUSE OF THE FREQUENT CHANGE
OF THE MEMBERSHIP,
SHARING DATA WHILE PROVIDING PRIVACY-PRESERVING IS STILL A
CHALLENGING ISSUE,
ESPECIALLY FOR AN UNTRUSTED CLOUD DUE TO THE COLLUSION
ATTACK. MOREOVER, FOR
EXISTING SCHEMES, THE SECURITY OF KEY DISTRIBUTION IS BASED ON
THE SECURE
COMMUNICATION CHANNEL, HOWEVER, TO HAVE SUCH CHANNEL IS A
STRONG ASSUMPTION AND

36
 IS DIFFICULT FOR PRACTICE. IN THIS PAPER, WE PROPOSE A SECURE DATA
SHARING SCHEME
FOR DYNAMIC MEMBERS. FIRSTLY, WE PROPOSE A SECURE WAY FOR KEY
DISTRIBUTION WITHOUT
ANY SECURE COMMUNICATION CHANNELS, AND THE USERS CAN
SECURELY OBTAIN THEIR PRIVATE
KEYS FROM GROUP MANAGER. SECONDLY, OUR SCHEME CAN ACHIEVE
FINE-GRAINED ACCESS CONTROL,
ANY USER IN THE GROUP CAN USE THE SOURCE IN THE CLOUD AND
REVOKED USERS CANNOT ACCESS
THE CLOUD AGAIN AFTER THEY ARE REVOKED. THIRDLY, WE CAN
PROTECT THE SCHEME FROM COLLUSION
ATTACK, WHICH MEANS THAT REVOKED USERS CANNOT GET THE
ORIGINAL DATA FILE EVEN IF THEY CONSPIRE
WITH THE UNTRUSTED CLOUD. IN OUR APPROACH, BY LEVERAGING
POLYNOMIAL FUNCTION, WE CAN ACHIEVE A
SECURE USER REVOCATION SCHEME. FINALLY, OUR SCHEME CAN
ACHIEVE FINE EFFICIENCY, WHICH MEANS PREVIOUS
USERS NEED NOT TO UPDATE THEIR PRIVATE KEYS FOR THE SITUATION
EITHER A NEW USER JOINS IN THE GROUP OR
A USER IS REVOKED FROM THE GROUP.</P>
</DIV>
</DIV>

37
 CHAPTER- VI

6. TESTING

6.1 IMPORTANCE OF TESTING:

The purpose of testing is to discover errors. Testing is the process of trying to discover every
conceivable fault or weakness in a work product. It provides a way to check the functionality of
components, sub assemblies, assemblies and/or a finished product It is the process of exercising
software with the intent of ensuring that the

Software system meets its requirements and user expectations and does not fail in an
unacceptable manner. There are various types of test. Each test type addresses a specific testing
requirement.

6.2 TYPES OF TESTS:

38
 6.2.1 Unit Testing:
Unit testing involves the design of test cases that validate that the internal program logic is
functioning properly, and that program input produce valid outputs. All decision branches and
internal code flow should be validated. It is the testing of individual software units of the
application .it is done after the completion of an individual unit before integration. This is a
structural testing, that relies on knowledge of its construction and is invasive. Unit tests perform
basic tests at component level and test a specific business process, application, and/or system
configuration. Unit tests ensure that each unique path of a business process performs accurately to
the documented specifications and contains clearly defined inputs and expected results.

6.2.2 Integration Testing:

Integration tests are designed to test integrated software components to determine if they
actually run as one program. Testing is event driven and is more concerned with the basic outcome
of screens or fields. Integration tests demonstrate that although the components were individually
satisfaction, as shown by successfully unit testing, the combination of components is correct and
consistent. Integration testing is specifically aimed at exposing the problems that arise from the
combination of components.

6.2.3 Functional Test:

Functional tests provide a systematic demonstrations that functions tested are available as specified
by the business and technical requirements, system documentation, and user manuals.

Functional testing is centered on the following items:

Valid Input : identified classes of valid input must be accepted.

Invalid Input : identified classes of invalid input must be rejected.

Functions : identified functions must be exercised.

Output : identified classes of application outputs must be exercised.

Systems/Procedures: interfacing systems or procedures must be invoked.

39
 Organization and preparation of functional tests is focused on requirements, key functions,
or special test cases. In addition, systematic coverage pertaining to identify

Business process flows; data fields, predefined processes, and successive processes must be
considered for testing. Before functional testing is complete, additional tests are identified and the
effective value of current tests is determined.

