Professional Documents
Culture Documents
A7
A7
A7
A PROJECT REPORT
Submitted by
AJITHKUMAR P - (AC20UCS009)
BHUANESH KUMAR T - (AC20UCS018)
ESSAKKIAPPAN R - (AC20UCS030)
BACHELOR OF ENGINEERING
in
A PROJECT REPORT
Submitted by
AJITHKUMAR P - (AC20UCS009)
BHUANESH KUMAR T - (AC20UCS018)
ESSAKKIAPPAN R - (AC20UCS030)
BACHELOR OF ENGINEERING
in
BONAFIDE CERTIFICATE
SIGNATURE SIGNATURE
It is one of the most efficient tasks in life to choose the appropriate words to
express one’s gratitude to the beneficiaries. We are very much grateful to God
who helped us all the way through the project and how moulded us into what we
are today.
We also extent our thanks to Project Coordinator and all Staff Members for their
support in complete this project successfully.
Finally, we would like to thank to our parents, without their motivational and
support would not have been possible for us to complete this project successfully.
ABSTRACT
The increasing popularity of cloud storage for large datasets is driven by its
convenience, scalability, and cost-effectiveness. However, persistent concerns
regarding the security and privacy of cloud-stored data have led to the common
practice of encrypting data before uploading. Yet, searching over encrypted data,
particularly with multiple keywords, poses challenges. Existing ranked keyword
search schemes often prioritize efficiency or functionality at the expense of both
efficient access control and rigorous security analysis, resulting in a notable gap.
To address this, the Multi-keyword Ranked Search scheme with Fine-grained
access control (MRSF) is introduced, aiming to offer efficient, privacy-preserving
search capabilities with robust access control. This project proposes a practical
multi-keyword ranked search with access control for encrypted cloud data,
employing symmetric and asymmetric encryption, index-based search
mechanisms, and attribute-based encryption for access control. Experimental
evaluations affirm its effectiveness, making MRSF a viable solution for secure
and private multi-keyword searches over encrypted cloud data.
TABLE OF CONTENTS
ABSTRACT iii
LIST OF FIGURES iv
1. INTRODUCTION 1
1.1. OVERVIEW 1
1.2. OBJECTIVES 2
2. LITERATURE SURVEY 3
3. SYSTEM ANALYSIS 6
4. SYSTEM REQUIREMENTS 17
5. IMPLEMENTATION 18
6.1 CONCLUTION 36
APPENDICES 37
SOURCE CODE 37
REFERENCES 49
LIST OF FIGURES
INTRODUCTION
1.1. OVERVIEW
The project on "Practical Multi-Keyword Ranked Search with Access Control over
Encrypted Cloud Data" addresses the challenge of securely retrieving and managing encrypted
data in cloud environments with a focus on efficient keyword-based search capabilities and
fine-grained access control. The research aims to develop cryptographic techniques and secure
indexing methods that enable users to perform multi-keyword searches on encrypted data
stored in the cloud while ensuring that only authorized users can access specific encrypted
documents or data segments.
To achieve this, the project explores the use of symmetric and public-key encryption
for data confidentiality and secure sharing, alongside secure indexing mechanisms that allow
for efficient keyword-based searches without exposing the underlying encrypted data. This
involves developing encrypted inverted indexes or employing searchable encryption schemes
that support efficient search operations while preserving data privacy.
The key contributions of this research include enhancing the security and privacy of
cloud-stored data by enabling practical and efficient keyword-based searches over encrypted
content and implementing robust access control mechanisms to protect against unauthorized
access. By leveraging secure cryptographic methods and innovative indexing techniques, this
project aims to provide scalable and real-world applicable solutions for secure data retrieval
and management in cloud environments while addressing critical challenges related to data
confidentiality, searchability, and access control.
1
1.2. OBJECTIVE
Ensure Scalability and Efficiency: Design practical solutions that are scalable and efficient
for real-world cloud environments, considering factors like search performance, encryption
overhead, and access control management.
Enhance Cloud Data Security: Enhance overall security and privacy of cloud-stored data by
addressing challenges related to data confidentiality, searchability, and access control using
innovative cryptographic techniques and secure indexing methods.
Provide Real-World Applicability: Develop solutions that can be easily integrated into
existing cloud infrastructures and applications, ensuring practical usability and applicability in
diverse cloud computing environments.
Support Complex Access Policies: Enable the enforcement of complex access control policies
based on user attributes, roles, or other contextual factors to ensure granular control over data
access.
2
CHAPTER 2
LITERATURE SURVEY
1] This literature survey addresses that the cloud computing becomes prevalent, sensitive
information are being increasingly centralized into the cloud. For the protection of data privacy,
sensitive data has to be encrypted before outsourcing, which makes effective data utilization a
very challenging task. Although traditional searchable encryption schemes allow users to
securely search over encrypted data through keywords, these techniques support only Boolean
search, without capturing any relevance of data files. This approach suffers from two main
drawbacks when directly applied in the context of Cloud Computing. On the one hand, users,
who do not necessarily have pre-knowledge of the encrypted cloud data, have to postprocess
every retrieved file in order to find ones most matching their interest; On the other hand,
invariably retrieving all files containing the queried keyword further incurs unnecessary
network traffic, which is absolutely undesirable in today’s pay-as-you-use cloud paradigm. In
this paper, for the first time we define and solve the problem of effective yet secure ranked
keyword search over encrypted cloud data. Ranked search greatly enhances system usability
by returning the matching files in a ranked order regarding to certain relevance criteria (e.g.,
keyword frequency), thus making one step closer towards practical deployment of privacy-
preserving data hosting services in Cloud Computing. We first give a straightforward yet ideal
construction of ranked keyword search under the state-of-the-art searchable symmetric
encryption (SSE) security definition, and demonstrate its inefficiency. To achieve more
practical performance, we then propose a definition for ranked searchable symmetric
encryption, and give an efficient design by properly utilizing the existing cryptographic
primitive, order-preserving symmetric encryption (OPSE). Thorough analysis shows that our
proposed solution enjoys “as-strong-as possible” security guarantee compared to previous SSE
schemes, while correctly realizing the goal of ranked keyword search. Extensive experimental
results demonstrate the efficiency of the proposed solution.
