Now a day, the explosive growth of digital contents continues to rise the demand for new storage and network capacities, which should be more cost effective and high network bandwidth. Also use of remote storage systems is gaining an expanding interest, namely the cloud storage based services, because it provides cost effective and efficient architectures. Such architectures support efficient transmission, storage in a multi-tenancy environment and intensively computation of outsourced data in a pay per use business model. To save the resources usage in both network bandwidth and storage capacity, many cloud services, namely Drop box, wuala, Memopal and etcâ¦, are applying client side de-duplication. This concept avoids the redundant data in cloud, which will save storage in cloud servers and reduces the consumption of the network bandwidth associated to transmission of same contents several times.
Despite of these significant advantages in proper resources utilization, the client data de-duplication brings many security issues, considerably due to the multi-owner data possession challenges. For example, few attackers target either the consumption of bandwidth or the confidentiality and the privacy of the cloud users. For instance, a user may check whether another user has already uploaded a file by outsourcing the same file to the cloud., Many efforts have been proposed different security schemes to mitigate such issues. These models are collectively called Proof of Ownership (POW) systems. They allow the storage server can check the ownership of the user data, based on a static and hash value. The security protocols are designed to ensure several requirements, such as lightweight of verification and efficient computation.
Although various security properties have been addressed by existing POW schemes, we still need a careful consideration of potential attacks, for example Data Leakage and Poison Attacks that target preservation of privacy and discloser of data confidentiality.
A new cryptographic method for secure POW is introduced in this paper, which is based on the convergent encryption and the Merkle-based Tree schemes. Which will improve 1. Data security in cloud storage systems, 2. Provide dynamic sharing between users and 3. Ensure efficient data deduplication. Our idea consists in using the Merkle-based Tree over encrypted data. It will generate a unique identifier to outsourced data. On one hand, this identifier checks the availability of the redundant data in remote cloud servers. On the other hand, it is used to ensure efficient access control in dynamically sharing scenarios.
The work in this document is organized as follows. Section II describes literature survey. Section III describes the state of the art of existing schemes, introducing the general concept of POW protocols and highlights their limitations and their security challenges. Section IV specifies hardware and software requirements. Then, Section V specifies technologies, which are used. Section VI introduces the system study. Section VII presents implementation of the secure POW scheme and specifies security analysis and also describes different modules in the system. Section VIII specifies system design. Section IX presents sample code. Section X specifies testing procedure. Section XI presents some of the screenshots. Finally, Section XII and XIII specify conclusion and references.
2. LITERATURE SURVEY
Another most important step in software development process is Literature Survey. Before developing the tool it is necessary to determine the time, cost and strength of the company. Once these things are satisfied, then next step is to determine on which operating system and which language should be used for developing the tool. Once the programmers start building the tool the programmers might require lot of external support. It can be getting from senior programmers, from websites or from books. Before building the system the above consideration are taken into account for developing the proposed system.
3. SYSTEM ANALYSIS
3.1 EXISTING SYSTEM
Although the existing schemes aim at providing integrity verification for different data storage systems, the data dynamics are not been addressed fully. How to achieve a secure and efficient design to seamlessly integrate these two important things for data storage service remains an open challenging task in Cloud storage.
DISADVANTAGES OF EXISTING SYSTEM
1. Although the infrastructures under the cloud are much more powerful and reliable than personal computing devices, they are still facing the both internal and external threats for data integrity.
2. Second, there are several motivations exists for CSP to behave unfaithfully toward the cloud users regarding their outsourced data status.
3. In particular, simply downloading all the data for its integrity verification is not a practical solution due to the expensiveness I/O, that is, high transmission cost across the network. Besides, it is often insufficient to detect the data corruption when accessing the data, as it does not give users correctness assurance for those unaccessed data and it might be too late to recover the data loss or damage.
4. Encryption does not completely solve the problem of protecting data privacy in the cloud service provider but just reduces it to the complex key management domain. Unauthorized data loss still remains possible due to the potential exposure of decryption keys.
