Next-Gen Cloud Security: Multi-Keyword Ranked

Search with Fine-Grained Access Control

A PROJECT REPORT
Submitted by

AJITHKUMAR P - (AC20UCS009)
BHUANESH KUMAR T - (AC20UCS018)
ESSAKKIAPPAN R - (AC20UCS030)

in partial fulfilment for the award of the degree

of

BACHELOR OF ENGINEERING

in

COMPUTER SCIENCE AND ENGINEERING

ADHIYAMAAN COLLEGE OF ENGINEERING

(Autonomous)
DR. M.G.R NAGAR, HOSUR-635130

ANNA UNIVERSITY: CHENNAI 600 025

APRIL 2024
 Next-Gen Cloud Security: Multi-Keyword Ranked
Search with Fine-Grained Access Control

A PROJECT REPORT
Submitted by

AJITHKUMAR P - (AC20UCS009)
BHUANESH KUMAR T - (AC20UCS018)
ESSAKKIAPPAN R - (AC20UCS030)

in partial fulfilment for the award of the degree

of

BACHELOR OF ENGINEERING

in

COMPUTER SCIENCE AND ENGINEERING

ADHIYAMAAN COLLEGE OF ENGINEERING

(Autonomous)
DR. M.G.R NAGAR, HOSUR-635130

ANNA UNIVERSITY: CHENNAI 600 025

APRIL 2024
 ANNA UNIVERSITY: CHENNAI 600 025

BONAFIDE CERTIFICATE

Certified that this project report “NEXT-GEN CLOUD SECURITY: MULTI-

KEYWORD RANKED SEARCH WITH FINE GRAINED ACCESS
CONTROL” is the Bonafide work of “AJITHKUMAR P (AC20UCS009),
BHUANESH KUMAR T (AC20UCS018), ESSAKKIAPPAN R
(AC20UCS030)” who carried out the project under my supervision.

SIGNATURE SIGNATURE

Dr . G. FATHIMA, M.E., Ph.D., Mrs. SATHYA PRIYA S R, M. Tech.,

HEAD OF THE DEPARTMENT SUPERVISOR
PROFESSOR, ASSISTANT PROFESSOR,
Department of CSE, Department of CSE,
Adhiyamaan College of Engineering, Adhiyamaan College of Engineering,
(Autonomous), (Autonomous),
Dr . M.G.R. Nagar, Dr . M.G.R. Nagar,
Hosur – 635 103. Hosur – 635 103.

Submitted for the Project VIVA-VOCE Examination held on _________ at

Adhiyamaan College of Engineering (Autonomous), Hosur-635 130.

INTERNAL EXAMINER EXTERNAL EXAMINER

 ACKNOWLEDGEMENT

It is one of the most efficient tasks in life to choose the appropriate words to
express one’s gratitude to the beneficiaries. We are very much grateful to God
who helped us all the way through the project and how moulded us into what we
are today.

We are grateful to our beloved Principal Dr . G. RANGANATH, M.E., Ph.D.,

Adhiyamaan College of Engineering (Autonomous), Hosur for providing the
opportunity to do this work in premises.

We acknowledge our heartful gratitude to Dr . G. FATHIMA, M.E., Ph.D.,

Professor and Head of the Department, Department of Computer Science and
Engineering, Adhiyamaan College of Engineering (Autonomous), Hosur, for her
guidance and valuable suggestions and encouragement throughout this project
and made us to complete this project successfully.

We are highly indebted to Mrs. SATHYA PRIYA S R, M. Tech., Assistant

Professor , Department of Computer Science Engineering, Adhiyamaan College
of Engineering (Autonomous), Hosur whose immense support encouragement
and valuable guidance were responsible to complete the project successfully.

We also extent our thanks to Project Coordinator and all Staff Members for their
support in complete this project successfully.

Finally, we would like to thank to our parents, without their motivational and
support would not have been possible for us to complete this project successfully.
 ABSTRACT

The increasing popularity of cloud storage for large datasets is driven by its
convenience, scalability, and cost-effectiveness. However, persistent concerns
regarding the security and privacy of cloud-stored data have led to the common
practice of encrypting data before uploading. Yet, searching over encrypted data,
particularly with multiple keywords, poses challenges. Existing ranked keyword
search schemes often prioritize efficiency or functionality at the expense of both
efficient access control and rigorous security analysis, resulting in a notable gap.
To address this, the Multi-keyword Ranked Search scheme with Fine-grained
access control (MRSF) is introduced, aiming to offer efficient, privacy-preserving
search capabilities with robust access control. This project proposes a practical
multi-keyword ranked search with access control for encrypted cloud data,
employing symmetric and asymmetric encryption, index-based search
mechanisms, and attribute-based encryption for access control. Experimental
evaluations affirm its effectiveness, making MRSF a viable solution for secure
and private multi-keyword searches over encrypted cloud data.
 TABLE OF CONTENTS

CHAPTER NO. TITLE PAGE NO.

ABSTRACT iii
LIST OF FIGURES iv
1. INTRODUCTION 1
1.1. OVERVIEW 1
1.2. OBJECTIVES 2
2. LITERATURE SURVEY 3
3. SYSTEM ANALYSIS 6

3.1 EXISTING SYSTEM 6

3.2 PROPOSED SYSTEM 8

3.3 PROPOSED SOLUTION 9

3.4 IDEATION & BRAINSTROMING 10

3.5 PROBLEM SOLUTION FIT 11

3.6 ARCHITECTURE DESIGN 13

3.7 DESCRIPTION OF MODULES 14

4. SYSTEM REQUIREMENTS 17

4.1 HARDWARE REQUIREMENTS 17

4.2 SOFTWARE REQUIREMENTS 17

5. IMPLEMENTATION 18

5.1 DATA OWNER & USER REGISTRATION 18

5.2 SEARCH TOKEN GENERATION 18

5.3 MULTI-KEYWORD RANKED SEARCH 19

5.4 FILE REQUEST & ACCESS 19

5.5 SECURE SHIELD SYSTEM 20

5.6 CODE REVEAL 20

5.7 SOFTWARE DESCRIPTION 21

5.8 CODE IMPLEMENTATION 24

 5.9 RESULT 30

6. CONCLUSION AND FUTURE ENHANCEMENT 36

6.1 CONCLUTION 36

6.2 FUTURE SCOPE 36

APPENDICES 37
SOURCE CODE 37

REFERENCES 49
 LIST OF FIGURES

FIGURE NO. FIGURE NAME PAGE NO.

1. BRAINSTORM, IDEA LISTING AND GROUPING 10

2. BLOCK DIAGRAM 13
 CHAPTER 1

INTRODUCTION

1.1. OVERVIEW

The project on "Practical Multi-Keyword Ranked Search with Access Control over
Encrypted Cloud Data" addresses the challenge of securely retrieving and managing encrypted
data in cloud environments with a focus on efficient keyword-based search capabilities and
fine-grained access control. The research aims to develop cryptographic techniques and secure
indexing methods that enable users to perform multi-keyword searches on encrypted data
stored in the cloud while ensuring that only authorized users can access specific encrypted
documents or data segments.

To achieve this, the project explores the use of symmetric and public-key encryption
for data confidentiality and secure sharing, alongside secure indexing mechanisms that allow
for efficient keyword-based searches without exposing the underlying encrypted data. This
involves developing encrypted inverted indexes or employing searchable encryption schemes
that support efficient search operations while preserving data privacy.

The key contributions of this research include enhancing the security and privacy of
cloud-stored data by enabling practical and efficient keyword-based searches over encrypted
content and implementing robust access control mechanisms to protect against unauthorized
access. By leveraging secure cryptographic methods and innovative indexing techniques, this
project aims to provide scalable and real-world applicable solutions for secure data retrieval
and management in cloud environments while addressing critical challenges related to data
confidentiality, searchability, and access control.

1
1.2. OBJECTIVE

The main Objective of the project is

Enable Multi-Keyword Search: Develop techniques to perform efficient keyword-based

searches on encrypted data stored in the cloud, allowing users to retrieve relevant information
without exposing the underlying plaintext data.

