DUAL ACCESS CONTROL FOR CLOUD-BASED DATA

STORAGE AND SHARING

Abstract

Cloud-based data storage service has drawn increasing interests from both academic
and industry in the recent years due to its efficient and low cost management. Since it
provides services in an open network, it is urgent for service providers to make use of secure
data storage and sharing mechanism to ensure data confidentiality and service user privacy.
To protect sensitive data from being compromised, the most widely used method is
encryption. However, simply encrypting data (e.g., via AES) cannot fully address the
practical need of data management. Besides, an effective access control over download
request also needs to be considered so that Economic Denial of Sustainability (EDoS) attacks
cannot be launched to hinder users from enjoying service. In this paper, we consider the dual
access control, in the context of cloud-based storage, in the sense that we design a control
mechanism over both data access and download request without loss of security and
efficiency. Two dual access control systems are designed in this paper, where each of them is
for a distinct designed setting. The security and experimental analysis for the systems are also
presented.
 CHAPTER-1

INTRODUCTION
INTRODUCTION
In the recent decades, cloud-based storage service has attracted considerable attention
from both academia and industries. It may be widely used in many Internet-based commercial
applications (e.g., Apple iCould) due to its long-list benefits including access flexibility and
free of local data management. Increasing number of individuals and companies nowadays
prefer to outsource their data to remote cloud in such a way that they may reduce the cost of
upgrading their local data management facilities/devices. However, the worry of security
breach over outsourced data may be one of the main obstacles hindering Internet users from
widely using cloud-based storage service.

In many practical applications, outsourced data may need to be further shared with
others. For example, a Dropbox user Alice may share photos with her friends. Without using
data encryption, prior to sharing the photos, Alice needs to generate a sharing link and further
share the link with friends. Although guaranteeing some level of access control over
unauthorized users (e.g., those are not Alice’s friends), the sharing link may be visible within
the Dropbox administration level (e.g., administrator could reach the link). Since the cloud
(which is deployed in an open network) is not be fully trusted, it is generally recommended to
encrypt the data prior to being uploaded to the cloud to ensure data security and privacy. One
of the corresponding solutions is to directly employ an encryption technique (e.g., AES) on
the outsourced data before uploading to cloud, so that only specified cloud user (with valid
decryption key) can gain access to the data via valid decryption. To prevent shared photos
being accessed by the “insiders” of the system, a straightforward way is to designate the
group of authorized data users prior to encrypting the data.

In some cases, nonetheless, Alice may have no idea about who the photo
receivers/users are going to be. It is possible that Alice only has knowledge of attributes w.r.t.
photo receivers. In this case, traditional public key encryption (e.g., Paillier Encryption),
which requires the encryptor to know who the data receiver is in advance, cannot be
leveraged. Providing policy-based encryption mechanism over the outsourced photos is
therefore desirable, so that Alice makes use of the mechanism to define access policy over the
encrypted photos to guarantee only a group of authorized users is able to access the photos. In
a cloud-based storage service, there exists a common attack that is well-known as resource-
exhaustion attack. Since a (public) cloud may not have any control over download request
(namely, a service user may send unlimited numbers of download request to cloud server), a
malicious service user may launch the denial-of-service (DoS)/distributed denial-of-service
(DDoS) attacks to consume the resource of cloud storage service server so that the cloud
service could not be able to respond honest users’ service requests.

As a result, in the “pay-as-you-go” model, economic aspects could be disrupted due to

higher resource usage. The costs of cloud service users will rise dramatically as the attacks
scale up. This has been known as Economic Denial of Sustainability (EDoS) attack, which
targets to the cloud adopter’s economic resources. Apart from economic loss, unlimited
download itself could open a window for network attackers to observe the encrypted
download data that may lead to some potential information leakage (e.g., file size). Therefore,
an effective control over download request for outsourced (encrypted) data is also needed.
 CHAPTER-2

LITERATURE REVIEW
 Composing survey is the main development in programming improvement process.
Preceding structure up the gadget, choose the time factor, economy and companions quality.
At the point when these things are satisfied, by then after stages are to sort out which working
system and language used for developing the contraption. At the point when the designers
start manufacturing the gadget, the computer programmers need part of outside help. This
assistance obtained from senior designers, from book or from destinations. Prior to building
the structure the above idea are considered for developing the proposed system.

B.Waters presents one more sort of Identity-Based Encryption (IBE) plot that we call
Fuzzy Identity-Based Encryption. In Fuzzy IBE we consider a to be of life as set of
illustrative attributes. A Fuzzy IBE scheme considers a private key for a person, ω, to
translate a ciphertext mixed with a character, ω 0 , if and just if the characters ω and ω 0 are
almost each other as assessed by the "set cover" partition metric. A Fuzzy IBE plan can be
applied to engage encryption using biometric commitments as characters; the mix-up strength
property of a Fuzzy IBE scheme is precisely what thinks about the usage of biometric
characters, which inherently will have some racket each time they are tried. Besides, we show
that Fuzzy-IBE can be used for a sort of utilization that we term "quality based encryption".
In this paper we present two improvements of Fuzzy IBE plans. Our advancements can be
viewed as an Identity-Based Encryption of a message under a couple of properties that make
a (feathery) character. Our IBE plans are both bumble liberal and secure against arrangement
attacks. Moreover, our crucial improvement doesn't use sporadic prophets. We show the
security of our arrangements under the Selective-ID security model.

