Professional Documents
Culture Documents
Main Project Report Two Factor Security Mechanism
Main Project Report Two Factor Security Mechanism
CHAPTER 1
INTRODUCTION
The Audit Commission Update report shows that in the UK the percentage of
organizations reporting incidents of IT fraud and abuse in 2000 rose to 56% from 36%
in 1994. While equipment theft is a real problem, the most damaging aspect is the loss
of data and software. Sources of damage such as computer viruses, computer hacking
and denial of service attacks have become more common, more ambitious and
increasingly sophisticated. The internet exposes organizations to an increased risk that
networks will be accessed improperly, data corrupted and viruses introduced. The
percentage of organizations reporting hacking incidents has trebled. Not all breaches are
the result of crime; inadvertent misuse and human error play their part too.
Cloud storage is a model of networked storage system where data is stored in pools of
storage which are generally hosted by third parties. There are many benefits to use
cloud storage. Storage maintenance tasks, such as purchasing additional storage
capacity, can be offloaded to the responsibility of a service provider. The most notable
is data accessibility. Data stored in the cloud can be accessed at any time from any
place as long as there is network access. Despite its advantages, outsourcing data
storage also increases the attack surface area at the same time. For example, when data
is distributed, the more locations it is stored the higher risk it contains for unauthorized
physical access to the data. By sharing storage and networks with many other users it is
1
CSE Department KMEA Engineering College
Main project Report Two Factor Security Mechanism
also possible for other unauthorized users to access your data. So data security is
essential in information sharing environment.
Outsourcing data storage increases the attack surface area. For example, when data is
distributed, the more locations it is stored the higher risk it contains for unauthorized
physical access to the data. By sharing storage and networks with many other users it is
also possible for other unauthorized users to access your data. This may be due to
mistaken actions, faulty equipment, or sometimes because of criminal intent. A
promising solution to offset the risk is to deploy encryption technology. Encryption can
protect data as it is being transmitted to and from In a normal asymmetric encryption,
there is a single secret key corresponding to a public key or an identity. The decryption
of ciphertext only requires this key. The key is usually stored inside either a personal
computer or a trusted server, and may be protected by a password. The security
protection is sufficient if the computer/server is isolated from an opening network.
Unfortunately, this is not what happens in the real life. When being connected with the
world through the Internet, the computer/server may suffer from a potential risk that
hackers may intrude into it to compromise the secret key without letting the key owner
know. In the physical security aspect, the computer storing a user decryption key may
be used by another user when the original computer user (i.e. the key owner) is away
(e.g. when the user goes to toilet for a while without locking the machine). In an
enterprise or college, the sharing usage of computers is also common. For example, in a
college, a public computer in a copier room will be shared with all students staying at
the same floor. In these cases, the secret key can be compromised by some attackers
who can access the victim’s personal data stored in the cloud system. Therefore, there
exists a need to enhance the security protection.
Many e-banking applications require a user to use both a password and a security
device (two factors) to login system for money transfer. The security device may
display a one-time password to let the user type it into the system, or it may be needed
2
CSE Department KMEA Engineering College
Main project Report Two Factor Security Mechanism
to connect with the computer (e.g. through USB or NFC). The purpose of using two
factors is to enhance the security protection for the access control. Actually, we have
noticed that the concept of two-factor encryption, which is one of the encryption trends
for data protection, has been spread into some real-world applications, for example,
military application, full disk encryption with Ubuntu system, AT&T two factor
encryption for Smartphones, electronic vaulting and druva - cloud-based data
encryption. This motivates our work.
3
CSE Department KMEA Engineering College
Main project Report Two Factor Security Mechanism
CHAPTER 2
LITERATURE SURVEY
It introduce a new paradigm for public key cryptography, which we name certificateless
public key cryptography (CL-PKC). The concept grew out of a search for public key
schemes that do not require the use of certificates and yet do not have the built-in key
escrow feature of ID-PKC. The solution they propose enjoys both of these properties; it
is a model for the use of public key cryptography that is intermediate between
traditional PKI and ID-PKC. It demonstrate that the concept of CL-PKC can be made
real by specifying certificateless encryption and signature schemes. It proves that the
encryption scheme is secure in a new and appropriate model, given the hardness of an
underlying computational problem.
Setup: This algorithm takes security parameter k and returns the system parameters
params and master-key. The system parameters includes a description of the message
space M and ciphertext space C. Usually, this algorithm is run by the KGC. We assume
4
CSE Department KMEA Engineering College
Main project Report Two Factor Security Mechanism
throughout that params are publicly and authentically available, but that only the KGC
knows master-key.
Set-Secret-Value: This algorithm takes as inputs params and an entity A’s identifier
IDA as inputs and outputs A’s secret value xA.
Set-Private-Key: This algorithm takes parameters, an entity A’s partial private key
DA and A’s secret value xA as input. The value xA is used to transform DA into the
(full) private key SA. The algorithm returns SA.
Set-Public-Key: This algorithm takes params and entity A’s secret value xA as input
and from these constructs the public key PA for entity A. Normally both Set-Private-
Key and Set-Public-Key are run by an entity A for itself, after running Set-Secret-
Value. The same secret value xA is used in each. Separating them makes it clear that
there is no need for a temporal ordering on the generation of public and private keys in
our CL-PKE scheme. Usually, A is the only entity in possession of SA and xA, and xA
will be chosen at random from a suitable and large set.
Encrypt: This algorithm takes as inputs params, a message M ∈M, and the public key
PA and identifier IDA of an entity A. It returns either a ciphertext C ∈Cor the null
symbol ⊥ indicating an encryption failure. This will always occur in the event that PA
does not have the correct form. In our scheme, this is the only way an encryption failure
will occur.
Decrypt: This algorithm takes as inputs params, C ∈C, and a private key SA. It returns
a message M ∈Mor a message ⊥ indicating a decryption failure. Naturally, we insist
that output M should result from applying algorithm Decrypt with inputs params, SA on
a ciphertext C generated by using algorithm Encrypt with inputs params, PA, IDA on
message M.