Maintain Data Confidentiality: Implement cryptographic methods such as symmetric

encryption and public-key encryption to ensure the confidentiality and integrity of encrypted
data during storage and retrieval processes.

Implement Fine-Grained Access Control: Utilize attribute-based encryption (ABE) or key

policy attribute-based encryption (KP-ABE) to enforce fine-grained access control policies,
allowing only authorized users with specific attributes or permissions to access encrypted
documents or data segments.

Preserve Searchable Encryption: Develop secure indexing mechanisms, such as encrypted

inverted indexes or searchable encryption schemes, that enable efficient keyword-based
searches over encrypted data while preserving data privacy and security.

Ensure Scalability and Efficiency: Design practical solutions that are scalable and efficient
for real-world cloud environments, considering factors like search performance, encryption
overhead, and access control management.

Enhance Cloud Data Security: Enhance overall security and privacy of cloud-stored data by
addressing challenges related to data confidentiality, searchability, and access control using
innovative cryptographic techniques and secure indexing methods.

Provide Real-World Applicability: Develop solutions that can be easily integrated into
existing cloud infrastructures and applications, ensuring practical usability and applicability in
diverse cloud computing environments.

Enhance User Privacy: Implement techniques to enhance user privacy by minimizing

exposure of sensitive information during keyword-based searches on encrypted data.

Support Complex Access Policies: Enable the enforcement of complex access control policies
based on user attributes, roles, or other contextual factors to ensure granular control over data
access.

2
 CHAPTER 2

LITERATURE SURVEY

1] This literature survey addresses that the cloud computing becomes prevalent, sensitive
information are being increasingly centralized into the cloud. For the protection of data privacy,
sensitive data has to be encrypted before outsourcing, which makes effective data utilization a
very challenging task. Although traditional searchable encryption schemes allow users to
securely search over encrypted data through keywords, these techniques support only Boolean
search, without capturing any relevance of data files. This approach suffers from two main
drawbacks when directly applied in the context of Cloud Computing. On the one hand, users,
who do not necessarily have pre-knowledge of the encrypted cloud data, have to postprocess
every retrieved file in order to find ones most matching their interest; On the other hand,
invariably retrieving all files containing the queried keyword further incurs unnecessary
network traffic, which is absolutely undesirable in today’s pay-as-you-use cloud paradigm. In
this paper, for the first time we define and solve the problem of effective yet secure ranked
keyword search over encrypted cloud data. Ranked search greatly enhances system usability
by returning the matching files in a ranked order regarding to certain relevance criteria (e.g.,
keyword frequency), thus making one step closer towards practical deployment of privacy-
preserving data hosting services in Cloud Computing. We first give a straightforward yet ideal
construction of ranked keyword search under the state-of-the-art searchable symmetric
encryption (SSE) security definition, and demonstrate its inefficiency. To achieve more
practical performance, we then propose a definition for ranked searchable symmetric
encryption, and give an efficient design by properly utilizing the existing cryptographic
primitive, order-preserving symmetric encryption (OPSE). Thorough analysis shows that our
proposed solution enjoys “as-strong-as possible” security guarantee compared to previous SSE
schemes, while correctly realizing the goal of ranked keyword search. Extensive experimental
results demonstrate the efficiency of the proposed solution.

2] This literature survey addresses that with the increasing popularity of cloud computing, a
growing data owners are motivated to outsource their huge data to cloud servers in order to
facilitate access and save data management cost. To protect user privacy and data security,
sensitive data should be encrypted before outsourced to the cloud server, which obsoletes data
utilization like efficient search over encrypted data. In this paper, we present a privacy-
preserving conjunctive keyword search scheme over encrypted cloud data, which

3
simultaneously supports dynamic update operations. Specifically, we construct an index
structure based on Multi-Attribute Tree (MAT) and present an efficient search algorithm over
the index tree, named as the search MAT algorithm. We propose a multi-attribute conjunctive
keyword search scheme based on MAT, named as the MCKS-MAT scheme, which can achieve
equality conjunction, subset conjunction and range conjunction, as well as satisfy privacy
requirements under the known background attack model. In addition, this paper is accompanied
by an adequate of experiments for evaluating the effectiveness of the proposed scheme.
Experiments demonstrate that, compared to the linear search, the proposed scheme needs the
slightly higher preprocessing cost on account of constructing the tree-based index, however, it
achieves lower computational overhead in initialization, trapdoor generation and queries.

3] This literature survey addresses that the advent of cloud computing, data owners are
motivated to outsource their complex data management systems from local sites to the
commercial public cloud for great flexibility and economic savings. But for protecting data
privacy, sensitive data have to be encrypted before outsourcing, which obsoletes traditional
data utilization based on plaintext keyword search. Thus, enabling an encrypted cloud data
search service is of paramount importance. Considering the large number of data users and
documents in the cloud, it is necessary to allow multiple keywords in the search request and
return documents in the order of their relevance to these keywords. Related works on
searchable encryption focus on single keyword search or Boolean keyword search, and rarely
sort the search results. In this paper, for the first time, we define and solve the challenging
problem of privacy-preserving multi-keyword ranked search over encrypted data in cloud
computing (MRSE). We establish a set of strict privacy requirements for such a secure cloud
data utilization system. Among various multi-keyword semantics, we choose the efficient
similarity measure of "coordinate matching," i.e., as many matches as possible, to capture the
relevance of data documents to the search query. We further use "inner product similarity" to
quantitatively evaluate such similarity measure. We first propose a basic idea for the MRSE
based on secure inner product computation, and then give two significantly improved MRSE
schemes to achieve various stringent privacy requirements in two different threat models. To
improve search experience of the data search service, we further extend these two schemes to
support more search semantics. Thorough analysis investigating privacy and efficiency
guarantees of proposed schemes is given. Experiments on the real-world data set further show
proposed schemes indeed introduce low overhead on computation and communication.

4
4] This literature survey addresses that it is desirable to store data on data storage servers
such as mail servers and file servers in encrypted form to reduce security and privacy risks.
But this usually implies that one has to sacrifice functionality for security. For example, if a
client wishes to retrieve only documents containing certain words, it was not previously
known how to let the data storage server perform the search and answer the query, without
loss of data confidentiality. We describe our cryptographic schemes for the problem of
searching on encrypted data and provide proofs of security for the resulting crypto systems.
Our techniques have a number of crucial advantages. They are provably secure: they provide
provable secrecy for encryption, in the sense that the untrusted server cannot learn anything
about the plaintext when only given the ciphertext; they provide query isolation for searches,
meaning that the untrusted server cannot learn anything more about the plaintext than the
search result; they provide controlled searching, so that the untrusted server cannot search for
an arbitrary word without the user's authorization; they also support hidden queries, so that
the user may ask the untrusted server to search for a secret word without revealing the word
to the server. The algorithms presented are simple, fast (for a document of length n, the
encryption and search algorithms only need O(n) stream cipher and block cipher operations),
and introduce almost no space and communication overhead, and hence are practical to use
today.
5] This literature survey addresses that we consider the following problem: a user U wants to
store his files in an encrypted form on a remote file server S. Later the user U wants to
efficiently retrieve some of the encrypted files containing (or indexed by) specific keywords,
keeping the keywords themselves secret and not jeopardizing the security of the remotely
stored files. For example, a user may want to store old e-mail messages encrypted on a server
managed by Yahoo or another large vendor, and later retrieve certain messages while travelling
with a mobile device. In this paper, we offer solutions for this problem under well-defined
security requirements. Our schemes are efficient in the sense that no public-key cryptosystem
is involved. Indeed, our approach is independent of the encryption method chosen for the
remote files. They are also incremental, in that you can submit new files which are secure
against previous queries but still searchable against future queries.