2] This literature survey addresses that with the increasing popularity of cloud computing, a
growing data owners are motivated to outsource their huge data to cloud servers in order to
facilitate access and save data management cost. To protect user privacy and data security,
sensitive data should be encrypted before outsourced to the cloud server, which obsoletes data
utilization like efficient search over encrypted data. In this paper, we present a privacy-
preserving conjunctive keyword search scheme over encrypted cloud data, which
3
simultaneously supports dynamic update operations. Specifically, we construct an index
structure based on Multi-Attribute Tree (MAT) and present an efficient search algorithm over
the index tree, named as the search MAT algorithm. We propose a multi-attribute conjunctive
keyword search scheme based on MAT, named as the MCKS-MAT scheme, which can achieve
equality conjunction, subset conjunction and range conjunction, as well as satisfy privacy
requirements under the known background attack model. In addition, this paper is accompanied
by an adequate of experiments for evaluating the effectiveness of the proposed scheme.
Experiments demonstrate that, compared to the linear search, the proposed scheme needs the
slightly higher preprocessing cost on account of constructing the tree-based index, however, it
achieves lower computational overhead in initialization, trapdoor generation and queries.
3] This literature survey addresses that the advent of cloud computing, data owners are
motivated to outsource their complex data management systems from local sites to the
commercial public cloud for great flexibility and economic savings. But for protecting data
privacy, sensitive data have to be encrypted before outsourcing, which obsoletes traditional
data utilization based on plaintext keyword search. Thus, enabling an encrypted cloud data
search service is of paramount importance. Considering the large number of data users and
documents in the cloud, it is necessary to allow multiple keywords in the search request and
return documents in the order of their relevance to these keywords. Related works on
searchable encryption focus on single keyword search or Boolean keyword search, and rarely
sort the search results. In this paper, for the first time, we define and solve the challenging
problem of privacy-preserving multi-keyword ranked search over encrypted data in cloud
computing (MRSE). We establish a set of strict privacy requirements for such a secure cloud
data utilization system. Among various multi-keyword semantics, we choose the efficient
similarity measure of "coordinate matching," i.e., as many matches as possible, to capture the
relevance of data documents to the search query. We further use "inner product similarity" to
quantitatively evaluate such similarity measure. We first propose a basic idea for the MRSE
based on secure inner product computation, and then give two significantly improved MRSE
schemes to achieve various stringent privacy requirements in two different threat models. To
improve search experience of the data search service, we further extend these two schemes to
support more search semantics. Thorough analysis investigating privacy and efficiency
guarantees of proposed schemes is given. Experiments on the real-world data set further show
proposed schemes indeed introduce low overhead on computation and communication.
4
4] This literature survey addresses that it is desirable to store data on data storage servers
such as mail servers and file servers in encrypted form to reduce security and privacy risks.
But this usually implies that one has to sacrifice functionality for security. For example, if a
client wishes to retrieve only documents containing certain words, it was not previously
known how to let the data storage server perform the search and answer the query, without
loss of data confidentiality. We describe our cryptographic schemes for the problem of
searching on encrypted data and provide proofs of security for the resulting crypto systems.
Our techniques have a number of crucial advantages. They are provably secure: they provide
provable secrecy for encryption, in the sense that the untrusted server cannot learn anything
about the plaintext when only given the ciphertext; they provide query isolation for searches,
meaning that the untrusted server cannot learn anything more about the plaintext than the
search result; they provide controlled searching, so that the untrusted server cannot search for
an arbitrary word without the user's authorization; they also support hidden queries, so that
the user may ask the untrusted server to search for a secret word without revealing the word
to the server. The algorithms presented are simple, fast (for a document of length n, the
encryption and search algorithms only need O(n) stream cipher and block cipher operations),
and introduce almost no space and communication overhead, and hence are practical to use
today.
5] This literature survey addresses that we consider the following problem: a user U wants to
store his files in an encrypted form on a remote file server S. Later the user U wants to
efficiently retrieve some of the encrypted files containing (or indexed by) specific keywords,
keeping the keywords themselves secret and not jeopardizing the security of the remotely
stored files. For example, a user may want to store old e-mail messages encrypted on a server
managed by Yahoo or another large vendor, and later retrieve certain messages while travelling
with a mobile device. In this paper, we offer solutions for this problem under well-defined
security requirements. Our schemes are efficient in the sense that no public-key cryptosystem
is involved. Indeed, our approach is independent of the encryption method chosen for the
remote files. They are also incremental, in that you can submit new files which are secure
against previous queries but still searchable against future queries.