5
CSE Department KMEA Engineering College
Main project Report Two Factor Security Mechanism
ADVANTAGES
The infrastructure needed to support CL-PKC is lightweight when compared to
a traditional PKI.This immediately makes CL-PKC attractive for low-
bandwidth, low-power situations..
CL-PKC signature scheme can also support true non-repudiation, because
private keys remain in the sole possession of their legitimate owners.
Revocation of keys in CL-PKC systems can be handled in the same way as in
ID-PKC systems. the idea of appending validity periods to identifiers IDA is
given as one convenient solution.
Although our CL-PKC schemes are no longer identity-based, they do enjoy the
property that an entity’s private key can be determined after its public key has
been generated and used.
DISADVANTAGES
However, it should be pointed out that recently introduced signatures schemes
enjoying very short signatures could be used to significantly decrease the size of
certificates and create a lightweight PKI.
CL-PKC has a limited shelf-life.
CL-PKC schemes are not identity-based.
ADOPTIONS
6
CSE Department KMEA Engineering College
Main project Report Two Factor Security Mechanism
Mediated cryptography was first introduced for the purpose of revocation of public
keys. It requires an online mediator, referred to a SEM (SEcurity Mediator), for every
transaction. The SEM also provides a control of security capabilities. If the SEM does
not cooperate then no transactions with the public key are possible any longer. In other
words, any revoked user cannot get the cooperation from the SEM. That means revoked
users cannot decrypt any ciphertext successfully. Later on, this notion was further
generalized as security mediated certificateless (SMC) cryptography. In a SMC system,
a user has a secret key, public key and an identity. The user secret key and the SEM are
required to decrypt a ciphertext or sign a message. On the opposite side, the user public
key and the corresponding identity are needed for signature verification or encryption.
Since the SEM is controlled by the revocation authority, the authority can refuse to
provide any cooperation for revoked user so that no revoked user can generate signature
or decrypt ciphertext. Note that SMC is different from our concept. The main purpose
of SMC is to solve the revocation problem. Thus the SME is controlled by the authority
and it has to based. The encryptor (or signature be online for every signatures and
ciphertext decryption. Furthermore, it is not identity-verifier) needs to know the
corresponding public key in addition to the identity. That makes the system less
practical and looses the advantages of using identity-based system.
ADVANTAGES
Device revocability
Certificateless cryptography is used.
DISADVANTAGES
ADOPTIONS
7
CSE Department KMEA Engineering College
Main project Report Two Factor Security Mechanism
In KAC, users encrypt a message not only under a public-key, but also under an
identifier of ciphertext called class. That means the ciphertexts are further categorized
into different classes. The key owner holds a master-secret called master-secret key,
which can be used to extract secret keys for different classes. More importantly, the
extracted key have can be an aggregate key which is as compact as a secret key for a
single class, but aggregates the power of many such keys, i.e., the decryption power for
any subset of ciphertext classes. With our solution, Alice can simply send Bob a single
aggregate key via a secure e-mail. Bob can download the encrypted photos from Alice’s
Dropbox space and then use this aggregate key to decrypt these encrypted photos. The
scenario is depicted in Figure 1. The sizes of ciphertext, public-key, master-secret key
8
CSE Department KMEA Engineering College
Main project Report Two Factor Security Mechanism
and aggregate key in our KAC schemes are all of constant size. The public system
parameter has size linear in the number of ciphertext classes, but only a small part of it
is needed each time and it can be fetched on demand from large (but non-confidential)
cloud storage.
ADVANTAGES
DISADVANTAGES
9
CSE Department KMEA Engineering College
Main project Report Two Factor Security Mechanism
ADOPTIONS
Implementing a system such that one can aggregate any set of secret keys and make
them as compact as a single key, but encompassing the power of all the keys being
aggregated. Ie different keys can be generated for different text.
10
CSE Department KMEA Engineering College
Main project Report Two Factor Security Mechanism
delegator using only her IBE secret key— the IBE master secret is not required is based
on a standard assumption (DBDH) in the random oracle model.
Here briefly reiterate some of these properties, in particular those that our scheme
provides and that, we believe, are relevant for practical instantiations of Identity-Based
Proxy Re-encryption.
ADVANTAGES
DISADVANTAGES
ADOPTIONS
11
CSE Department KMEA Engineering College
Main project Report Two Factor Security Mechanism
The feature adopted is of re-encryption using the secret key. Here the data or the public
key is not necessary, only requirement is the identity of receiver. It is used in the second
phase of encryption and also in device revocability where the data is re-encrypted again.
The encryption process is executed twice. First encrypt the plaintext corresponding to
the public key or identity of the user. Then encrypt it again corresponding to the public
key or serial number of the security device. For the decryption stage, the security device
first decrypts once. The partially decrypted ciphertext is then passed to the computer
which uses the user secret key to further decrypt it. Without either part (user secret key
or security device) one cannot decrypt the ciphertext. If the user has lost his security
device, then his/her corresponding ciphertext in the cloud cannot be decrypted forever!
That is, the approach cannot support security device update/ revocability.
ADVANTAGE
DISADVANTAGE
12
CSE Department KMEA Engineering College
Main project Report Two Factor Security Mechanism
ADOPTIONS
The features and implementation of this paper are much similar except device
revocability . Adopted feature is encryption based on identity and private key.
Steganography is the art of hiding and transmitting data through apparently innocuous
carriers to conceal the existence of data. The level of visibility is decreased using many
hiding techniques in ‘Image Modelling‟ like LSB „Manipulation‟, „Masking and
filtering‟. These techniques are performed by different steganographic algorithms like
F5, LSB, JSteg etc. and theact of detecting the information hidden through these
algorithms is called “Steganalysis‟. “Cryptography” is the art of science used to achieve
security by encoding the data to transform them into non readable formats so that
unauthorized users cannot gain access to it.
The process consists of
13
CSE Department KMEA Engineering College
Main project Report Two Factor Security Mechanism
ADVANTAGES
Hides and transmits data.