5
 CHAPTER 3
SYSTEM ANALYSIS

3.1 EXISTING SYSTEM

1. Ge et al.'s Symmetric-Key Based Verification Scheme

Ge et al. proposed a keyword search scheme that incorporates symmetric-key based verification
using an innovative technique called Accumulative Authentication Tag (AAT). The primary
focus of this scheme is to ensure the correctness of search results without requiring complex
verification operations. By leveraging symmetric-key cryptography, the scheme simplifies the
process of verifying retrieved data, enhancing efficiency and reducing computational overhead.
However, one limitation is the lack of support for ranked search functionality, which may be
essential for prioritizing and presenting search results based on relevance.

2.Sun et al.'s Privacy-Preserving Multi-Keyword Text Search (BMTS)

Sun et al. introduced BMTS, a privacy-preserving scheme designed to support multi-keyword

text search with similarity-based ranking and result verification capabilities. BMTS utilizes
advanced techniques such as TF-IDF (Term Frequency-Inverse Document Frequency) to
evaluate keyword weights and cosine similarity measures to assess result relevance. This
approach enhances search accuracy by considering semantic similarity between keywords and
documents. However, the scheme's complexity and computational requirements may pose
challenges in scalability, particularly when applied to large-scale cloud data environments.

3.Miao et al.'s Verifiable Searchable Encryption (SE) Framework

Miao et al. developed a framework aimed at defending against insider Keyword-Guessing

Attacks (KGA) by extending public auditing techniques to searchable encryption (SE)
schemes. The enhanced SE framework supports multi-keyword search, multikey encryption,
and dynamic update capabilities, enabling efficient and secure retrieval of encrypted data while
ensuring data integrity and access control. Despite these advancements, the framework may
still be vulnerable to known-plaintext attacks (KPA) and other security threats, highlighting the
ongoing need for robust encryption techniques and security measures.

6
4.Li et al.'s Secure Ranked Keyword Search over Encrypted Cloud Data

Li et al. proposed a secure scheme for ranked keyword search over encrypted cloud data,
leveraging homomorphic encryption and secure indexing techniques. This approach enables
users to efficiently retrieve ranked search results without revealing sensitive data to the cloud
service provider. By combining homomorphic encryption for computation on encrypted data
and secure indexing for efficient retrieval, the scheme offers practical solutions for privacy-
preserving search operations in cloud environments.

5.Wang et al.'s Efficient Multi-Keyword Ranked Search over Encrypted Cloud Data

Wang et al. introduced an efficient method for multi-keyword ranked search over encrypted
cloud data, emphasizing secure indexing and relevance scoring mechanisms. This approach
aims to optimize search performance while maintaining data confidentiality and privacy. By
leveraging secure indexing structures and relevance scoring algorithms, the scheme enables
users to retrieve relevant search results efficiently without compromising the security of their
encrypted data.

6.Cao et al.'s Conjunctive Keyword Search Over Encrypted Data (CKSE)

Cao et al. proposed a scheme for conjunctive keyword search over encrypted data, allowing
users to search for documents containing multiple keywords while preserving data
confidentiality. This approach supports efficient query processing and result retrieval by
leveraging secure index structures and cryptographic techniques.

7.Chang et al.'s Attribute-Based Keyword Search (ABKS)

Chang et al. introduced an attribute-based keyword search scheme that enables users to search
for encrypted data based on specific attributes or access policies. This approach combines
attribute-based encryption (ABE) with keyword search capabilities, allowing fine-grained
access control and secure information retrieval in cloud environments.

8.Liu et al.'s Efficient Multi-User Keyword Search Scheme (EMUKS)

Liu et al. developed an efficient multi-user keyword search scheme that allows multiple
authorized users to collaboratively search and retrieve encrypted data based on shared
keywords. This approach emphasizes secure communication protocols and access control
mechanisms to protect against unauthorized data access and leakage.

7
3.2 PROPOSED SYSTEM

1.Efficient and Privacy-Preserving Search Service:

The MRSF scheme aims to provide an efficient and privacy-preserving multi-keyword ranked
search service over encrypted cloud data. By encrypting data and implementing secure search
techniques, MRSF ensures that user queries and search results remain confidential while
enabling accurate and user-friendly information retrieval.

2.Fine-Grained Access Control Mechanism:

MRSF implements a fine-grained access control mechanism based on user roles defined as
roots of corresponding polynomials. Data owners create access policies by constructing
polynomials and distributing polynomial roots as roles to specified data users. This lightweight
access control mechanism extends indexes and query vectors to enforce data access policies
efficiently.

3.Role-Based Access Control (RBAC) Implementation:

The access control mechanism in MRSF verifies user roles to enforce data access policies.
Users' roles are derived from polynomial roots, and access decisions are made based on the
validity of these roles. This RBAC approach ensures that only authorized users with valid roles
can access specific encrypted data stored in the cloud.

4.Secure Technique for Privacy Preservation:

MRSF leverages the securing techniques to prevent privacy leakage from indexes and query
submissions to the cloud. Adaptations to the classic technique include vector extensions,
pseudorandom permutation functions, and appended random values to enhance query privacy
and prevent information leakage.

5.Experimental Validation:

Extensive experiments are conducted to evaluate and validate the performance of MRSF. These
experiments focus on assessing the time cost of access control operations, exploring the impact
of randomness on search accuracy, and measuring the efficiency and effectiveness of privacy-
preserving techniques employed in the scheme.

8
3.3. PROPOSED SOLUTION

Encryption of Cloud Data

Data owners encrypt their sensitive data using secure encryption techniques (e.g., AES) before
storing it in the cloud. This ensures that data remains confidential and protected against
unauthorized access.

Fine-Grained Access Control Policy Creation

Data owners define fine-grained access control policies by constructing polynomials based on
specified requirements. Each polynomial represents an access policy, and its roots serve as
roles for authorized users.

Role-Based Access Control (RBAC) Implementation

Users are assigned roles (roots of polynomials) that correspond to specific access policies
defined by data owners. Access control decisions are made based on the validity of a user's role
when accessing encrypted data in the cloud.

Symmetric Encryption

Used for encrypting sensitive data before storing it in the cloud.

Role-Based Access Control (RBAC)

Implements fine-grained access control based on polynomial roots (roles) assigned to users.

Vector Extensions and Pseudorandom Permutations

Enhances query privacy by manipulating query vectors and applying pseudorandom

permutation functions.

Experimental Setup

Includes comprehensive experiments to validate the proposed scheme's performance,

efficiency, and effectiveness in real-world cloud environments.

9
3.4. IDEATION & BRAINSTROMING

Ideation is often closely related to the practice of brainstorming, a specific technique

that is utilized to generate new ideas. A principal difference between ideation and brainstorming
is that ideation is commonly more thought of as being an individual pursuit, while
brainstorming is almost always a group activity.

Figure 2: Brainstorm, Idea Listing and Grouping

Project Overview

The MRSF project focuses on developing an efficient and privacy-preserving solution for
multi-keyword ranked search with fine-grained access control over encrypted cloud data. The
primary objective is to enable users to securely search and retrieve encrypted data from the
cloud based on multiple keywords while enforcing granular access control policies.

10
3.5 PROBLEM SOLUTION FIT

Purpose

• Enhance data privacy and security through robust encryption techniques.

• Enable privacy-preserving keyword search on encrypted cloud data.
• Implement multi-keyword ranked search for accurate and relevant search
results.
• Establish fine-grained access control based on user roles derived from
polynomial roots.
• Validate performance and feasibility through comprehensive experimental
validations.
• Contribute to advancements in cloud security and privacy practices.
• Design a user-friendly and scalable system suitable for deployment in large-
scale cloud environments.

Enhance Data Privacy and Security:

Implement robust encryption techniques to ensure the confidentiality and integrity of sensitive
data stored in the cloud.

Enable privacy-preserving keyword search mechanisms to allow users to retrieve information

without exposing plaintext data to unauthorized parties or service providers.

Enable Efficient and Accurate Search:

Develop a system that supports multi-keyword ranked search capabilities to improve the
accuracy and relevance of search results.

Implement efficient search algorithms that operate directly on encrypted data, ensuring both
privacy and performance.

