APPENDIX 1 final
Content
SMIT
CHAPTER 1
1.INTRODUCTION:
1
SMIT
The term “cloud” appears to have its origins in network diagrams that represented the internet, or various parts of it, as schematic clouds. “Cloud computing” was coined for what happens when applications and services are moved into the internet “cloud.” It is a pool of abstracted, highly scalable, and managed compute infrastructure capable of hosting endand cached temporarily on clients that customer applications and billed by consumption. A paradigm in which information is permanently stored in servers on the Internet include desktops, entertainment centers, table computers, notebooks, wall computers, handhelds etc. Cloud computing may trace back to a time when computer systems remotely time-shared computing resources and applications. More currently though, cloud computing refers to the many different types of services and applications being delivered in the internet cloud, and the fact that, in many cases, the devices used to access these services and applications do not require any special applications.
1.1 CHARACTERISTICS:
Cloud computing has a variety of characteristics, with the main ones being:
1.1.1Shared Infrastructure:
Uses a virtualized software model, enabling the sharing of physical services, storage, and networking capabilities. The cloud infrastructure, regardless of deployment model, seeks to make the most of the available infrastructure across a number of users.
1.1.2 Dynamic Provisioning:
Allows for the provision of services based on current demand requirements. This is done automatically using software automation, enabling the expansion and contraction of service capability, as needed. This dynamic scaling needs to be done while maintaining high levels of reliability and security.
Network Access:
2
SMIT
Needs to be accessed across the internet from a broad range of devices such as PCs, laptops, and mobile devices, using standards-based APIs (for example, ones based on HTTP). Deployments of services in the cloud include everything from using business applications to the latest application on the newest smartphones.
Managed Metering:
Uses metering for managing and optimizing the service and to provide reporting and billing information. In this way, consumers are billed for services according to how much they have actually used during the billing period.
1.2SERVICE MODELS:
Once a cloud is established, how its cloud computing services are deployed in terms of business models can differ depending on requirements. The primary service models being deployed are commonly known as:
1.2.1 Software as a Service (SaaS):
Consumers purchase the ability to access and use an application or service that is hosted in the cloud, where necessary information for the interaction between the consumer and the service is hosted as part of the service in the cloud.
1.2.2Platform as a Service (PaaS):
Consumers purchase access to the platforms, enabling them to deploy their own software and applications in the cloud. The operating systems and network access are not managed by the consumer, and there might be constraints as to which applications can be deployed.
1.2.3 Infrastructure as a Service(IaaS):
3
SMIT
Consumers control and manage the systems in terms of the operating systems, applications, storage, and network connectivity, but do not themselves control the cloud infrastructure.
Software as a Service(SaaS)
Enduser application is delivered as a service. Platform and infrastructure is abstracted, and can deployed and managed with less effort
Platform as a Service(PaaS)
Application platform onto which custom applications and services can be deployed. Can be built and deployed more inexpensively, although services need to be supported and managed.
Infrastructure as a Service(IaaS)
Physical infrastructure is abstracted to provide computing, storage, and networking as a service, avoiding the expense and need for dedicated systems.
Fig 1.1 Service Model Types
1.3 DEPLOYMENT MODELS:
Deploying cloud computing can differ depending on requirements, and the following four deployment models have been identified, each with specific characteristics that support
4
SMIT
the needs of the services and users of the clouds in particular ways:
1.3.1. Private Cloud:
The cloud infrastructure has been deployed, and is maintained and operated for a specific organization. The operation may be in-house or with a third party on the premises.
1.3.2. Community Cloud:
The cloud infrastructure is shared among a number of organizations with similar interests and requirements. This may help limit the capital expenditure costs for its establishment as the costs are shared among the organizations. The operation may be in-house or with a third party on the premises.
1.3.33. Public Cloud:
The cloud infrastructure is available to the public on a commercial basis by a cloud service provider. This enables a consumer to develop and deploy a service in the cloud with very little financial outlay compared to the capital expenditure requirements normally associated with other deployment options.
1.3.4. Hybrid Cloud:
The cloud infrastructure consists of a number of clouds of any type, but the clouds have the ability through their interfaces to allow data and/or applications to be moved from one cloud to another. This can be a combination of private and public clouds that support the requirement to retain some data in an organization, and also the need to offer services in the cloud.
5
SMIT
CHAPTER 2
2. LITERATURE REVIEW 2.1 Existing System
6
SMIT
In the existing system, single server handles the multiple requests from the user. Here the server has to process the both the request from the user simultaneously, so the processing time will high. This may leads to loss of data and corrupted. The server cannot process the query from the user a proper manner. So processing time gets increased. Software update/patches could change security settings, assigning privileges too low, or even more alarmingly too high allowing access to your data by other parties. Security concerns. Experts claim that their clouds are 100% secure - but it will not be their head on the block when things go awry. It's often stated that cloud computing security is better than most enterprises. Control of data/system by third-party. Data - once in the cloud always in the cloud! It is not sure that a deleted data from an user account, will exist. Implementation data integration issues are rife due to the difficult.
2.2 Proposed System:
7
SMIT
Cloud Server utilizes the power of the internet so as to ease the access to applications as well as add power of scalability and high availability. Where as Cloud Storage is a way of effectively using the existing data storage technology and resources so as to make them available over the Cloud. Cloud storage allows a great amount of flexibility in terms of provisioning as per the changing and ever increasing storage requirements, it is easy to add more space or even reduce as needs change; best of all aspects is that no upfront investments are required. The applications can vary from storing files, emails, pictures, media files along with critical databases and important data backup. It provide secure data while store and retrieve. It can be used cryptographically encryption and decryption in data store and retrieve. We have used in third party tool (TPA) to monitoring data store and retrieve between owner and user. It sends the key to user for access data.
2.2.1. Advantages of proposed system:
1. The user will be given status by the data owner and according to it the user acts. 2. On acquiring status, the user has only limited functions which prohibit overwriting. 3. The data will be stowed in encrypted format so as to improve the integrity and
security. 4. For an encrypted data, a private key will be sent to the user for decryption.
2.3 FEASIBILITY STUDY
Three types of feasibility study are studied. They are operational, technical and financial.
8
SMIT
2.3.1 Operational Feasibility
The proposed system does not perform any harm to the clients. 1. The system performance in cloud computing area is excellent.
2. The system does not produce poor results.
2.3.2 Technical feasibility
The necessary technologies exist in this project for the areas: 1. The proposed system has the capacity to hold the data required by ubiquitous network access. 2. It technically assures for accuracy, reliability and data security.
2.3.3 Financial Feasibility
1. The cost of hardware and software for the class application being considered.
2. The cost to conduct full system audit. 3. The benefits in the form of reduced cost or fewer costly errors.
3.1 ARCHITECTURE DIAGRAM:
Public Data Auditing
Third Party Auditor
9
Cloud servers
SMIT
Data Auditing
FileAccess
Delegation
Owner
Issuing File Access
Cloud Users
Fig 3.1 Architecture Diagram
3.1.1 ARCHITECTURE DETAILS 3.1.1.1 Data Owner:
One who creates the data and stores it in cloud is known as data owners. The data owner has the full rights over the data that has been uploaded in net. The data owner gives status to the user who opts for the usage of the data.
10
SMIT
3.1.1.2 Cloud Server:
It is virtual database where the data of the owner will be saved. All data stored here will be in encrypted format so as to improve the data privacy and security. Unauthorized personnel cannot access the data without the prior permission of the data owner.
3.1.1.3 Third Party Auditor:
TPA is the person which helps in auditing purpose of the data that are being stored in cloud. In order to reduce the work load of data owner TPA has been used for monitoring purpose.
3.1.1.4 Data User:
One who retrieves data from the cloud server with the prior permission of the data owner is known to be data user. User request for accessing the data from its owner, on acquiring the status the user acts according to it.
3.1.1.5 Decrypt:
The data stored in cloud will being changed to original format with the help of private key given by the data owner by the data user.
3.2 PROJECT FLOW DIAGRAM:
Owner Login
No
If valid
11
SMIT
Data
Issue File access ctrl Encryption
Store data
User Cloud Server Decryption
User login
Retrieve data
No
User If vali d Access file
FIG 3.2 Data flow diagram
3.3 MODULES
3.3.1 Authentication 3.3.2 File Upload 3.3.3 File Management 3.3.4 User Request 3.3.5 Owner Response 3.3.6 File Downloading
12
SMIT
3.3.7 Decryption
3.3.1 AUTHENTICATION:
In this module the verification of the user is done in order to avoid the unauthorized personnel to create account and start using the data in an unintentional way.