G. Neven, P. Paillier, and H. Shi recognizes and fill a couple of openings as to

consistency (how much sham up-sides are conveyed) for open key encryption with
expression search (PEKS). We describe computational and verifiable relaxations of the
current thought of immaculate consistency, show that the arrangement of [7] is
computationally consistent, and give another arrangement that is quantifiably unsurprising.
We moreover give a difference in an obscure IBE plan to a secured PEKS scheme that, as
opposed to the beyond one, guarantees consistency. Finally we suggest three extensions of
the key thoughts considered here, specifically strange HIBE, open key encryption with
temporary watchword search, and character based encryption with expression search

X. Boyen and B. Waters presents a character based cryptosystem that features totally
strange ciphertexts and different evened out key assignment. We give a proof of safety in the
standard model, considering the smooth Decision Linear diverse nature assumption in
bilinear social occasions. The system is powerful and practical, with little ciphertexts of size
straight in the significance of the hierarchy. Applications recollect check for encoded data,
totally private correspondence, etc. Our results settle two open issues identifying with
puzzling character based encryption, our arrangement being quick to offer provable haziness
in the standard model, regardless being quick to recognize totally obscure HIBE at all levels
in the hierarchy.

Gudes et al. explore cryptography to enforce hierarchy access control without

considering dynamic policy scenarios. Akl et al. propose a key assignment scheme to
simplify key management in hierarchical access control policy. Also, this work does not
consider policy update issues. Later, Atallah et al. propose a method that allows policy
updates, but in the case of revocation, all descendants of the affected node in the access
hierarchy must be updated, which involves high computation and communication overhead.

Ibraimi et al. cryptographically support role based access control structure using
mediated public encryption. However,their revocation operation relies on additional
trusted infrastructure and an active entity to re-encrypt all affected files under the new
policy. Similarly, Nali et al. enforce role based access control structure using public- key
cryptography, but requires a series of active security mediators. Ferrara et al. define a
secure model to formally prove the security of a cryptographically enforced RBAC system.
They further show that an ABE-based construction is secure under such model. However,
their work focuses on theoretical analysis.

Pirretti et al. propose an optimized ABE-based access control for distributed file
systems and social networks, but their construction does not explicitly address the dynamic
revocation. Sieve is a attribute based access control system that allows users to selectively
expose their private data to third web services. Sieve uses ABE to enforce attribute based
access policies and homomorphic symmetric encryption to encrypt data. With
homomorphic symmetric encryption, a data owner can delegate revocation tasks to the
cloud assured that the privacy of the data is preserved. This work however incurs
prohibitive computation overhead since it adopts the homomorphic symmetric encryption
to encrypt files.
 GORAM allows a data owner to enforce an access matrix for a list of authorized
users and provides strong data privacy in two folds. First, user access patterns are hidden
from the cloud by using ORAM techniques. Second, policy attributes are hidden from the
cloud by using attribute-hiding predicate encryption. The cryptographic algorithms, however,
incur additional performance overhead in data communication, encryption and decryption.
Also, GORAM does not support dynamic policy update. Over encryption is a cryptographical
method to enforce an access matrix on outsourced data. Over-encryption uses double
encryption to enforce the whole access matrix. As a result, the administrator has to rely on the
cloud to run complex algorithms over the matrix to update access policy, assuming a high
level of trust on the cloud.

Garrison et al. proposed two revocation schemes. The first scheme requires an
administrator to re-encrypt file with new keys as discussed above. This scheme incurs a
considerable communication overhead. Instead, the second scheme delegates users to re-
encrypt the file when they need to modify the file, relieving the administrator from re-
encrypting file data by itself. This scheme, however, comes with a security penalty as the
revocation operation is delayed to the next user’s modification to the file. As a result, a newly
revoked user can still access the file before the next writing operation

Wang et al. proposed another revocation scheme, in which the symmetric

homomorphic encryption scheme is used to encrypt the file. Such a design enables the cloud
to directly re-encrypt file without decryption. However, this scheme incurs expensive file
read/write overhead as the encryption/decryption operation involves comparable overhead
with the public key encryption schemes
 CHAPTER-3

SYSTEM STUDY AND ANALYSIS

3.1 EXISTING SYSTEM
These tools help cloud providers construct a distributed cloud storage platform
(DCSP) for managing clients’ data. However, if such an important platform is vulnerable to
security attacks, it would bring irretrievable losses to the clients. For example, the
confidential data in an enterprise may be illegally accessed through a remote interface
provided by a multiple-cloud, or relevant data and archives may be lost or tampered with
when they are stored into an uncertain storage pool outside the enterprise. Therefore, it is
indispensable for cloud service providers (CSPs) to provide security techniques for managing
their storage services.

3.1.1 DISADVANTAGES

• Less security
• No confidentiality of data sharing.
• Low efficiency.

3.2 PROPOSED SYSTEM

In the proposed system to guarantee the confidentiality of outsourced data without

loss of policy based access control, we start with a CP-ABE system , which is seen as one of
the building blocks. We further employ an effective control over data users’ download
request on the top of the CP-ABE system. We design a new approach to avoid using the
technique of “testing” ciphertext. Specifically, we allow data user to generate a download
request. Upon receiving the download request, with help of the authority or the enclave of
Intel SGX, a cloud server is able to check if the data user is authorized to gain access to the
data. No other information is revealed to the cloud server except the knowledge of whether
the user is authorized. Based on the above mechanism, the cloud maintains the control of the
download request.

3.2.1 ADVANTAGES

• Confidentiality of outsourced data

• Anonymity of data sharing.

• Control over anonymous download request and EDoS attacks resistance

• High efficiency.
 CHAPTER-4

SYSTEM DESIGN AND DEVELOPMENT

SYSTEM REQUIREMENTS

4.1 HARDWARE CONFIGURATION

 System: Pentium Dual Core.

 Hard Disk: 120 GB.
 Monitor : 15’’ LED
 Input Devices : Keyboard, Mouse
 Ram : 1 GB

4.2SOFTWARE SPECIFICATION

 Operating system: Windows 7.