Transforms data into non readable form and then sends data.
DISADVANTAGES
if the originality of the imag ehas been changed then it will be easier to hack the
information.
ADOPTIONS
The adoption is the implementation of stegnography to transmit the encrypted message
from sender to receiver.
14
CSE Department KMEA Engineering College
Main project Report Two Factor Security Mechanism
a) Both sides of communication will obtain their identity authentication by CA, which
is prepared for publickey distribution and data transmission. Finally they will obtain a
data block of quadruple( ,CA , , ) ID CA sk ID sk GenAlg .
b) Then the client executes the sk GenAlg algorithm offered by CA with their own ID as
an input data on their encryption and decryption devices, and they will obtain a series of
private key pairs ( )i n,s .
Figure 1. the model of QPKE
c) The client can choose a kind of quantum one-way trapdoor function , and execute
with i s or( , ) i n s as an input data to generate the corresponding quantum publickey.
Moreover, the relation between the private keys and the quantum public keys is one to
one (namely one private key corresponds to one quantum public key) or one to many
(namely one private key corresponds to many quantum public keys.
d) The client registers with the KDC for all his quantum public keys corresponding to
the private key pairs ( , ) i n s . Meanwhile the PKDC talks with the CA to verify the
identity of the client. If the authentication passes, the PKDC will accept the client’s
quantum public key, and
complete the register, management and maintain of the quantum public keys.
Otherwise, the PKDC will refuse the client’s request.
e) If Alice wants to send his data to Bob, he firstly queries the CA center for the IDB
(namely the ID of Bob). If the IDB is retrieved successfully, if he also passes the
authentication from the CA center, and if the value of his counter is not more than the
15
CSE Department KMEA Engineering College
Main project Report Two Factor Security Mechanism
Holevo the PKDC will send the quantum public key state si B (the quantum public key
of Bob) to Alice and do a good job related records. Otherwise, he will inform Bob to
upload his new quantum public key and inform Alice to wait for a new quantum public
key. 369
f) Alice encrypts his data on his D/E Adapter with the quantum public key state si B
offered by the PKDC. These original data are not classical messages but quantum
states. Finally, he sends his encrypted data and his own signature offered by his
certificate to Bob.
g) After Bob receives the data sent by Alice, he will request the CA center to verify the
identity of Alice. Meanwhile, he determines whether these encrypted quantum states are
valid. If these cipher quantum states are valid, he will decrypt these cipher states and
decrease his counter by
one. Otherwise he will inform Alice to use the new quantum public key.
ADVANTAGES
It composed of the trusted, secure third parties CA and PKDC, as well as the
client’s Decryption/Encryption devices (commonly known as a black box).
The CA and PKDC,which are the skeleton of the whole model, play a
significant role in our models.
The private key generation algorithm,which can be provided by the CA or the
client own, is required to quickly generate a large number of random numbers.
The quantum public key generation algorithm, namely a kind of quantum
trapdoor OWF, is a process of mapping an integer into a quantum state.
The process can be efficiently and easily calculated.
The scheme or algorithm of our model can be safely replaced without affecting
the operation of the whole model
DISADVANTAGE
The inverse process is quite difficult to calculate or even impossible to calculate
without quantum trapdoor information.
ADOPTION
The adoption from the model is that which describes the generation, distribution and
maintanence of the public keys and generation of secret keys.
16
CSE Department KMEA Engineering College
Main project Report Two Factor Security Mechanism
As tremendous growth of cloud computing services in real time applications allows end
users of cloud to share their data with each other easily. Multi user data sharing should
be secure and integrity should be achieved on cloud. To achieve the data security the
methods like IBE (Identity Based Encryption), ABE (Attribute Based Encryption) etc.
are widely used in cloud computing environment. However, the problems associated
with IBE are extra overhead on private key generator (PKG) for computations required
during the user revocation process. From the recent studies, there are two main research
problems for cloud computing security such as security improvement using IBE and
efficient IBE revocation process. The goal of this paper is to present framework to
address both this research challenges. In this paper novel hybrid cloud security method
is proposed in order to deliver both efficient revocation and enhanced security. This
hybrid approach is combination of two well know security techniques such as IBE and
ABE. The ABE method is combined with IBE to achieve the strong security against
different threats. Along with user identity, his/her attributes like country or kind of
subscription he/she has are used for further process of IBE encryption, decryption and
revocation. Another problem of efficient identity revocation is further addressed by
presenting the outsourcing computation into hybrid IBE (H-IBE) method at server aided
settings. The other components and methods of proposed H-IBE are discussed during
this paper and evaluated the performance against existing method.
SECURITY CHALLENGES
In this section, review of current security problems and issues in cloud computing
framework is discussed. Under cloud computing environment, end users do not having
knowledge about the term where is data saved, who is managing that data as well as
17
CSE Department KMEA Engineering College
Main project Report Two Factor Security Mechanism
other vulnerabilities in cloud computing environment. Below listed are basic issues of
cloud frameworks which are addressed by CSP while cloud services implementation.
A .Privacy Related Issue:
18
CSE Department KMEA Engineering College
Main project Report Two Factor Security Mechanism
B. Cloud Security:
In cloud computing paradigm, public cloud is not only increasing the issues of privacy
but also increases the security concerns. Below are listed are common security concerns
for public cloud:
Multi-Tenancy:
It is feature of SAAS that one program can be run onto the many machines. CSP using a
multi-tenant application of the cloud to 1193
International conference on Signal Processing, Communication, Power and Embedded
System (SCOPES)-2016 decrease the cost with the use of virtual machine but it
increase more vulnerability.
Access:
Accessing the personal and private information is one the threat to cloud security. It
may possible that any attacker can try to access the personal information.
Availability and Backup:
There is no any type of guaranty of the existence & back up of the data into this
environment. In business backup is one of the important consideration.
Audit:
To implement internal monitoring control CSP is want the external audit mechanism.
But still cloud fails to the give an auditing for transaction without of the effecting
integrity.