Owner
Authenticatio n
Rejected
Accepted
The user requests the data owner for accessing the data. The data owner in turn validates the request from the user and sets the status accordingly. The data owner may or may not accept the request given by the user. The status for the user is entirely depends upon the transparency of the data user. More the reliability of the data user will lead to enjoy more work permission of the particular data. If the data user fails to accomplish the required reliability in authentication process, he may be subjected to limited access of data such as read only. On registering to an owner, the user can access the data related or uploaded to that particular owner. The user does not have consent about data that are being uploaded by other data owner. If so the user has to register with that data owner separately.
3.3.2 FILE UPLOAD:
13
SMIT
Use any information obtained from our site in an unethical manner. Any information obtained such as Usernames, IP addresses, email, etc are only used in the administration of our website and services. We may email our members about site related issues, events, etc. Only in the case of illegal activity, harassment, or other questionable activities would your information be shared with a third party. File serves lets you easily upload and share your files with others online for free. Your files will get unlimited downloads. With their free hosting account you can store up to 500.0GB worth of files. You can also upload files with a Maximum file size 1024Mb. They allow you to upload multiple files at once to their free web servers. This is currently our favorite free file upload site that we have discovered so far.
Owner Login Profile Browse
Upload
3.3.3 FILE MANAGEMENT:
The data that we work with on computers is kept in a hierarchical file system in which directories have files and subdirectories beneath them. Although we use the computer operating system to keep our image data organized, how we name files and folders, how we arrange these nested folders, and how we handle the files in these folders are the fundamental aspects of file management. The file management is fully secured, on specific owner and user file transaction. File management is ineffective without scheduled maintenance steps that help clean, protect, and backup the hard drive and the various files and folders in it. This also means exercising caution when downloading files from e-mail or the internet. Some key steps comprising maintenance are: deleting or backing up unnecessary files such as, Netscape
14
SMIT
cache files, .tmp files, old and/or large files you have not used in a long time; emptying the recycle bin; at least a weekly scheduled virus scanning of your system and virus definition updates; backing up critical data; maintaining an updated list of all software and data files on your system; renaming files and folders cautiously; and, moving files and folders to appropriate locations to maintain the integrity of the directory structure.
3.3.4 USER REQUEST:
Priorly the data user does not have any control or access to data that are being uploaded by the data owner. User may only view the data that are being uploaded in the cloud, for accessing the data the user has to send request to the particular data owner who has the required data that the user has. The user without access the data without registering to the data owner. This ensures avoiding of unauthorized access of data by a third person. Here the data owner has full authority over the data and also the user from which a REQUEST has requested upon.
Select User
User Request
15
SMIT
Login
Request for status
3.3.5 OWNER RESPONSE:
Upon the user request, the data owner accepts or rejects the request given by the user. If the request is rejected by the owner the user cannot access the files that are available in the cloud. The data user is then prohibited from using the data that are uploaded in cloud server. On the other side, if the data owner accepts the request given by the data user then the user is allowed to view the files that have been uploaded in cloud. Again, here the owner has to set the status for user regarding the usage of file. Status such as read and write are available in setting the status of the user. Either one or both the available can be assigned to the user. In read mode, the user can only view the data in a file while in write mode user can modify the original content of the file.
Checks Request
16
SMIT
Set Response
3.3.6 FILE DOWNLOADING:
File serves lets you easily download and share your files with others online for free. Your files will get unlimited downloads. With their free hosting account you can download maximum file size 1024 Mb. It allows you to multiple files download their free web servers. Specified user can able to download the file by using the decryption algorithm from the cryptography method by their specified path. When the downloading process starts the public key will send to the respected user’s mail id. By using that keys the user done the download process.
User login
YES
Key to ID
Stat us 17
NO
End
SMIT
YES
Download
3.3.7 DECRYPTION:
In decryption, the file downloaded from the cloud server with the assent of the data owner it is subjected to decryption process to obtain the original form of it. The decryption process is done with comfort of the private key that has been sent to the user’s mail id. After then the original file is obtained by the user.
Decrypted File
Key
Decryption
18
SMIT
3.4 REQUIREMENT SPECIFICATION 3.4.1 HARDWARE SPECIFICATION
1. Hard Disk 2. RAM 3. Processor : 150 MB : 512 MB : Pentium 4
3.4.2 SOFTWARE SPECIFICATION
1. Operating System 2. Front End 3. Back End : Windows XP : MS-Front page : My SQL
3.5 ALGORITH USED 3.5.1 RSA ALGORITHM
19
SMIT
The RSA algorithm is named after Ron Rivest, Adi Shamir, and Len Adleman, who invented it in 1977. The basic technique was first discovered in 1973 by Clifford Cocks of CESG (part of the British GCHQ) but this first was a secret until 1997. The patent taken out by RSA labs has expired. The RSA algorithm can be used for both public key encryption and digital signatures. Its security is based on the difficulty of factoring large integers.
3.5.2 Key Generation Algorithm
1. Generate two large random primes, p and q, of approximately equal size such that their product n=pq is of the required bit length, e.g. 1024 bits. 2. Compute n=pq and (φ) phi=(p-1)(q-1). 3. Choose an integer e, 1<e<phi, such that gcd(e,phi)=1. 4. Compute the secret exponent d, 1<d<phi, such that ed=1(mod phi).
5. The public key is (n,e) and the private key is (n,d). Keep all the values d, p, q and phi
secret.
i. ii.
n is known as the modulus. e is known as the public exponent or encryption exponent or just the exponent.
iii.
d is known as the secret exponent or decryption exponent.
3.5.3 Encryption
Sender A does the following: 1. Obtains the recipient B’s public key (n,e). 2. Represents the plaintext message as a positive integer m. 3. Computes the cipher text c=Me mod n. 4. Sends the cipher text c to B.
20
SMIT
3.5.4 Decryption
Recipient B does the following: 1. Uses his private key (n,d) to compute M=Cd mod n. 2. Extracts the plaintext from the message representative m.
3.5.5 Summary of RSA:
• • •
• • •
n=pq, where p and q are distinct primes. Phi, φ = (p-1)(q-1). e< n such that gcd(e, phi)=1 d=e-1 mod phi. C=Me mod n, 1<m<n. M=Cd mod n.
