Professional Documents
Culture Documents
Achieving Secure, Scalable, and Fine-Grained Data Access Control in Cloud Computing
Achieving Secure, Scalable, and Fine-Grained Data Access Control in Cloud Computing
Abstract:
Cloud computing is an emerging computing paradigm in which
resources of the computing infrastructure are provided as services over the
Internet. This paper proposed some services for data security and access control
when users outsource sensitive data for sharing on cloud servers. This paper
addresses this challenging open issue by, on one hand, defining and enforcing
access policies based on data attributes, and, on the other hand, allowing the data
owner to delegate most of the computation tasks involved in fine grained data
access control to untrusted cloud servers without disclosing the underlying data
contents. Our proposed scheme enables the data owner to delegate tasks of data
file re-encryption and user secret key update to cloud servers without disclosing
data contents or user access privilege information. We achieve this goal by
exploiting and uniquely combining techniques of attribute-based encryption
(ABE), proxy re-encryption, and lazy re-encryption. Our proposed scheme also has
salient properties of user access privilege confidentiality and user secret key
accountability and achieves fine - graininess, scalability and data confidentiality
for data access control in cloud computing. Extensive analysis shows that our
proposed scheme is highly efficient and provably secures under existing security
models.
Advantages
Low initial capital investment
Shorter start-up time for new services
Lower maintenance and operation costs
Higher utilization through virtualization
Easier disaster recovery
Existing System:
Our existing solution applies cryptographic methods by disclosing
data decryption keys only to authorized users. These solutions inevitably
introduce a heavy computation overhead on the data owner for key distribution
and data management when fine grained data access control is desired, and thus
do not scale well.
Proposed System:
In order to achieve secure, scalable and fine-grained access control
on outsourced data in the cloud, we utilize and uniquely combine the following
three advanced cryptographic techniques:
Module Description:
1) Key Policy Attribute-Based Encryption (KP-ABE):
KP-ABE is a public key cryptography primitive for one-to-many
communications. In KP-ABE, data are associated with attributes for each of which
a public key component is defined. User secret key is defined to reflect the access
structure so that the user is able to decrypt a cipher text if and only if the data
attributes satisfy his access structure. A KP-ABE scheme is composed of four
algorithms which can be defined as follows:
Setup Attributes
Encryption
Secret key generation
Decryption
Setup Attributes:
This algorithm is used to set attributes for users. From these attributes
public key and master key for each user can be determined. The attributes, public
key and master key are denoted as
Attributes- U = {1, 2. . . N}
Public key- PK = (Y, T1, T2, . . . , TN)
Master key- MK = (y, t1, t2, . . . , tN)
Encryption:
This algorithm takes a message M, the public key PK, and a set of
attributes I as input. It outputs the cipher text E with the following format:
E = (I, ˜ E, {Ei}i )
where ˜E = MY, Ei = Ti.
Decryption:
This algorithm takes as input the cipher text E encrypted under the
attribute set U, the user’s secret key SK for access tree T, and the public key PK.
Finally it output the message M if and only if U satisfies T.
3) Lazy re-encryption:
The lazy re-encryption technique and allow Cloud Servers to aggregate
computation tasks of multiple operations. The operations such as
Update secret keys
Update user attributes.
System Requirements:
Hardware Requirements:
Software Requirements:
Abstract:
As Cloud Computing becomes prevalent, more and more sensitive information are
being centralized into the cloud. Although traditional searchable encryption schemes allow a user
to securely search over encrypted data through keywords and selectively retrieve files of interest,
these techniques support only exact keyword search. In this paper, for the first time we formalize
and solve the problem of effective fuzzy keyword search over encrypted cloud data while
maintaining keyword privacy. Fuzzy keyword search greatly enhances system usability by
returning the matching files when users’ searching inputs exactly match the predefined keywords
or the closest possible matching files based on keyword similarity semantics, when exact match
fails. In our solution, we exploit edit distance to quantify keywords similarity and develop two
advanced techniques on constructing fuzzy keyword sets, which achieve optimized storage and
representation overheads. We further propose a brand new symbol-based trie-traverse searching
scheme, where a multi-way tree structure is built up using symbols transformed from the resulted
fuzzy keyword sets. Through rigorous security analysis, we show that our proposed solution is
secure and privacy-preserving, while correctly realizing the goal of fuzzy keyword search.