Data Lifecycle Control:
To ensure the customer that it has been control over the data, if it is removed or delete
data vendor cannot regain this data.
C. Trust:
For every organization, trust is required to gain the profit by using the cloud services.
However, cloud is failed to achieve the trust between the end user and cloud service
provider. Hence vendor uses this marvellous application should make trust. Weak
trusted relationship & the number of the customer trust because of many problems
during deployment of cloud services
19
CSE Department KMEA Engineering College
Main project Report Two Factor Security Mechanism
ADVANTAGES
20
CSE Department KMEA Engineering College
Main project Report Two Factor Security Mechanism
CHAPTER 3
SYSTEM ANALYSIS
Here first review some solutions which may contain similar functionalities.
There are two kinds of cryptosystems that requires two secret keys for decryption. They
are certificateless cryptosystem (CLC) and certificate-based cryptosystem. It combines
the merits of identity-based cryptosystem (IBC) and the traditional public-key
infrastructure (PKI). In a Certificateless Cryptography, a user with an identity chooses
his own user secret hkey and user public key. At the same time the authority (called the
Key Generation Centre (KGC)) further generates a partial secret key according to his
identity.Encryption or signature verification requires the knowledge of both the public
key and the user identity. On the opposite, decryption or signature generation requires
the knowledge of both the user secret key and the partial secret key given by the KGC.
Different from the traditional PKI, there is no certificate required. Thus the costly
certificate validation process can be eliminated. However, the encryptor or the signature
verifier still needs to know the user public key. It is less convenient than IBC where
only identity is required for encryption or signature verification.
Similar to CLC, another primitive called certificate-based given by the KGC (which is
called the certificate ) is a signature of the identity and the public key of the user.
Mediated cryptography was first introduced for the purpose of revocation of public
keys. It requires an online mediator, referred to a SEcurity Mediator (SEM), for every
transaction. The SEM also provides a control of security capabilities. If the SEM does
not cooperate then no transactions with the public key are possible any longer. In other
21
CSE Department KMEA Engineering College
Main project Report Two Factor Security Mechanism
words, any revoked user cannot get the cooperation from the SEM. In a SMC system, a
user has a secret key, public key and an identity. The user secret key and the SEM are
required to decrypt a ciphertext or sign a message. On the opposite
side, the user public key and the corresponding identity are needed for signature verifi-
cation or encryption. Since the SEM is controlled by the revocation authority, the
authority can refuse to provide any cooperation for revoked user so that no revoked user
can gene-rate signature or decrypt ciphertext. Note that SMC is different from our
concept. The main purpose of SMC is to solve the revocation problem. Thus the SME is
controlled by the aut-hority and it has to be online for every signature signing and
ciphertext decryption. Furthe-rmore, it is not identity-based. The encryptor (or signature
verifier) needs to know the corresponding public key in addition to the identity. That
makes the system less practical and looses the advantages of using identity-based
system.
22
CSE Department KMEA Engineering College
Main project Report Two Factor Security Mechanism
The two-factor protection is necessary for high valuable sensitive data, such as personal
genome information and company commercial secret. A user may not always gain
access to his PC. Suppose a patient has to check his encrypted medical record stored in
a cloud storage system in a publicly used computer. He may download his secret key as
well as an encrypted record to the local computer, and next plug in a security device to
unlock the record with the secret key. This message recovery is almost identical to the
login operation of on-line banking where user needs to use a login password along with
a security token (sometimes with a smart-phone). Compared to a smart-phone, a USB
token is portable. After reading the record, the patient can just plug out the device and
leave. Since the decryption depends on both the secret key and the device, even the
computer is corrupted by an intruder, the intruder still cannot access the record. Note
that to date some information, such as visit history, download history, may be easily
leaked from browser, the usage of security device combining with a secret key can
double protect the secrecy of information to a large extent.
System leverage two different encryption technologies: one is IBE and the other is
traditional Public Key Encryption (PKE).. The first level ciphertext will be further
transformed into a second level ciphertext corresponding to a security device. The
resulting ciphertext can be decrypted by a valid receiver with secret key and security
device. Here, one might doubt that our construction is a trivial and straightforward
combination of two different encryptions. Unfortunately, this is not true due to the fact
that we need to further support security device revocability. A trivial combination of
IBE and PKE cannot achieve the goal. To support revocability, employ re-encryption
technology such that the part of ciphertext for an old security device can be updated for
a new device if the old device is revoked. Meanwhile, need to generate a special key for
the above ciphertext conversion. It also guarantee that the cloud server cannot achieve
any knowledge of message by accessing the special key, the old ciphertext and the
updated ciphertext. It further use hash-signature method to “sign” ciphertext such that
once an component of ciphertext is tempered by adversary, the cloud and ciphertext
receiver can tell. From the above presentations, one can see that two-factor protection
23
CSE Department KMEA Engineering College
Main project Report Two Factor Security Mechanism
Technical feasibility centers around the existing computer system and to what
extend it can support the proposed addition. A study of function, performance
and constraint that may effect to the ability to achieve an acceptable system is
done.
In the proposed system data can be easily stored and managed using database
management system software. The result of various queries can be generated
easily. Therefore the system is technically feasible if we ever selecting a
platform or tool set of company which is not there years to come, the major
setback will be the service and we will be left with no options other than
abandoning the system. Then the next problem will be migration to the better
system, whereas only successful companies will be there in the business and
from them only the latest version of the software will come with more added
facilities in to the existing system with newer versions. Always we should be
able to select a tool set and platform, which can seamlessly integrate into other
software.
24
CSE Department KMEA Engineering College
Main project Report Two Factor Security Mechanism
Proposed subjects are beneficial only if they can be turned into information
systems that will meet the organization’s operating requirements. This test of
feasibility asks if the system will work when it is developed and installed.
There was no difficulty in, implementing the system and the proposed system
is so effective, user friendly and functionally reliable so that the user will find
that the new system reduce their hard-steps.