5
CHAPTER 3
SYSTEM ANALYSIS
Ge et al. proposed a keyword search scheme that incorporates symmetric-key based verification
using an innovative technique called Accumulative Authentication Tag (AAT). The primary
focus of this scheme is to ensure the correctness of search results without requiring complex
verification operations. By leveraging symmetric-key cryptography, the scheme simplifies the
process of verifying retrieved data, enhancing efficiency and reducing computational overhead.
However, one limitation is the lack of support for ranked search functionality, which may be
essential for prioritizing and presenting search results based on relevance.
6
4.Li et al.'s Secure Ranked Keyword Search over Encrypted Cloud Data
Li et al. proposed a secure scheme for ranked keyword search over encrypted cloud data,
leveraging homomorphic encryption and secure indexing techniques. This approach enables
users to efficiently retrieve ranked search results without revealing sensitive data to the cloud
service provider. By combining homomorphic encryption for computation on encrypted data
and secure indexing for efficient retrieval, the scheme offers practical solutions for privacy-
preserving search operations in cloud environments.
5.Wang et al.'s Efficient Multi-Keyword Ranked Search over Encrypted Cloud Data
Wang et al. introduced an efficient method for multi-keyword ranked search over encrypted
cloud data, emphasizing secure indexing and relevance scoring mechanisms. This approach
aims to optimize search performance while maintaining data confidentiality and privacy. By
leveraging secure indexing structures and relevance scoring algorithms, the scheme enables
users to retrieve relevant search results efficiently without compromising the security of their
encrypted data.
Cao et al. proposed a scheme for conjunctive keyword search over encrypted data, allowing
users to search for documents containing multiple keywords while preserving data
confidentiality. This approach supports efficient query processing and result retrieval by
leveraging secure index structures and cryptographic techniques.
Chang et al. introduced an attribute-based keyword search scheme that enables users to search
for encrypted data based on specific attributes or access policies. This approach combines
attribute-based encryption (ABE) with keyword search capabilities, allowing fine-grained
access control and secure information retrieval in cloud environments.
Liu et al. developed an efficient multi-user keyword search scheme that allows multiple
authorized users to collaboratively search and retrieve encrypted data based on shared
keywords. This approach emphasizes secure communication protocols and access control
mechanisms to protect against unauthorized data access and leakage.
7
3.2 PROPOSED SYSTEM
The MRSF scheme aims to provide an efficient and privacy-preserving multi-keyword ranked
search service over encrypted cloud data. By encrypting data and implementing secure search
techniques, MRSF ensures that user queries and search results remain confidential while
enabling accurate and user-friendly information retrieval.
MRSF implements a fine-grained access control mechanism based on user roles defined as
roots of corresponding polynomials. Data owners create access policies by constructing
polynomials and distributing polynomial roots as roles to specified data users. This lightweight
access control mechanism extends indexes and query vectors to enforce data access policies
efficiently.
The access control mechanism in MRSF verifies user roles to enforce data access policies.
Users' roles are derived from polynomial roots, and access decisions are made based on the
validity of these roles. This RBAC approach ensures that only authorized users with valid roles
can access specific encrypted data stored in the cloud.
MRSF leverages the securing techniques to prevent privacy leakage from indexes and query
submissions to the cloud. Adaptations to the classic technique include vector extensions,
pseudorandom permutation functions, and appended random values to enhance query privacy
and prevent information leakage.
5.Experimental Validation:
Extensive experiments are conducted to evaluate and validate the performance of MRSF. These
experiments focus on assessing the time cost of access control operations, exploring the impact
of randomness on search accuracy, and measuring the efficiency and effectiveness of privacy-
preserving techniques employed in the scheme.
8
3.3. PROPOSED SOLUTION
Data owners encrypt their sensitive data using secure encryption techniques (e.g., AES) before
storing it in the cloud. This ensures that data remains confidential and protected against
unauthorized access.
Data owners define fine-grained access control policies by constructing polynomials based on
specified requirements. Each polynomial represents an access policy, and its roots serve as
roles for authorized users.
Users are assigned roles (roots of polynomials) that correspond to specific access policies
defined by data owners. Access control decisions are made based on the validity of a user's role
when accessing encrypted data in the cloud.
Symmetric Encryption
Implements fine-grained access control based on polynomial roots (roles) assigned to users.
Experimental Setup
9
3.4. IDEATION & BRAINSTROMING
Project Overview
The MRSF project focuses on developing an efficient and privacy-preserving solution for
multi-keyword ranked search with fine-grained access control over encrypted cloud data. The
primary objective is to enable users to securely search and retrieve encrypted data from the
cloud based on multiple keywords while enforcing granular access control policies.
10
3.5 PROBLEM SOLUTION FIT
Purpose
Implement robust encryption techniques to ensure the confidentiality and integrity of sensitive
data stored in the cloud.
Develop a system that supports multi-keyword ranked search capabilities to improve the
accuracy and relevance of search results.
Implement efficient search algorithms that operate directly on encrypted data, ensuring both
privacy and performance.
Establish fine-grained access control mechanisms based on user roles derived from polynomial
roots.
Enable data owners to define detailed access policies and enforce role-based access control
(RBAC) to ensure that only authorized users can access specific encrypted data.
11
Validate Performance and Feasibility:
Contribute new methodologies and techniques to advance the state-of-the-art in secure data
storage, retrieval, and access control in cloud computing.
Provide insights and findings that can inform future research and development efforts in
the field of cloud security and privacy.