Extensive experimental results demonstrate the efficiency of the proposed solution.
Algorithm Description:
The approximate string matching algorithms among them can be classified into two
categories: on-line and off-line. The on-line techniques, performing search without an index, are
unacceptable for their low search efficiency, while the off-line approach, utilizing indexing
techniques, makes it dramatically faster. A variety of indexing algorithms, such as suffix trees,
metric trees and q-gram methods, have been presented. At the first glance, it seems possible for
one to directly apply these string matching algorithms to the context of searchable encryption by
computing the trapdoors on a character base within an alphabet. However, this trivial
construction suffers from the dictionary and statistics attacks and fails to achieve the search
privacy. An instance M of the data type string-matching is an object maintaining a pattern and
a string. It provides a collection of different algorithms for computation of the exact string
matching problem. Each function computes a list of all starting positions of occurrences of the
pattern in the string.
System Architecture:
Existing System:
This straightforward approach apparently provides fuzzy keyword search over the encrypted files
while achieving search privacy using the technique of secure trapdoors. However, this
approaches serious efficiency disadvantages. The simple enumeration method in constructing
fuzzy key-word sets would introduce large storage complexities, which greatly affect the
usability.
For example, the following is the listing variants after a substitution operation on the first
character of keyword
Main Modules:
For example, for the keyword CASTLE with the pre-set edit distance 1, its wildcard based fuzzy
keyword set can be constructed as
Edit Distance:
a. Substitution
b. Deletion
c. Insertion
Another efficient technique for constructing fuzzy set is based on grams. The gram of a string is
a substring that can be used as a signature for efficient approximate search. While gram has
been widely used for constructing inverted list for approximate string search, we use gram for the
matching purpose. We propose to utilize the fact that any primitive edit operation will affect at
most one specific character of the keyword, leaving all the remaining characters untouched. In
other words, the relative order of the remaining characters after the primitive operations is
always kept the same as it is before the operations.
For example, the gram-based fuzzy set SCASTLE, 1 for keyword CASTLE can be constructed
as
In this section, we consider a natural extension from the previous single-user setting to multi-
user setting, where a data owner stores a file collection on the cloud server and allows an
arbitrary group of users to search over his file collection.
System Requirements:
Hardware Requirements:
Software Requirements:
2. We design two advanced techniques (i.e., wildcard-based and gram- based techniques) to
construct the storage-efficient fuzzy keyword sets by exploiting two significant observations on
the similarity metric of edit distance.
3. Based on the constructed fuzzy keyword sets, we further propose a brand new symbol-based
trie-traverse searching scheme, where a multi-way tree structure is built up using symbols
transformed from the resulted fuzzy keyword sets.
4. Through rigorous security analysis, we show that our proposed solution is secure and privacy-
preserving, while correctly realizing the goal of fuzzy keyword search. Extensive experimental
results demonstrate the efficiency of our solution.
Group Device Pairing based Secure Sensor
Association and Key Management for Body Area
Networks
1.ABSTRACT :
and transmits the sensor data to the upper tier of the network for healthcare
records. In contrast to conventional sensor networks, a BAN deals with
more important medical information which has more stringent requirements
for security. Especially, secure BAN bootstrapping is essential since it
secures the very first step. In this we focus on the secure sensor
association problem during BAN bootstrapping (before the BAN is actually
deployed).
3. PROPOSED SYSTEM :
for a batch of at most 10 nodes, which lasts less than 30 seconds. GDP is
fast, efficient, user-friendly, and also error-proof. Second, GDP enables
efficient key management after network deployment. Multiple types of keys
can be derived on-demand based on the group key. Also, dynamic
operations, such as regular key updates, batch node addition and
revocation are supported naturally by GDP. Our scheme is mostly based
on symmetric key cryptography (SKC), thus
4.HARDWARE REQUIREMENTS:
5.SOFTWARE REQUIREMENTS:
Abstract:
Modern distributed business applications are embedding an increasing degree of
automation and dynamism, from dynamic supply-chain management, enterprise
federations, and virtual collaborations to dynamic service interactions across
organizations. Such dynamism leads to new challenges in security and
dependability. In Service-Oriented Architecture (SOA), collaborating services may
belong to different security realms but often need to be engaged dynamically at
runtime. If a cross-realm authentication relationship cannot be generated
dynamically at runtime between heterogeneous security realms, it is technically
difficult to enable dynamic business processes through secure collaborations
between services. A potential solution to this problem is to generate a trust
relationship across security realms so that a user can use the credential in the local
security realm to obtain the credentials to access resources in a remote realm.