 Coding Language: PHP.
 Software : Wamp Server
 Database : MYSQL

4.3MODULES USED

MODULES:

 TTP

 Transfer

 Files

 Alerts

 CSP

 Files

 Client

 Upload Files

 View Files
Modules Description

TTP (Trusted Third Party)

Here TTP has to login by using their unique user name and password. TTP is the
only authorized person to access ttp module for security purpose. So others don’t get rights to
access this module.

Transfer
In this module ttp view the client uploaded file and transfer them into multiple-
cloud. The file will split into 3 pieces and stored in cloud. TTP is the only
authorized person to access ttp module for security purpose. So others don’t get
rights to access this module.
View
In this module ttp view the client uploaded file from multiple-cloud. TTP is the only
authorized person to access ttp module for security purpose. So others don’t get rights
to access this module.
Alerts
In this module ttp view the alerts of the security issues of client uploaded files in
cloud. That is if any of csp try to access client file the alert will send to ttp. TTP is
the only authorized person to access ttp module for security purpose. So others don’t
get rights to access this module.

CSP (Cloud Service Provider)

Here CSP has to login by using their unique user name and password. CSP is the
only authorized person to access ttp module for security purpose. So others don’t get rights to
access this module.

View
In this module csp view the client uploaded file in their cloud as encrypted format. If
csp try edit the client file the alert will send to ttp. CSP is the only authorized person
to access ttp module for security purpose. So others don’t get rights to access this
module.
Client
Here client has to login by using their unique user name and password after registration.
Client is the only authorized person to access this module for security purpose. So others
don’t get rights to access this module.

Upload
In this module client upload their files what are all they want to store in multiple-cloud.
Client is the only authorized person to access this module for security purpose. So others
don’t get rights to access this module.
View
In this module client view their uploaded file from multiple-cloud. Client is the only authorized
person to access this module for security purpose. So others don’t get rights to access this
module.

4.4 PROGRAMMING ENVIRONMENT

FRONT END

PHP:

CLIENT/SERVER ENVIRONMENT:

To design and develop the project, it is essential to understand the client/server

model that plays an important role in the concern, which needs the information to be retrieved
in a fast and efficient way.

What is Client/Server?

The Client/Server computing model implies a form of processing when requests are
submitted by a client or requests the server which processes them and returns the result to the
client. The client and the server are two separate logical entities working together over a
network to accomplish the task.

Conceptually, the client server architecture can be defined as a special case of Co-operative
processing where on entire application is shared between the client and a server system.

1. Features of client/server computing

  Improved access to information due to internet

 Globalization of information

 Easier maintenance of application and data

 Graphically oriented, high interactive user interface

 Increased developer productivity through ease of tools

In our project we have divided core part into two parts. Asp pages, html pages are
used as user interface (client). They gather the information from the user and process them.
Ms.Access is stored in IIS, which is used as server.

Installation requirements

When installing web development to a hard drive other than ordinary PC, one need to
have at least 65-70MB free space on a drive to precede installation, regardless of how much
space is on installation drive.

Operating system: Windows 2000

Web server : All OS Apache,Mysql,Php,Perl (XAMPP)

NETWORK SPECIFICATION

Network Card : Ethernet card

Operating system : Windows XP

Communication protocol: TCP/IP, HTTP

Connection Type : LAN

XP PLATFORM:

XP is a powerful multitasking operating system with high security. It is user friendly

and supports multithreading and lot of tools for developing in any application. This OS has
number of enhancements, including performance improvement, better hardware support and
closer integration with the Internet. Windows support dynamic linking. This OS has the
concept of plug and play.

WEB SERVER:

The Web server accepts the request and sends the HTML to the Client browser that
requests it. Web browser and web server communicate through a common protocol (HTTP).
The examples for web server are XAMPP(any of four different operating
systems,Apache,MySQL,Php,Perl),WAMP(Windows,Apache,MySQL,Php),MAMP(Macint
osh, Apache, MySQL, PHP).

PHP

PHP stands for Hypertext Preprocessor. PHP scripts run inside Apache server or Microsoft
IIS. PHP and Apache server are free. PHP code is very easy. PHP is the most used server side
scripting language. PHP files contain PHP scripts and HTML. PHP files have the extension
“php”, “php3”, “php4”, or “phtml”.

 Using PHP
 Generate dynamic web pages. PHP can display different content to different user or
display different content at different times of the day.
 Process the contents of HTML forms. We can use a PHP to retrieve and respond to
the data entered into an HTML form.
 Can create database-driven web pages. A PHP can insert new data or retrieve existing
data from a database such a MySQL.

 Working of PHP
PHP is a standard HTML file that is extended with additional features. Like a standard
HTML file, PHP contains HTML tag that can be interpreted and displayed by a web browser.
Anything we could normally place in an HTML file Java applets, Blinking text, server side
scripts .we can place in PHP. However, PHP has three important features that make it unique.
 PHP contains server side scripts.
 PHP provides several built-in objects.

HYPER TEXT MARKUP LANGUAGE (HTML)

HTML is an application of the Standard Generalized Markup Language (SGML), which was
approved as an international standard in the year 1986. SGML provides a way to encode
hyper documents so they can be interchanged.

SGML is also a Meta language for formally describing document markup system. Infact
HTML uses SGML to define a language that describes a WWW hyper document’s structure
and inter connectivity.

Following the rigors of SGML, TBL bore HTML to the world in 1990. Since then, many of
us have it to be easy to use but sometimes quite limiting. These limiting factors are being
addressed but the World Wide Web Consortium (aka W3c) at MIT. But HTML had to start
somewhere, and its success argues that it didn’t start out too badly.