12
3.6 ARCHITECTURE DESIGN
The system architecture for the Multi-keyword Ranked Search with Fine-grained Access
Control over Encrypted Cloud Data (MRSF) project is designed to enable secure and efficient
data retrieval while enforcing fine-grained access control policies in cloud environments. The
architecture comprises several key components and modules that work together to ensure data
privacy, integrity, and controlled access. At the core of the system architecture is the Data
Owner, responsible for encrypting sensitive data using strong cryptographic algorithms before
uploading it to the Cloud Storage Provider. The Data Owner also defines access control policies
by constructing polynomials and assigning roles (polynomial roots) to authorized users. The
Cloud Storage Provider hosts the encrypted data securely and provides storage and retrieval
services without access to plaintext information. The system includes essential components
such as the Encryption Module, which handles data encryption, and the Access Control
Module, which enforces fine-grained access control based on defined roles. The Search Module
implements multi-keyword ranked search functionalities using privacy-preserving techniques,
ensuring efficient and accurate keyword searches without exposing plaintext data. Additionally,
the Query Processing Module processes user queries and generates encrypted query vectors for
matching against encrypted document indexes in the cloud.
13
3.7 DESCRIPTION OF MODULES
The "Data Owner & User Registration" module is a crucial component of a system designed to
manage data access and permissions effectively. This module facilitates the registration process
for both data owners and users within the system. For data owners, the module typically allows
them to create accounts, providing necessary information such as their identity details,
organization affiliations, and potentially the types of data they manage or own. This registration
process establishes their credentials within the system and sets the foundation for defining their
data management roles and responsibilities. Similarly, for users seeking access to data managed
by the system, the registration module enables them to create accounts and specify their
credentials. This could include personal information, authentication details, and perhaps their
organizational affiliations or job roles. Overall, the Data Owner & User Registration module
plays a critical role in establishing the identity and access framework of the system, ensuring
that only authorized individuals can interact with the data according to predefined permissions
and security protocols.
Search Token Generation is a module used in information retrieval systems to facilitate efficient
and secure searching across distributed or decentralized databases. This process involves
generating unique tokens or identifiers that represent specific search queries or terms. The
purpose of these tokens is to enable querying without revealing the actual search terms to each
individual database or node in the system, thus preserving privacy and preventing unauthorized
access to sensitive data. The module operates by transforming user queries into tokens using
cryptographic methods such as hashing or encryption. These tokens are then distributed across
the network to relevant databases or nodes. When a database receives a tokenized query, it
compares the token against its own index of data without needing to decode the original query.
This approach minimizes the amount of information shared between nodes, reducing the risk
of data leakage or exposure. Search Token Generation plays a crucial role in scenarios like
federated search or blockchain-based search systems, where privacy, security, and
decentralized data access are paramount concerns. By employing tokens, this module ensures
efficient and secure information retrieval while safeguarding sensitive user data.
14
3. MULTI-KEYWORD RANKED SEARCH
The "File Request & Access" module typically refers to a system or feature within software or
platforms that enables users to request and access specific files or documents. This module
streamlines the process of sharing files securely and efficiently among users or teams within
an organization. In this module, users can generate requests for files they need, specifying
details such as the file type, location, and any relevant metadata. These requests are then routed
to appropriate parties for approval or fulfillment. Once approved, the requested files can be
accessed by authorized users through a centralized platform, ensuring that the right individuals
have access to the right documents at the right time. Key functionalities often include robust
permissions management, version control, and audit trails to maintain security and compliance.
This module enhances collaboration and productivity by eliminating manual file-sharing
processes and providing a transparent, trackable workflow for requesting and accessing files
within a secure environment.
15
5. SECURE SHIELD
Secure Shield is a comprehensive security module designed to protect computer systems from
various cyber threats. This module integrates advanced technologies to safeguard both
individual users and enterprise networks. Its primary features include real-time threat detection,
firewall protection, intrusion prevention, and secure web browsing. Secure Shield employs
sophisticated algorithms to analyze network traffic and identify potential security breaches or
malicious activities. It continuously updates its threat database to stay ahead of emerging
threats and vulnerabilities. One of Secure Shield's key strengths is its user-friendly interface,
making it accessible to non-technical users while still offering powerful security capabilities.
The module can be configured to meet specific security needs, allowing administrators to set
custom rules and policies. Secure Shield also includes robust reporting tools that provide
detailed insights into security events and trends, enabling proactive threat mitigation strategies.
Overall, Secure Shield is an essential component of any cybersecurity strategy, offering
comprehensive protection against a wide range of cyber threats in today's dynamic and
interconnected digital landscape. Its proactive approach helps ensure the integrity and
confidentiality of sensitive data and systems.
6. CODE REVEAL
16
CHAPTER 4
SYSTEM REQUIREMENTS
17
CHAPTER 5
IMPLEMENTATION
5.1 DATA OWNER & USER REGISTRATION
The implementation of data owner and user registration involves setting up a system where
individuals can register either as data owners or users, each with distinct roles and permissions
within a platform. For data owner registration, the process typically involves collecting
information such as name, email, organization, and possibly verifying ownership of data
through authentication methods like domain verification or proof of identity. Data owners
might also need to specify the type of data they possess and agree to terms of use regarding
data handling and privacy. User registration, on the other hand, involves individuals signing up
to access data or services provided by data owners. Users would provide basic information like
name, email, and possibly preferences or areas of interest relevant to the data they intend to
access. The implementation would involve designing registration forms, backend processing
to store user and data owner details securely, and incorporating authentication mechanisms to
ensure privacy and security. Additionally, user registration might involve email verification or
other validation steps to confirm user identities and manage access rights effectively. The entire
process aims to establish a secure and efficient ecosystem for data sharing and access.