3.6 UML DIAGRAMS 3.6.1 Use case diagram
User File Access
Third Party Audit
File Encryption 21
Cloud Server
SMIT
Owner User
Decryption
3.6.2 Sequence Diagram
22
SMIT
23
SMIT
SOURCE CODE
3.7 SOURCE CODE File Transfer:
<html> <head></head>
24
SMIT
<body background="../FileTransfer.jpg"> <p align="center"><u><b><font size="6" color="#000080">File Upload </font></b></u> </p> <form action="load.jsp" enctype="multipart/form-data" method="POST"> <div align="center"> <table border="0" width="70%" height="255" style="border-collapse: collapse"> <tr> <td background="images/Earth-Upload-icon.png" bgcolor="#FFFFFF"> </td> <td width="432"> &nbs p; <input type="file" name="file1" style="font-weight: 700"><br> <p> </td> </tr> </table> </div> <p><br> </p> </form> </body> </html>
25
SMIT
<%@page contentType="text/html" pageEncoding="UTF-8"%> <%@ page import="java.io.*" %> <%@page import="java.util.Date"%> <%@page import="java.sql.*"%> <%@page import="java.text.*"%> <jsp:useBean id="h" class="model.Commanmodel"/> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>JSP Page</title> <script> function fun() { document.frm.action="suc.jsp"; document.frm.submit(); } </script> </head> <!-- upload.jsp --> <% String s=(String)session.getAttribute("ownername");
26
SMIT
String contentType = request.getContentType(); int df=request.getContentType().length(); System.out.println("df value "+df); if ((contentType != null) && (contentType.indexOf("multipart/form-data") >= 0)) { DataInputStream in = new DataInputStream(request.getInputStream()); int formDataLength = request.getContentLength(); System.out.println("length "+formDataLength); byte dataBytes[] = new byte[formDataLength]; int byteRead = 0; int totalBytesRead = 0; System.out.println("dsffffffffffffffffffffffffffffffffffffffffffffffffffffffff"); while (totalBytesRead < formDataLength) { byteRead = in.read(dataBytes, totalBytesRead, formDataLength); totalBytesRead += byteRead; } String file = new String(dataBytes); String saveFile = file.substring(file.indexOf("filename=\"") + 10); saveFile = saveFile.substring(0, saveFile.indexOf("\n")); saveFile = saveFile.substring(saveFile.lastIndexOf("\\") + 1,saveFile.indexOf("\"")); int lastIndex = contentType.lastIndexOf("="); String boundary = contentType.substring(lastIndex + 1,contentType.length());
27
SMIT
System.out.println(boundary); int pos; pos = file.indexOf("filename=\""); pos = file.indexOf("\n", pos) + 1; pos = file.indexOf("\n", pos) + 1; pos = file.indexOf("\n", pos) + 1; int boundaryLocation = file.indexOf(boundary, pos) - 4; int startPos = ((file.substring(0, pos)).getBytes()).length; int endPos = ((file.substring(0, boundaryLocation)).getBytes()).length; saveFile = "D:\\server\\"+s+"\\" + saveFile; DateFormat dateFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss"); Date date1 = new Date(); dateFormat.format(date1); String ff="upload"; Class.forName("com.mysql.jdbc.Driver"); Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/cloud", "root", "root"); Statement st = con.createStatement(); int state = st.executeUpdate("insert into ggg values('"+s+"','" + saveFile+ "','" + saveFile.length() + "','" + date1 + "','" + ff+ "')"); //FileOutputStream fileOut = new FileOutputStream(saveFile); //fileOut.write(dataBytes);
28
SMIT
//fileOut.write(dataBytes, startPos, (endPos - startPos)); System.out.println("sart "+startPos); System.out.println("end "+endPos); int ps=endPos - startPos; System.out.println("ps value"); saveFile+="~"+s; int d=h.insres(dataBytes,saveFile,startPos,endPos); System.out.println("d value"+d); //fileOut.flush(); //fileOut.close(); System.out.println("File saved as " +saveFile); } %> <body onload="fun()"><form name="frm"></form> </body> </html> import java.io.File; import java.io.FileOutputStream; import java.io.ObjectOutputStream; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.PublicKey;
29
SMIT
import javax.crypto.Cipher; public class Commanmodel { int state; byte[] inputBuf; byte a; public int insres(byte[] bb , String sf,int a,int b) { String dd[]=sf.split("~"); String save=dd[0]; String s=dd[1]; String ss1=save.substring(save.lastIndexOf("\\")+1); System.out.println("save:::::::"+save); System.out.println("ssssssssssssss:::::::::"+ss1); System.out.println("b-a "+(b-a)); byte decryptedFileBytes[]=new byte[b-a]; int j=0; for(int i=a;i<b;i++) { char c=(char) bb[i]; decryptedFileBytes[j]=(byte) c; j++; }
30
SMIT
String ddf=save.substring(save.lastIndexOf("\\")+1,save.lastIndexOf(".")); String fe=ss1.substring(0, ss1.lastIndexOf(".")); System.out.println("fe:::::::"+ddf+":::::::::::::"+save); // System.out.println("str:::::::::: "+m);
System.out.println("bytes "+decryptedFileBytes.toString()); try{ KeyPair keyPair = null; try { KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); keyPairGenerator.initialize(1024); keyPair = keyPairGenerator.generateKeyPair(); }catch (Exception e) {} KeyPair keyPair0 = keyPair; PrivateKey privateKey0 = keyPair0.getPrivate(); PublicKey publicKey0 = keyPair0.getPublic(); ObjectOutputStream objectOutputStream = new ObjectOutputStream( new FileOutputStream(new File("D:\\server\\"+s+"\\key\\"+ddf+"priv.txt")) ); objectOutputStream.writeObject(privateKey0); objectOutputStream.flush(); objectOutputStream.close(); objectOutputStream = new ObjectOutputStream( new FileOutputStream(new File("D:\\server\\"+s+"\\key\\"+ddf+"pub.txt")) );
31
SMIT
objectOutputStream.writeObject(publicKey0); objectOutputStream.flush(); objectOutputStream.close(); //Encrypt Cipher cipher = Cipher.getInstance("RSA"); cipher.init(Cipher.ENCRYPT_MODE, publicKey0); // ENCRYPT Pub0 int decryptedFileBytesChunkLength = 100; int numberenOfDecryptedChunks = (decryptedFileBytes.length-1) / decryptedFileBytesChunkLength + 1; int encryptedFileBytesChunkLength = 128; int encryptedFileBytesLength = numberenOfDecryptedChunks * encryptedFileBytesChunkLength; byte[] encryptedFileBytes= new byte[ encryptedFileBytesLength ]; //Counters int decryptedByteIndex = 0; int encryptedByteIndex = 0; for(int i = 0; i < numberenOfDecryptedChunks; i++) { if(i < numberenOfDecryptedChunks - 1) {
32
SMIT
encryptedByteIndex = encryptedByteIndex + cipher.doFinal(decryptedFileBytes, decryptedByteIndex, decryptedFileBytesChunkLength, encryptedFileBytes, encryptedByteIndex); decryptedByteIndex = decryptedByteIndex + decryptedFileBytesChunkLength; } else { cipher.doFinal(decryptedFileBytes, decryptedByteIndex, decryptedFileBytes.length - decryptedByteIndex, encryptedFileBytes, encryptedByteIndex); }} inputBuf=encryptedFileBytes; System.out.println("in "+inputBuf.toString());
FileOutputStream fileOutputStream = new FileOutputStream(save); fileOutputStream.write(encryptedFileBytes); fileOutputStream.flush(); fileOutputStream.close(); // // System.out.println("length: "+ decryptedFileBytes.length); System.out.println("length: "+ encryptedFileBytes.length);
System.out.println("Encryption done"); }catch (Exception e) { e.printStackTrace(); }
33
SMIT
System.out.println("encrypted"); return state; } }
34
SMIT
OUTPUT
3.8 SCREENSHOTS HOME PAGE
35
SMIT
OWNER’S LOGIN
36
SMIT
OWNER’S REGISTRATION
37
SMIT
OWNER’S LOGIN
38
SMIT
OWNER’S DETAILS
39
SMIT
FILE UPLOAD
40
SMIT
FILE’S DETAILS
41
SMIT
TABLE DESIGN
42
SMIT
OWNER’S DETAILS
UPLOADED FILE DETAILS
43
SMIT
USER PROFILE
44
SMIT
USER REGISTRATION
45
SMIT
USER LOGIN
46
SMIT
3.9 CONCLUSION Cloud computing has been envisioned as the next-generation architecture of enterprise IT. In contrast to traditional enterprise IT solutions, where the IT
47
SMIT
services are under proper physical, logical, and personnel controls, cloud computing moves the application software and databases to servers in large data centers on the Internet, where the management of the data and services are not fully trustworthy. This unique attribute raises many new security challenges in areas such as software and data security, recovery, and privacy, as well as legal issues in areas such as regulatory compliance and auditing, all of which have not been well understood. In this article we focus on cloud data storage security. 3.10 FUTURE WORK
1. Till now the trustiness is suspected for user but there may be anonymity of the cloud service provider. 2. Multi writer model is achieved here that is user can change data and upload in the cloud.
48
SMIT
APPENDIX
APPENDIX I JSP
JSP may be viewed as a high-level abstraction of Java servlets. JSP pages are loaded in the server and operated from a structured special installed Java server packet called a Java EE Web Application, often packaged as a .war or .ear file archive.
