[ADI SHANKARA]

My Kid : An Android Based Children Tracking System

Software Requirements Specification

2016 ADI SHANKARA

Revision History
Date

Revision

Description

Author

28/09/2015

1.0

Initial Version

Athulya Balachandran, K C
Reshma, Sruthi Suresh

10/10/2015

2.0

Second Revision

K C Reshma, Sruthi Suresh

29/03/2016

3.0

Third Revision

Sruthi Suresh,Athul P Ravi,

Athulya Balachandran

2/04/2016

4.0

Fourth Revision

K C Reshma,Athul P
Ravi,Athulya Balachandran

Table of Contents
1. PURPOSE

1.1. SCOPE
1.2. DEFINITIONS, ACRONYMS, ABBREVIATIONS
1.2.1. Definitions
1.2.2. Acronyms
1.3. REFERENCES
1.4. OVERVIEW
2. OVERALL DESCRIPTION

10

2.1. PRODUCT PERSPECTIVE

10

2.2. PRODUCT ARCHITECTURE

10

2.3. PRODUCT FUNCTIONALITY/FEATURES

11

2.4. USER CHARACTERISTICS

11

2.5. CONSTRAINTS

12

2.6. ASSUMPTIONS AND DEPENDENCIES

12

3. SPECIFIC REQUIREMENTS

13

3.1. FUNCTIONAL REQUIREMENTS

13

3.2. EXTERNAL INTERFACE REQUIREMENTS

13

3.3. INTERNAL INTERFACE REQUIREMENTS

13

3.4. INTERNAL DATA REQUIREMENTS

13

3.5. DESIGN AND IMPLEMENTATION CONSTRAINTS

13

3.6. OTHER REQUIREMENTS

13

4. NON-FUNCTIONAL REQUIREMENTS

14

4.1. SAFETY REQUIREMENTS

14

4.2. SECURITY AND PRIVACY REQUIREMENTS

14

4.3. ENVIRONMENTAL REQUIREMENTS

14

4.4. COMPUTER RESOURCE REQUIREMENTS

14

4.4.1. Computer Hardware Requirements

14

4.4.2. Computer Hardware Resource Utilization Requirements

14

4.4.3. Computer Software Requirements

15

4.4.4. Computer Communication Requirements

15

4.5. SOFTWARE QUALITY FACTORS

15

4.6. PACKAGING REQUIREMENTS

15

4.7. PRECEDENCE AND CRITICALITY OF REQUIREMENTS

15

A Hybrid Cloud Approach for Secure Authorized Deduplication

November 2016

1. Purpose
Data deduplication is one of important data compression techniques for
eliminating duplicate copies of repeating data, and it has been widely used in
cloud storage to reduce the amount of storage space and save bandwidth. To
protect the confidentiality of sensitive data while supporting deduplication, the
convergent encryption technique is used. Deduplication is performed for checking
if the contents of two files are the same and stores only one of them. The system
proposes techniques to eliminate multiple copies of same file when they are
downloaded from a server.
Objectives include:

To eliminate multiple copies of the same file

To reduce the storage space
To prevent the downloading of the same file more than once.
To eliminate the uploading of the same file of data more than once.
Checks if there are same copies of file using checksum header before
uploading and downloading of files.

1.1 Overview
In this new deduplication system, hybrid cloud architecture is introduced to solve
the problem. The private keys for privileges will not be issued to users directly,
which will be kept and managed by the private cloud server instead. In this way,
the users cannot share these private keys of privileges in this proposed
construction, which means that it can prevent the privilege key sharing among
users in the above straightforward construction. To get a file token, the user needs
to send a request to the private cloud server.