Provide Fine-grained Access Control:

Establish fine-grained access control mechanisms based on user roles derived from polynomial
roots.

Enable data owners to define detailed access policies and enforce role-based access control
(RBAC) to ensure that only authorized users can access specific encrypted data.

11
Validate Performance and Feasibility:

Conduct comprehensive experimental validations to assess the performance, efficiency, and

effectiveness of the proposed solution.

Evaluate the feasibility of integrating privacy-preserving techniques with secure search

algorithms in real-world cloud environments.

Contribute to Advancements in Cloud Security:

Contribute new methodologies and techniques to advance the state-of-the-art in secure data
storage, retrieval, and access control in cloud computing.

Provide insights and findings that can inform future research and development efforts in
the field of cloud security and privacy.

Facilitate Usable and Practical Solutions:

Design a user-friendly system that is practical and scalable for deployment in large-scale
cloud environments.
Ensure that the proposed solution meets usability requirements while maintaining high
standards of security and privacy.

Improved Search Efficiency and Accuracy:

By implementing efficient search algorithms on encrypted data, MRSF enables accurate

and efficient keyword searches while maintaining data confidentiality.

Granular Access Control:

MRSF offers fine-grained access control based on user roles, empowering data owners to
define and enforce precise access policies to encrypted cloud data.

12
3.6 ARCHITECTURE DESIGN

Figure 3: Block Diagram

The system architecture for the Multi-keyword Ranked Search with Fine-grained Access
Control over Encrypted Cloud Data (MRSF) project is designed to enable secure and efficient
data retrieval while enforcing fine-grained access control policies in cloud environments. The
architecture comprises several key components and modules that work together to ensure data
privacy, integrity, and controlled access. At the core of the system architecture is the Data
Owner, responsible for encrypting sensitive data using strong cryptographic algorithms before
uploading it to the Cloud Storage Provider. The Data Owner also defines access control policies
by constructing polynomials and assigning roles (polynomial roots) to authorized users. The
Cloud Storage Provider hosts the encrypted data securely and provides storage and retrieval
services without access to plaintext information. The system includes essential components
such as the Encryption Module, which handles data encryption, and the Access Control
Module, which enforces fine-grained access control based on defined roles. The Search Module
implements multi-keyword ranked search functionalities using privacy-preserving techniques,
ensuring efficient and accurate keyword searches without exposing plaintext data. Additionally,
the Query Processing Module processes user queries and generates encrypted query vectors for
matching against encrypted document indexes in the cloud.

13
3.7 DESCRIPTION OF MODULES

1. DATA OWNER & USER REGISTRATION

The "Data Owner & User Registration" module is a crucial component of a system designed to
manage data access and permissions effectively. This module facilitates the registration process
for both data owners and users within the system. For data owners, the module typically allows
them to create accounts, providing necessary information such as their identity details,
organization affiliations, and potentially the types of data they manage or own. This registration
process establishes their credentials within the system and sets the foundation for defining their
data management roles and responsibilities. Similarly, for users seeking access to data managed
by the system, the registration module enables them to create accounts and specify their
credentials. This could include personal information, authentication details, and perhaps their
organizational affiliations or job roles. Overall, the Data Owner & User Registration module
plays a critical role in establishing the identity and access framework of the system, ensuring
that only authorized individuals can interact with the data according to predefined permissions
and security protocols.

2. SEARCH TOKEN GENERATION

Search Token Generation is a module used in information retrieval systems to facilitate efficient
and secure searching across distributed or decentralized databases. This process involves
generating unique tokens or identifiers that represent specific search queries or terms. The
purpose of these tokens is to enable querying without revealing the actual search terms to each
individual database or node in the system, thus preserving privacy and preventing unauthorized
access to sensitive data. The module operates by transforming user queries into tokens using
cryptographic methods such as hashing or encryption. These tokens are then distributed across
the network to relevant databases or nodes. When a database receives a tokenized query, it
compares the token against its own index of data without needing to decode the original query.
This approach minimizes the amount of information shared between nodes, reducing the risk
of data leakage or exposure. Search Token Generation plays a crucial role in scenarios like
federated search or blockchain-based search systems, where privacy, security, and
decentralized data access are paramount concerns. By employing tokens, this module ensures
efficient and secure information retrieval while safeguarding sensitive user data.

14
3. MULTI-KEYWORD RANKED SEARCH

Multi-keyword ranked search is a module within information retrieval systems designed to

efficiently retrieve relevant documents based on multiple search terms or keywords, while also
ranking these documents by relevance to the query. Unlike simple keyword searches which
match documents based on individual keywords, multi-keyword ranked search systems
consider the combination of keywords and assign weights or scores to documents based on
how well they match the query. This module is particularly useful in scenarios where users
need to find documents that are most relevant to their complex queries containing multiple
concepts or topics. The ranking mechanism typically involves algorithms that evaluate
document relevance based on factors like keyword frequency, document length normalization,
and other statistical measures. Advanced techniques such as term frequency-inverse document
frequency (TF-IDF) or probabilistic models like BM25 are often employed to compute these
relevance scores. Overall, multi-keyword ranked search enhances search precision by
considering the context and relationships between keywords in queries, leading to more
accurate and meaningful search results for users.

4. FILE REQUEST & ACCESS

The "File Request & Access" module typically refers to a system or feature within software or
platforms that enables users to request and access specific files or documents. This module
streamlines the process of sharing files securely and efficiently among users or teams within
an organization. In this module, users can generate requests for files they need, specifying
details such as the file type, location, and any relevant metadata. These requests are then routed
to appropriate parties for approval or fulfillment. Once approved, the requested files can be
accessed by authorized users through a centralized platform, ensuring that the right individuals
have access to the right documents at the right time. Key functionalities often include robust
permissions management, version control, and audit trails to maintain security and compliance.
This module enhances collaboration and productivity by eliminating manual file-sharing
processes and providing a transparent, trackable workflow for requesting and accessing files
within a secure environment.

15
5. SECURE SHIELD

Secure Shield is a comprehensive security module designed to protect computer systems from
various cyber threats. This module integrates advanced technologies to safeguard both
individual users and enterprise networks. Its primary features include real-time threat detection,
firewall protection, intrusion prevention, and secure web browsing. Secure Shield employs
sophisticated algorithms to analyze network traffic and identify potential security breaches or
malicious activities. It continuously updates its threat database to stay ahead of emerging
threats and vulnerabilities. One of Secure Shield's key strengths is its user-friendly interface,
making it accessible to non-technical users while still offering powerful security capabilities.
The module can be configured to meet specific security needs, allowing administrators to set
custom rules and policies. Secure Shield also includes robust reporting tools that provide
detailed insights into security events and trends, enabling proactive threat mitigation strategies.
Overall, Secure Shield is an essential component of any cybersecurity strategy, offering
comprehensive protection against a wide range of cyber threats in today's dynamic and
interconnected digital landscape. Its proactive approach helps ensure the integrity and
confidentiality of sensitive data and systems.

6. CODE REVEAL

Code Reveal is a module designed to enhance code readability and comprehension by

providing a tool that reveals hidden aspects of code during execution or debugging. It functions
by integrating with programming environments and providing interactive features that allow
developers to inspect and understand code behavior more effectively. The module is
particularly useful in educational settings and during collaborative programming efforts where
understanding complex codebases or unfamiliar sections of code is crucial. Code Reveal can
highlight specific code segments, step through execution, display variable values, and annotate
code dynamically. These features make it an invaluable tool for teaching programming
concepts, debugging, and code review. By revealing the inner workings of code in real-time,
developers can gain insights into program flow and behavior, helping to identify bugs, optimize
performance, and facilitate learning. This module thus plays a significant role in improving
code quality, fostering comprehension, and accelerating the development process. Its
integration into various development environments makes it accessible and adaptable to
different programming languages and workflows.