However, the process of generating such kinds of trust relationships between two
disjoint security realms is very complex and time consuming, which could involve a
large number of extra operations for credential conversion and require
collaborations in multiple security realms. In this paper, we propose a new cross-
realm authentication protocol for dynamic service interactions. This protocol does
not require credential conversion or establishment of authentication paths.
Algorithm Description:
Diffie-Hellman key exchange offers the best of both worlds -- it uses public key techniques to
allow the exchange of a private encryption key! Let's take a look at how the protocol works, from
the perspective of Alice and Bob, two users who wish to establish secure communications. We
can assume that Alice and Bob k...
The Diffie-Hellman Key Exchange Algorithm is used to by two parties to create a session key.
The two parties go through a 4 step process to generate the key. In order for an attacker to obtain
the key, he/she must face the discrete logrithm problem. Here are the steps.
1: Station A or Station B selects a large, secure prime number p and a primitive root a (mod p).
Both p and a can be made public.
2: Station A chooses a secret random x with 1 <= x <= p-2, and Station B selects a secret
random y with 1 <= y <= p-2.
3: Station A send a^x (mod p) to Station B, and Station B sends a^y (mod p) to Station A.
4: Using the messages that they each have received, they can each calculate the session key K.
Station A calculates K by K congruent to (a^y)^x (mod p), and Station B calculates K by K
congruent to (a^x)^y (mod p).
System Architecture:
Existing System:
In Service-Oriented Architecture (SOA), collaborating services may belong to
different security realms but often need to be engaged dynamically at runtime. If a
cross-realm authentication relationship cannot be generated dynamically at runtime
between heterogeneous security realms, it is technically difficult to enable dynamic
business processes through secure collaborations between services. A potential
solution to this problem is to generate a trust relationship across security realms so
that a user can use the credential in the local security realm to obtain the
credentials to access resources in a remote realm. However, the process of
generating such kinds of trust relationships between two disjoint security realms is
very complex and time consuming, which could involve a large number of extra
operations for credential conversion and require collaborations in multiple security
realms. In this paper, we propose a new cross-realm authentication protocol for
dynamic service interactions. This protocol does not require credential conversion or
establishment of authentication paths.
Proposed System:
Clustering and Cluster-Based Routing Protocol
for Delay-Tolerant Mobile Networks
1.ABSTRACT :
2. EXISTING SYSTEM :
For intermittent connectivity among mobile nodes, especially
under low nodal density and/or short radio transmission range, the Delay-
Tolerant Network (DTN) technology has been introduced to mobile
wireless communications, such as ZebraNet , Shared Wireless Info-Station
(SWIM) , Delay/Fault-Tolerant Mobile Sensor Network (DFT-MSN) , and
mobile Internet and peer-to-peer mobile ad hoc networks –. DTN is
fundamentally an opportunistic communication system, where
communication links only exist temporarily, rendering it impossible to
establish end-to-end connections for data delivery. In such networks,
routing is largely based on nodal contact probabilities (or more
sophisticated parameters based on nodal contact probabilities).
3.PROPOSED SYSTEM :
in DTMN is the main criteria in this project. The basic idea is to let each
mobile node to learn unknown and possibly random mobility parameters
and join together with other mobile nodes that have similar mobility pattern
into a cluster.
4.HARDWARE REQUIREMENTS:
• System : Pentium IV 2.4 GHz.
• Hard Disk : 40 GB.
• Floppy Drive : 1.44 MB.
• Monitor : 15 VGA Colour.
• Mouse : Logitech.
• Ram : 256 MB.