49
SMIT
JSP allows Java code and certain pre-defined actions to be interleaved with static web markup content, with the resulting page being compiled and executed on the server to deliver an HTML or XML document. The compiled pages and any dependent Java libraries use Java bytecode rather than a native software format, and must therefore be executed within a Java virtual machine (JVM) that integrates with the host operating system to provide an abstract platform-neutral environment. JSP syntax is a fluid mix of two basic content forms: scriptlet elements and markup. Markup is typically standard HTML or XML, while scriptlet elements are delimited blocks of Java code which may be intermixed with the markup. When the page is requested the Java code is executed and its output is added, in situ, with the surrounding markup to create the final page. JSP pages must be compiled to Java bytecode classes before they can be executed, but such compilation is needed only when a change to the source JSP file has occurred. Java code is not required to be complete (self contained) within its scriptlet element block, but can straddle markup content providing the page as a whole is syntactically correct (for example, any Java if/for/while blocks opened in one scriptlet element must be correctly closed in a later element for the page to successfully compile). This system of split inline coding sections is called step over scripting because it can wrap around the static markup by stepping over it. Markup which falls inside a split block of code is subject to that code, so markup inside an if block will only appear in the output when the if condition evaluates to true; likewise markup inside a loop construct may appear multiple times in the output depending upon how many times the loop body runs. The JSP syntax adds additional XMLlike tags, called JSP actions, to invoke built-in functionality. Additionally, the technology allows for the creation of JSP tag libraries that act as extensions to the standard HTML or XML tags. JVM operated tag libraries provide a platform independent way of extending the capabilities of a web server. Note that not all commercial Java servers are Java EE specification compliant.
Features of JSP
1. Ease of use: - JSP pages are installed simply as web pages using natural structure of web server document tree.
50
SMIT
2. Platform independence: - JSP runs on virtually any environment that supports JAVA servlets and hence it is compatible with any web browsers. 3. This version has new expression language (EL ) syntax that allows deferred evaluation of expressions. It now enables using the expression to both get and set data and to invoke methods, and facilitates customizing the resolution of a variable or property referenced by an expression. 4. It supports resource injection through annotations to simplify configuring access to resources and environment data. 5. Qualified functions now take precedence over the ternary operator when the "." operator in use or we can say that ability to redefine the behavior of the "."Operator through a Property Resolver API. 6. EL now supports "literal expressions". The expression which was previously considered to be non-EL value text must now be considered an EL expression. 7. EL now supports Java 5.0 enumerations. 8. Ability to plug in Property Resolvers on a per-application and per-page basis.
APPENDIX II FRONT PAGE
FrontPage was initially created by the Cambridge, Massachusetts Company Vermeer Technologies Incorporated, evidence of which can be easily spotted in filenames and directories prefixed _vti_ in web sites created using FrontPage. Vermeer was acquired by Microsoft in January 1996 specifically so that Microsoft could add FrontPage to its product line-up allowing them to gain an advantage in the browser wars as FrontPage was designed to author for their own browser, Internet Explorer. As a WYSIWYG editor, FrontPage is
51
SMIT
designed to hide the details of pages' HTML code from the user, making it possible for novices to easily create web pages and sites. FrontPage's initial outing under the Microsoft name came in 1996 with the release of Windows NT 4.0 Server and its constituent web server Internet Information Services 2.0. Bundled on CD with the NT 4.0 Server release, FrontPage 1.1 would run under NT 4.0 (Server or Workstation) or Windows 95. Up to FrontPage 98, the FrontPage Editor, which was used for designing pages was a separate application from the FrontPage Explorer which was used to manage website folders. With FrontPage 2000, both programs were merged into the Editor. FrontPage used to require a set of server-side plug-in originally known as IIS Extensions. The extension set was significantly enhanced for Microsoft inclusion of FrontPage into the Microsoft Office line-up with Office 97 and subsequently renamed FrontPage Server Extensions (FPSE). Both sets of extensions needed to be installed on the target web server for its content and publishing features to work. Microsoft offered both Windows and Unix-based versions of FPSE. FrontPage 2000 Server Extensions worked with earlier versions of FrontPage as well. FPSE 2002 was the last released version which also works with FrontPage 2003 and was later updated for IIS 6.0 as well. With FrontPage 2003, Microsoft began moving away from proprietary Server Extensions to standard protocols like FTP and WebDAV for remote web publishing and authoring. FrontPage 2003 can also be used with Windows SharePoint Services.
Features
Some of the features in the last version of FrontPage include:
•
FrontPage 2003 consists of a new Split View option to allow the user to code in Code View and preview in Design View without the hassle of switching from the Design and Code View tabs for each review
•
Dynamic Web Templates (DWT) were included for the first time in FrontPage 2003 allowing users to create a single template that could be used across multiple pages and even the whole Web site
52
SMIT
•
Interactive Buttons give users a new easy way to create web graphics for navigation and links, eliminating the need for a complicated image-editing package such as Adobe Photoshop
•
The accessibility checker gives the user the ability to check if their code is standards compliant and that their Web site is easily accessible for people with disabilities. An HTML optimizer is included to aid in optimizing code to make it legible and quicker to process
•
Intellisense, which is a form of autocompletion, is a key new feature in FrontPage 2003 that assists the user while typing in Code View. When working in Code View, Intellisense will suggest tags and/or properties for the code that the user is entering which significantly reduces the time to write code. The Quick Tag Editor shows the user the tag they are currently in when editing in Design View. This also includes the option to edit the specific tag/property from within the Tag Editor
•
Code Snippets give users the advantage to create snippets of their commonly used pieces of code allowing them to store it for easy access whenever it is next needed
•
FrontPage 2003 includes support for programming in ASP.NET a server-side scripting language that adds interactivity to Web sites and Web pages
•
FrontPage 2003 includes support macro in VBA.
53
SMIT
REFERENCES
REFERENCES
[1] P. Mell and T. Grance, “Draft NIST Working Definition of Cloud Computing,” 2009; http://csrc.nist.gov/groups/SNS/cloud-computing/index.html [2] M. Armbrust et al “Above the Clouds: A Berkeley View of Cloud Computing,” Univ. California, Berkeley, Tech. Rep. UCBEECS-2009-28, Feb. 2009. [3] Amazon.com, “Amazon s3 Availability Event: July 20, 2008,” July 2008; http://status.aws.amazon.com/s3-20080720.html
54
SMIT
[4] M. Arrington, “Gmail Disaster: Reports of Mass Email Deletions,” Dec. 2006; http://www.techcrunch.com/2006/12/28/gmail-disaster-reports-of-mass email-deletions/ [5] M. Krigsman, “Apple’s MobileMe Experiences Post-Launch Pain,” July 2008; http://blogs.zdnet.com/projectfailures/?p=908 [6] A. Juels, J. Burton, and S. Kaliski, “PORs: Proofs of Retrievability for Large Files,” Proc. ACM CCS ‘07, Oct. 2007, pp. 584–97. [7] G.Ateniese et al et al., “Provable Data Possession at Untrusted Stores,” CCS ’07 , Oct. 2007, pp. 598–609. [8] M. A. Shah et al., “Auditing to keep Online Storage Services Honest,” USENIX HotOS ‘07, May 2007. [9] G. Ateniese et al ., “Scalable and Efficient Provable Data Possession,” ., “Scalable and Efficient Provable Data Possession,” SecureComm ’08 , Sept. 2008. [10] H. Shacham and B. Waters, “Compact Proofs of Retrievability,” Crypt ’08 , LNCS, vol. 5350, Dec. 2008, pp. 90–107. [11] K. D. Bowers, A. Juels, and A. Oprea, “Hail: A High-Availability and Integrity Layer for Cloud Storage,” Proc. ACM CCS ’09 , Nov. 2009, pp. 187–98. [12]C.Wang et al .,”Ensuring Data Storage Security in Cloud Computing,” IWQoS ‘09, July 2009, pp. 1–9. [13] Q. Wang et al., “Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing,” Proc. ESORICS ‘09 , Sept. 2009, pp. 355–70.
55
SMIT
[14] C. Erway et al ., “Dynamic Provable Data Possession,” Proc. ACM CCS ’09 Nov. 2009, pp. 213–22. [15] C. Wang et al. ., “Privacy-Preserving Public Auditing for Storage Security in Cloud Computing,” Proc. IEEE INFOCOM ‘10 Mar 2010 [16] R. C. Merkle, “Protocols for Public Key Cryptosystems,” Proc. IEEE Symp. Security privacy 1980 [17] 104th United States Congress, “Health Insurance Portability and Accountability Act of 1996 (HIPAA),” 1996; http://aspe.hhs.gov/admnsimp/pl104191.htm [18] D. Boneh et al., ., “Aggregate and Verifiably Encrypted Signatures from Bilinear Maps,” Proc. EuroCrypt ‘03, LNCS, vol. 2656, May 2003, pp. 416–32.