25
CSE Department KMEA Engineering College
CHAPTER 4
SYSTEM DESIGN
October 17 - Report
February 15 - Modification
March 1 - Report
4.2ARCHITECTURE
Architectural design represents the structure of data and program components that are
required to build a mobile based system. It considers the architectural style that the
system will take, the structure and properties of the components that constitute the
system and the interrelationships that occur among all architectural components of a
system. Architectural design begins with a data design and then proceeds to the
derivation of one or more representations of the architectural structure of the data
system. Alternative architectural styles or patterns are analysed to derive the structure
that is best suited to customer requirements and quality attributes. One an alternative
has been selected is established using an architectural design model. An architecture
MAIN PROJECT REPORT TWO FACTOR SECURITY
27
CSE DEPT KMEA ENGINEERING COLLEGE
MAIN PROJECT REPORT TWO FACTOR SECURITY
4.3MODULE DESCRIPTION
Here proposes a two-factor data security protection mechanism. Before giving the
description of our mechanism, we first give an intuition on it. In our system, we have
the following entities:
28
CSE DEPT KMEA ENGINEERING COLLEGE
MAIN PROJECT REPORT TWO FACTOR SECURITY
It is a trusted party responsible for issuing private key of every user. The main
functionalities of PKG can be considered as two phases.
setup phase
The setup phase generates all public parameters and master secret key used throughout
the execution of system. The public parameters are shared with all parties participating
into the system (including data sender/receiver, cloud server and a PKG), while the
master secret key is given to the PKG.
c) Set the public parameters param to be (k), q, g, g1, g2, h, e(g, g2) e(g1,g2), H1,
H2, H3, H4, H5, F(.), and the master secret key msk to be ga 2, where F(ID)=¼u0
Qj2V uj, u0;u1,,uj;...;un 2R G, and ID is an n-bit string and V is the set of all j for
which the jth bit of ID is equal to 1.
A SDI and a PKG will respectively generate a security device and a secret key for a
registered user IDi in secure channel such that the user can combine the security
device with the secret key to recover message from its encrypted format. The details
of key and security device issued phase are as follows.
a) The SDI chooses zi;1;zi; and sets the security device’s description information as
tpki: and its corresponding secret information as tski:. The SDI finally delivers the
security device to a user Idi.
b) The SDI stores the tuple in a list List shared with the cloud storage system.
c) The PKG sets the secret key for a user IDi as skIDi =(skIDi;1;skIDi)
29
CSE DEPT KMEA ENGINEERING COLLEGE
MAIN PROJECT REPORT TWO FACTOR SECURITY
2) SENDER
Sender initially types the text that he needs to share with and then this message is
encrypted using the private key and the identity and the encrypted message is
embedded into an image using stegnography method and send to the receiver.this
whole process can be considered as two phases:
Here a sender encrypts a data under the identity of a data receiver, and further sends
the encrypted data to the cloud server. Knowing public parameters param, a data m
and a receiver’s identity IDi, a data sender encrypts a data to a first level encryption as
follows.
Sender :The sender (and the creator) of the ciphertext. She only knows the identity
(e.g., email address) of the receiver but nothing else related to the receiver. After she
has created the ciphertext, she sends to the cloud server to let the receiver for
download.
After receiving the first level ciphertext of a data from the data sender, the cloud
server generates the second-level ciphertext. Knowing public parameters param, a first
level encryption for the user, and the information (IDi, tpki) stored in List, the cloud
server encrypts to a second-level ciphertext . Receiver has a private key (stored in his
computer) and a security device (that contains some secret information related to his
identity). They are given by the PKG. The decryption of ciphertext requires both the
private key and the security device. The cloud server is responsible for storing all
ciphertext (for receiver to download).
3) RECEIVER
The receiver of the ciphertext and has a unique identity (e.g., email address). The
ciphertext is can download it for decryption. He has a private key (stored in his
computer) and a security device (that contains some secret information related to his
30
CSE DEPT KMEA ENGINEERING COLLEGE
MAIN PROJECT REPORT TWO FACTOR SECURITY
identity). They are given by the PKG. The decryption of ciphertext requires both the
private key and the security device. the receiver of the ciphertext and has a unique
identity (e.g., email address). More importantly, our system, for the first time, provides
security device (one of the factors) revocability. Once the security device is stolen or
reported as lost, this device isrevoked. That is, using this device can no longer decrypt
any ciphertext (corresponding to the user) in any circumstance. The cloud will
immediately execute some algorithms to change the existing ciphertext to beun-
decryptable by this device. While the user needs to use his new/replacement device
(together with his secret key) to decrypt his/her ciphertext. This process is completely
transparent to the sender.
Once a device of a user needs to be updated due to some incidences (e.g., it is either
lost or stolen), the user first reports the issue to the SDI. The SDI then issues a new
device for the user. a) The SDI chooses and sets the security device’s description
information and its corresponding secret information .The SDI finally delivers the
security device to a user IDi.
The SDI notifies the cloud server to update the ciphertext of the user by sending a
special piece of information.
a) The SDI first sends a piece of information to the cloud server so as to inform the
cloud to execute the ciphertext updated process.
b) After receiving the information the cloud server updates the ciphertext.
Data Recovery: A data receiver uses a decryption key and a device to recover the data.
4.6.1. JAVA
Java is a simple and yet powerful object oriented programming language and it is in
many respects similar to C++. Java originated at Sun Microsystems, Inc. in 1991. It
was conceived by James Gosling, Patrick Naughton, Chris Warth, Ed Frank, and Mike
32
CSE DEPT KMEA ENGINEERING COLLEGE
MAIN PROJECT REPORT TWO FACTOR SECURITY
Platform independent
Unlike many other programming languages including C and C++ when Java is
compiled, it is not compiled into platform specific machine, rather into platform
independent byte code. This byte code is distributed over the web and interpreted by
virtual Machine (JVM) on whichever platform it is being run.
OOP Concepts
33
CSE DEPT KMEA ENGINEERING COLLEGE
MAIN PROJECT REPORT TWO FACTOR SECURITY
Abstraction
Encapsulation
Inheritance
Polymorphism
Abstraction
Abstraction denotes the essential characteristics of an object that distinguish it from all
other kinds of objects and thus provide crisply defined conceptual boundaries, relative
to the perspective of the viewer.