16
 CHAPTER 4
SYSTEM REQUIREMENTS

4.1 HARDWARE REQUIREMENTS

System : Pentium i3 Processor
Hard Disk : 500 GB.
Monitor : 15’’ LED
Input Devices : Keyboard, Mouse
Ram : 2 GB
4.2 SOFTWARE REQUIREMENTS
Operating system : Windows 10.
Coding Language : JAVA.
Tool : Netbeans 8.2
Database : MYSQL

17
 CHAPTER 5
IMPLEMENTATION
5.1 DATA OWNER & USER REGISTRATION

The implementation of data owner and user registration involves setting up a system where
individuals can register either as data owners or users, each with distinct roles and permissions
within a platform. For data owner registration, the process typically involves collecting
information such as name, email, organization, and possibly verifying ownership of data
through authentication methods like domain verification or proof of identity. Data owners
might also need to specify the type of data they possess and agree to terms of use regarding
data handling and privacy. User registration, on the other hand, involves individuals signing up
to access data or services provided by data owners. Users would provide basic information like
name, email, and possibly preferences or areas of interest relevant to the data they intend to
access. The implementation would involve designing registration forms, backend processing
to store user and data owner details securely, and incorporating authentication mechanisms to
ensure privacy and security. Additionally, user registration might involve email verification or
other validation steps to confirm user identities and manage access rights effectively. The entire
process aims to establish a secure and efficient ecosystem for data sharing and access.

5.2 SEARCH TOKEN GENERATION

The implementation of a search token generation system involves several key steps to ensure
efficient and secure token creation for search functionality. Firstly, define the requirements for
the search token, which typically involves capturing user input or query parameters. Next,
preprocess the input to remove unnecessary characters, normalize the text (e.g., converting to
lowercase), and tokenize the input into individual terms or keywords. For generating search
tokens, employ techniques like n-gram generation to capture sequences of characters or words
for more flexible matching. Additionally, consider stemming or lemmatization to reduce words
to their base forms, enhancing search recall. To implement this, leverage libraries or modules
such as NLTK or spa Cy for natural language processing tasks. These tools provide
functionalities for tokenization, normalization, and linguistic processing. utilize a hashing
algorithm to generate unique tokens representing the search query. Store these tokens alongside
their corresponding search terms in a database or index for efficient retrieval during search
operations.

18
5.3 MULTI-KEYWORD RANKED SEARCH

Implementing a multi-keyword ranked search involves several steps to efficiently retrieve and
rank documents based on relevance to multiple keywords. First, create an inverted index where
each keyword maps to a list of documents containing that keyword. Next, for each keyword
query, retrieve the list of relevant documents from the inverted index. To perform a multi-
keyword ranked search, use a ranking algorithm such as TF-IDF (Term Frequency-Inverse
Document Frequency) or BM25 (Best Matching 25) to score each document based on the
frequency of query keywords within them and their overall importance in the document
collection. Combine scores from individual keywords to compute an overall relevance score
for each document. Sort the documents based on these scores to present the most relevant
documents first. Optimize performance by precomputing and caching intermediate results,
leveraging data structures like heaps for efficient ranking, and utilizing pruning techniques to
limit the search space. Implementing this approach efficiently ensures that users receive ranked
search results that are both accurate and responsive to their multi-keyword queries.

5.4 FILE REQUEST & ACCESS

Implementing file request and access functionality involves developing a system where users
can request specific files and gain appropriate access based on their permissions. This can be
achieved through a web-based interface or an application that manages file requests and
permissions. Firstly, users would initiate file requests by specifying the desired files through a
user interface. This request is then submitted to the file management system. The system
verifies the user's credentials and checks their access permissions against the requested files. If
the user is authorized, the system grants access to the requested files; otherwise, access is
denied, and an appropriate notification is sent to the user. The implementation requires a
backend system to handle file access logic, user authentication, and permission checks. This
backend communicates with a database that stores user information, file metadata, and access
permissions. Additionally, a frontend interface allows users to interact with the system, submit
file requests, and receive responses. The frontend and backend components work together to
ensure a seamless file request and access experience while maintaining security and data
integrity.

19
5.5 SECURE SHIELD SYSTEM

Implementing Secure shield involves developing a comprehensive security framework

designed to protect sensitive data and systems from unauthorized access and cyber threats. The
framework typically includes multiple layers of security measures, such as encryption, access
controls, intrusion detection systems, and regular security audits. To implement Secure Shield
effectively, start by assessing the security needs and vulnerabilities of the system or application.
This involves identifying critical assets, potential threats, and regulatory requirements. Next,
develop a layered defense strategy that incorporates strong authentication mechanisms,
encryption of data at rest and in transit, and robust monitoring and logging capabilities.
Implement access controls to ensure that only authorized personnel can access sensitive
resources. Deploy intrusion detection and prevention systems to monitor network traffic and
detect suspicious activities in real-time. Conduct regular security assessments and audits to
identify and address security gaps proactively. Finally, educate and train employees on security
best practices to ensure compliance and enhance overall security posture. By implementing
these measures systematically, organizations can establish a robust secure shield framework to
safeguard their data and systems effectively.

5.6 CODE REVEAL

Implementing Code Reveal involves integrating its functionality into a programming

environment or IDE (Integrated Development Environment) to enhance code visualization and
understanding. The implementation typically includes developing features that allow
developers to interactively inspect code execution and behavior during runtime.. The
implementation involves integrating hooks into the IDE to capture code execution events such
as variable changes, function calls, and control flow decisions. These events trigger
visualizations or annotations within the IDE interface, providing developers with real-time
feedback on how their code behaves. The implementation requires developing a user interface
component within the IDE to display these dynamic visualizations. This could include features
like inline annotations, variable value displays, or step-by-step code execution highlighting. .It
should support various programming languages and environments to ensure broad usability.
This involves writing language-specific parsers and code analyzers that can interpret and
visualize code constructs accurately across different languages.

20
5.7 SOFTWARE DESCRIPTION
The following software is used for our implementation and explained briefly

1.Netbeans 8.2
NetBeans 8.2 is an integrated development environment (IDE) primarily used for Java
development but supports other programming languages such as PHP, C/C++, and HTML5.
Released by Apache Software Foundation, NetBeans 8.2 provides a comprehensive set of tools
and features to facilitate software development. The IDE offers a user-friendly interface with a
wide range of functionalities tailored to Java developers, including code editors with syntax
highlighting, code completion, and refactoring tools for efficient coding. NetBeans 8.2 also
comes with a powerful debugger that allows developers to debug Java applications seamlessly.
One of the notable features of NetBeans 8.2 is its support for Java EE (Enterprise Edition)
development, enabling developers to create enterprise-level applications using Java
technologies like Servlets, JSP (Java Server Pages), and EJB (Enterprise JavaBeans). The IDE
integrates well with popular application servers like Apache Tomcat and Glass Fish,
simplifying the deployment and testing of Java EE applications.

2.Program Language

Java is a versatile and widely-used programming language known for its platform
independence, robustness, and scalability. Developed by Sun Microsystems (now owned by
Oracle Corporation) in the mid-1990s, Java was designed to be portable across various
platforms and operating systems, making it highly desirable for enterprise applications and web
development. One of Java's key strengths is its "write once, run anywhere" (WORA)
philosophy, enabled by the Java Virtual Machine (JVM), which allows Java programs to
execute on any device or system that supports Java without the need for recompilation. Java is
renowned for its simplicity and readability, featuring a clean and object-oriented syntax that
encourages good programming practices such as modularity and code reusability. It supports
multithreading, allowing developers to create concurrent applications that can efficiently
handle multiple tasks simultaneously. Java's extensive standard library provides pre-built
components for networking, I/O operations, data structures, and more, simplifying common
programming tasks and accelerating development.