6.2.4 System Test:

System testing ensures that the entire integrated software system meets requirements. It tests a
configuration to ensure known and predictable results. An example of system testing is the
configuration oriented system integration test. System testing is based on process descriptions and
flows, emphasizing pre-driven process links and integration points.

6.2.5 White Box Testing:

White Box Testing is a testing in which in which the software tester has knowledge of the
inner workings, structure and language of the software, or at least its purpose. It is purpose. It is used
to test areas that cannot be reached from a black box level.

6.2.6 Black Box Testing:

Black Box Testing is testing the software without any knowledge of the inner workings,
structure or language of the module being tested. Black box tests, as most other kinds of tests, must
be written from a definitive source document, such as specification or requirements document, such
as specification or requirements document. It is a testing in which the software under test is treated,
as a black box .you cannot “see” into it. The test provides inputs and responds to outputs without
considering how the software works

6.3 TEST CASES:

Test Scenario Home Page Verifying Links:

Test Test Test case Test data Expected Actual Res Remarks

40
Case Descriptio Steps output output ult
ID # n

TC_1 Links- 1. Open 1. Click 1. Navigates to 1. Home Select each

Verificatio application on Home Home page. page is and every link
using Page. displayed. on the home
n
browser page and
2. Click 2. Group check whether
2.Group- on Group 2. Navigates to manager
Group manager Pas it navigates to
manager Manager page is s their
Page display tab. page. displayed. corresponding
3. Click 3. Group valid page or
on Group member not.
3. Navigates to
member Group Member login is
tab. page. displayed.

4. Click 4. Navigates to 4. User

on User Registration
Registratio Registration page is
n page. page. displayed

Fig 6.3.1: Test Scenario Home Page Verifying Links

Test Scenario for Admin Login Page:

Test Case Test Test case Test data Expected Actual Resul Remarks
ID # Description Steps output output t

TC_2 Group 1. Run the Usernam Navigates Group Pass If username

Manager login page. e : xxxx to Group Manger and password
Login Manager page is is valid then it
page_textfiel 2. Enter Password page. displayed. navigates to
d Username : xxxxx home page.
and
Password.

3. Click on
login
button.

Fig 6.3.2: Test Scenario for Admin Login Page

41
 Test Scenario for Private Cloud:

Test Case ID Test Test case Test data Expected Actual Result Remarks
# Description Steps output output

TC_3 Group 1. Run the Username Navigates Group Pass If

Member Group :xxxxxxx to Group Member username
Member Member page is and
Login Password
page. page. displayed. password
: xxxxx is valid
2. Enter then it
Username navigates
and to home
Password. page.
3. Click
on login
button.

Fig 6.3.3: Test Scenario for Private Cloud

Test Scenario for User Registration:

Test Case Test Test case Test data Expected Actual Resu Remarks
ID # Description Steps output output lt

TC_4 User 1. Run the A text A text Pass All the

Register registration message is message is fields that
page. Name :xxxx displayed displayed are
Username : saying saying mentioned
2. Enter all "Successf "Successf are
the text xxxxx
ul ul mandatory.
fields Password : registratio registratio Filling all
marked as xxxxx n". n". the details
important. leads to
Confirm
3. Click on successful
password :
submit registration
xxxx

42
 button. Mail ID :
xxxxx

Phone
Number :
xxxxxxx

TC_5 Verification 1. Signature Signature Signature Signature Pass Signature

- Signature is sent to sent to is sent to sent to mail
mail for mail mail to be copied
registration for user to
verification. get
registered.

43
 Fig 6.3.4: Test Scenario for User Registration

6.4 SCREEN SHOTS:

44
 CHAPTER- VII

7. CONCLUSION AND FUTURE SCOPE

In this paper, we design a secure anti-collusion data sharing scheme for dynamic groups in the cloud.
In our scheme, the users scan securely obtain their private keys from group manager Certificate
Authorities and secure communication channels. Also, our scheme is able to support dynamic groups
efficiently, when a new user joins in the group or a user is revoked from the group, the private keys
of the other users do not need to be recomputed and updated. Moreover, our scheme can achieve
secure user revocation, the revoked users can not be able to get the original data files once they are
revoked even if they conspire with the untrusted cloud.

45
 CHAPTER- VIII

8. BIBLIOGRAPHY
[1] M.Armbrust, A.Fox, R.Griffith, A.D.Joseph, R.Katz,A.Konwinski, G. Lee, D.Patterson,
A.Rabkin, I.Stoica, andM.Zaharia. “A View of Cloud Computing,”Comm. ACM, vol. 53,no.4,
pp.50-58, Apr.2010.

[2] S.Kamara and K.Lauter,“Cryptographic Cloud Storage,” Proc.Int’l Conf.