5.SOFTWARE REQUIREMENTS:
Peer-to-peer (P2P) streaming has been widely deployed over the Internet. A streaming
system usually has multiple channels, and peers may form multiple groups for content
distribution. In this paper, we propose a distributed overlay framework (called SMesh) for
dynamic groups where users may frequently hop from one group to another while the total pool
of users remain stable. SMesh first builds a relatively stable mesh consisting of all hosts for
control messaging. The mesh supports dynamic host joining and leaving, and will guide the
construction of delivery trees. Using the Delaunay Triangulation (DT) protocol as an example,
we show how to construct an efficient mesh with low maintenance cost. We further study
various tree construction mechanisms based on the mesh, including embedded, bypass, and
intermediate trees. Through simulations on Internet-like topologies, we show that SMesh
achieves low delay and low link stress.
Algorithm Used:
(DT) Protocol
Existing System:
P2P overlay network, hosts are responsible for packets replication and forwarding. A P2P
network only uses unicast and does not need multicast capable routers. It is, hence, more
deployable and flexible. Currently, there are two types of overlays for P2P streaming: tree
structure and gossip mesh. The first one builds one or multiple overlay tree(s) to distribute data
among hosts. Examples include application-layer multicast protocols.
Proposed System:
In the Proposed applications, as peers may dynamically hop from one group to
another, it becomes an important issue to efficiently deliver specific contents to peers. One
obvious approach is to broadcast all contents to all hosts and let them select the contents.
Clearly, this is not efficient in terms of bandwidth and end-to-end delay, especially for
unpopular channels. Maintaining a separate and distinct delivery overlay for each channel
appears to be another solution. However, this approach introduces high control overhead to
maintain multiple dynamic overlays. When users frequently hop from one channel to another,
overlay reformation becomes costly and may lead to high packet loss
In this paper, we consider building a data delivery tree for each group. To reduce tree
construction and maintenance costs, we build a single shared overlay mesh. The mesh is
formed by all peers in the system and is, hence, independent of joining and leaving events in
any group. This relatively stable mesh is used for control messaging and guiding the
construction of overlay trees. With the help of the mesh, trees can be efficiently constructed
with no need of loop detection and elimination. Since an overlay tree serves only a subset of
peers in the network, we term this framework Subset-Mesh, or SMesh.
Modules:
A joining host, after obtaining its coordinates, sends a MeshJoin message with its
coordinates to any host in the system. Mesh Join is then sent back to the joining host
along the DT mesh based on compass routing. Since the joining host is not a member of
the mesh yet, it can be considered as a partitioned mesh consisting of a single host. The
Mesh Join message finally triggers the partition recovery mechanism at a particular host
in the mesh, which helps the new host join the mesh.
System Specifications:
Hardware Requirements:
SYSTEM : Pentium IV 2.4 GHz
HARD DISK : 40 GB
FLOPPY DRIVE : 1.44 MB
MONITOR : 15 VGA colour
MOUSE : Logitech.
RAM : 256 MB
KEYBOARD : 110 keys enhanced.
Software Requirements:
Operating system : Windows XP Professional
Front End : Java Technology
Tool : Eclipse 3.3
Staying Connected in a Mobile Healthcare System:
Experiences from the MediNet Project
Abstract:
A mobile healthcare system consists of a number of components networked together
including patients and their healthcare providers. It is important in this type of system
for the patient to remain connected at all times even if one of the communication
components fails. This paper discusses the design of the MediNet system and shows
how it seamlessly handles connectivity issues between patients and their mobile
phones, between the healthcare meters and mobile phones, and between mobile
phones and web server components. The overall goal behind our design strategies is to
continue providing a high level of service to the patient in the face of communication
problems leading to improved acceptability and trust of the system by patients.
Proposed System:
One of the main objectives of our research with MediNet was to design a system that
would give the user a feeling of connectedness. Connectedness is viewed from two
different perspectives in this paper. The first perspective defines it as being logically,
coherently or intelligibly ordered or presented. In order to achieve logical
connectedness, the system’s us- ability was addressed: the usability of the meters, the
usability of the patient interface and the usability of the healthcare providers and care-
givers interface. The assumption here is that if the user has this feeling of
connectedness, he or she will trust the system and use it again. The second perspective
is from a technical standpoint where connectedness is defined as the state of being
connected, where a connection is a relation between two things and events.
Fig: Proposed Architecture
There are many connections in a mHealth system. Figure 2 shows the connections
within the MediNet system, namely:
(1) Connection between the patient and the mobile phone,
(2) Connection between the patient, their healthcare meters, and the mobile phone,
(3) Connection between the patient’s phone and some networked resource e.g., server, and
(4) Connection between the patient and their healthcare providers and caregivers.