21
3.HTML

HTML, or Hypertext Markup Language, is the standard markup language used to create web
pages and web applications. Developed by Tim Berners-Lee in the early 1990s, HTML
provides the structure and content of a web page by using a system of tags and attributes to
define elements such as headings, paragraphs, images, links, and forms. HTML documents are
composed of a series of elements enclosed in angle brackets, with each element representing a
specific component of the page's content. For example, the <p> tag is used to define paragraphs,
<img> for images, <a> for hyperlinks, and <div> for divisions or sections of the page.
Attributes provide additional information about elements, such as the source of an image or the
destination of a hyperlink. HTML documents are typically saved with a .html or .html file
extension and can be viewed in web browsers. Along with CSS (Cascading Style Sheets) and
JavaScript, HTML forms the foundation of modern web development, allowing developers to
create dynamic and interactive websites that are accessible across different
devices and platforms.

4.CSS

CSS, or Cascading Style Sheets, is a style sheet language used to define the presentation and
layout of HTML documents. Developed as a complement to HTML by the World Wide Web
Consortium (W3C), CSS allows developers to control the visual appearance of web pages,
including aspects such as fonts, colors, spacing, and positioning. By separating the content of
a web page from its presentation, CSS enables greater flexibility and consistency in the design
of websites, making it easier to maintain and update styles across multiple pages. CSS operates
on a cascading model, meaning that styles can be applied to elements based on their hierarchy
and specificity, with more specific styles taking precedence over more general ones. Styles can
be defined inline within HTML elements, in internal style sheets within the <style> element of
an HTML document, or in external style sheets linked to HTML documents using the <link>
element. CSS features a wide range of selectors, properties, and values that allow developers
to create diverse and visually appealing layouts, from simple text styling to complex responsive
designs. With the advent of CSS3, the language has evolved to include advanced features such
as animations, transitions, and media queries, further enhancing its capabilities for web design
and development.

22
5.Database

MySQL is an open-source relational database management system (RDBMS) that is widely

used for managing structured data. Developed by Oracle Corporation, MySQL is one of the
most popular database systems in the world, known for its reliability, performance, and ease of
use. It supports various operating systems including Linux, Windows, and macOS, making it
versatile and accessible to developers across different platforms. Key features of MySQL
include its support for SQL (Structured Query Language), which allows users to perform
complex queries to retrieve, insert, update, and delete data from databases. MySQL databases
are organized into tables consisting of rows and columns, with support for indexes to optimize
data retrieval. It also supports transactions, ensuring data integrity by providing mechanisms
for rolling back changes in case of failures. MySQL is commonly used in web development
alongside scripting languages like PHP, Python, and Node.js to power dynamic websites and
web applications. It can handle large volumes of data efficiently and is scalable, making it
suitable for both small-scale projects and enterprise-level applications.

23
5.8 CODE IMPLEMENTATION

5.8.1 Setting Up Drive HQ for Data Storage

Setting up Drive HQ for data storage involves creating an account on Drive HQ, a cloud storage
service. After signing up, you can upload, organize, and securely store files and documents in
the cloud. Drive HQ offers features like file sharing, version control, and remote access, making
it suitable for data management and collaboration.

Code Snippet:

24
5.8.2 Backend API Development using JAVA

Developing a backend API in Java involves direct utilization of Java Servlets and Java EE
technologies. Developers write servlet classes to handle different HTTP methods (e.g., GET,
POST) and process incoming requests. They manage request parameters, session handling, and
response generation manually, without relying on higher-level abstractions provided by
frameworks. This approach demands a deeper understanding of Java servlets and servlet
containers but allows for fine-grained control over API implementation.

Code Snippet:

25
5.8.3 Access Control Logic Implementation

Implement access control logic within backend to enforce fine-grained access restrictions based
on user roles or permissions. Develop authentication mechanisms using Spring Security to
authenticate and authorize users. Implement role-based access control (RBAC) or custom
authorization logic to validate user permissions before granting access to sensitive data stored.
This component ensures that only authorized users with appropriate privileges can access
encrypted data.

Code Snippet:

26
5.8.4 Search Token generation Implementation

Implement multi-keyword ranked search functionality within the Java-based backend. Utilize
Elasticsearch or a similar search engine library integrated to perform efficient indexed searches
on encrypted data. Develop search algorithms to query encrypted data based on user-provided
keywords and rank search results based on relevance. Integrate the search functionality with
the backend API to enable advanced search capabilities while maintaining data security.

Code Snippet:

27
5.8.5 Multi-Keyword Ranked Search Implementation

Implement multi-keyword ranked search functionality within the Java-based backend. Utilize
Elasticsearch or a similar search engine library integrated to perform efficient indexed searches
on encrypted data. Develop search algorithms to query encrypted data based on user-provided
keywords and rank search results based on relevance. Integrate the search functionality with
the backend API to enable advanced search capabilities while maintaining data security.

Code Snippet:

28
5.8.6 File decryption and retrieval Implementation
File decryption and retrieval involves securely retrieving encrypted files from a storage system,
decrypting them using cryptographic techniques, and making the decrypted content available
for use. The process typically starts by identifying the encrypted file in the storage system, such
as an encrypted file stored. Once the encrypted file is retrieved, a decryption key is used to
decrypt the file's contents. Common encryption algorithms like AES (Advanced Encryption
Standard) with a specific key size are often employed for secure decryption. After decryption,
the original file content is obtained and can be used or further processed as needed by the
application. It's crucial to handle decryption securely, ensuring that the decryption key or
password is kept confidential and access to decrypted data is appropriately controlled to
maintain data confidentiality and integrity.

Code Snippet:.

29
5.9 RESULT

30
31
32
33
34
35
 CHAPTER 6
CONCLUTION AND FUTURE ENHANCEMENT
6.1 CONCLUTION
In conclusion, the Multi-keyword Ranked Search with Fine-grained Access Control over
Encrypted Cloud Data (MRSF) project presents a robust solution for addressing critical
challenges in secure data retrieval and access control within cloud environments. The system
architecture enables secure encryption of sensitive data, fine-grained access control based on
polynomial roles, and efficient keyword search capabilities while preserving data privacy and
confidentiality. By leveraging privacy-preserving techniques like MRSF ensures accurate
search results without exposing plaintext information to unauthorized parties. The components
of the MRSF architecture, including the Data Owner, Cloud Storage Provider, and specialized
modules for encryption, access control, and search, work synergistically to create a secure and
efficient data management system in the cloud. The use of secure communication channels
further enhances the integrity and confidentiality of data transactions within the system.

6.2 FUTURE SCOPE

The integration of advanced cryptographic techniques to enhance data security and privacy
within the MRSF system. This includes exploring homomorphic encryption, zero-knowledge
proofs, or differential privacy techniques to provide stronger guarantees of data confidentiality
and integrity. Additionally, optimizing system scalability and performance is essential for
handling large-scale datasets and accommodating increasing user demands. Future efforts will
focus on refining algorithms, optimizing resource utilization, and leveraging distributed
computing techniques to achieve efficient and responsive data retrieval and access control.
Improving the user interface and overall usability of the MRSF system is another important
aspect of future development. Enhancements in user experience will ensure that the system is
intuitive, user-friendly, and accessible to a broader range of stakeholders, including non-
technical users. Furthermore, staying abreast of emerging technologies and standards in cloud
computing and security will be crucial to ensure the MRSF system remains compatible with
evolving industry practices and requirements. This includes adapting to new cloud
architectures, security protocols, and data protection regulations.