56
CHAPTER 1
1.INTRODUCTION:
1
SMIT
The term “cloud” appears to have its origins in network diagrams that represented the internet, or various parts of it, as schematic clouds. “Cloud computing” was coined for what happens when applications and services are moved into the internet “cloud.” It is a pool of abstracted, highly scalable, and managed compute infrastructure capable of hosting endand cached temporarily on clients that customer applications and billed by consumption. A paradigm in which information is permanently stored in servers on the Internet include desktops, entertainment centers, table computers, notebooks, wall computers, handhelds etc. Cloud computing may trace back to a time when computer systems remotely time-shared computing resources and applications. More currently though, cloud computing refers to the many different types of services and applications being delivered in the internet cloud, and the fact that, in many cases, the devices used to access these services and applications do not require any special applications.
1.1 CHARACTERISTICS:
Cloud computing has a variety of characteristics, with the main ones being:
1.1.1Shared Infrastructure:
Uses a virtualized software model, enabling the sharing of physical services, storage, and networking capabilities. The cloud infrastructure, regardless of deployment model, seeks to make the most of the available infrastructure across a number of users.
1.1.2 Dynamic Provisioning:
Allows for the provision of services based on current demand requirements. This is done automatically using software automation, enabling the expansion and contraction of service capability, as needed. This dynamic scaling needs to be done while maintaining high levels of reliability and security.
Network Access:
2
SMIT
Needs to be accessed across the internet from a broad range of devices such as PCs, laptops, and mobile devices, using standards-based APIs (for example, ones based on HTTP). Deployments of services in the cloud include everything from using business applications to the latest application on the newest smartphones.
Managed Metering:
Uses metering for managing and optimizing the service and to provide reporting and billing information. In this way, consumers are billed for services according to how much they have actually used during the billing period.
1.2SERVICE MODELS:
Once a cloud is established, how its cloud computing services are deployed in terms of business models can differ depending on requirements. The primary service models being deployed are commonly known as:
1.2.1 Software as a Service (SaaS):
Consumers purchase the ability to access and use an application or service that is hosted in the cloud, where necessary information for the interaction between the consumer and the service is hosted as part of the service in the cloud.
1.2.2Platform as a Service (PaaS):
Consumers purchase access to the platforms, enabling them to deploy their own software and applications in the cloud. The operating systems and network access are not managed by the consumer, and there might be constraints as to which applications can be deployed.
1.2.3 Infrastructure as a Service(IaaS):
3
SMIT
Consumers control and manage the systems in terms of the operating systems, applications, storage, and network connectivity, but do not themselves control the cloud infrastructure.
Software as a Service(SaaS)
Enduser application is delivered as a service. Platform and infrastructure is abstracted, and can deployed and managed with less effort
Platform as a Service(PaaS)
Application platform onto which custom applications and services can be deployed. Can be built and deployed more inexpensively, although services need to be supported and managed.
Infrastructure as a Service(IaaS)
Physical infrastructure is abstracted to provide computing, storage, and networking as a service, avoiding the expense and need for dedicated systems.
Fig 1.1 Service Model Types
1.3 DEPLOYMENT MODELS:
Deploying cloud computing can differ depending on requirements, and the following four deployment models have been identified, each with specific characteristics that support
4
SMIT
the needs of the services and users of the clouds in particular ways:
1.3.1. Private Cloud:
The cloud infrastructure has been deployed, and is maintained and operated for a specific organization. The operation may be in-house or with a third party on the premises.
1.3.2. Community Cloud:
The cloud infrastructure is shared among a number of organizations with similar interests and requirements. This may help limit the capital expenditure costs for its establishment as the costs are shared among the organizations. The operation may be in-house or with a third party on the premises.
1.3.33. Public Cloud:
The cloud infrastructure is available to the public on a commercial basis by a cloud service provider. This enables a consumer to develop and deploy a service in the cloud with very little financial outlay compared to the capital expenditure requirements normally associated with other deployment options.
1.3.4. Hybrid Cloud:
The cloud infrastructure consists of a number of clouds of any type, but the clouds have the ability through their interfaces to allow data and/or applications to be moved from one cloud to another. This can be a combination of private and public clouds that support the requirement to retain some data in an organization, and also the need to offer services in the cloud.
5
SMIT
CHAPTER 2
2. LITERATURE REVIEW 2.1 Existing System
6
SMIT
In the existing system, single server handles the multiple requests from the user. Here the server has to process the both the request from the user simultaneously, so the processing time will high. This may leads to loss of data and corrupted. The server cannot process the query from the user a proper manner. So processing time gets increased. Software update/patches could change security settings, assigning privileges too low, or even more alarmingly too high allowing access to your data by other parties. Security concerns. Experts claim that their clouds are 100% secure - but it will not be their head on the block when things go awry. It's often stated that cloud computing security is better than most enterprises. Control of data/system by third-party. Data - once in the cloud always in the cloud! It is not sure that a deleted data from an user account, will exist. Implementation data integration issues are rife due to the difficult.
2.2 Proposed System:
7
SMIT
Cloud Server utilizes the power of the internet so as to ease the access to applications as well as add power of scalability and high availability. Where as Cloud Storage is a way of effectively using the existing data storage technology and resources so as to make them available over the Cloud. Cloud storage allows a great amount of flexibility in terms of provisioning as per the changing and ever increasing storage requirements, it is easy to add more space or even reduce as needs change; best of all aspects is that no upfront investments are required. The applications can vary from storing files, emails, pictures, media files along with critical databases and important data backup. It provide secure data while store and retrieve. It can be used cryptographically encryption and decryption in data store and retrieve. We have used in third party tool (TPA) to monitoring data store and retrieve between owner and user. It sends the key to user for access data.
2.2.1. Advantages of proposed system:
1. The user will be given status by the data owner and according to it the user acts. 2. On acquiring status, the user has only limited functions which prohibit overwriting. 3. The data will be stowed in encrypted format so as to improve the integrity and
security. 4. For an encrypted data, a private key will be sent to the user for decryption.
2.3 FEASIBILITY STUDY
Three types of feasibility study are studied. They are operational, technical and financial.
8
SMIT
2.3.1 Operational Feasibility
The proposed system does not perform any harm to the clients. 1. The system performance in cloud computing area is excellent.
2. The system does not produce poor results.
2.3.2 Technical feasibility
The necessary technologies exist in this project for the areas: 1. The proposed system has the capacity to hold the data required by ubiquitous network access. 2. It technically assures for accuracy, reliability and data security.
2.3.3 Financial Feasibility
1. The cost of hardware and software for the class application being considered.
2. The cost to conduct full system audit. 3. The benefits in the form of reduced cost or fewer costly errors.
3.1 ARCHITECTURE DIAGRAM:
Public Data Auditing
Third Party Auditor
9
Cloud servers
SMIT
Data Auditing
FileAccess
Delegation
Owner
Issuing File Access
Cloud Users
Fig 3.1 Architecture Diagram
3.1.1 ARCHITECTURE DETAILS 3.1.1.1 Data Owner:
One who creates the data and stores it in cloud is known as data owners. The data owner has the full rights over the data that has been uploaded in net. The data owner gives status to the user who opts for the usage of the data.
10
SMIT
3.1.1.2 Cloud Server:
It is virtual database where the data of the owner will be saved. All data stored here will be in encrypted format so as to improve the data privacy and security. Unauthorized personnel cannot access the data without the prior permission of the data owner.
3.1.1.3 Third Party Auditor:
TPA is the person which helps in auditing purpose of the data that are being stored in cloud. In order to reduce the work load of data owner TPA has been used for monitoring purpose.
3.1.1.4 Data User:
One who retrieves data from the cloud server with the prior permission of the data owner is known to be data user. User request for accessing the data from its owner, on acquiring the status the user acts according to it.
3.1.1.5 Decrypt:
The data stored in cloud will being changed to original format with the help of private key given by the data owner by the data user.
3.2 PROJECT FLOW DIAGRAM:
Owner Login
No
If valid
11
SMIT
Data
Issue File access ctrl Encryption
Store data
User Cloud Server Decryption
User login
Retrieve data
No
User If vali d Access file
FIG 3.2 Data flow diagram
3.3 MODULES
3.3.1 Authentication 3.3.2 File Upload 3.3.3 File Management 3.3.4 User Request 3.3.5 Owner Response 3.3.6 File Downloading
12
SMIT
3.3.7 Decryption
3.3.1 AUTHENTICATION:
In this module the verification of the user is done in order to avoid the unauthorized personnel to create account and start using the data in an unintentional way.