MYSQL

MySQL Server is a powerful database management system and the user can create
application that requires little or no programming. It supports GUI features and an entire
programming language, Phpmyadmin which can be used to develop richer and more
developed application. There are quite a few reasons, the first being that MySQL is a feature
rich program that can handle any database related task you have. You can create places to
store your data build tools that make it easy to read and modify your database contents, and
ask questions of your data. MySQL is a relational database, a database that stores information
about related objects. In MySQL that database means a collection of tables that hold data. It
collectively stores all the other related objects such as queries, forms and reports that are used
to implement function effectively.

The MySQL database can act as a back end database for PHP as a front end, MySQL
supports the user with its powerful database management functions. A beginner can create
his/her own database very simply by some mouse clicks. Another good reason to use MySQL
as back end tool is that it is a component of the overwhelmingly popular Open source
software.
Database:

A database is simply a collection of used data just like phone book. MySQL database include
such objects as tables, queries, forms, and more.

Tables:

In MySQL tables are collection of similar data. With all tables can be organized
differently, and contain mostly different information- but they should all be in the same
database file. For instance we may have a database file called video store. Containing tables
named members, tapes, reservations and so on. These tables are stored in the same database
file because they are often used together to create reports to help to fill out on screen forms.

Relational database:

MySQL is a relational database. Relational databases tools like access can help us
manage information in three important ways.

 Reduce redundancy
 Facilitate the sharing of information
 Keep data accurate.

 Fields

 Fields are places in a table where we store individual chunks of information.

Primary key and other indexed fields:

MySQL use key fields and indexing to help speed many database operations. We can
tell MySQL, which should be key fields, or MySQL can assign them automatically.

Controls and objects:

Queries are access objects us display, print and use our data. They can be things like
field labels that we drag around when designing reports. Or they can be pictures, or titles for
reports, or boxes containing the results of calculations.

 Queries and dynasts:

Queries are request to information. When access responds with its list of data, that
response constitutes a dynaset. A dynamic set of data meeting our query criteria. Because of
the way access is designed, dynasts are updated even after we have made our query.
Forms:

Forms are on screen arrangement that make it easy to enter and read data. we can also
print the forms if we want to. We can design form our self, or let the access auto form feature.

Reports:

Reports are paper copies of dynaset. We can also print reports to disk, if we like.
Access helps us to create the reports. There are even wizards for complex printouts.

Properties:

Properties are the specification we assigned to parts of our database design. We can
define properties for fields, forms, controls and most other access objects.

 COST ESTIMATION AND SCHEDULING

For developing the software and hardware requirements needed the less cost of
developing the software package takes five months duration.

DEVELOPMENT SPECIFICATION

This includes salaries and other employment costs of the staff involved in the
development project and all associated costs.

 Setup cost:

This includes the cost of putting the system into place. These consists mainly of
the cost of any new hardware and ancillary equipment but will also include cost of file
conversion, recruitment and staff training.

 Operational cost:

o It consists of cost of operating the system once it has been installed.

o Benefits on the other hand, or often quite difficult to quantify in monetary

terms even once thus have been identified.

1. Development cost

Development cost includes salaries and other employment costs of the staff involved
in the development project and all associated costs
 Benefits may be categorized as follows:

 Direct benefits

 Accessable indirect benefits

 Intangible benefits

Direct benefits:

These accure directly from the operation of the proposed system. These could for
example: include reduction in salary bills through introduction of a new, computerized
system.

Accessable indirect benefits:

These are generally secondary benefits such as increased accuracy through the
introduction of a user-friendlier screen design where we might be able to estimate the
reduction error and hence cost of proposed system.

 Intangible benefits

These are generally longer term or benefit that are considered very difficult to quatify.
Enhanced job interest can lead to reduced staff turnover and hence lower recruitment

SYSTEM DESIGN
INPUT DESIGN
Input design is one of the most important phase of the system design. Input design is
the process where the input received in the system are planned and designed, so as to get
necessary information from the user, eliminating the information that is not required. The aim
of the input design is to ensure the maximum possible levels of accuracy and also ensures that
the input is accessible that understood by the user.

The input design is the part of overall system design, which requires very careful
attention. If the data going into the system is incorrect then the processing and output will
magnify the errors.

The objectives considered during input design are :

 Nature of input processing.

 Flexibility and thoroughness of validation rules.
  Handling of properties within the input documents.
 Screen design to ensure accuracy and efficiency of the input
relationship with files.
 Careful design of the input also involves attention to error handling,
controls, batching and validation procedures.
Input design features can ensure the reliability of the system and produce result
from accurate data or they can result in the production of erroneous information.

OUTPUT DESIGN
Computer output is the most important and direct source of information to the user.
Efficient, intelligible output design should improve the system’s relationships with the user
and help in decision making. A major form of output is the hard copy from the printer. The
output devices to consider depend on factors such as compatibility of the device with the
system, response time requirements, expected print quality and number of copies needed. .
All nodes in the network may depart or fail unpredictably.

The partition the continuously generated measurement data by time slots, where a
source block refers to the amount of the data generated in one time slot on a node. Clearly,
how many time slots of data can be cached depends on the size of the node cache storage.

A synchronization packet (commonly known as the timing reference signal) occurs

immediately before the first active sample on every line, and immediately after the last active
sample (and before the start of the horizontal blanking region).A systems flowchart specifies
master files, transaction files and computer programs. Input Data are collected and organized
into groups of similar data. Once identified, appropriate input media are selected for
processing. The output devices to consider depend on factors such as compatibility of the
device with the system, response time requirements, expected print quality and number of
copies needed. . All nodes in the network may depart or fail unpredictably.