The implementation of a search token generation system involves several key steps to ensure
efficient and secure token creation for search functionality. Firstly, define the requirements for
the search token, which typically involves capturing user input or query parameters. Next,
preprocess the input to remove unnecessary characters, normalize the text (e.g., converting to
lowercase), and tokenize the input into individual terms or keywords. For generating search
tokens, employ techniques like n-gram generation to capture sequences of characters or words
for more flexible matching. Additionally, consider stemming or lemmatization to reduce words
to their base forms, enhancing search recall. To implement this, leverage libraries or modules
such as NLTK or spa Cy for natural language processing tasks. These tools provide
functionalities for tokenization, normalization, and linguistic processing. utilize a hashing
algorithm to generate unique tokens representing the search query. Store these tokens alongside
their corresponding search terms in a database or index for efficient retrieval during search
operations.
18
5.3 MULTI-KEYWORD RANKED SEARCH
Implementing a multi-keyword ranked search involves several steps to efficiently retrieve and
rank documents based on relevance to multiple keywords. First, create an inverted index where
each keyword maps to a list of documents containing that keyword. Next, for each keyword
query, retrieve the list of relevant documents from the inverted index. To perform a multi-
keyword ranked search, use a ranking algorithm such as TF-IDF (Term Frequency-Inverse
Document Frequency) or BM25 (Best Matching 25) to score each document based on the
frequency of query keywords within them and their overall importance in the document
collection. Combine scores from individual keywords to compute an overall relevance score
for each document. Sort the documents based on these scores to present the most relevant
documents first. Optimize performance by precomputing and caching intermediate results,
leveraging data structures like heaps for efficient ranking, and utilizing pruning techniques to
limit the search space. Implementing this approach efficiently ensures that users receive ranked
search results that are both accurate and responsive to their multi-keyword queries.
Implementing file request and access functionality involves developing a system where users
can request specific files and gain appropriate access based on their permissions. This can be
achieved through a web-based interface or an application that manages file requests and
permissions. Firstly, users would initiate file requests by specifying the desired files through a
user interface. This request is then submitted to the file management system. The system
verifies the user's credentials and checks their access permissions against the requested files. If
the user is authorized, the system grants access to the requested files; otherwise, access is
denied, and an appropriate notification is sent to the user. The implementation requires a
backend system to handle file access logic, user authentication, and permission checks. This
backend communicates with a database that stores user information, file metadata, and access
permissions. Additionally, a frontend interface allows users to interact with the system, submit
file requests, and receive responses. The frontend and backend components work together to
ensure a seamless file request and access experience while maintaining security and data
integrity.
19
5.5 SECURE SHIELD SYSTEM
20
5.7 SOFTWARE DESCRIPTION
The following software is used for our implementation and explained briefly
1.Netbeans 8.2
NetBeans 8.2 is an integrated development environment (IDE) primarily used for Java
development but supports other programming languages such as PHP, C/C++, and HTML5.
Released by Apache Software Foundation, NetBeans 8.2 provides a comprehensive set of tools
and features to facilitate software development. The IDE offers a user-friendly interface with a
wide range of functionalities tailored to Java developers, including code editors with syntax
highlighting, code completion, and refactoring tools for efficient coding. NetBeans 8.2 also
comes with a powerful debugger that allows developers to debug Java applications seamlessly.
One of the notable features of NetBeans 8.2 is its support for Java EE (Enterprise Edition)
development, enabling developers to create enterprise-level applications using Java
technologies like Servlets, JSP (Java Server Pages), and EJB (Enterprise JavaBeans). The IDE
integrates well with popular application servers like Apache Tomcat and Glass Fish,
simplifying the deployment and testing of Java EE applications.
2.Program Language
Java is a versatile and widely-used programming language known for its platform
independence, robustness, and scalability. Developed by Sun Microsystems (now owned by
Oracle Corporation) in the mid-1990s, Java was designed to be portable across various
platforms and operating systems, making it highly desirable for enterprise applications and web
development. One of Java's key strengths is its "write once, run anywhere" (WORA)
philosophy, enabled by the Java Virtual Machine (JVM), which allows Java programs to
execute on any device or system that supports Java without the need for recompilation. Java is
renowned for its simplicity and readability, featuring a clean and object-oriented syntax that
encourages good programming practices such as modularity and code reusability. It supports
multithreading, allowing developers to create concurrent applications that can efficiently
handle multiple tasks simultaneously. Java's extensive standard library provides pre-built
components for networking, I/O operations, data structures, and more, simplifying common
programming tasks and accelerating development.
21
3.HTML
HTML, or Hypertext Markup Language, is the standard markup language used to create web
pages and web applications. Developed by Tim Berners-Lee in the early 1990s, HTML
provides the structure and content of a web page by using a system of tags and attributes to
define elements such as headings, paragraphs, images, links, and forms. HTML documents are
composed of a series of elements enclosed in angle brackets, with each element representing a
specific component of the page's content. For example, the <p> tag is used to define paragraphs,
<img> for images, <a> for hyperlinks, and <div> for divisions or sections of the page.