Owner
Authenticatio n
Rejected
Accepted
The user requests the data owner for accessing the data. The data owner in turn validates the request from the user and sets the status accordingly. The data owner may or may not accept the request given by the user. The status for the user is entirely depends upon the transparency of the data user. More the reliability of the data user will lead to enjoy more work permission of the particular data. If the data user fails to accomplish the required reliability in authentication process, he may be subjected to limited access of data such as read only. On registering to an owner, the user can access the data related or uploaded to that particular owner. The user does not have consent about data that are being uploaded by other data owner. If so the user has to register with that data owner separately.
3.3.2 FILE UPLOAD:
13
SMIT
Use any information obtained from our site in an unethical manner. Any information obtained such as Usernames, IP addresses, email, etc are only used in the administration of our website and services. We may email our members about site related issues, events, etc. Only in the case of illegal activity, harassment, or other questionable activities would your information be shared with a third party. File serves lets you easily upload and share your files with others online for free. Your files will get unlimited downloads. With their free hosting account you can store up to 500.0GB worth of files. You can also upload files with a Maximum file size 1024Mb. They allow you to upload multiple files at once to their free web servers. This is currently our favorite free file upload site that we have discovered so far.
Owner Login Profile Browse
Upload
3.3.3 FILE MANAGEMENT:
The data that we work with on computers is kept in a hierarchical file system in which directories have files and subdirectories beneath them. Although we use the computer operating system to keep our image data organized, how we name files and folders, how we arrange these nested folders, and how we handle the files in these folders are the fundamental aspects of file management. The file management is fully secured, on specific owner and user file transaction. File management is ineffective without scheduled maintenance steps that help clean, protect, and backup the hard drive and the various files and folders in it. This also means exercising caution when downloading files from e-mail or the internet. Some key steps comprising maintenance are: deleting or backing up unnecessary files such as, Netscape
14
SMIT
cache files, .tmp files, old and/or large files you have not used in a long time; emptying the recycle bin; at least a weekly scheduled virus scanning of your system and virus definition updates; backing up critical data; maintaining an updated list of all software and data files on your system; renaming files and folders cautiously; and, moving files and folders to appropriate locations to maintain the integrity of the directory structure.
3.3.4 USER REQUEST:
Priorly the data user does not have any control or access to data that are being uploaded by the data owner. User may only view the data that are being uploaded in the cloud, for accessing the data the user has to send request to the particular data owner who has the required data that the user has. The user without access the data without registering to the data owner. This ensures avoiding of unauthorized access of data by a third person. Here the data owner has full authority over the data and also the user from which a REQUEST has requested upon.
Select User
User Request
15
SMIT
Login
Request for status
3.3.5 OWNER RESPONSE:
Upon the user request, the data owner accepts or rejects the request given by the user. If the request is rejected by the owner the user cannot access the files that are available in the cloud. The data user is then prohibited from using the data that are uploaded in cloud server. On the other side, if the data owner accepts the request given by the data user then the user is allowed to view the files that have been uploaded in cloud. Again, here the owner has to set the status for user regarding the usage of file. Status such as read and write are available in setting the status of the user. Either one or both the available can be assigned to the user. In read mode, the user can only view the data in a file while in write mode user can modify the original content of the file.
Checks Request
16
SMIT
Set Response
3.3.6 FILE DOWNLOADING:
File serves lets you easily download and share your files with others online for free. Your files will get unlimited downloads. With their free hosting account you can download maximum file size 1024 Mb. It allows you to multiple files download their free web servers. Specified user can able to download the file by using the decryption algorithm from the cryptography method by their specified path. When the downloading process starts the public key will send to the respected user’s mail id. By using that keys the user done the download process.
User login
YES
Key to ID
Stat us 17
NO
End
SMIT
YES
Download
3.3.7 DECRYPTION:
In decryption, the file downloaded from the cloud server with the assent of the data owner it is subjected to decryption process to obtain the original form of it. The decryption process is done with comfort of the private key that has been sent to the user’s mail id. After then the original file is obtained by the user.
Decrypted File
Key
Decryption
18
SMIT
3.4 REQUIREMENT SPECIFICATION 3.4.1 HARDWARE SPECIFICATION
1. Hard Disk 2. RAM 3. Processor : 150 MB : 512 MB : Pentium 4
3.4.2 SOFTWARE SPECIFICATION
1. Operating System 2. Front End 3. Back End : Windows XP : MS-Front page : My SQL
3.5 ALGORITH USED 3.5.1 RSA ALGORITHM
19
SMIT
The RSA algorithm is named after Ron Rivest, Adi Shamir, and Len Adleman, who invented it in 1977. The basic technique was first discovered in 1973 by Clifford Cocks of CESG (part of the British GCHQ) but this first was a secret until 1997. The patent taken out by RSA labs has expired. The RSA algorithm can be used for both public key encryption and digital signatures. Its security is based on the difficulty of factoring large integers.
3.5.2 Key Generation Algorithm
1. Generate two large random primes, p and q, of approximately equal size such that their product n=pq is of the required bit length, e.g. 1024 bits. 2. Compute n=pq and (φ) phi=(p-1)(q-1). 3. Choose an integer e, 1<e<phi, such that gcd(e,phi)=1. 4. Compute the secret exponent d, 1<d<phi, such that ed=1(mod phi).
5. The public key is (n,e) and the private key is (n,d). Keep all the values d, p, q and phi
secret.
i. ii.
n is known as the modulus. e is known as the public exponent or encryption exponent or just the exponent.
iii.
d is known as the secret exponent or decryption exponent.
3.5.3 Encryption
Sender A does the following: 1. Obtains the recipient B’s public key (n,e). 2. Represents the plaintext message as a positive integer m. 3. Computes the cipher text c=Me mod n. 4. Sends the cipher text c to B.
20
SMIT
3.5.4 Decryption
Recipient B does the following: 1. Uses his private key (n,d) to compute M=Cd mod n. 2. Extracts the plaintext from the message representative m.
3.5.5 Summary of RSA:
• • •
• • •
n=pq, where p and q are distinct primes. Phi, φ = (p-1)(q-1). e< n such that gcd(e, phi)=1 d=e-1 mod phi. C=Me mod n, 1<m<n. M=Cd mod n.