DATABASE DESIGN

A well database is essential for the good performance of the system .several tables are
referenced or manipulated at various instance. The table also knows as relation; provide
information pertaining to a specified entity. Normalization of table is carried out to extent
possible, while the normalizing tables, care should be taken to make sure that the number of
tables do not exceed the optimum level, so that table maintenance. Is convenient and effective
 The process of doing database design generally consists of a number of steps which
will be carried out by the database designer. Not all of these steps will be necessary in all
cases. Usually, the designer must:

 Determine the data to be stored in the database

 Determine the relationships between the different data elements

 Superimpose a logical structure upon the data on the basis of these

relationships.

Within the relational model the final step can generally be broken down into two
further steps that of determining the grouping of information within the system, generally
determining what are the basic objects about which information is being stored, and then
determining the relationships between these groups of information, or objects. This step is not
necessary with an Object database.

In a majority of cases, the person who is doing the design of a database is a person
with expertise in the area of database design, rather than expertise in the domain from which
the data to be stored is drawn e.g. financial information, biological information etc. Therefore
the data to be stored in the database must be determined in cooperation with a person who
does have expertise in that domain, and who is aware of what data must be stored within the
system.
 CHAPTER-5

SYSTEM TESTING AND IMPLEMENTATION

SYSTEM TESTING

Testing is a series of different tests that whose primary purpose is to fully exercise
the computer based system. Although each test has a different purpose, all work should verify
that all system element have been properly integrated and performed allocated function.
Testing is the process of checking whether the developed system works according to the
actual requirement and objectives of the system.

The philosophy behind testing is to find the errors. A good test is one that has a
high probability of finding an undiscovered error. A successful test is one that uncovers the
undiscovered error. Test cases are devised with this purpose in mind. A test case is a set of
data that the system will process as an input. However the data are created with the intent of
determining whether the system will process them correctly without any errors to produce the
required output.

Types of Testing:

 Unit testing
 Integration testing
 Validation testing
 Output testing
 User acceptance testing
Unit Testing

All modules were tested and individually as soon as they were completed and were
checked for their correct functionality.

Integration Testing

The entire project was split into small program; each of this single programs gives a
frame as an output. These programs were tested individually; at last all these programs where
combined together by creating another program where all these constructors were used. It
give a lot of problem by not functioning is an integrated manner.

The user interface testing is important since the user has to declare that the arrangements
made in frames are convenient and it is satisfied. when the frames where given for the test,
the end user gave suggestion. Based on their suggestions the frames where modified and put
into practice.
Validation Testing

At the culmination of the black box testing software is completely assembled as a

package. Interfacing errors have been uncovered and corrected and a final series of test i.e.,
Validation succeeds when the software function in a manner that can be reasonably accepted
by the customer.

Output Testing

After performing the validation testing the next step is output testing of the proposed
system. Since the system cannot be useful if it does not produce the required output. Asking
the user about the format in which the system is required tests the output displayed or
generated by the system under consideration. Here the output format is considered in two
ways. one is on screen and another one is printed format. The output format on the screen is
found to be corrected as the format was designed in the system phase according to the user
needs. And for the hardcopy the output comes according to the specifications requested by
the user.

User Acceptance System

An acceptance test as the objective of selling the user on validity and reliability of
the system. It verifies that the procedures operate to system specification and mat the
integrity of vital is maintained.

Performance Testing

This project is a application based project, and the modules are interdependent with
the other modules, so the testing cannot be done module by module. So the unit testing is not
possible in the case of this driver. So this system is checked only with their performance to
check their quality.

IMPLEMENTATION

The purpose of System Implementation can be summarized as follows:

It making the new system available to a prepared set of users (the deployment), and
positioning on-going support and maintenance of the system within the Performing
Organization (the transition). At a finer level of detail, deploying the system consists of
executing all steps necessary to educate the Consumers on the use of the new system, placing
the newly developed system into production, confirming that all data required at the start of
operations is available and accurate, and validating that business functions that interact with
the system are functioning properly. Transitioning the system support responsibilities
involves changing from a system development to a system support and maintenance mode of
operation, with ownership of the new system moving from the Project Team to the
Performing Organization.

List of System implementation is the important stage of project when the theoretical design is
tuned into practical system. The main stages in the implementation are as follows:

 Planning
 Training
 System testing and
 Changeover Planning
Planning is the first task in the system implementation. Planning means deciding on
the method and the time scale to be adopted. At the time of implementation of any system
people from different departments and system analysis involve. They are confirmed to
practical problem of controlling various activities of people outside their own data processing
departments. The line managers controlled through an implementation coordinating
committee. The committee considers ideas, problems and complaints of user department, it
must also consider;

 The implication of system environment

 Self selection and allocation form implementation tasks
 Consultation with unions and resources available
 Standby facilities and channels of communication
The following roles are involved in carrying out the processes of this phase. Detailed
descriptions of these roles can be found in the Introductions to Sections I and III.

_ Project Manager

_ Project Sponsor

_ Business Analyst

_ Data/Process Modeler

_ Technical Lead/Architect

_ Application Developers
 _ Software Quality Assurance (SQA) Lead

_ Technical Services (HW/SW, LAN/WAN, TelCom)

_ Information Security Officer (ISO)

_ Technical Support (Help Desk, Documentation, Trainers)

_ Customer Decision-Maker

_ Customer Representative

_ Consumer

The purpose of Prepare for System Implementation is to take all possible steps to
ensure that the upcoming system deployment and transition occurs smoothly, efficiently, and
flawlessly. In the implementation of any new system, it is necessary to ensure that the
Consumer community is best positioned to utilize the system once deployment efforts have
been validated. Therefore, all necessary training activities must be scheduled and
coordinated. As this training is often the first exposure to the system for many individuals, it
should be conducted as professionally and competently as possible. A positive training
experience is a great first step towards Customer acceptance of the system.