Encapsulation
Encapsulation is the process of compartmentalizing the elements of an abstraction that
constitute its structure and behaviour. Encapsulation serves to separate the contractual
interface of an abstraction and its implementation.
Inheritance
Inheritance is the process by which one object acquires the properties of another
object.
Polymorphism
Polymorphism is the existence of the classes or methods in different forms or single
name denoting different implementations.
4.6.2. JADE
34
CSE DEPT KMEA ENGINEERING COLLEGE
MAIN PROJECT REPORT TWO FACTOR SECURITY
JADE is free software and is distributed by Telecom Italia, the copyright holder, in
open sourceunder the terms and conditions of the LGPL (Lesser General Public
License Version 2) license.Besides the JADE Team, however, a fairly large
Community of developers gathered around the JADE Framework in these years.
Anyone who is willing to contribute to this Community by reporting bugs, providing
fixes and contributions or simply comments and suggestions are more than welcome.
4.6.3 NETBEANS
The NetBeans IDE is open source and is written in the Java programming language. It
provides the services common to creating desktop applications -- such as window and
menu management, settings storage -- and is also the first IDE to fully support JDK
5.0 features. The NetBeans platform and IDE are free for commercial and non-
commercial use, and they are supported by Sun Microsystems.
The NetBeans IDE has many features and tools for each of the Java platforms. Those
in the following list are not limited to the Java SE platform but are useful for building,
debugging, and deploying applications and applets:
Syntax highlighting for Java, JavaScript, XML, HTML, CSS, JSP, IDL
35
CSE DEPT KMEA ENGINEERING COLLEGE
MAIN PROJECT REPORT TWO FACTOR SECURITY
GUI Builder
In-place editing of text labels of components, such as labels, buttons, and text fields
Database Support
36
CSE DEPT KMEA ENGINEERING COLLEGE
MAIN PROJECT REPORT TWO FACTOR SECURITY
Database schema browsing to see the tables, views, and stored procedures defined
in a database
SQL and DDL command execution to help you write and execute more
complicated SQL or DDL commands
Works with databases, such as MySQL, PostgreSQL, Oracle, IBM DB2, Microsoft
SQL Server, PointBase, Sybase, Informix, Cloudscape, Derby, and more. The
NetBeans IDE also provides full-featured refactoring tools, which allow you to
rename and move classes, fields, and methods, as well as change method parameters.
In addition, yoU get a debugger and an Ant-based project system.
4.6.4. My SQL
MySQL database has become the world's most popular Open source database because
of its consistency, fast performance, high reliability and ease of use. It has also
become the database of choice for a new generation of applications built on the LAMP
stack (Linux, Apache, MySQL, PHP / Perl / Python). MySQL runs on more than 20
platforms including Linux, Windows, OS/X, HP-UX, AIX, Netware, giving you the
kind of flexibility that puts you in control. MySQL offers a comprehensive range of
certified software, support, training and consulting. MySQL is a multithreaded, multi-
user SQL Database Management System. My SQL's implementation of a relational
database is an abstraction on top of a computer’s file system. The relational database
abstraction allows collection of data items to be organized as a set of formally
described tables. Data can be accessed or reassembled from these tables in many
different ways, which do not require any reorganization of the database tables
themselves. Relational database speak SQL (Structured Query Language). SQL is a
standard interactive programming language for getting information from and updating
a relational database..
My SQL Features
37
CSE DEPT KMEA ENGINEERING COLLEGE
MAIN PROJECT REPORT TWO FACTOR SECURITY
4.6.5 JSP
To deploy and run Java Server Pages, a compatible web server with a servlet
container, such as Apache Tomcat or Jetty, is required.
JSP allows Java code and certain pre-defined actions to be interleaved with static web
markup content, such as HTML, with the resulting page being compiled and executed
on the server to deliver a document. The compiled pages, as well as any dependent
Java libraries, contain Java bytecode rather than machine code. Like any other Java
program, they must be executed within a Java virtual machine (JVM) that interacts
with the server's host operating system to provide an abstract, platform-neutral
environment.
JSPs are usually used to deliver HTML and XML documents, but through the use of
OutputStream, they can deliver other types of data as well.[4]
38
CSE DEPT KMEA ENGINEERING COLLEGE
MAIN PROJECT REPORT TWO FACTOR SECURITY
A Java Server Pages compiler is a program that parses JSPs, and transforms them
into executable Java Servlets. A program of this type is usually embedded into
the application server and run automatically the first time a JSP is accessed, but pages
may also be precompiled for better performance, or compiled as a part of the build
process to test for errors.
Some JSP containers support configuring how often the container checks JSP file time
stamps to see whether the page has changed. Typically, this timestamp would be set to
a short interval (perhaps seconds) during software development, and a longer interval
(perhaps minutes, or even never) for a deployed Web application.
A user of RSA creates and then publishes a public key based on two large prime
numbers along with an auxiliary value. The prime numbers must be kept secret.
Anyone can use the public key to encrypt a message, but with currently published
methods, and if the public key is large enough, only someone with knowledge of the
prime numbers can decode the message feasibly. Breaking RSA encryption is known
39
CSE DEPT KMEA ENGINEERING COLLEGE
MAIN PROJECT REPORT TWO FACTOR SECURITY
RSA is a relatively slow algorithm, and because of this, it is less commonly used to
directly encrypt user data. More often, RSA passes encrypted shared keys
for symmetric key cryptography which in turn can perform bulk encryption-
decryption operations at much higher speed.
Operation
A basic principle behind RSA is the observation that it is practical to find three very
large positive integers e, d and n such that with modular exponentiation for all
integer m (with 0 ≤ m < n):
(m¿¿ ed )=m(mod n) ¿
and that even knowing e and n or even m it can be extremely difficult to find d.
