ABSTRACTIdentity-based proxy re-encryption schemes have been proposed to shift the burden of managing numerous files from the owner to a proxy server. Nevertheless, the existing solutions suffer from several drawbacks. First,the access permission is determined by the central authority, which makes the scheme impractical. Second,they are insecure against collusion attacks. Finally, only queries from the same domain (intra-domain) areconsidered.One of the main applications of identity-based proxy re-encryption schemes is in the cloud computing scenario. Nevertheless, in this scenario, users in different domains can share files with each other. Therefore, the existing solutions do not actually solve the motivating scenario, when the scheme is applicable for cloud computing. Hence, it remains an interesting and challenging research problem to design an identity-based data storage scheme which is secure against collusion attacks and supports intra-domain and inter-domain queries. This project proposes an identity-based data storage scheme where both queries from the intra-domain and inter-domain are considered and collusion attacks can be resisted.Furthermore,the access permission can be determined by the owner independently.

TABLE OF CONTENTS

1. Introduction.12. Related works..73. Identity Based Secure Distributed Data Storage Schemes..94. Objectives...115. UML Diagrams...125.1 Use case diagrams.135.2 Activity diagrams..155.3 Sequence diagrams185.4 Class diagrams...196. Data flow diagrams..217. References23

LIST OF FIGURES

Figure 1:Service models of cloud computing5Figure 2:Model for Identity Based Secure Data Storage Schemes...9Figure 3:Classification of UML diagrams...12Figure 4:Use Case Diagram of IBSDDS.14Figure 5:Activity Diagram for Data Owner16Figure 6:Activity Diagram for Data User....17Figure 7:Sequence Diagram18Figure 8:Class Diagram...19Figure 9:Data Flow Diagram level 0...21Figure 10:Data Flow Diagram level 1.....21Figure 11:Data Flow Diagram level 2.....22

1. INTRODUCTION Cloud computing is a model of data storage where the digital data is stored in logical pools, the physical storage spans across multiple servers, and the physical environment is typically owned and managed by a hosting company.Cloud Computing comprises of three different service models, namely Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS).

Fig 1: Service models of cloud computing

Through database-as-a-service (DAS), users can manage their personal files.In DAS schemes, a user can outsource his encrypted files to untrusted proxy servers.Proxy servers can perform some functions on the outsourced cipher texts without knowing anything about the original files. Unfortunately, this technique has not been employed extensively. The main reason lies in that users are especially concerned on the confidentiality, integrity and query of the outsourced files as cloud computing is a lot more complicated than the local data storage systems and as the cloud is managed by an untrusted third party. After outsourcing the files to proxy servers, the user will remove them from his local machine. Therefore, how to guarantee the outsourced files are not accessed by the unauthorized users and not modified by proxy servers is an important problem that has been considered in the data storage research community. Furthermore, how to guarantee that an authorized user can query the outsourced files from proxy servers is another concern as the proxy server only maintains the outsourced cipher texts. Confidentiality is proposed to prevent unauthorized users from accessing the sensitive data as it is subject to unauthorized disclose and access after being outsourced.To provide confidentiality to the outsourced data, encryption schemes are deployed.Integrity can prevent outsourced data from being replaced and modified.This project proposes two identity-based secure distributed data storage (IBSDDS) schemes.