Attributes provide additional information about elements, such as the source of an image or the
destination of a hyperlink. HTML documents are typically saved with a .html or .html file
extension and can be viewed in web browsers. Along with CSS (Cascading Style Sheets) and
JavaScript, HTML forms the foundation of modern web development, allowing developers to
create dynamic and interactive websites that are accessible across different
devices and platforms.
4.CSS
CSS, or Cascading Style Sheets, is a style sheet language used to define the presentation and
layout of HTML documents. Developed as a complement to HTML by the World Wide Web
Consortium (W3C), CSS allows developers to control the visual appearance of web pages,
including aspects such as fonts, colors, spacing, and positioning. By separating the content of
a web page from its presentation, CSS enables greater flexibility and consistency in the design
of websites, making it easier to maintain and update styles across multiple pages. CSS operates
on a cascading model, meaning that styles can be applied to elements based on their hierarchy
and specificity, with more specific styles taking precedence over more general ones. Styles can
be defined inline within HTML elements, in internal style sheets within the <style> element of
an HTML document, or in external style sheets linked to HTML documents using the <link>
element. CSS features a wide range of selectors, properties, and values that allow developers
to create diverse and visually appealing layouts, from simple text styling to complex responsive
designs. With the advent of CSS3, the language has evolved to include advanced features such
as animations, transitions, and media queries, further enhancing its capabilities for web design
and development.
22
5.Database
23
5.8 CODE IMPLEMENTATION
Code Snippet:
24
5.8.2 Backend API Development using JAVA
Developing a backend API in Java involves direct utilization of Java Servlets and Java EE
technologies. Developers write servlet classes to handle different HTTP methods (e.g., GET,
POST) and process incoming requests. They manage request parameters, session handling, and
response generation manually, without relying on higher-level abstractions provided by
frameworks. This approach demands a deeper understanding of Java servlets and servlet
containers but allows for fine-grained control over API implementation.
Code Snippet:
25
5.8.3 Access Control Logic Implementation
Implement access control logic within backend to enforce fine-grained access restrictions based
on user roles or permissions. Develop authentication mechanisms using Spring Security to
authenticate and authorize users. Implement role-based access control (RBAC) or custom
authorization logic to validate user permissions before granting access to sensitive data stored.
This component ensures that only authorized users with appropriate privileges can access
encrypted data.
Code Snippet:
26
5.8.4 Search Token generation Implementation
Implement multi-keyword ranked search functionality within the Java-based backend. Utilize
Elasticsearch or a similar search engine library integrated to perform efficient indexed searches
on encrypted data. Develop search algorithms to query encrypted data based on user-provided
keywords and rank search results based on relevance. Integrate the search functionality with
the backend API to enable advanced search capabilities while maintaining data security.
Code Snippet:
27
5.8.5 Multi-Keyword Ranked Search Implementation
Implement multi-keyword ranked search functionality within the Java-based backend. Utilize
Elasticsearch or a similar search engine library integrated to perform efficient indexed searches
on encrypted data. Develop search algorithms to query encrypted data based on user-provided
keywords and rank search results based on relevance. Integrate the search functionality with
the backend API to enable advanced search capabilities while maintaining data security.
Code Snippet:
28
5.8.6 File decryption and retrieval Implementation
File decryption and retrieval involves securely retrieving encrypted files from a storage system,
decrypting them using cryptographic techniques, and making the decrypted content available
for use. The process typically starts by identifying the encrypted file in the storage system, such
as an encrypted file stored. Once the encrypted file is retrieved, a decryption key is used to
decrypt the file's contents. Common encryption algorithms like AES (Advanced Encryption
Standard) with a specific key size are often employed for secure decryption. After decryption,
the original file content is obtained and can be used or further processed as needed by the
application. It's crucial to handle decryption securely, ensuring that the decryption key or
password is kept confidential and access to decrypted data is appropriately controlled to
maintain data confidentiality and integrity.
Code Snippet:.
29
5.9 RESULT
30
31
32
33
34
35
CHAPTER 6
CONCLUTION AND FUTURE ENHANCEMENT
6.1 CONCLUTION
In conclusion, the Multi-keyword Ranked Search with Fine-grained Access Control over
Encrypted Cloud Data (MRSF) project presents a robust solution for addressing critical
challenges in secure data retrieval and access control within cloud environments. The system
architecture enables secure encryption of sensitive data, fine-grained access control based on
polynomial roles, and efficient keyword search capabilities while preserving data privacy and
confidentiality. By leveraging privacy-preserving techniques like MRSF ensures accurate
search results without exposing plaintext information to unauthorized parties. The components
of the MRSF architecture, including the Data Owner, Cloud Storage Provider, and specialized
modules for encryption, access control, and search, work synergistically to create a secure and
efficient data management system in the cloud. The use of secure communication channels
further enhances the integrity and confidentiality of data transactions within the system.