RSA involves a public key and a private key. The public key can be known by
everyone, and it is used for encrypting messages. The intention is that messages
encrypted with the public key can only be decrypted in a reasonable amount of time
by using the private key. The public key is represented by the integers n and e; and,
the private key, by the integer d (although n is also used during the decryption process.
Thus, it might be considered to be a part of the private key, too). m represents the
message
Key generation
The keys for the RSA algorithm are generated the following way:
40
CSE DEPT KMEA ENGINEERING COLLEGE
MAIN PROJECT REPORT TWO FACTOR SECURITY
2. Compute n = pq.
n is used as the modulus for both the public and private keys. Its length,
usually expressed in bits, is the key length.
3. Compute λ(n) = lcm(λ(p), λ(q)) = lcm(p − 1, q − 1), where λ is Carmichael's
totient function. This value is kept private.
4. Choose an integer e such that 1 < e < λ(n) and gcd(e, λ(n)) = 1; i.e., eand λ(n)
are coprime.
5. Determine d as d ≡ e−1 (mod λ(n)); i.e., d is the modular multiplicative
inverse of e (modulo λ(n)).
Since any common factors of (p − 1) and (q − 1) are present in the factorisation of n −
1 = pq − 1 = (p − 1)(q − 1) + (p − 1) + (q − 1),[15] it is recommended that (p −
1) and (q − 1) have only very small common factors, if any besides the necessary 2.
Note: The authors of the original RSA paper carry out the key generation by
choosing d and then computing e as the modular multiplicative inverse
of d(modulo φ(n)). Since it is beneficial to use a small value for e (e.g., 65,537) in
order to speed up the encryption function, current implementations of RSA, such
as PKCS#1 choose e and compute d .
Key distribution
Suppose that Bob wants to send information to Alice. If they decide to use RSA, Bob
must know Alice's public key to encrypt the message and Alice must use her private
key to decrypt the message. To enable Bob to send his encrypted messages, Alice
transmits her public key (n, e) to Bob via a reliable, but not necessarily secret, route.
Alice's private key (d) is never distributed.
Encryption
After Bob obtains Alice's public key, he can send a message M to Alice.
c ≡me (mod n)
This can be done reasonably quickly, even for 500-bit numbers, using modular
exponentiation. Bob then transmits c to Alice.
Decryption
Alice can recover m from c by using her private key exponent d by computing
(m¿¿ ed )=m(mod n) ¿
42
CSE DEPT KMEA ENGINEERING COLLEGE
MAIN PROJECT REPORT TWO FACTOR SECURITY
For AES, NIST selected three members of the Rijndael family, each with a block size
of 128 bits, but three different key lengths: 128, 192 and 256 bits.
AES became effective as a federal government standard on May 26, 2002, after
approval by the Secretary pf commerce. AES is included in the ISO/IEC 18033-3
standard. AES is available in many different encryption packages, and is the first (and
only) publicly accessible cipher approved by the National Security Agency (NSA)
for top secret information when used in an NSA approved cryptographic module.
For instance, if there are 16 bytes, these bytes are represented as the matrix:
43
CSE DEPT KMEA ENGINEERING COLLEGE
MAIN PROJECT REPORT TWO FACTOR SECURITY
The key size used for an AES cipher specifies the number of repetitions of
transformation rounds that convert the input, called the plaintext, into the final output,
called the ciphertext. The number of cycles of repetition are as follows:
Each round consists of several processing steps, each containing four similar but
different stages, including one that depends on the encryption key itself. A set of
reverse rounds are applied to transform ciphertext back into the original plaintext
using the same encryption key.
KeyExpansions—round keys are derived from the cipher key using Rijndael's key
schedule. AES requires a separate 128-bit round key block for each round plus one
more.
1. Initial Round
1. Add Round Key—each byte of the state is combined with a block
of the round key using bitwise xor.
2. Rounds
1. Sub Bytes—a non-linear substitution step where each byte is
replaced with another according to a lookup table.
2. Shift Rows—a transposition step where the last three rows of the
state are shifted cyclically a certain number of steps.
3. Mix Columns—a mixing operation which operates on the columns
of the state, combining the four bytes in each column.
4. Add Round Key
3. Final Round (no Mix Columns)
1. Sub Bytes
2. Shift Rows
3. Add Round Key.
44
CSE DEPT KMEA ENGINEERING COLLEGE
MAIN PROJECT REPORT TWO FACTOR SECURITY
A DFD shows what kind of information will be input to and output from the system,
how the data will advance through the system, and where the data will be stored. It
does not show information about process timing or whether processes will operate in
sequence or in parallel, unlike a traditional structured flowchart which focuses on
control flow, or a UML activity workflow diagram, which presents both control and
data flows as a unified model.
The Level 1 DFD shows how the system is divided into sub-systems (processes), each
of which deals with one or more of the data flows to or from an external agent, and
which together provide all of the functionality of the system as a whole. It also
identifies internal data stores that must be present in order for the system to do its job,
and shows the flow of data between the various parts of the system.Data flow
diagrams are one of the three essential perspectives of the structured-systems analysis
and design method SSADM. The sponsor of a project and the end users will need to
be briefed and consulted throughout all stages of a system’s evolution. With a data
flow diagram, users are able to visualize how the system will operate, what the system
will accomplish, and how the system will be implemented.
The old system’s dataflow diagrams can be drawn up and compared with the new
system’s data flow diagrams to draw comparisons to implement a more efficient
system. Data flow diagrams can be used to provide the end user with a physical idea
of where the data they input ultimately has an effect upon the structure of the whole
system from order to dispatch to report. How any system is developed can be
determined through a data flow diagram model .In the course of developing a set of
leveled data flow diagrams the analyst/designer is forced to address how the system
may be decomposed into component sub-systems, and to identify the transaction data.
45
CSE DEPT KMEA ENGINEERING COLLEGE
MAIN PROJECT REPORT TWO FACTOR SECURITY
LEVEL 0
46
CSE DEPT KMEA ENGINEERING COLLEGE
MAIN PROJECT REPORT TWO FACTOR SECURITY
The diagram below shows the sender of the message and the receiver who receives the
message. The message is passed after the two way encryption.