During System Implementation it is essential that everyone involved be absolutely

synchronized with the deployment plan and with each other. Often the performance of
deployment efforts impacts many of the Performing Organization’s normal business
operations. Examples of these impacts include:

_ Consumers may experience a period of time in which the systems that they depend on to
perform their jobs are temporarily unavailable to them. They may be asked to maintain
detailed manual records or logs of business functions that they perform to be entered into the
new system once it is operational.

_ Technical Services personnel may be required to assume significant implementation

responsibilities while at the same time having to continue current levels of service on other
critical business systems.

_ Technical Support personnel may experience unusually high volumes of support

requests due to the possible disruption of day-to-day processing.
 Because of these and other impacts, the communication of planned deployment
activities to all parties involved in the project is critical. A smooth deployment requires
strong leadership, planning, and communications. By this point in the project lifecycle, the
team will have spent countless hours devising and refining the steps to be followed. During
this preparation process the Project Manager must verify that all conditions that must be met
prior to initiating deployment activities have been met, and that the final ‘green light’ is on
for the team to proceed. The final process within the System Development Lifecycle is to
transition ownership of the system support responsibilities to the Performing Organization. In
order for there to be an efficient and effective transition, the Project Manager should make
sure that all involved parties are aware of the transition plan, the timing of the various
transition activities, and their role in its execution.

Due to the number of project participants in this phase of the SDLC, many of the necessary
conditions and activities may be beyond the direct control of the Project Manager.
Consequently, all Project Team members with roles in the implementation efforts must
understand the plan, acknowledge their responsibilities, recognize the extent to which other
implementation efforts are dependent upon them, and confirm their commitment
CHAPTER-6

CONCLUSION
CONCLUSION

We addressed an interesting and long-lasting problem in cloud-based data sharing,

and presented two dual access control systems. The proposed systems are resistant to
DDoS/EDoS attacks. We state that the technique used to achieve the feature of control on
download request is “transplantable” to other CP-ABE constructions. Our experimental
results show that the proposed systems do not impose any significant computational and
communication overhead (compared to its underlying CP-ABE building block). In our
enhanced system, we employ the fact that the secret information loaded into the enclave
cannot be extracted. However, recent work shows that enclave may leak some amounts of its
secret(s) to a malicious host through the memory access patterns or other related side-channel
attacks. The model of transparent enclave execution is hence introduced in. Constructing a
dual access control system for cloud data sharing from transparent enclave is an interesting
problem. In our future work, we will consider the corresponding solution to the problem.
BIBLIOGRAPHY

[1] J. Bethencourt, A. Sahai, and B. Waters, Ciphertext-policy attribute based encryption, in

IEEE S&P, 2007.

[2] X. Wang, Y. Qi, and Z. Wang, Design and Implementation of SecPod: A Framework for
Virtualization- based Security Systems, IEEE Transactions on Dependable and Secure
Computing, vol. 16, no. 1, 2019

[3] J. Ren, Y. Qi, Y. Dai, X. Wang, and Y. Shi, AppSec: A Safe Execution Environment for
Security Sensitive Applications, in ACM VEE, 2015.

[4] V. Goyal, A. Jain, O. Pandey, and A. Sahai, Bounded ciphertext policy attribute based
encryption, in ICALP, 2008.

[5] V. Goyal, O. Pandey, A. Sahai, and B.Waters, Attribute-based encryption for fine-grained
access control of encrypted data, in ACM CCS, 2006.

[6] J. Katz, A. Sahai, and B. Waters, Predicate encryption supporting disjunctions polynomial
equations, and inner products, in EUROCRYPT, 2008.

[7] S. Muller and S. Katzenbeisser, Hiding the policy in cryptographic access control, in
STM, 2011.

[8] R. Ostrovsky, A. Sahai, and B. Waters, Attribute-based encryption with non-monotonic

access structures, in ACM CCS, 2007.

[9] A. Sahai, and B. Waters, Fuzzy identity-based encryption, in EUROCRYPT, 2005.

[10] T. Ring, Cloud computing hit by celebgate, http://www.scmagazineuk. com/cloud-

computing-hit-by- celebgate/article/370815/, 2015.

[11] X. Jin, R. Krishnan, and R. S. Sandhu, A unified attribute-based access control model
covering DAC, MAC and RBAC, in DDBSec, 2012.

[12] W. C. Garrison III, A. Shull, S. Myers, and, A. J. Lee, On the Practicality of

Cryptographically Enforcing Dynamic Access Control Policies in the Cloud, in IEEE S&P,
2016.

[13] R. S. Sandhu, Rationale for the RBAC96 family of access control models, in
proceedings of ACM Workshop on RBAC, 1995.
[14] T. Jiang, X. Chen, Q. Wu, J. Ma, W. Susilo, and W. Lou, Secure and Efficient Cloud
Data Deduplication With Randomized Tag, IEEE Trasactions on Information Forensics and
Security, vol. 12, no. 3, 2017.

[15] M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, K. Fu, Plutus: Scalable Secure File
Sharing on Untrusted Storage, in proceedings of USENIX FAST, 2003.

[16] J. Wang, X. Chen, X. Huang, I. You, and Y. Xiang, Verifiable Auditing for Outsourced
Database in Cloud Computing, IEEE Transactions on Computers, vol. 64, no. 11, 2015.

[17] J. Wang, X. Chen, J. Li, J. Zhao, and J. Shen, Towards achieving flexible and verifiable
search for outsourced database in cloud computing, Future Generation Computer Systems,
vol. 67, 2017.