3.6 UML DIAGRAMS 3.6.1 Use case diagram
User File Access
Third Party Audit
File Encryption 21
Cloud Server
SMIT
Owner User
Decryption
3.6.2 Sequence Diagram
22
SMIT
23
SMIT
SOURCE CODE
3.7 SOURCE CODE File Transfer:
<html> <head></head>
24
SMIT
<body background="../FileTransfer.jpg"> <p align="center"><u><b><font size="6" color="#000080">File Upload </font></b></u> </p> <form action="load.jsp" enctype="multipart/form-data" method="POST"> <div align="center"> <table border="0" width="70%" height="255" style="border-collapse: collapse"> <tr> <td background="images/Earth-Upload-icon.png" bgcolor="#FFFFFF"> </td> <td width="432"> &nbs p; <input type="file" name="file1" style="font-weight: 700"><br> <p> </td> </tr> </table> </div> <p><br> </p> </form> </body> </html>
25
SMIT
<%@page contentType="text/html" pageEncoding="UTF-8"%> <%@ page import="java.io.*" %> <%@page import="java.util.Date"%> <%@page import="java.sql.*"%> <%@page import="java.text.*"%> <jsp:useBean id="h" class="model.Commanmodel"/> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>JSP Page</title> <script> function fun() { document.frm.action="suc.jsp"; document.frm.submit(); } </script> </head> <!-- upload.jsp --> <% String s=(String)session.getAttribute("ownername");
26
SMIT
String contentType = request.getContentType(); int df=request.getContentType().length(); System.out.println("df value "+df); if ((contentType != null) && (contentType.indexOf("multipart/form-data") >= 0)) { DataInputStream in = new DataInputStream(request.getInputStream()); int formDataLength = request.getContentLength(); System.out.println("length "+formDataLength); byte dataBytes[] = new byte[formDataLength]; int byteRead = 0; int totalBytesRead = 0; System.out.println("dsffffffffffffffffffffffffffffffffffffffffffffffffffffffff"); while (totalBytesRead < formDataLength) { byteRead = in.read(dataBytes, totalBytesRead, formDataLength); totalBytesRead += byteRead; } String file = new String(dataBytes); String saveFile = file.substring(file.indexOf("filename=\"") + 10); saveFile = saveFile.substring(0, saveFile.indexOf("\n")); saveFile = saveFile.substring(saveFile.lastIndexOf("\\") + 1,saveFile.indexOf("\"")); int lastIndex = contentType.lastIndexOf("="); String boundary = contentType.substring(lastIndex + 1,contentType.length());
27
SMIT
System.out.println(boundary); int pos; pos = file.indexOf("filename=\""); pos = file.indexOf("\n", pos) + 1; pos = file.indexOf("\n", pos) + 1; pos = file.indexOf("\n", pos) + 1; int boundaryLocation = file.indexOf(boundary, pos) - 4; int startPos = ((file.substring(0, pos)).getBytes()).length; int endPos = ((file.substring(0, boundaryLocation)).getBytes()).length; saveFile = "D:\\server\\"+s+"\\" + saveFile; DateFormat dateFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss"); Date date1 = new Date(); dateFormat.format(date1); String ff="upload"; Class.forName("com.mysql.jdbc.Driver"); Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/cloud", "root", "root"); Statement st = con.createStatement(); int state = st.executeUpdate("insert into ggg values('"+s+"','" + saveFile+ "','" + saveFile.length() + "','" + date1 + "','" + ff+ "')"); //FileOutputStream fileOut = new FileOutputStream(saveFile); //fileOut.write(dataBytes);
28
SMIT
//fileOut.write(dataBytes, startPos, (endPos - startPos)); System.out.println("sart "+startPos); System.out.println("end "+endPos); int ps=endPos - startPos; System.out.println("ps value"); saveFile+="~"+s; int d=h.insres(dataBytes,saveFile,startPos,endPos); System.out.println("d value"+d); //fileOut.flush(); //fileOut.close(); System.out.println("File saved as " +saveFile); } %> <body onload="fun()"><form name="frm"></form> </body> </html> import java.io.File; import java.io.FileOutputStream; import java.io.ObjectOutputStream; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.PublicKey;
29
SMIT
import javax.crypto.Cipher; public class Commanmodel { int state; byte[] inputBuf; byte a; public int insres(byte[] bb , String sf,int a,int b) { String dd[]=sf.split("~"); String save=dd[0]; String s=dd[1]; String ss1=save.substring(save.lastIndexOf("\\")+1); System.out.println("save:::::::"+save); System.out.println("ssssssssssssss:::::::::"+ss1); System.out.println("b-a "+(b-a)); byte decryptedFileBytes[]=new byte[b-a]; int j=0; for(int i=a;i<b;i++) { char c=(char) bb[i]; decryptedFileBytes[j]=(byte) c; j++; }
30
SMIT
String ddf=save.substring(save.lastIndexOf("\\")+1,save.lastIndexOf(".")); String fe=ss1.substring(0, ss1.lastIndexOf(".")); System.out.println("fe:::::::"+ddf+":::::::::::::"+save); // System.out.println("str:::::::::: "+m);
System.out.println("bytes "+decryptedFileBytes.toString()); try{ KeyPair keyPair = null; try { KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); keyPairGenerator.initialize(1024); keyPair = keyPairGenerator.generateKeyPair(); }catch (Exception e) {} KeyPair keyPair0 = keyPair; PrivateKey privateKey0 = keyPair0.getPrivate(); PublicKey publicKey0 = keyPair0.getPublic(); ObjectOutputStream objectOutputStream = new ObjectOutputStream( new FileOutputStream(new File("D:\\server\\"+s+"\\key\\"+ddf+"priv.txt")) ); objectOutputStream.writeObject(privateKey0); objectOutputStream.flush(); objectOutputStream.close(); objectOutputStream = new ObjectOutputStream( new FileOutputStream(new File("D:\\server\\"+s+"\\key\\"+ddf+"pub.txt")) );
31
SMIT
objectOutputStream.writeObject(publicKey0); objectOutputStream.flush(); objectOutputStream.close(); //Encrypt Cipher cipher = Cipher.getInstance("RSA"); cipher.init(Cipher.ENCRYPT_MODE, publicKey0); // ENCRYPT Pub0 int decryptedFileBytesChunkLength = 100; int numberenOfDecryptedChunks = (decryptedFileBytes.length-1) / decryptedFileBytesChunkLength + 1; int encryptedFileBytesChunkLength = 128; int encryptedFileBytesLength = numberenOfDecryptedChunks * encryptedFileBytesChunkLength; byte[] encryptedFileBytes= new byte[ encryptedFileBytesLength ]; //Counters int decryptedByteIndex = 0; int encryptedByteIndex = 0; for(int i = 0; i < numberenOfDecryptedChunks; i++) { if(i < numberenOfDecryptedChunks - 1) {
32
SMIT
encryptedByteIndex = encryptedByteIndex + cipher.doFinal(decryptedFileBytes, decryptedByteIndex, decryptedFileBytesChunkLength, encryptedFileBytes, encryptedByteIndex); decryptedByteIndex = decryptedByteIndex + decryptedFileBytesChunkLength; } else { cipher.doFinal(decryptedFileBytes, decryptedByteIndex, decryptedFileBytes.length - decryptedByteIndex, encryptedFileBytes, encryptedByteIndex); }} inputBuf=encryptedFileBytes; System.out.println("in "+inputBuf.toString());
FileOutputStream fileOutputStream = new FileOutputStream(save); fileOutputStream.write(encryptedFileBytes); fileOutputStream.flush(); fileOutputStream.close(); // // System.out.println("length: "+ decryptedFileBytes.length); System.out.println("length: "+ encryptedFileBytes.length);
System.out.println("Encryption done"); }catch (Exception e) { e.printStackTrace(); }
33
SMIT
System.out.println("encrypted"); return state; } }
34
SMIT
OUTPUT
3.8 SCREENSHOTS HOME PAGE
35
SMIT
OWNER’S LOGIN
36
SMIT
OWNER’S REGISTRATION
37
SMIT
OWNER’S LOGIN
38
SMIT
OWNER’S DETAILS
39
SMIT
FILE UPLOAD
40
SMIT
FILE’S DETAILS
41
SMIT
TABLE DESIGN
42
SMIT
OWNER’S DETAILS
UPLOADED FILE DETAILS
43
SMIT
USER PROFILE
44
SMIT
USER REGISTRATION
45
SMIT
USER LOGIN
46
SMIT
3.9 CONCLUSION Cloud computing has been envisioned as the next-generation architecture of enterprise IT. In contrast to traditional enterprise IT solutions, where the IT
47
SMIT
services are under proper physical, logical, and personnel controls, cloud computing moves the application software and databases to servers in large data centers on the Internet, where the management of the data and services are not fully trustworthy. This unique attribute raises many new security challenges in areas such as software and data security, recovery, and privacy, as well as legal issues in areas such as regulatory compliance and auditing, all of which have not been well understood. In this article we focus on cloud data storage security. 3.10 FUTURE WORK
1. Till now the trustiness is suspected for user but there may be anonymity of the cloud service provider. 2. Multi writer model is achieved here that is user can change data and upload in the cloud.
48
SMIT
APPENDIX
APPENDIX I JSP
JSP may be viewed as a high-level abstraction of Java servlets. JSP pages are loaded in the server and operated from a structured special installed Java server packet called a Java EE Web Application, often packaged as a .war or .ear file archive.