3.2 PROPOSED SYSTEM
The trend of cloud based services for large scale content storage, processing, and distribution. Security and privacy are the top concerns for the public cloud environments. Towards these security challenges, we propose and implement, on Open Stack Swift (OSS). It is a new client-side deduplication scheme for securely storing and sharing outsourced data via the public cloud. The use of the proposed convergent encryption, i.e., deriving keys from the hash of plaintext. Then, Store at al. Pointed out some security problems, and presented a security model for secure data deduplication. However these two protocols focus on client-side deduplication and do not consider data leakage settings, against malicious users.
ADVANTAGES OF PROPOSED SYSTEM
1. As a rising subject, cloud storage is playing an increasingly important role in the decision-supported activities of every walk of life.
2. Get Efficient Item set result based on the deduplication.
4. SYSTEM REQUIREMENTS
4.1 SOFTWARE REQUIREMENTS
â¢ Operating System : Windows 2008 (64-bit)
â¢ Coding Language : ASP.Net with C#.
â¢ Front End : Visual Studio 2010 Professional
â¢ Back end : SQL Server 2008 R2
4.2 HARDWARE REQUIREMENTS
â¢ System : Pentium IV 2.4 GHz.
â¢ Hard Disk : 40 GB.
â¢ Floppy Drive : 1.44 Mb.
â¢ Monitor : 15 VGA Colour.
â¢ Mouse : DELL.
â¢ Ram : 512 Mb.
5. SOFTWARE ENVIRONMENT
Following software technologies should be used to implement the system.
5.1 .NET Framework
.Net frame work developed by Microsoft. It primarily run on Microsoft windows. It has large class library called Framework Class Library(FCL). Programs written in the .net framework execute in a software environment called Common Language Runtime (CLR). It provides language interoperability across several programming languages.
It simplifies application development in the highly distributed environment of the Internet. It provides object-oriented programming environment. It minimizes software deployment and guarantees safe execution of code. Different types of application, such as Windows-based applications and desktop-applications, can develop using .net framework.
XML WEB SERVICES Windows Forms
Base Class Libraries (BCL)
Common Language Runtime (CLR)
Operating System (OS)
Fig 1. .NET Framework
Common Language Runtime (CLR):
The CLR is the core engine of .NET. It provides the environment in which .net supported programs run.
Some of the features of CLR are:
â¢ Conversion from a low level language, called Intermediate Language (IL), into code native to the platform being executed on.
â¢ Memory management that supports garbage collection.
â¢ Enforce security restrictions on the running code.
â¢ Load and execute programs with version
â¢ Other features of the .NET framework are
Managed Code, which is a metadata to describe itself.
Managed Data, which support garbage collection.
Common Type System, which support type safety.
Common Language Specification specifies set of rules for using the CLR
Framework Class Library(FCL):
.NET provides set of hierarchy of classes. The root of the classes is called System. The root class contains basic types like Byte, Double, Boolean, and String. All objects are derived from System Object. Value types are the objects that are allocated in the stack. They are flexible. That is one can converting value types to object types if necessary.
The set of classes provides collections, file, screen, and network I/O, threading, and so on, as well as XML and database connectivity.
The class library is subdivided into a number of sets are called namespaces, each providing distinct areas of functionality.
Languages supported by .Net:
Following are the some of the languages that are supported by the framework:
Visual Basic .NET is a CLS compliant, that is, that any CLS-compliant language can use the classes, objects, and components that are created in Visual Basic .NET.
Managed Extensions for C++ and attributed programming are just some of the enhancements made to the C++ language. Managed Extensions simplify the task of migrating existing C++ applications in to .NET Framework applications
C# is Microsoftâs new language. Itâs a C/C++ style language with .net support. It has no standard library of its own it has been designed use the .NET libraries as its own.
Microsoft Visual J# .NET provides the easiest transition for Java-language developers into the world of XML Web Services and dramatically improves the interoperability of Java-language programs with existing software written in a variety of other programming languages.
Active State has created Visual Perl and Visual Python, they support .NET-aware applications to be built in either Perl or Python.
Microsoft SQL Server is a relational database management system developed by Microsoft. It is a database server. Its main functions are storing, retrieving and editing the data. There are several number of SQL Server versions are available in the market.
The objects that SQL Server database consists are as shown bellow:
A database is a collection of relational tables. Table is a collection of records. Record is a collection of fields about a specific topic.
Views of table
We can work with a table in two types,
1. Design View
2. Datasheet View
To build or modify the structure of a table we work in the table design view. We can specify what type of data it should be hold.