Security is a major concern in any healthcare system and in the mobile context it is no
different. In the case of patients sending private or sensitive data to a remote server, it
is important to guard this data against eavesdroppers or external parties who can use
the information against the person. To address this issue some systems have used a
patient id instead of the patient’s name on all records so as not to associate the
information with the identity of someone Modules:
Modules:
There four Main Modules in E-Knowledge in Health Care System they are
Web Application OR Web Portal Module
Mobile Networked Environment module
Patient Module.
Doctor Module
Administrator Module.
General User Module
1. Web Application OR Web Portal Development Model:
The Web portal is an application that can be used by the patient’s healthcare providers
and other authorized individuals to view the patient’s information. Data is displayed in
various formats such as graphical and tabular views of readings. Thus, a patient’s
doctor can monitor a patient remotely and can contact the patient if the need arises.
The Web portal can also be used by authorized persons (e.g., relatives and caregivers)
to monitor the health of a patient and provide advice and support as necessary from a
distance
2. Mobile Networked Environment module:
Mobile applications (J2me) that depend on network services may experience some form
of disruption when there is a lack of connectivity. This disruption may occur at anytime
and represents a burden to the user. Research has shown that users like the feeling
of”always being on” and may get unmotivated if interruptions happen too frequently.
The effects are even more pronounced if disruptions occur when the user is performing
a key task such as receiving feedback from a healthcare provider. Mobile healthcare
applications must take this into consideration and ensure that fail-safe procedures are
in place so that the burden to the user is reduced or in the best case, the user is not
even made aware of the disruption.
3. PATIENT MODULE:
Everyone needs to have Medical attention at any time. So we allow every user
to register freely at any time.
The user does registration by specifying their details like His/ Her Name,
Contact Number, Address, and Mail Id etc. After validation the user will receive
a message regarding his/her membership.
After registration the user can Login to this site with his/her Unique Id, which is
provided by E-Knowledge in Health Care System and password.
To get an appointment from a doctor we need the user to pay some minimum
amount through credit card/account.
The Doctor list is categorized by his/her specialization and Location like HEART,
SKIN CARE, CHILD CARE etc. and T.NAGAR, VALASARAWAKKAM,
KODAMBAKKAM respectively. So that the user can easily access the doctor for
his/her treatment.
The user can fix Appointment with a particular doctor by specifying the time,
which is convenient for them. After this they will be shown a confirmation
message about the timing they preferred.
A patient visits the doctor at specified timing as per the appointment timing. E-
Knowledge in Health Care System maintains the prescription given by the
doctor for future use. Patient can view their prescription any time.
Patients can cancel their appointments within a time limit. The time limit is
about two hours from the time they had registered their appointments and
their Money will be refunded.
System Configuration:
Scripts : JavaScript.
Server side Script : Java Server Pages.
Database : MySql.
Database Connectivity : JDBC.
Multicast Multi-path Power Efficient Routing in
Mobile ADHOC networks
Aim:
Aim of this project work has been proposed to maximize the network lifetime and
minimizes the power consumption during the source to destination route establishment . The
proposed work is aimed to provide efficient power aware routing considering real and non real
time data transfer.
Abstract:
EXISTING SYSTEM:
The existing work on multicast routing with power constraints are refer in the
literatures Propose a solution to optimally distribute the traffic along multiple multicast
trees. However, the solution covers the case when there is only one active source in the
network. In addition, it is assumed that the gradient of an analytical cost function is
available, which is continuously differentiable and strictly convex. These assumptions
may not be reasonable due to the dynamic nature of networks.
Even though they approach the problem under a more general architecture,
practicality of these solutions is limited due to the unrealistic assumption that the
network is lossless as long as the average link rates do not exceed the link capacities.
Moreover, a packet loss is actually much more costly when network coding is employed
since it potentially affects the decoding of a large number of other packets. In addition,
any factor that changes the min-cut max-flow value between a source and a receiver
requires the code to be updated at every node simultaneously, which brings high level
of complexity and coordination.
PROPOSED SYSTEM:
The proposal in this paper presented a distributed optimal routing algorithm to
balance the load along multiple paths for multiple multicast sessions. Our
measurement-based algorithm does not assume the existence of the gradient of an
analytical cost function and is inspired by the unicast routing algorithm based on
Simultaneous Perturbation Stochastic Approximation (SPSA). In addition, we address
the optimal multipath multicast routing problem in a more general framework than
having multiple trees. We consider different network models with different
functionalities.