36
APPENDICES
SOURCE CODE
import DBconnection.SQLconnection;
import static com.sun.org.apache.xerces.internal.xinclude.XIncludeHandler.BUFFER_SIZE;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.sql.Blob;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
*
* @author java1
*/
/**
*
* @author Lenovo
*/
public class Download extends HttpServlet {
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
try (PrintWriter out = response.getWriter()) {
/* TODO output your page here. You may use following sample code. */
37
HttpSession user = request.getSession();
String uid = user.getAttribute("duid").toString();
String uname = user.getAttribute("duname").toString();
String umail = user.getAttribute("dumail").toString();
ResultSet rs = st2.executeQuery(" Select * from request where fid ='" + fileid + "' AND
status='Approved' AND dkey='" + dkey + "'");
if (rs.next()) {
ResultSet rs1 = st.executeQuery(" Select * from do_files where id ='" + fileid + "' AND
filename ='" + filename + "' AND dkey='" + dkey + "'");
if (rs1.next()) {
String doid = rs1.getString("doid");
String doname = rs1.getString("doname");
String is = decrypted;
if (i != 0) {
response.sendRedirect("view_requested1.jsp?download_success");
} else {
System.out.println("error while updating information...");
}
} else {
System.out.println("file not found...");
}
} else {
response.sendRedirect("Requested_files.jsp?failed");
38
}
/**
* Handles the HTTP <code>POST</code> method.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}
/**
* Returns a short description of the servlet.
*
* @return a String containing servlet description
*/
@Override
public String getServletInfo() {
return "Short description";
}// </editor-fold>
}
return generated_questions
except OpenAI.error.OpenAIError as e:
# Handle OpenAI API errors
39
app.logger.error("OpenAI API Error: %s", e)
return {"Error generating questions. Please try again."}
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package Networks;
/**
*
* @author Lenovo
*/
import java.util.Properties;
import javax.mail.Message;
import javax.mail.MessagingException;
import javax.mail.PasswordAuthentication;
import javax.mail.Session;
import javax.mail.Transport;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeMessage;
System.out.println("Message" + msg);
try {
Message message = new MimeMessage(session);
message.setFrom(new InternetAddress(name));
message.setRecipients(Message.RecipientType.TO,
InternetAddress.parse(email));
message.setSubject("CLOUD SERVER");
message.setText(""+msg);
Transport.send(message);
System.out.println("Done");
return true;
40
} catch (MessagingException e) {
System.out.println(e);
e.printStackTrace();
return false;
// throw new RuntimeException(e);
}
}
}
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package PMKRS;
/**
*
* @author JAVA-JP
*/
import DBconnection.SQLconnection;
import Networks.DRIVE_Network;
import com.oreilly.servlet.MultipartRequest;
import com.sun.org.apache.xerces.internal.impl.dv.util.Base64;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.io.PrintWriter;
import java.security.SecureRandom;
import java.sql.Connection;
import java.sql.Statement;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Random;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
*
* @author java3
*/
public class data_upload extends HttpServlet {
/**
* Processes requests for both HTTP
* <code>GET</code> and
41
* <code>POST</code> methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
File file;
final String filepath = "D:/";
42
HttpSession user = request.getSession(true);
String doname = user.getAttribute("doname").toString();
String doid = user.getAttribute("doid").toString();
String domail = user.getAttribute("domail").toString();
Statement st = con.createStatement();
System.out.println("Check------------------------------------------------------------------>>>>>");
} else {
response.sendRedirect("Upload_file.jsp?Upload_failed");
System.out.println("Error in SQL Syntex");
}
}
} catch (Exception e) {
out.println(e);
} finally {
out.close();
}
}
43
/**
* Handles the HTTP
* <code>POST</code> method.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}
/**
* Returns a short description of the servlet.
*
* @return a String containing servlet description
*/
@Override
public String getServletInfo() {
return "Short description";
}// </editor-fold>
}
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package PMKRS;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
*
* @author JAVA-JP
*/
public class Cloud extends HttpServlet {
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
44
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
try (PrintWriter out = response.getWriter()) {
/* TODO output your page here. You may use following sample code. */
String name = request.getParameter("name");
String pass = request.getParameter("pass");
System.out.println("=======================================" +name +pass);
if (name.equalsIgnoreCase("cloud") && pass.equalsIgnoreCase("cloud")) {
response.sendRedirect("Cloud_Home.jsp?Success");
} else {
response.sendRedirect("Cloud_login.jsp?Failed");
}
} catch (Exception ex) {
}
}
/**
* Handles the HTTP <code>POST</code> method.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}
/**
* Returns a short description of the servlet.
*
* @return a String containing servlet description
*/
@Override
public String getServletInfo() {
return "Short description";
}// </editor-fold>
45
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package PMKRS;
/**
*
* @author JAVA-JP
*/
import com.sun.org.apache.xerces.internal.impl.dv.util.Base64;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.FileWriter;
import java.util.Scanner;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.swing.JOptionPane;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
System.out.println("secret key:"+sec);
// System.out.println("ciper text:"+byteCipherText);
aesCipher.init(Cipher.DECRYPT_MODE,sec,aesCipher.getParameters());//initiating ciper
decryption
46
System.out.println("Decrypted Text:"+decryptedtext);
}
catch(Exception e)
{
System.out.println(e);
}
return decryptedtext;
}
}
import java.io.File;
import java.io.FileInputStream;
import org.apache.commons.net.ftp.FTPClient;
/**
*
* @author Lenovo
*/
public class DRIVE_Network {
client.connect("ftp.drivehq.com");
client.login("CloudComputing", "publicclouds");
System.out.print("\nLogin Success");
client.enterLocalPassiveMode();
fis = new FileInputStream(file);
status = client.storeFile("/" + file.getName(), fis);
System.out.print("\nUploaded");
} catch (Exception e) {
System.out.println(e);
}
if (status) {
System.out.println("success");
return true;
} else {
System.out.println("failed");
return false;
}
}
47
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package DBconnection;
/**
*
* @author JAVA-JP
*/
import java.sql.Connection;
import java.sql.DriverManager;
/**
*
* @return
*/
public static Connection getconnection() {
try {
Class.forName("com.mysql.jdbc.Driver");
con = DriverManager.getConnection("jdbc:mysql://localhost:3306/pmkrs", "root", "root");
} catch (Exception e) {
}
return con;
}
}
48
REFERENCES
[1] Y. Miao, Q. Tong, R. Deng, K.-K. R. Choo, X. Liu, and H. Li, “Verifiable searchable
encryption framework against insider keyword guessing attack in cloud storage,” IEEE
Transactions on Cloud Computing, 2020.