Datasheet view helps to insert, retrieve, edit or analyses the data.
A query is a request that can be asked the data base server. SQL Service gathers data from one or more table and respond to the request. we can insert, delete, update data using queries.
6. SYSTEM STUDY
6.1 FEASIBILITY STUDY
The feasibility of the project is analyzed in this phase. and business proposal and general plan for the project described. And also specifies cost estimation. During system analysis the feasibility study of the proposed system should be done. This ensures that the proposed system is not a burden to the company. For feasibility analysis, understanding of the system requirements is necessary.
There are three key considerations in feasibility study.
â¢ ECONOMICAL FEASIBILITY
â¢ TECHNICAL FEASIBILITY
â¢ SOCIAL FEASIBILITY
6.2 ECONOMICAL FEASIBILITY
Economical feasibility study checks the economic impact that the system will have on the organization. The amount that the company can invest into the research and development of the system is limited. The expenditures must be justified. Thus the developed system should be within the budget of the company and this was achieved by the technologies are available freely. Only the customized products had to be purchased.
6.3 TECHNICAL FEASIBILITY
Technical feasibility study checks the technical requirements of the system. The system should be developed in a way it can run in minimum technical resources as possible. This will not lead high demands on the available technical resources. This will not lead to high demands being placed on the client. The final system must have a modest requirement. And also only minimal or zero changes are required for implementing the system.
6.4 SOCIAL FEASIBILITY
The social feasibility study checks the level of acceptance of the system by the end user. This includes the process of user training. So that user can user the system efficiently. The user must not feel threatened by the system. The user should accept the system as a easy as possible. The level of acceptance by the users is depends on the methods that are employed to educate the user about the system and make him familiar with the system. His level of confidence must be raised. So that the user is able to make some constructive criticism like he is the final user of the system.
The project implementation stage turns the theoretical design into a working system. Thus it can be considered as the most critical stage in software development. It also gives the user, the confidence that the new system will work efficiently.
The implementation stage involves planning, investigation of the existing system and specifies constraints in implementation, designing of methods to achieve changeover and evaluation of changeover methods.
7.1 MODULES DESCRIPTION
There are four modules in the system. They are
1. User Module.
2. Client module.
3. CSP Module.
4. Deduplication module.
In the user module, user can register their details and get the secret key for login. And user can download the clientâs uploaded files. The users are able to access the content stored in the cloud, depending on their access rights that are authorizations granted by the client, like the rights re-store the modified data in the cloud.
In the client module, client makes use of providerâs resources to store, retrieve and share data with multiple users. Different types of clients are there. A client can be either an individual or an enterprise.
Client can check the uploaded file he can neglect or upload the file
Client can view the de-duplicate file based on this client can delete the unwanted data.
In this module CSP can view all the user details, client uploads details, clients details.
And clients activities regarding the A Secure Client Side Deduplication Scheme in Cloud Storage Environments
In de-duplication module, the clients uploaded files can be stored in cloud database.. It can be very secure. Clients can view/see the file from the database based on the de-duplicate factor it can be very secure.
8. SYSTEM DESIGN
8.1 SYSTEM ARCHITECTURE
Distributed computing expect to drive the outline of the cutting edge server farms by architecting them as a system of virtual administrations, with the goal that clients can get to and convey applications from anyplace on the planet on interest at focused expenses. The figure 1 demonstrates the abnormal state structural planning of the proposed approach. There are essentially four principle elements:
In this module, the information supplier is in charge of making Remote client by indicating client name. Information supplier will consequently produce the watchword. The Data supplier transfers their information to the cloud server. For the security reason the information suppliers encodes the information document, then partitions the record, create meta data(hmac) in light of substance of record and afterward at long last stores in the cloud in parts (splited structure). The supplier keeps a duplicate of Meta information for checking dedupliction.
The cloud server is in charge of information stockpiling and record approval for an end client. The information document will be put away in client information base and Backup DB in pieces with their labels, for example, record name, mystery key, hmac1, hmac2, hmac3, hmac4, hmac5 and proprietor name. The information document will be sending in light of the benefits. On the off chance that the benefit is right then the information will be sent to the relating client furthermore will check the record name, end client name and mystery key. In the event that all are genuine then it will send to the relating client or he will be caught as aggressor.