PHP/MYSQL MYSQL REFERENCE SITES

http://www.w3schools.com

http://www.tuxradar.com/practicalphp

http://phpbuddy.com/index.php

http://www.daniweb.com

http://www.pscode.com

http://dev.mysql.com

http://www.mysqltutorial.org/

www.hotscripts.com

www.freesoft.in

PHP/MYSQL REFERENCE BOOKS

1. Beginning PHP 5.3 - Matt Doyle Publication, first Edition, (October 26, 2009).

2. Expert PHP and MySQL - Andrew Curioso, Ronald Bradford, Patrick

Galbraith Publication, Fourth Edition,2010

3. Beginning Php and Mysql –W.Jason Gilmore Publication, Fourth Edition,2010

4. PHP and MySQL 24-Hour Trainer - Andrea Tarr Publication, Second

Edition,2011

5. Web Database Applications with PHP & MySQL, - Hugh E. Williams (Author),

David Lane Publication, Second Edition,2009

APPENDICES
DATAFLOW DIAGRAM
SOURCE CODE
<html>

<head><title>DUAL ACCESS CONTROL FOR CLOUD-BASED DATA STORAGE AND

SHARING

</title>

</head>

<meta http-equiv="content-type" content="text/html;charset=utf-8" />

<link href="css/style.css" rel="stylesheet" type="text/css" />

<body>

<div id="main">

<div id="header">

<div id="logo">

<a href=""> <span class="logo_span">DUAL ACCESS CONTROL FOR CLOUD-

BASED DATA STORAGE AND SHARING

</span></a>

</div>

</div>

<div id="border">

<div id="buttons">

<a href="index.php" class="but" title="">Home</a><div class="but_div"></div>

<a href="about.php" class="but" title="">About&nbsp;us</a><div

class="but_div"></div>

<a href="ttp/index.php" class="but" title="">TTP</a>

<div class="but_div"></div>

<a href="csp/index.php" class="but" title="">CSP</a>

<div class="but_div"></div>

<a href="user/index.php" class="but" title="">Client</a>

<div class="but_div"></div>

</div>

<table border="0" cellpadding="0" cellspacing="0">

<tr>

<td colspan="3" align="center"><img src="images/banner.png"></td>

</tr>

<tr>

<td colspan="3">&nbsp;</td>

</tr>

<tr>

<td width="75" style="border-right:1px solid #636363;">&nbsp;</td>

<td width="850" style="">

<h3 align="center"></h3>

<p style="padding-left:15px;padding-right:15px;text-align:justify"></p></td>

<td width="73" style="border-left:1px solid #636363;" align="center">&nbsp;</td>

</tr>

<tr>

<td colspan="3" style="border-bottom:1px solid #636363;">&nbsp;</td>

</tr>

<tr>

<td colspan="3" >&nbsp;</td>

</tr>

<tr>

<td colspan="3" align="center">&nbsp;</td>

</tr>

<tr>

<td colspan="3" >&nbsp;</td>

</tr>

</table>

</div>

<div id="footer">

<p>Copyright @ 2021. All Rights Reserved</p>

</div>

</div>

</body>

</html>

<?php

session_start();

include_once "../db/db.php";

?>

<html>

<head><title>DUAL ACCESS CONTROL FOR CLOUD-BASED DATA STORAGE AND

SHARING

</title>

</head>

<meta http-equiv="content-type" content="text/html;charset=utf-8" />

<link href="../css/style.css" rel="stylesheet" type="text/css" />

<body>
<div id="main">

<div id="header">

<div id="logo">

<a href=""> <span class="logo_span">DUAL ACCESS CONTROL FOR CLOUD-

BASED DATA STORAGE AND SHARING

</span></a>

</div>

<span class="user"><?php echo $_SESSION['admin_name'];?>&nbsp;logged in...</span>

</div>

<div id="border">

<div id="buttons">

<a href="trans.php" class="but" title="">Transfer</a><div class="but_div"></div>

<a href="view.php" class="but" title="">Files</a><div class="but_div"></div>

<a href="alert.php" class="but" title="">Alerts</a>

<div class="but_div"></div>

<a href="../logout.php" class="but" title="">Logout</a>

<div class="but_div"></div>

</div>

<table border="0" cellpadding="0" cellspacing="0" >

<tr>

<td colspan="3" align="center"><img src="../images/banner.png"></td>

</tr>

<tr>

<td colspan="3">&nbsp;</td>

</tr>

<tr>

<td colspan="3" align="center"><strong>TRANSFER CLIENT FILES </strong></td>

</tr>

<tr></tr>

<tr>

<td width="50" style="border-right:1px solid #636363;">&nbsp;</td>

<td width="900" style="" align="center">

<form id="form1" name="form1" method="post" action="" enctype="multipart/form-data"

onSubmit="return valid()">

<table width="95%" bgcolor="#d4e6fe"><br>

<?php

$sl=0;

$s="select * from file

inner join user on user.st_user=file.file_user

where file_id='".$_REQUEST['file_id']."'";
$fr=mysql_query($s);

$f=mysql_fetch_object($fr);

$contents = file_get_contents($f->file_file);

$len=strlen($contents);

$count=$len/3;

$file1 = file_get_contents($f->file_file,NULL,NULL,0,$count);

$file2 = file_get_contents($f->file_file,NULL,NULL,$count,$count);

$file3 = file_get_contents($f->file_file,NULL,NULL,$count*2);

?>

<tr>

<td height="36" align="center">Client&nbsp;:&nbsp;<strong><?php echo $f-

>st_name; ?></strong> </td>

<td height="36" align="center">File&nbsp;:&nbsp;<strong><?php echo $f->file_name; ?

></strong></td>

<td height="36" align="center">Date&nbsp;:&nbsp;<strong><?php echo $f->file_date; ?