LEVEL 1 : SENDER
47
CSE DEPT KMEA ENGINEERING COLLEGE
MAIN PROJECT REPORT TWO FACTOR SECURITY
The sender logs into his account and the message is written which is to be shared and
its encrypted using private key and public key or identity of the receiver. The
encrypted message is then embedded into an image using steganography and then this
image is send to the receiver.
LEVEL 1: RECEIVER
This diagram shows the receiver part. Receiver logs into his account using his
username and password. Then the device is connected to the system and the key is
decrypted. If the key is valid then the embedded text in the image is decrypted which
is again decrypted into the plain text.
48
CSE DEPT KMEA ENGINEERING COLLEGE
MAIN PROJECT REPORT TWO FACTOR SECURITY
The main feature is the device revocability where the ciphertext can be decrypted by a
new key generated. Once the security device is stolen or reported as lost, this device is
revoked. That is, using this device can no longer decrypt any ciphertext
(corresponding to the user) in any circumstance. The cloud will immediately execute
some algorithms to change the existing ciphertext to beun-decryptableby this device.
While the user needs to use his new/replacement device (together with his secret key)
to decrypt his/her ciphertext. This process is completely transparent to the sender.
49
CSE DEPT KMEA ENGINEERING COLLEGE
MAIN PROJECT REPORT TWO FACTOR SECURITY
CHAPTER 5
SYSTEM IMPLEMENTATION
Database is implemented using MySQL. MySQL database has become the world's
most popular Open source database because of its consistency, fast performance, high
reliability and ease of use. It has also become the database of choice for a new
generation of applications built on the LAMP stack (Linux, Apache, MySQL, PHP /
Perl / Python). MySQL runs on more than 20 platforms including Linux, Windows,
OS/X, HP-UX, AIX, Netware, giving you the kind of flexibility that puts you in
control. MySQL offers a comprehensive range of certified software, support, training
and consulting. MySQL is a multithreaded, multi-user SQL Database Management
System. My SQL's implementation of a relational database is an abstraction on top of
a computer’s file system. The relational database abstraction allows collection of data
items to be organized as a set of formally described tables. Data can be accessed or
reassembled from these tables in many different ways, which do not require any
reorganization of the database tables themselves. Relational database speak SQL
(Structured Query Language). SQL is a standard interactive programming language
for getting information from and updating a relational database.
Alloc table
File table
Sol table
Login table
50
CSE DEPT KMEA ENGINEERING COLLEGE
MAIN PROJECT REPORT TWO FACTOR SECURITY
SOL TABLE
The details of the registered users are stored in the table. The details include the users
name, address, username, key-pass, status, gender, date of birth etc.
ALLOC TABLE
It stores the details of the files allocated to the users.
LOGIN TABLE
It stores the details of the logged in users.
52
CSE DEPT KMEA ENGINEERING COLLEGE
MAIN PROJECT REPORT TWO FACTOR SECURITY
5.2 SCREENSHOTS
The user can login to the account by entering the username and password provided.
User can upload a desired file. Only those files can be send to the receiver.
Any of uploaded file can be assigned to any officer once. Officer and the file can be
selected.
54
CSE DEPT KMEA ENGINEERING COLLEGE
MAIN PROJECT REPORT TWO FACTOR SECURITY
55
CSE DEPT KMEA ENGINEERING COLLEGE
MAIN PROJECT REPORT TWO FACTOR SECURITY
Receiver can view the files send to him by clicking the click button
The list of the files received by the receiver. It includes file id, file name, date and url.
The file is in the encrypted form.
56
CSE DEPT KMEA ENGINEERING COLLEGE
MAIN PROJECT REPORT TWO FACTOR SECURITY
CHAPTER 6
CONCLUSION
In this project, we introduce a novel two factor data security protection mechanism for
cloud storage system, in which a data sender is allowed to encrypt the data with
knowledge of the identity of a receiver only, while the receiver is required to use both
his/her secret key and a security device to gain access to the data. Our solution not
only enhances the confidentiality of the data, but also offers the revocability of the
device so that once the device is revoked, the corresponding cipher-text will be
updated automatically by the cloud server without any notice of the data owner.
Furthermore, we presented the security proof and efficiency analysis for our system.
FUTURE SCOPE
57
CSE DEPT KMEA ENGINEERING COLLEGE
MAIN PROJECT REPORT TWO FACTOR SECURITY
REFERENCES
[BASE] Two-Factor Data Security Protection Mechanism for Cloud Storage System
Joseph K. Liu, Kaitai Liang∗, Willy Susilo, Jianghua Liu, Yang Xiang
[1] S. S. Al-Riyami and K. G. Paterson, “Certificateless public key cryptography,” in
Proc. 9th Int. Conf. Theory Appl. Cryptol., 2003, pp. 452–473.
[2] Y. Dodis, J. Katz, S. Xu, and M. Yung, “Key-insulated public key cryptosystems,”
in Proc. Int. Conf. Theory Appl. Cryptographic Techn., 2002, pp. 65–82.
[3] M. Green and G. Ateniese, “Identity-based proxy re-encryption,” in Proc. 5th Int.
Conf. Appl. Cryptography Netw. Security, 2007, pp. 288–306.
[4] J. K. Liu, J. Baek, and J. Zhou, “Certificate-based sequential aggregate signature,”
in Proc. 2nd ACM Conf. Wireless Netw. Security, 2009, pp. 21–28.
[5] M. H. Au, J. K. Liu, W. Susilo, and T. H. Yuen, “Certificate based (linkable) ring
signature,” in Proc. Inf. Security Practice Experience Conf., 2007,
[6]Improve Data Security Protection Mechanism for Cloud Storage using Two
Components.
Thite Amruta S.1, Dere Sarika B.2, Rohakale Shital D.3, Kalekar Namarta Y.4
[7] Using Two Components to Improve Factor Revocability and Data Security
Protection Mechanism for Cloud.
58
CSE DEPT KMEA ENGINEERING COLLEGE