Cloud Data Backup Cloud Data reinforcement is only the Backup Database, The information reinforcement begin preparing just when customer solicitations for getting the information which is put away already in the distributed storage. The information reinforcement has the accompanying messages amid its preparing:
Fig 8-1. System Architecture
Client Request Backup:
This message will contain asked for information URL that the customer needs to bring. In the wake of getting the customer solicitation to get the information CSP checks for the responsibility for record and accordingly create Response Backup message.
Fig 8-2. System Design( client)
This reaction message of CSP contains the encoded record in spitted Meta information structure. Once in the wake of getting the Response Backup message, the customer first recovers the metadata document in spitted shape and translates the information utilizing mystery key.
Fig 8-3. System Design( CSP)
Data Consumer (End User)
The information purchaser is only the end client who will demand and bring document substance from the relating cloud servers. On the off chance that the document name and mystery key, access consent is right then the end is getting the record reaction from the cloud or else he will be considered as an assailant furthermore he will be hindered in comparing cloud. In the event that he needs to get to the record in the wake of blocking he needs to unblock from the cloud.
Fig 8-4 System Design( User)
8.2 DATA FLOW DIAGRAM
1. The DF diagrams are also called bubble charts. It can be used to represent a system in terms of input data, various processing carried out on the data, and also the output data is generated by the system. It is a simple graphical formalism.
2. The data flow diagram (DFD) is one of the most important modeling tools. It is used to model the system components. The components are system process, the data used by the process, an external entity that interacts with the system and the data flows in the system.
3. DFD shows how the information moves through the system and how it will modify by the transformations. It is a graphical technique. It depicts information flow and the transformations of the data from input to output.
4. DFD are used to represent a system at different levels of abstraction. DFD partitioned into different levels that represent information flow and functional detail.
Data Flow Diagrams
8.3 UML DIAGRAMS
Unified Modeling Language (UML) is a standard and general purpose of modeling language in the field of object-oriented software engineering. The standard is created and managed by the Object Management Group.
The goal of UML is used to create models for object oriented computer software. In its current form UML has two major components: one is Meta-model and the other is notation.
The Unified Modeling Language is a standard language for specifying, graphically visualization, programmatically constructing and documenting the artifacts of software/non software systems.
The UML is a collection of best engineering practices which are successfully proven in the modeling of large and complex systems.
The UML is a very use full for developing OOS (object oriented software). The UML uses graphical notations to express the design of software projects.
8.3.1 Usecase Diagram
A use case diagram is a behavioral diagram defined by and created from user perspective. It represents graphical overview of the system functionality in terms of actors, their goals and any dependencies between those use cases. They show which actor perform what function and their roles in the system.
Fig 8-10. Usecase 1
Fig 8-11. Usecase 2.
8.3.2 Class Diagram
Class diagram of login, client, CSP is as shown bellow:
Fig 8-12. Class diagram
8.3.3 Sequence Diagram
A sequence diagrams is interaction diagrams that show how processes operate with one another and in what order. It shows sequence of the message. Sequence diagrams are also called event diagrams or event scenarios or timing diagrams.
Fig 8-13. Sequence diagram
8.3.4 Activity Diagram
Activity diagrams represents workflows in the system. It shows stepwise activities and actions, iteration and concurrency. Activity diagrams are used to show the step-by-step operational workflows of components in the system. Activity diagrams show the overall flow control.
Fig 8-14. Activity diagram
8.3.5 Collaboration Diagram
Collaboration diagram to user login and get secure key is as shown bellow:
Collaboration diagram to client login and upload file is as shown bellow:
8.3.6 Component Diagram
Component diagram to user login and get secure key is as shown bellow:
Component diagram to client login and upload file to cloud is as shown bellow:
8.3.7 Deployment Diagram
Deployment diagram of the system is as shown bellow:
User registration code is as shown bellow:
Client registration code is as shown bellow:
User login code is as shown bellow:
Secure Key generation code is as shown bellow:
Client login code is as shown bellow:
Upload file code is as shown bellow:
10. SYSTEM TESTING
The main purpose of testing is to find the errors. Testing is a process of trying to discover every conceivable fault in the system. It provides several ways to check the functionality of components, sub assemblies, assemblies and/or a finished product. It is a process of exercising software with the intent of ensuring that the
It ensures software system meets its requirements and user expectations. And also ensures it does not fail in an unacceptable manner. There are various types of test. Each test scenario addresses a specific testing requirement.