36
 APPENDICES
SOURCE CODE

import DBconnection.SQLconnection;
import static com.sun.org.apache.xerces.internal.xinclude.XIncludeHandler.BUFFER_SIZE;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.sql.Blob;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/**
*
* @author java1
*/
/**
*
* @author Lenovo
*/
public class Download extends HttpServlet {

/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
try (PrintWriter out = response.getWriter()) {
/* TODO output your page here. You may use following sample code. */

String fileid = request.getParameter("fid");

String filename = request.getParameter("filename");
String dkey = request.getParameter("dkey");

37
 HttpSession user = request.getSession();
String uid = user.getAttribute("duid").toString();
String uname = user.getAttribute("duname").toString();
String umail = user.getAttribute("dumail").toString();

Connection conn = SQLconnection.getconnection();

Statement st = conn.createStatement();
Statement st1 = conn.createStatement();
Statement st2 = conn.createStatement();

ResultSet rs = st2.executeQuery(" Select * from request where fid ='" + fileid + "' AND
status='Approved' AND dkey='" + dkey + "'");

if (rs.next()) {

ResultSet rs1 = st.executeQuery(" Select * from do_files where id ='" + fileid + "' AND
filename ='" + filename + "' AND dkey='" + dkey + "'");
if (rs1.next()) {
String doid = rs1.getString("doid");
String doname = rs1.getString("doname");

String file = rs1.getString("enc_data");

System.out.println("dkey-- " + dkey);

long aTime = System.nanoTime();
Decryption d1 = new Decryption();
String decrypted = d1.decrypt(file, dkey);
long bTime = System.nanoTime();
float decryptTime = (bTime - aTime) / 1000;

System.out.print("\nPlain Text -------- " + file);

System.out.print("\nDecrypted Text -------- " + decrypted);

System.out.println("filename,fileid==" + filename + fileid);

String is = decrypted;

response.setHeader("Content-Disposition", "attachment;filename=\"" + filename + "\"");

out.write(is);
out.close();
int i = st1.executeUpdate("insert into download (uid, uname, filename, time , fileid ,
doname ,doid, decrypt_time)values('" + uid + "','" + uname + "','" + filename + "',now(),'" + fileid + "','"
+ doname + "','" + doid + "','" + decryptTime + "')");

if (i != 0) {

response.sendRedirect("view_requested1.jsp?download_success");
} else {
System.out.println("error while updating information...");
}
} else {
System.out.println("file not found...");
}
} else {
response.sendRedirect("Requested_files.jsp?failed");

38
 }

} catch (SQLException ex) {

ex.printStackTrace();
response.sendRedirect("Requested_files.jsp?download_failed");
} catch (IOException ex) {
ex.printStackTrace();
response.sendRedirect("Requested_files.jsp?download_failed");
}
}

// <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to

edit the code.">
/**
* Handles the HTTP <code>GET</code> method.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}

/**
* Handles the HTTP <code>POST</code> method.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}

/**
* Returns a short description of the servlet.
*
* @return a String containing servlet description
*/
@Override
public String getServletInfo() {
return "Short description";
}// </editor-fold>
}
return generated_questions

except OpenAI.error.OpenAIError as e:
# Handle OpenAI API errors

39
 app.logger.error("OpenAI API Error: %s", e)
return {"Error generating questions. Please try again."}

/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package Networks;

/**
*
* @author Lenovo
*/
import java.util.Properties;
import javax.mail.Message;
import javax.mail.MessagingException;
import javax.mail.PasswordAuthentication;
import javax.mail.Session;
import javax.mail.Transport;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeMessage;

public class Mail {

public static boolean secretMail(String msg, String name, String email) {

Properties props = new Properties();
props.put("mail.smtp.host", "smtp.gmail.com");
props.put("mail.smtp.socketFactory.port", "465");
props.put("mail.smtp.socketFactory.class",
"javax.net.ssl.SSLSocketFactory");
props.put("mail.smtp.auth", "true");
props.put("mail.smtp.port", "465");
// Assuming you are sending email from localhost
Session session = Session.getDefaultInstance(props,
new javax.mail.Authenticator() {
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication("computercloud90@gmail.com", "Cloud@123");
}
});

System.out.println("Message" + msg);
try {
Message message = new MimeMessage(session);
message.setFrom(new InternetAddress(name));
message.setRecipients(Message.RecipientType.TO,
InternetAddress.parse(email));
message.setSubject("CLOUD SERVER");
message.setText(""+msg);

Transport.send(message);

System.out.println("Done");
return true;

40
 } catch (MessagingException e) {
System.out.println(e);
e.printStackTrace();
return false;
// throw new RuntimeException(e);
}
}
}
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package PMKRS;

/**
*
* @author JAVA-JP
*/
import DBconnection.SQLconnection;
import Networks.DRIVE_Network;
import com.oreilly.servlet.MultipartRequest;
import com.sun.org.apache.xerces.internal.impl.dv.util.Base64;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.io.PrintWriter;
import java.security.SecureRandom;
import java.sql.Connection;
import java.sql.Statement;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Random;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/**
*
* @author java3
*/
public class data_upload extends HttpServlet {

/**
* Processes requests for both HTTP
* <code>GET</code> and

41
 * <code>POST</code> methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
File file;
final String filepath = "D:/";

protected void processRequest(HttpServletRequest request, HttpServletResponse response)

throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
try {
MultipartRequest m = new MultipartRequest(request, filepath);
String filekeyword = m.getParameter("keyword");
String access_policy = m.getParameter("access_policy");
File file = m.getFile("fileToUpload");
String filename = file.getName().toLowerCase();

Connection con = SQLconnection.getconnection();

BufferedReader br = new BufferedReader(new FileReader(filepath + filename));

StringBuffer sb = new StringBuffer();
String temp;

while ((temp = br.readLine()) != null) {

sb.append(temp + "\n");
}

KeyGenerator Attrib_key = KeyGenerator.getInstance("AES");

Attrib_key.init(128);
SecretKey secretKey = Attrib_key.generateKey();
System.out.println("++++++++ key:" + secretKey);

long aTime = System.nanoTime();

Encryption e = new Encryption();

String encryptedtext = e.encrypt(sb.toString(), secretKey);

long bTime = System.nanoTime();

float encryptTime = (bTime - aTime) / 1000;
System.out.println("Time taken to Encrypt File: " + encryptTime + " microseconds.");
//storing encrypted file
FileWriter fw = new FileWriter(file);
fw.write(encryptedtext);
int hash1 =encryptedtext.hashCode();
fw.close();
byte[] b = secretKey.getEncoded();
String Dkey = Base64.encode(b);
System.out.println("converted secretkey to string:" + Dkey);

42
 HttpSession user = request.getSession(true);
String doname = user.getAttribute("doname").toString();
String doid = user.getAttribute("doid").toString();
String domail = user.getAttribute("domail").toString();

DateFormat dateFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss");

Date date = new Date();
String time = dateFormat.format(date);
System.out.println("current Date " + time);

boolean status = new DRIVE_Network().upload(file);

if (status) {

Statement st = con.createStatement();

System.out.println("Check------------------------------------------------------------------>>>>>");

int i = st.executeUpdate("insert into do_files(doid, doname, enc_data, dkey, time,

filekeyword, filename, data, access_policy, enc_time)values('" + doid + "','" + doname + "','" +
encryptedtext + "','" + Dkey + "','" + time + "','" + filekeyword+ "','" + file.getName() + "','" +
sb.toString() + "','"+ access_policy +"','"+ encryptTime +"')");
if (i != 0) {
response.sendRedirect("Upload_file.jsp?File_uploaded");

} else {
response.sendRedirect("Upload_file.jsp?Upload_failed");
System.out.println("Error in SQL Syntex");
}
}
} catch (Exception e) {
out.println(e);
} finally {
out.close();
}
}

// <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to

edit the code.">
/**
* Handles the HTTP
* <code>GET</code> method.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}

43
 /**
* Handles the HTTP
* <code>POST</code> method.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}

/**
* Returns a short description of the servlet.
*
* @return a String containing servlet description
*/
@Override
public String getServletInfo() {
return "Short description";
}// </editor-fold>
}
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package PMKRS;

import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
*
* @author JAVA-JP
*/
public class Cloud extends HttpServlet {

/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)

44
 throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
try (PrintWriter out = response.getWriter()) {
/* TODO output your page here. You may use following sample code. */
String name = request.getParameter("name");
String pass = request.getParameter("pass");
System.out.println("=======================================" +name +pass);
if (name.equalsIgnoreCase("cloud") && pass.equalsIgnoreCase("cloud")) {
response.sendRedirect("Cloud_Home.jsp?Success");
} else {
response.sendRedirect("Cloud_login.jsp?Failed");
}
} catch (Exception ex) {
}
}

// <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to

edit the code.">
/**
* Handles the HTTP <code>GET</code> method.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}