[2] H. Li, Y. Yang, Y. Dai, S. Yu, and Y. Xiang, “Achieving secure and efficient dynamic
searchable symmetric encryption over medical cloud data,”
IEEE Transactions on Cloud Computing, vol. 8, no. 2, pp. 484–494, 2020.
[3] Z. Guan, X. Liu, L. Wu, J. Wu, R. Xu, J. Zhang, and Y. Li, “Cross-lingual multi-keyword
rank search with semantic extension over encrypted data,” Information Sciences, vol. 514, pp.
523 – 540, 2020.
[Online]. Available: http://www.sciencedirect.com/science/article/pii/S0020025519310588
[4] Y. Miao, R. Deng, K.-K. R. Choo, X. Liu, and H. Li, “Threshold multi-keyword search for
cloud-based group data sharing,” IEEE Transactions on Cloud Computing, 2020.
[5] X. Ge, J. Yu, H. Zhang, C. Hu, Z. Li, Z. Qin, and R. Hao, “Towards achieving keyword
search over dynamic encrypted cloud data with symmetric-key based verification,” IEEE
Transactions on Dependable and Secure computing, 2019.
[6] H. Yin, Z. Qin, J. Zhang, L. Ou, F. Li, and K. Li, “Secure conjunctive multi-keyword ranked
search over encrypted cloud data for multiple data owners,” Future Generation Computer
Systems, vol. 100, pp. 689 – 700, 2019. [Online]. Available:
http://www.sciencedirect.com/science/article/pii/S0167739X17321192
[7] H. Dai, X. Dai, X. Yi, G. Yang, and H. Huang, “Semantic-aware multi-keyword ranked
search scheme over encrypted cloud data,” Journal of Network and Computer Applications,
vol. 147, p. 102442, 2019.
[8] B. Wang, M. Li, and L. Xiong, “Fast geo: Efficient geometric range queries on encrypted
spatial data,” IEEE Transactions on Dependable and Secure Computing, vol. 16, no. 2, pp.
245–258, March 2019.
[9] X. Li, Y. Zhu, J. Wang, and J. Zhang, “Efficient and secure multi-dimensional geometric
range query over encrypted data in cloud,” Journal of Parallel and Distributed Computing, vol.
131, pp. 44 – 54, 2019. [Online]. Available:
http://www.sciencedirect.com/science/article/pii/S0743731518306294
[10] G. Xu, H. Li, Y. Dai, K. Yang, and X. Lin, “Enabling efficient and geometric range query
with access control over encrypted spatial data,” IEEE Transactions on Information Forensics
and Security, vol. 14, no. 4, pp. 870–885, April 2019.
49
[11] Y. Miao, J. Ma, X. Liu, J. Weng, H. Li, and H. Li, “Lightweight fine-grained search over
encrypted data in fog.
[12] Y. H. Hwang and P. J. Lee, “Public key encryption with conjunctive keyword search and
its extension to a multi-user system,” in Proc. Int. Conf. Pairing-Based Cryptography., 2007,
pp. 2–22.
[13] P. Golle, J. Staddon, and B. Waters, “Secure conjunctive keyword search over encrypted
data,” in Proc. Int. Conf. Appl. Cryptography Network Security 2004, pp. 31–45.
[15] D. Boneh and B. Waters, “Conjunctive, subset, and range queries on encrypted data,” in
Proc. Theory Cryptography 2007, pp. 535–554.
[16] Z. Xu, W. Kang, R. Li, K. Yow, and C.-Z. Xu, “Efficient multi keyword ranked query on
encrypted data in the cloud,” in Proc. IEEE 18th Int. Conf. Parallel Distribution Syst., 2012,
pp. 244–251.
[17] Act, Accountability, “Health insurance portability and accountability act of 1996,” Public
Law, vol. 104, pp. 191, 1996.
[18] Z. Yan, X. Li, M. Wang, and A. V. Vasilakos, “Flexible data access control based on trust
and reputation in cloud computing,” IEEE Trans. Cloud Computing vol. 5, no. 3, pp. 485–
498, Third Quarter 2017.
[19] S. Yu, C. Wang, K. Ren, and W. Lou, “Achieving secure, scalable, and fine-grained data
access control in cloud computing,” in Proc. IEEE INFOCOM, 2010, pp. 1–9.
[20] Y. Miao, J. Ma, X. Liu, X. Li, Z. Liu, and H. Li, “Practical attribute based multi-keyword
search scheme in mobile crowdsourcing,” IEEE Internet Things J., vol. 5, no. 4, pp. 3008–
3018, Aug. 2018. multi-keyword search for cloud-based group data sharing,” IEEE Trans.
Cloud Computing to be published, doi: 10.1109/TCC.2020.2999775.
50