TYPES OF TESTS
Unit testing involves the design of test cases and validation of the internal logic of the program. And also verifies that the program inputs produce valid output. All decision branches and internal code flow of the program should be validated. Unit test tests the individual software units of the application. It should be done after the completion of an individual unit but before integration. This is a structural testing, which relies on knowledge of construction of the unit. Unit test performs basic tests at component level. Unit tests ensure that each unique path of the unit should be tested. It prepares a document, which contains clearly defined inputs and expected results.
Integration tests should test integrated software components and find out bugs in the integrated component. Testing is event driven. And it is more concerned with the basic outcome of screens and/or fields. Integration tests demonstrate that although the components were individually tested, as shown by successfully unit testing, the combination of components does not have any errors. The main goal of integration testing is it should expose the problems that arise from the combination of components.
Functional tests demonstrate the functions tested are available as specified by the technical requirements, system requirement document and user manuals.
Functional testing is centered on the following items:
Valid Input : identified class of valid inputs must be accepted.
Invalid Input : identified class of invalid inputs must be rejected.
Functions : identified functions should be tested.
Output : identified class of application outputs must be exercised.
Systems/Procedures : system interface and/or procedures must be invoked.
Organization and preparation of functional test is based on requirements and key functions. In addition, systematic coverage pertaining to identify Business process flows, data fields and processes must be considered for testing. Once the functional testing is completed, additional tests identify and the effective value of current tests should be determined.
System testing ensures that the integrated software system components meet user requirements. It tests the entire system and ensures as expected. The testing should be done based on the process descriptions and flows, emphasize integration points and pre-driven process links. An example of system testing is, configuration oriented system test.
White Box Testing
White Box Testing is a testing in which the software tester should have knowledge about inner logic for example loops, decision control structure and language used to develop the software. It is purpose. It is used to test areas that cannot be reached by black box level test.
Black Box Testing
Black Box Testing is testing the software without any knowledge of the inner logic, loops, decision control structures or language of the system being tested. Black box tests must be written from a definitive source document, such as requirements specification document. It is a testing in which the software under test is treated as a black box. Tester cannot see into it. The test provides inputs and sees the outputs without considering how the software works.
10.1 UNIT TESTING:
Unit testing is usually conducted as part of the entire lifecycle of the project. There are two phases in unit testing they are one is test strategy and the other is approach.
Fields testing will be performed manually. Also, functional tests should be written in detail.
â¢ All the field entries must work properly.
â¢ Pages should be activated from the identified link.
â¢ Screens, messages and responses should not be delayed.
Features to be tested
â¢ Verify that the entries are in correct format
â¢ There is no duplicate entries should be allowed
â¢ All links should be work properly.
10.2 INTEGRATION TESTING
Software integration testing is the incremental integration testing of more than one integrated software components. And it finds out product failures and defects.
Integration test verifies all components of the entire software applications, e.g. components in a software system or entire software applications at the company level should run without any errors.
Test Results: All the test cases mentioned should be passed successfully. No defects should be encountered.
10.3 ACCEPTANCE TESTING
Acceptance Testing is the important phase of the project. It requires the end user participation. It should ensure that the system meets the user requirements.
Test Results: All the test scenarios mentioned should be passed successfully. No defects should be encountered.