/**
* Handles the HTTP <code>POST</code> method.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}

/**
* Returns a short description of the servlet.
*
* @return a String containing servlet description
*/
@Override
public String getServletInfo() {
return "Short description";
}// </editor-fold>

45
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package PMKRS;

/**
*
* @author JAVA-JP
*/
import com.sun.org.apache.xerces.internal.impl.dv.util.Base64;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.FileWriter;
import java.util.Scanner;

import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.swing.JOptionPane;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;

public class Decryption

{

public String decrypt(String txt,String skey)

{
String decryptedtext = null;
try
{

//converting string to secretkey

byte[] bs=Base64.decode(skey);
SecretKey sec=new SecretKeySpec(bs, "AES");
System.out.println("converted string to seretkey:"+sec);

System.out.println("secret key:"+sec);

Cipher aesCipher = Cipher.getInstance("AES");//getting AES instance

aesCipher.init(Cipher.ENCRYPT_MODE,sec);//initiating ciper encryption using secretkey

byte[] byteCipherText =new BASE64Decoder().decodeBuffer(txt); //encrypting data

// System.out.println("ciper text:"+byteCipherText);
aesCipher.init(Cipher.DECRYPT_MODE,sec,aesCipher.getParameters());//initiating ciper
decryption

byte[] byteDecryptedText = aesCipher.doFinal(byteCipherText);

decryptedtext = new String(byteDecryptedText);

46
 System.out.println("Decrypted Text:"+decryptedtext);
}

catch(Exception e)
{
System.out.println(e);
}
return decryptedtext;
}

}
import java.io.File;
import java.io.FileInputStream;
import org.apache.commons.net.ftp.FTPClient;

/**
*
* @author Lenovo
*/
public class DRIVE_Network {

FTPClient client = new FTPClient();

FileInputStream fis = null;
boolean status; public boolean upload(File file) {
try {

client.connect("ftp.drivehq.com");
client.login("CloudComputing", "publicclouds");
System.out.print("\nLogin Success");
client.enterLocalPassiveMode();
fis = new FileInputStream(file);
status = client.storeFile("/" + file.getName(), fis);
System.out.print("\nUploaded");

//file path of drive storage

client.logout();
fis.close();

} catch (Exception e) {
System.out.println(e);
}
if (status) {
System.out.println("success");
return true;
} else {
System.out.println("failed");
return false;

}
}

47
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package DBconnection;

/**
*
* @author JAVA-JP
*/
import java.sql.Connection;
import java.sql.DriverManager;

public class SQLconnection {

static Connection con;

/**
*
* @return
*/
public static Connection getconnection() {
try {
Class.forName("com.mysql.jdbc.Driver");
con = DriverManager.getConnection("jdbc:mysql://localhost:3306/pmkrs", "root", "root");
} catch (Exception e) {
}
return con;
}
}

48
 REFERENCES

[1] Y. Miao, Q. Tong, R. Deng, K.-K. R. Choo, X. Liu, and H. Li, “Verifiable searchable
encryption framework against insider keyword guessing attack in cloud storage,” IEEE
Transactions on Cloud Computing, 2020.

[2] H. Li, Y. Yang, Y. Dai, S. Yu, and Y. Xiang, “Achieving secure and efficient dynamic
searchable symmetric encryption over medical cloud data,”
IEEE Transactions on Cloud Computing, vol. 8, no. 2, pp. 484–494, 2020.

[3] Z. Guan, X. Liu, L. Wu, J. Wu, R. Xu, J. Zhang, and Y. Li, “Cross-lingual multi-keyword
rank search with semantic extension over encrypted data,” Information Sciences, vol. 514, pp.
523 – 540, 2020.
[Online]. Available: http://www.sciencedirect.com/science/article/pii/S0020025519310588

[4] Y. Miao, R. Deng, K.-K. R. Choo, X. Liu, and H. Li, “Threshold multi-keyword search for
cloud-based group data sharing,” IEEE Transactions on Cloud Computing, 2020.

[5] X. Ge, J. Yu, H. Zhang, C. Hu, Z. Li, Z. Qin, and R. Hao, “Towards achieving keyword
search over dynamic encrypted cloud data with symmetric-key based verification,” IEEE
Transactions on Dependable and Secure computing, 2019.

[6] H. Yin, Z. Qin, J. Zhang, L. Ou, F. Li, and K. Li, “Secure conjunctive multi-keyword ranked
search over encrypted cloud data for multiple data owners,” Future Generation Computer
Systems, vol. 100, pp. 689 – 700, 2019. [Online]. Available:
http://www.sciencedirect.com/science/article/pii/S0167739X17321192

[7] H. Dai, X. Dai, X. Yi, G. Yang, and H. Huang, “Semantic-aware multi-keyword ranked
search scheme over encrypted cloud data,” Journal of Network and Computer Applications,
vol. 147, p. 102442, 2019.

[8] B. Wang, M. Li, and L. Xiong, “Fast geo: Efficient geometric range queries on encrypted
spatial data,” IEEE Transactions on Dependable and Secure Computing, vol. 16, no. 2, pp.
245–258, March 2019.

[9] X. Li, Y. Zhu, J. Wang, and J. Zhang, “Efficient and secure multi-dimensional geometric
range query over encrypted data in cloud,” Journal of Parallel and Distributed Computing, vol.
131, pp. 44 – 54, 2019. [Online]. Available:
http://www.sciencedirect.com/science/article/pii/S0743731518306294

[10] G. Xu, H. Li, Y. Dai, K. Yang, and X. Lin, “Enabling efficient and geometric range query
with access control over encrypted spatial data,” IEEE Transactions on Information Forensics
and Security, vol. 14, no. 4, pp. 870–885, April 2019.

49
[11] Y. Miao, J. Ma, X. Liu, J. Weng, H. Li, and H. Li, “Lightweight fine-grained search over
encrypted data in fog.

[12] Y. H. Hwang and P. J. Lee, “Public key encryption with conjunctive keyword search and
its extension to a multi-user system,” in Proc. Int. Conf. Pairing-Based Cryptography., 2007,
pp. 2–22.

[13] P. Golle, J. Staddon, and B. Waters, “Secure conjunctive keyword search over encrypted
data,” in Proc. Int. Conf. Appl. Cryptography Network Security 2004, pp. 31–45.

[14] L. Ballard, S. Kamara, and F. Monrose, “Achieving efficient conjunctive keyword

searches over encrypted data,” in Proc. Int. Conf. Inf. Communication Security 2005, pp.
414–426

[15] D. Boneh and B. Waters, “Conjunctive, subset, and range queries on encrypted data,” in
Proc. Theory Cryptography 2007, pp. 535–554.

[16] Z. Xu, W. Kang, R. Li, K. Yow, and C.-Z. Xu, “Efficient multi keyword ranked query on
encrypted data in the cloud,” in Proc. IEEE 18th Int. Conf. Parallel Distribution Syst., 2012,
pp. 244–251.

[17] Act, Accountability, “Health insurance portability and accountability act of 1996,” Public
Law, vol. 104, pp. 191, 1996.

[18] Z. Yan, X. Li, M. Wang, and A. V. Vasilakos, “Flexible data access control based on trust
and reputation in cloud computing,” IEEE Trans. Cloud Computing vol. 5, no. 3, pp. 485–
498, Third Quarter 2017.

[19] S. Yu, C. Wang, K. Ren, and W. Lou, “Achieving secure, scalable, and fine-grained data
access control in cloud computing,” in Proc. IEEE INFOCOM, 2010, pp. 1–9.

[20] Y. Miao, J. Ma, X. Liu, X. Li, Z. Liu, and H. Li, “Practical attribute based multi-keyword
search scheme in mobile crowdsourcing,” IEEE Internet Things J., vol. 5, no. 4, pp. 3008–
3018, Aug. 2018. multi-keyword search for cloud-based group data sharing,” IEEE Trans.
Cloud Computing to be published, doi: 10.1109/TCC.2020.2999775.

50