49
SMIT
JSP allows Java code and certain pre-defined actions to be interleaved with static web markup content, with the resulting page being compiled and executed on the server to deliver an HTML or XML document. The compiled pages and any dependent Java libraries use Java bytecode rather than a native software format, and must therefore be executed within a Java virtual machine (JVM) that integrates with the host operating system to provide an abstract platform-neutral environment. JSP syntax is a fluid mix of two basic content forms: scriptlet elements and markup. Markup is typically standard HTML or XML, while scriptlet elements are delimited blocks of Java code which may be intermixed with the markup. When the page is requested the Java code is executed and its output is added, in situ, with the surrounding markup to create the final page. JSP pages must be compiled to Java bytecode classes before they can be executed, but such compilation is needed only when a change to the source JSP file has occurred. Java code is not required to be complete (self contained) within its scriptlet element block, but can straddle markup content providing the page as a whole is syntactically correct (for example, any Java if/for/while blocks opened in one scriptlet element must be correctly closed in a later element for the page to successfully compile). This system of split inline coding sections is called step over scripting because it can wrap around the static markup by stepping over it. Markup which falls inside a split block of code is subject to that code, so markup inside an if block will only appear in the output when the if condition evaluates to true; likewise markup inside a loop construct may appear multiple times in the output depending upon how many times the loop body runs. The JSP syntax adds additional XMLlike tags, called JSP actions, to invoke built-in functionality. Additionally, the technology allows for the creation of JSP tag libraries that act as extensions to the standard HTML or XML tags. JVM operated tag libraries provide a platform independent way of extending the capabilities of a web server. Note that not all commercial Java servers are Java EE specification compliant.
Features of JSP
1. Ease of use: - JSP pages are installed simply as web pages using natural structure of web server document tree.
50
SMIT
2. Platform independence: - JSP runs on virtually any environment that supports JAVA servlets and hence it is compatible with any web browsers. 3. This version has new expression language (EL ) syntax that allows deferred evaluation of expressions. It now enables using the expression to both get and set data and to invoke methods, and facilitates customizing the resolution of a variable or property referenced by an expression. 4. It supports resource injection through annotations to simplify configuring access to resources and environment data. 5. Qualified functions now take precedence over the ternary operator when the "." operator in use or we can say that ability to redefine the behavior of the "."Operator through a Property Resolver API. 6. EL now supports "literal expressions". The expression which was previously considered to be non-EL value text must now be considered an EL expression. 7. EL now supports Java 5.0 enumerations. 8. Ability to plug in Property Resolvers on a per-application and per-page basis.
APPENDIX II FRONT PAGE
FrontPage was initially created by the Cambridge, Massachusetts Company Vermeer Technologies Incorporated, evidence of which can be easily spotted in filenames and directories prefixed _vti_ in web sites created using FrontPage. Vermeer was acquired by Microsoft in January 1996 specifically so that Microsoft could add FrontPage to its product line-up allowing them to gain an advantage in the browser wars as FrontPage was designed to author for their own browser, Internet Explorer. As a WYSIWYG editor, FrontPage is
51
SMIT
designed to hide the details of pages' HTML code from the user, making it possible for novices to easily create web pages and sites. FrontPage's initial outing under the Microsoft name came in 1996 with the release of Windows NT 4.0 Server and its constituent web server Internet Information Services 2.0. Bundled on CD with the NT 4.0 Server release, FrontPage 1.1 would run under NT 4.0 (Server or Workstation) or Windows 95. Up to FrontPage 98, the FrontPage Editor, which was used for designing pages was a separate application from the FrontPage Explorer which was used to manage website folders. With FrontPage 2000, both programs were merged into the Editor. FrontPage used to require a set of server-side plug-in originally known as IIS Extensions. The extension set was significantly enhanced for Microsoft inclusion of FrontPage into the Microsoft Office line-up with Office 97 and subsequently renamed FrontPage Server Extensions (FPSE). Both sets of extensions needed to be installed on the target web server for its content and publishing features to work. Microsoft offered both Windows and Unix-based versions of FPSE. FrontPage 2000 Server Extensions worked with earlier versions of FrontPage as well. FPSE 2002 was the last released version which also works with FrontPage 2003 and was later updated for IIS 6.0 as well. With FrontPage 2003, Microsoft began moving away from proprietary Server Extensions to standard protocols like FTP and WebDAV for remote web publishing and authoring. FrontPage 2003 can also be used with Windows SharePoint Services.
Features
Some of the features in the last version of FrontPage include:
•
FrontPage 2003 consists of a new Split View option to allow the user to code in Code View and preview in Design View without the hassle of switching from the Design and Code View tabs for each review
•
Dynamic Web Templates (DWT) were included for the first time in FrontPage 2003 allowing users to create a single template that could be used across multiple pages and even the whole Web site
52
SMIT
•
Interactive Buttons give users a new easy way to create web graphics for navigation and links, eliminating the need for a complicated image-editing package such as Adobe Photoshop
•
The accessibility checker gives the user the ability to check if their code is standards compliant and that their Web site is easily accessible for people with disabilities. An HTML optimizer is included to aid in optimizing code to make it legible and quicker to process
•
Intellisense, which is a form of autocompletion, is a key new feature in FrontPage 2003 that assists the user while typing in Code View. When working in Code View, Intellisense will suggest tags and/or properties for the code that the user is entering which significantly reduces the time to write code. The Quick Tag Editor shows the user the tag they are currently in when editing in Design View. This also includes the option to edit the specific tag/property from within the Tag Editor
•
Code Snippets give users the advantage to create snippets of their commonly used pieces of code allowing them to store it for easy access whenever it is next needed
•
FrontPage 2003 includes support for programming in ASP.NET a server-side scripting language that adds interactivity to Web sites and Web pages
•
FrontPage 2003 includes support macro in VBA.
53
SMIT
REFERENCES
REFERENCES
[1] P. Mell and T. Grance, “Draft NIST Working Definition of Cloud Computing,” 2009; http://csrc.nist.gov/groups/SNS/cloud-computing/index.html [2] M. Armbrust et al “Above the Clouds: A Berkeley View of Cloud Computing,” Univ. California, Berkeley, Tech. Rep. UCBEECS-2009-28, Feb. 2009. [3] Amazon.com, “Amazon s3 Availability Event: July 20, 2008,” July 2008; http://status.aws.amazon.com/s3-20080720.html
54
SMIT
[4] M. Arrington, “Gmail Disaster: Reports of Mass Email Deletions,” Dec. 2006; http://www.techcrunch.com/2006/12/28/gmail-disaster-reports-of-mass email-deletions/ [5] M. Krigsman, “Apple’s MobileMe Experiences Post-Launch Pain,” July 2008; http://blogs.zdnet.com/projectfailures/?p=908 [6] A. Juels, J. Burton, and S. Kaliski, “PORs: Proofs of Retrievability for Large Files,” Proc. ACM CCS ‘07, Oct. 2007, pp. 584–97. [7] G.Ateniese et al et al., “Provable Data Possession at Untrusted Stores,” CCS ’07 , Oct. 2007, pp. 598–609. [8] M. A. Shah et al., “Auditing to keep Online Storage Services Honest,” USENIX HotOS ‘07, May 2007. [9] G. Ateniese et al ., “Scalable and Efficient Provable Data Possession,” ., “Scalable and Efficient Provable Data Possession,” SecureComm ’08 , Sept. 2008. [10] H. Shacham and B. Waters, “Compact Proofs of Retrievability,” Crypt ’08 , LNCS, vol. 5350, Dec. 2008, pp. 90–107. [11] K. D. Bowers, A. Juels, and A. Oprea, “Hail: A High-Availability and Integrity Layer for Cloud Storage,” Proc. ACM CCS ’09 , Nov. 2009, pp. 187–98. [12]C.Wang et al .,”Ensuring Data Storage Security in Cloud Computing,” IWQoS ‘09, July 2009, pp. 1–9. [13] Q. Wang et al., “Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing,” Proc. ESORICS ‘09 , Sept. 2009, pp. 355–70.
55
SMIT
[14] C. Erway et al ., “Dynamic Provable Data Possession,” Proc. ACM CCS ’09 Nov. 2009, pp. 213–22. [15] C. Wang et al. ., “Privacy-Preserving Public Auditing for Storage Security in Cloud Computing,” Proc. IEEE INFOCOM ‘10 Mar 2010 [16] R. C. Merkle, “Protocols for Public Key Cryptosystems,” Proc. IEEE Symp. Security privacy 1980 [17] 104th United States Congress, “Health Insurance Portability and Accountability Act of 1996 (HIPAA),” 1996; http://aspe.hhs.gov/admnsimp/pl104191.htm [18] D. Boneh et al., ., “Aggregate and Verifiably Encrypted Signatures from Bilinear Maps,” Proc. EuroCrypt ‘03, LNCS, vol. 2656, May 2003, pp. 416–32.
56