Test Case 1:
Function Expected Result Actual Result Pass/Fail
Validation Should display validations when no values are entered for username and password Displaying validations when no values are given Pass
Test Case 2:
Function Expected Result Actual Result Pass/Fail
User registration Should display registration page. When enter and submit values should insert in to database Displaying registration page. Values are inserted in to db. Pass
Client registration Should display registration page. When enter and submit values should insert in to database Displaying registration page. Values are inserted in to db. Pass
Test Case 3:
Functionality: Secure key generation
Function Expected Result Actual Result Pass/Fail
Generate secure key to the login user When user login secure key generation page should be displayed. When user click secure key generation button, it should generate the key and send it to email to the user. Displaying secure key generation page. Secure key sent to email of the user Pass
Test Case 4:
Functionality: deduplication and upload file
Function Expected Result Actual Result Pass/Fail
Upload unduplicated files When client login, click upload file link, enter file details and click upload button, then upload the file to the cloud if it is not duplicated file duplicated files are not uploaded. Unduplicated files are uploaded Pass
Test Case 5:
Functionality: download file
Function Expected Result Actual Result Pass/Fail
Download file When client login, click uploaded file link and click view link of the uploaded file, then the file should be download from cloud File is downloaded from cloud Pass
11. SCREEN SHOTS
User registration page:
Client registration page:
Secure key generation page:
Secure key confirmation page:
Secure key validation page:
User home page:
User profile page:
User files page:
Client login page:
Client home page:
Client file upload page:
Client upload details page:
Client deduplicate files page:
Client download file screen:
CSP login page:
CSP home page:
CSP client uploaded details page:
CSP user details page:
CSP client details page:
Cloud storage services are growing so that the need of their security is also growing. By combining the attractive properties of the convergent cryptography defines an innovative solution to the outsourced data security and efficiency issues. The solution is based on a cryptographic. This document specifies the usage of symmetric encryption for enciphering the data and asymmetric encryption for metadata to protect the sensibility of the information towards several intrusions.
In addition, according to the Merkle tree properties, the proposal is also shows the support of data deduplication. It employs un free verification of data existence in cloud. Which is useful for saving bandwidth. Besides, our solution is also shows the resistant to unauthorized access to cloud data and also to any data disclosure during sharing process by providing two levels of access control verification. We believe that cloud data storage security is still full of challenges and a paramount importance. Also, many research problems remain to be identified.
Good Teachers are worth more than thousand books, we have them in Our Department
References Made From:
 User Interfaces in C#: Windows Forms and Custom Controls by Matthew
 Applied MicrosoftÂ® .NET Framework Programming (Pro-Developer) by Jeffrey Richter.
 Practical .Net2 and C#2: Harness the Platform, the Language, and the Framework by Patrick Smacchia.
 Data Communications and Networking, by Behrouz A Forouzan.
 Computer Networking: A Top-Down Approach, by James F. Kurose.
 Operating System Concepts, by Abraham Silberschatz.
 M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. H. Katz, A. Konwinski, G. Lee, D. A. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, âAbove the clouds: A berkeley view of cloud computing,â University of California, Berkeley, Tech. Rep. USB-EECS-2009-28, Feb 2009.
 Amazon Web Services (AWS), Online at http://aws. amazon.com.
 Google App Engine, Online at http://code.google.com/appengine/.
 Microsoft Azure, http://www.microsoft.com/azure/.
 104th United States Congress, âHealth Insurance Portability and Accountability Act of 1996 (HIPPA),â Online at http://aspe.hhs.gov/ admnsimp/pl104191.htm, 1996.
 H. Harney, A. Colgrove, and P. D. McDaniel, âPrinciples of policy in secure groups,â in Proc. of NDSSâ01, 2001.
 E. Anderson, X. Li, M. Shah, J. Tucek, and J. Wylie, âWhat consistency does your key-value store actually provide,â in Proc. 2010 USENIX HotDep.
 C. Fidge, âTimestamps in message-passing systems that preserve the
partial ordering,â in Proc. 1988 ACSC.
 W. Golab, X. Li, and M. Shah, âAnalyzing consistency properties for
fun and profit,â in Proc. 2011 ACM PODC.
 A. Tanenbaum and M. Van Steen, Distributed Systems: Principles and Paradigms. Prentice Hall PTR, 2002.
 W. Vogels, âData access patterns in the Amazon.com technology platform,â in Proc. 2007 VLDB.
 â”â”, âEventually consistent,â Commun. ACM, vol. 52, no. 1, 2009.
 M. Brantner, D. Florescu, D. Graf, D. Kossmann, and T. Kraska, âBuilding a database on S3,â in Proc. 2008 ACM SIGMOD.
 T. Kraska, M. Hentschel, G. Alonso, and D. Kossmann, âConsistency rationing in the cloud: pay only when it matters,â in Proc. 2009 VLDB.
 S. Esteves, J. Silva, and L. Veiga, âQuality-of-service for consistency
...(download the rest of the essay above)