></strong></td>

</tr>

<tr>

<td align="center">

<input type="hidden" name="file_id" value="<?php echo $f->file_id; ?>">

<input type="hidden" name="client_name" value="<?php echo $f->st_user; ?>">

 <input type="hidden" name="file_file" value="<?php echo $f->file_file; ?>">

</td>

<td align="center">File Total Size&nbsp;:&nbsp;<strong><?php echo $size =filesize($f-

>file_file); echo' Bytes'; ?></strong></td>

<td align="center">&nbsp;</td>

</tr>

<tr>

<td width="25%" height="36" align="center"><u>File&nbsp;1</u>&nbsp;:<br>

<br>

Size&nbsp;:&nbsp;<strong><?php echo round($size/3,2);echo ' Bytes';

?></strong></td>

<td width="48%" align="center"><textarea name="file1"

style="height:100px;width:350px" readonly="readonly"><?php echo $file1;
?></textarea></td>

<td width="27%" align="center"><strong>Upload To Cloud 1 </strong></td>

</tr>

<tr>

<td height="36" align="center"><u>File&nbsp;2</u>&nbsp;:<br>

<br>

Size&nbsp;:&nbsp;<strong><?php echo round($size/3,2);echo ' Bytes'; ?></strong></td>

<td align="center"><textarea name="file2" style="height:100px;width:350px"

readonly="readonly"><?php echo $file2; ?></textarea></td>

<td align="center"><strong>Upload To Cloud 2 </strong></td>

</tr>

<tr>
 <td height="36" align="center"><u>File&nbsp;3</u>&nbsp;:<br>

<br>

Size&nbsp;:&nbsp;<strong><?php echo round($size/3,2);echo ' Bytes'; ?></strong></td>

<td align="center"><textarea name="file3" style="height:100px;width:350px"

readonly="readonly"><?php echo $file3; ?></textarea></td>

<td align="center"><strong>Upload To Cloud 3 </strong></td>

</tr>

<tr>

<td colspan="3" align="center">&nbsp;</td>

</tr>

<tr>

<td height="36" colspan="3" align="center"><input type="submit" name="submit"

value="Upload" class="submit"></td>

</tr>

<tr>

<td colspan="3" align="center">&nbsp;</td>

</tr>

</table>

</form></td>

<td width="48" style="border-left:1px solid #636363;" align="center">&nbsp;</td>

</tr>

<tr>

<td colspan="3" style="border-bottom:1px solid #636363;">&nbsp;</td>

</tr>

<tr>

<td colspan="3" >&nbsp;</td>

</tr>

<tr>

<td colspan="3" align="center">&nbsp;</td>

</tr>

<tr>

<td colspan="3" >&nbsp;</td>

</tr>

</table>

</div>

<div id="footer">

<p>Copyright @ 2021. All Rights Reserved</p>

</div>

</div>

</body>

</html>

<?php

if(isset($_REQUEST['submit']))

$s1="select * from cloud1 order by cloud1_id desc";

$f1=mysql_query($s1);

$c1=mysql_fetch_object($f1);
if($c1 < 1)

$path1= "../cloud1/C1-1.txt";

fopen($path1,'a+');

}else

$count1=$c1->cloud1_id + 1;

$path1= "../cloud1/C1-".$count1.".txt";

$fopen1 = fopen($path1,'a+');

fwrite($fopen1,$_REQUEST['file1']);

$insert1="INSERT INTO `cloud1` ( `cloud1_name` ,

`cloud1_file` ,

`cloud1_user` ,

`cloud1_date` )

VALUES ('".$_REQUEST['file_id']."',

'".$path1."',

'".$_REQUEST['client_name']."',

'".date('d/m/Y')."')";

mysql_query($insert1);
$s2="select * from cloud1 order by cloud2_id desc";

$f2=mysql_query($s2);

$c2=mysql_fetch_object($f2);

if($c2 < 1)

$path2= "../cloud2/C2-1.txt";

}else

$count2=$c2->cloud2_id + 1;

$path2= "../cloud2/C2-".$count2.".txt";

$fopen2 = fopen($path2,'a+');

fwrite($fopen2,$_REQUEST['file2']);

$insert2="INSERT INTO `cloud2` (`cloud2_name` ,

`cloud2_file` ,

`cloud2_user` ,

`cloud2_date` )

VALUES ('".$_REQUEST['file_id']."',

'".$path2."',

'".$_REQUEST['client_name']."',

'".date('d/m/Y')."')";

mysql_query($insert2);
$s3="select * from cloud3 order by cloud3_id desc";

$f3=mysql_query($s3);

$c3=mysql_fetch_object($f3);

if($c3 < 1)

$path3= "../cloud3/C3-1.txt";

}else

$count3=$c3->cloud3_id + 1;

$path2= "../cloud3/C3-".$count3.".txt";

$fopen3 = fopen($path3,'a+');

fwrite($fopen3,$_REQUEST['file3']);

$insert3="INSERT INTO `cloud3` (`cloud3_name` ,

`cloud3_file` ,

`cloud3_user` ,

`cloud3_date` )

VALUES ('".$_REQUEST['file_id']."',

'".$path3."',

'".$_REQUEST['client_name']."',

'".date('d/m/Y')."')";

mysql_query($insert3);
$myFile=$_REQUEST['file_file'];

unlink($myFile);

mysql_query("UPDATE `file` SET file_status='Uploaded' WHERE `file_id` ='".

$_REQUEST['file_id']."'");

echo "<script type='text/javascript'> alert('Uploaded Successfully');</script>";

echo "<meta http-equiv='refresh' content='0;url=trans.php'>";

?>

SCREEN SHOT