Financial Cryptography and Data Security (FC), pp.136-149, Jan. 2010.

[3] M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K.Fu,“Plutus: Scalable Secure File
Sharing on Untrusted Storage,” Proc.USENIX Conf. File and Storage Technologies, pp. 29-42,
2003.

[4] E.Goh, H. Shacham, N. Modadugu, and D. Boneh, “Sirius: Securing Remote Untrusted Storage,”
Proc. Network and DistributedSystems Security Symp. (NDSS), pp. 131-145, 2003.

[5] G. Ateniese, K. Fu, M. Green, and S. Hohenberger,“Improved Proxy Re-Encryption Schemes

with Applications to Secure Distributed Storage,” Proc. Network and Distributed Systems
SecuritySymp. (NDSS), pp. 29-43, 2005.

[6] Shucheng Yu, Cong Wang, Kui Ren, and Weijing Lou, “Achieving Secure, Scalable, and Fine-
grained Data Access Control in Cloud Computing,” Proc. ACM Symp. Information, Computer and
Comm. Security, pp. 282-292, 2010.

46
[7] V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-Based Encryption for Fine-Grained
Access Control of Encrypted Data,” Proc. ACM Conf. Computer and Comm. Security (CCS), pp.
89-98, 2006
[8] R. Lu, X. Lin, X. Liang, and X. Shen, “Secure Provenance: The Essential of Bread and Butter of
Data Forensics in Cloud Computing,” Proc. ACM Symp. Information, Computer and Comm.
Security, pp. 282-292, 2010.

[9] B. Waters, “Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and

Provably Secure Realization,” Proc. Int’l Conf. Practice and Theory in Public Key Cryptography
Conf. Public Key Cryptography, http://eprint.iacr.org/2008/290.pdf, 2008

[10] Xuefeng Liu, Yuqing Zhang, Boyang Wang, and Jingbo Yang, “Mona: Secure Multi-Owner
Data Sharing for Dynamic Groups in the Cloud,” IEEE Transactions on Parallel and Distributed
Systems, vol. 24, no. 6, pp. 1182-1191, June 2013.

[11] D.Boneh, X. Boyen, and E. Goh, “Hierarchical IdentityBasedEncryption with Constant Size
Ciphertext,” Proc. Ann. Int’l Conf.Theory and Applications of Cryptographic Techniques
(EUROCRYPT),pp. 440-456, 2005.

[12] C. Delerablee, P. Paillier, and D. Pointcheval, “FullyCollusionSecure Dynamic Broadcast

Encryption with Constant-SizeCi-phertexts or Decryption Keys,” Proc.First Int’l Conf. Pairing-
BasedCryptography, pp. 39-59, 2007.

[13] Zhongma Zhu, Zemin Jiang, Rui Jiang, “The Attack on Mona: Secure Multi-Owner Data
Sharing for Dynamic Groups in the Cloud,”Proceedings of2013 International Conference on
Information Science and Cloud Computing (ISCC 2013 ), Guangzhou,Dec.7,2013,pp. 185-189.

[14] Lan Zhou, Vijay Varadharajan, and Michael Hitchens, “Achieving Secure Role-Based Access
Control on Encrypted Data in Cloud Storage,”IEEE Transactions on Information Forensics and
Security, vol. 8, no. 12, pp. 1947-1960, December 2013.

47
[15]Xukai Zou, Yuan-shunDai, and ElisaBertino, “A practical and flexible keymanagement
mechanism for trusted collaborative computing,”INFOCOM 2008, pp. 1211-1219.
[16] M. Nabeel, N. Shang, and E. Bertino, “Privacy preserving policybased content sharing in public
clouds,”IEEE Trans. on Know. andData Eng., vol. 25, no. 11, pp. 2602-2614, 2013.

[17] Dolev,D.,Yao A. C.,"On the security of public key protocols",IEEE trans. on Information
Theory,vol. IT-29, no. 2, pp.198–208, 1983

[18] BonehDan, FranklinMatt, “Identity-based encryption from the weil pairing

[19] B. den Boer,Diffie–Hellman is as strong as discrete log for certain primesin Advances in
Cryptology–CRYPTO88, Lecture Notes in Computer Science 403, Springer, p.530, 1988.

[20] D. Boneh, X. Boyen, H. shacham, “Short group signature,” Proc. Int’l Cryptology Conf.
Advances in Cryptology, pp.41-55, 2004.

[21] D. Boneh, X. Boyen, and E. Goh, “Hierarchical IdentityBasedEncryption withConstant Size

Ciphertext,” Proc. Ann. Int’l Conf.Theory and Applications of Cryptographic Functions

48