With this generalized framework, our goal is to examine the benefits observed by the
addition of new capabilities to the network beyond basic operations such as storing and
forwarding. In particular, we will first analyze the traditional network model without any IP
multicasting functionality where multiple paths are established using (application-layer) overlay
nodes. Next, we consider a network model in which multiple trees can be established. Finally,
look at the generalized model by allowing receivers to receive multicast packets at arbitrarily
different rates along a multicast tree. Such an assumption potentially creates a complex
bookkeeping problem since source nodes have to make sure each receiver gets a distinct set of
packets from different trees
REMiT (An algorithm for Refining Energy-Efficient Source-based Multicast Tree) for
building an existing multicast tree into a more energy efficient multicast tree. As a distributed
algorithm, REMiT uses minimum-weight spanning tree (MST) or single-source shortest path tree
(SSSPT) as the initial solution and improves the multicast tree energy efficiency by switching
some tree nodes from their respective parent nodes to new corresponding parent nodes. The
selection of the initial tree is dependent on the energy model.
Modules:
1. Route Discovery:
The first criterion in wireless medium is to discover the available routes and establish
them before transmitting. To understand this better let us look at the example below.
The below architecture consists of 11 nodes in which two being source and destination
others will be used for data transmission. The selection of path for data transmission is
done based on the availability of the nodes in the region using the ad-hoc on demand
distance vector routing algorithm. By using the Ad hoc on Demand Distance Vector
routing protocol, the routes are created on demand, i.e. only when a route is needed
for which there is no “fresh” record in the routing table. In order to facilitate
determination of the freshness of routing information, AODV maintains the time since
when an entry has been last utilized. A routing table entry is “expired” after a certain
predetermined threshold of time. Consider all the nodes to be in the position. Now the
shortest path is to be determined by implementing the Ad hoc on Demand Distance
Vector routing protocol in the wireless simulation environment for periodically sending
the messages to the neighbors and the shortest path.
In the MANET, the nodes are prone to undergo change in their positions. Hence the
source should be continuously tracking their positions. By implementing the AODV
protocol in the simulation scenario it transmits the first part of the video through the
below shown path. After few seconds the nodes move to new positions.
2. Route Maintenance:
The next step is the maintenance of these routes which is equally important. The
source has to continuously monitor the position of the nodes to make sure the data is
being carried through the path to the destination without loss. In any case, if the
position of the nodes change and the source doesn’t make a note of it then the packets
will be lost and eventually have to be resent.
The modified proposed algorithm:
Threshold = 50%; success = 0; cutoff = 10%
A := S;
Repeat
If g(A) >= threshold then
B := A;
Let A be neighbor of B that minimizes
pc(B,A) = power-cost(B,A) + v(s)f‘(A);
Send message to A;
success = 1;
Until A = D (* Destination reached *)
or if success <> 1 then
if threshold > cutoff then
threshold = threshold /2;
or A = B ( * Delivery failed *);
3. Data Transmission:
The path selection, maintenance and data transmission are consecutive process which happen
in split seconds in real-time transmission. Hence the paths allocated priory is used for data
transmission. The first path allocated previously is now used for data transmission. The data is
transferred through the highlighted path. The second path selected is now used for data
transmission. The data is transferred through the highlighted path. The third path selected is
used for data transmission. The data is transferred through the highlighted path.
Our main objective is to construct a minimum-energy multicast tree rooted at the source node.
We explore the following two problems related to energy-efficient multicasting in WANETs using
a source-based multicast tree wireless multicast and the concept of wireless multicast
advantage. Because the problem of constructing the optimal energy-efficient
broadcast/multicast tree is NP-hard, several heuristic algorithms for building a source-based
energy-efficient broadcast/multicast tree have been developed recently. Wieselthier et al.
presented BIP/MIP algorithm which is a centralized source-based broadcast/ multicast tree
building centralized algorithm
System Configuration
H/W System Configuration
Processor - Pentium –III
Speed - 1.1 GHz
Hard Disk - 20 GB
Monitor - SVGA
Software Requirements:-
O/S : WIN2000/XP