Dept Of Information Technology

Page 1

A Hybrid Cloud Approach for Secure Authorized Deduplication

November 2016

1.1.1 Existing System

1.1.1.1 DeDu
It is an efficient deduplication system, but it cannot handle encrypted data. If
clients conventionally encrypt their data, storage savings by deduplication are
totally lost. This is because encrypted data are saved as different contents by
applying different encryption keys. This process suffers from Brute-force
dictionary attacks. Message-Locked Encryption

intends to solve this

problem.
1.1.1.2 DupLESS
DupLESS provides secure deduplicated storage to resist brute-force attacks.
In DupLESS, a group of affiliated clients (e.g., company employees) encrypt
their data with the aid of a Key Server (KS) that is separate from a Storage
Service (SS). Clients authenticate themselves to the KS, but do not leak any
information about their data to it. As long as the KS remains inaccessible to
attackers, high security can be ensured. Obviously, DupLESS cannot control
data access of other data users in a flexible way.
1.1.1.3 PROOFS OF OWNERSHIP (PoW)
Proofs of Ownership (PoW) [6] is based on Merkle tree for deduplication,
which realized client-side deduplication. This method applies an erasure
coding or hash function over the original file first and then use Merkle tree on
the pre-processed data to generate the verification information. When
challenging a prover, a verifier randomly chooses several leaves of the tree
and obtains the corresponding sibling-paths of all these leaves. Only when all
paths are valid, will the verifier accept the proof. This construction can
identify deduplication at a client to save network bandwidth and guarantee
that the client holds a file rather than some part. This method does not pay
attention to data privacy and the server for data storage could be aware of the
Dept Of Information Technology

Page 2

A Hybrid Cloud Approach for Secure Authorized Deduplication

November 2016

file content. This scheme also generates verification information for

deduplication check based on Merkle trees. Each leaf value is generated
based on several data blocks, while each interactive proof protocol can only
challenge one leaf of the Merkle tree.

1.1.2 Proposed System

Convergent encryption has been proposed to enforce data confidentiality
while making deduplication feasible. It encrypts/decrypts a data copy with
a convergent key, which is obtained by computing the cryptographic hash
value of the content of the data copy. After key generation and data
encryption, users retain the keys and send the ciphertext to the cloud.
Since the encryption operation is deterministic and is derived from the
data content, identical data copies will generate same convergent key and
hence the same ciphertext. To prevent unauthorized access, a secure proof
of ownership protocol is also needed to provide the proof that the user
indeed owns the same file when a duplicate is found. After the proof,
subsequent users with the same file will be provided a pointer from the
server without needing to upload the same file. A user can download the
encrypted file with the pointer from the server, which can only be
decrypted by the corresponding data owners with their convergent keys.
Thus, convergent encryption allows the cloud to perform deduplication on
the ciphertext and the proof of ownership prevents the unauthorized user
to access the file. However, previous deduplication systems cannot support
differential authorization duplicate check, which is important in many
applications. In such an authorized deduplication system, each user is
issued a set of privileges during system initialization each file uploaded to
cloud is also bounded by a set of privileges to specify which kind of users
is allowed to perform the duplicate check and access the files.
BENEFITS OF THE PROPOSED SYSTEM

Dept Of Information Technology

Page 3

A Hybrid Cloud Approach for Secure Authorized Deduplication

November 2016

It makes overhead to minimal compared to the normal convergent

encryption and file upload operations.

Data confidentiality is maintained.

Secure compared to existing techniques.
Eliminate duplication of files by checking and verifying it before
file uploading or downloading is done.

Dept Of Information Technology

Page 4

A Hybrid Cloud Approach for Secure Authorized Deduplication

November 2016

2. Overall Description
2.1

Product Perspective
Secure Duplication with Hybrid Architecture
By using the duplication technique, to store the data that will use S-CSP are
consisted as group of affiliated client at high level. The main aim is enterprise all
the network. To set the data back up and disaster recovery applications for reduce
the storage space. We frequently go for de-duplication. Such systems are
widespread and are often more suitable to user file backup and synchronization
applications than richer storage abstractions. De-duplication performed by S-CSP
by checking if the contents of two files are the same and stores only one of them.

2.2

Product Architecture
The below diagram depicts the architecture of the proposed system:

Fig 2.1 Product Architecture

Dept Of Information Technology

Page 5

A Hybrid Cloud Approach for Secure Authorized Deduplication

November 2016

There are three entities define in our system as shown in figure 1, those are,

Users

Private cloud

S-CSP in public cloud

Data User: A user is an entity that wants to outsource data storage to the S-CSP
and access the data later. In a storage system supporting de-duplication, the user
only uploads unique data but does not upload any duplicate data to save the
upload bandwidth, which may be owned by the same user or different users. In the
authorized de-duplication system, each user is issued a set of privileges in the
setup of the system. Each file is protected with the convergent encryption key and
privilege keys to realize the authorized de-duplication with differential privileges.
Private Cloud: Compared with the traditional de-duplication architecture in
cloud computing, this is a new entity introduced for facilitating users secure
usage of cloud service. Specifically, since the computing resources at data
user/owner side are restricted and the public cloud is not fully trusted in practice,
private cloud is able to provide data user/owner with an execution environment
and infrastructure working as an interface between user and the public cloud. The
private keys for the privileges are managed by the private cloud, who answers the
file token requests from the users. The interface offered by the private cloud
allows user to submit files and queries to be securely stored and computed
respectively.
S-CSP in public cloud: This is an entity that provides a data storage service in
public cloud. The S-CSP provides the data outsourcing service and stores data on
behalf of the users. To reduce the storage cost, the S-CSP eliminates the storage of
redundant data via de-duplication and keeps only unique data. In this paper, we
assume that S-CSP is always online and has abundant storage capacity and
computation power.
Dept Of Information Technology

Page 6

A Hybrid Cloud Approach for Secure Authorized Deduplication

November 2016

2.3 Product Functionality/Features

There are four modules in this proposed system. They are Data owner module,
Encryption and decryption module, Remote user module, and Cloud user module.
Data user module:
a.

Data Owner login validations.

b.

Upload Files.

c.

Manipulates Encrypted files.

d.

Differential Authorization.

Encryption and decryption module:

a.

Generate signs

b.

Encrypts and uploads files.

c.

Decrypts and downloads files.

d.

Data confidentiality.

Remote user module:

a.

Accessing Files.

b.

Remote User login validations

Cloud server module:

a.

Authorized Duplicate Check.

b.

Accessing files.

Dept Of Information Technology

Page 7

A Hybrid Cloud Approach for Secure Authorized Deduplication

November 2016

2.4 Assumptions and Dependencies

Assume that internet connection is available because internet connection is

needed for all operations such as file uploading and downloading.

Dept Of Information Technology

Page 8

A Hybrid Cloud Approach for Secure Authorized Deduplication

November 2016

3. Specific Requirements
3.1 Functional Requirements

Data owner login validation: Provide the user with a valid user name and

password.
File selection: Select the file for uploading and downloading.
Authorized duplicate check: Check for the duplicate copies of the file that need to

be either downloaded or uploaded.

Upload files: Upload the required file.
Download files: Download the required file
File access: Provide secure and flexible file access
File encryption: Encrypt the selected file that need to be downloaded or uploaded
File decryption: Decrypt the selected file
Key generation: Generate a unique key for each of the selected file.
Data confidentiality: Maintain data security and privacy

3.2 External Interface Requirements

Valid user name and password

File selection
Uploading files
Downloading files

3.3 Internal Interface Requirements

Authorized duplicate check

Key generation

File encryption

File decryption

Secured file access

3.4 Design and implementation constraints

Dept Of Information Technology

Page 9

A Hybrid Cloud Approach for Secure Authorized Deduplication

Dept Of Information Technology

Page 10

November 2016

A Hybrid Cloud Approach for Secure Authorized Deduplication

November 2016

4. Non-Functional Requirements
4.1 Safety Requirements

4.2

Security and Privacy Requirements

4.3

Successful authorized deduplication.

Secure data access.

Data confidentiality should be maintained.

Successful authorization of duplicate-check.

Computer Resource Requirements

4.3.1

Computer Hardware Requirements

System Pentium IV
Hard disk
Floppy disk
Monitor color
RAM

: 2.4 GHz
: 40 GB
: 1.44 Mb
: 15 VGA
: 512 MB

4.3.2 Computer Software Requirements

4.4

Operating system
Coding language
IDE
Database

: Windows 7/XP
: Java/J2EE
: Net beans 7.4
: MYSQL

Browsers

Firefox(latest version)

Chrome(latest version)

Safari

Internet Explorer 10 or newer

Dept Of Information Technology

Page 11

A Hybrid Cloud Approach for Secure Authorized Deduplication

4.5

November 2016

Software Quality Factors

The various quality factors that uniquely distinguish the proposed system
include:

Cost Effective. The software components are purely open source and thus we

arent bound to any licensing costs.

Ease of Use

Dept Of Information Technology

Page 12