2. RELATED WORKS Data storage systems enable users to store their data to external proxy servers to enhance the access and availability,and reduce the maintainance cost. Samarati and Vimercati [1] addressed the privacy issues in data utility, and pointed out the main research directions in the protection of the externally stored data. Kher and Kim [2] surveyed the data storage systems comprehensively and classified them into three kinds based on their security services: Networked File Systems (NFS),Storage-Based Intrusion Detection Systems (SBIDS) and Cryptographic File Systems (CFS). NFS cannot provide an end-to-end data security, namely they cannot ensure the confidentiality of the data stored at the proxy server [3], [4], [5].SBIDS are of two types-host based and network based systems.The main advantage of these systems is that proxy servers can still detect the intrusion actions even if the host is compromised as the proxy server is independent from the host [6], [7], [8].In CFS, an end-to-end security is provided by cryptographic protocols which are executed by the file owner to prevent proxy servers and unauthorized users from modifying and accessing the sensitive files [9][10][11][12]. According to Identity Based Proxy Re-encryption System,semi-trusted proxy server can transfer a ciphertext for the original decryptor to a ciphertext for the designated decryptor without knowing the plaintext. Identity-based cryptosystem introduced by Shamir [13] is a system where the public key can be any arbitrary string and the secret key is issued by a trusted party called the private key generator (PKG). Being different from public key infrastructure (PKI), two parties can communicate directly without verifying their public key certificates in identity-based systems.The re-encryption key can be computed by the original decryptor or must be computed by the PKG. Unfortunately, these schemes are vulnerable to the collusion attacks.DISADVANTAGES OF EXISTING SYSTEM Users are especially concerned on the confidentiality, integrity and query of the outsourced files. Cloud computing is a lot more complicated than the local data storage systems, as the cloud is managed by an untrusted third party. The outsourced files are accessed by unauthorized users

3. IDENTITY BASED SECURE DISTRIBUTED DATA STORAGE SCHEMES In the proposed system, two identity-based secure distributed storage (IBSDDS) schemes are used. For one query, the receiver can only access one of the owners files, instead of all files. In other words, an access permission (re-encryption key) is bound not only to the identity of the receiver but also the file. The access permission can be decided by the owner, instead of the trusted party (PKG). Furthermore, these schemes are secure against the collusion attacks. First scheme is secure against Chosen Plaintext Attacks(CPA) Second scheme is secure against Chosen Cipher text attacks(CCA)Fig 2: Model for Identity Based Secure Data Storage Schemes In an identity-based secure distributed data storage (IBSDDS)scheme, a users identity can be an arbitrary string and two parties can communicate with each other without checking the public key certificates. At first, the file owner encrypts his files under his identity prior to outsourcing them to proxy servers. Then, he sends the ciphertexts to the proxy servers. Consequently, the proxy servers can transfer a cipher text encrypted under the identity of the owner to a cipher text encrypted under the identity of the receiver after they has obtained an access permission (re-encryption key) from the owner.ADVANTAGES OF PROPOSED SYSTEM It has two schemes of security where the first scheme is CPA secure and the second scheme achieves CCA security. It is the first IBSDDS schemes where an access permission is made by the owner for an exact file and collusion attacks can be protected in the standard model. To achieve stronger security and implement file based access control, the owner must be online to authenticate requesters and also to generate access permission for them. Therefore, the owner in these schemes needs to do more computations than that in PRE schemes. Although PRE schemes can provide the similar functionalities of IBSDDS when the owner only has one file, they are not flexible and practical.

4. OBJECTIVESTo provide confidentiality for the outsourced data, an efficient IBSDDS scheme should provide the following properties.1) Unidirectional: After receiving an access permission, the proxy server can transfer a cipher text for A to a ciphertext for B while he cannot transfer aCiphertext for B to a ciphertext for A.2) Non-interactive: The access permission can be created by the file owner without any trusted third party and interaction with him.3) Key optimal: The size of the secret key of the receiver is constant and independent of the delegations which he accepts.4) Collusion-safe: The secret key of the file owner is secure even if the receiver can compromise the proxy server.5) Non-transitive: Receiving the access permissions computed by A for B and B for C, the proxy server cannot transfer a cipher text for A to a ciphertext for C.6) File-based access: For one query, the receiver can only access one file. This can improve the security of the outsourced files and is desirable to maintain the access record.

5. UML DIAGRAMS UML stands for Unified Modeling Language which is used in object oriented software engineering. Although typically used in software engineering,it is a rich language that can be used to model application structures,behaviourand even business processes.They can be divided into two main categories - structure diagrams and behavioral diagrams.

Fig 3:Classification of UML diagrams

LIST OF UML DIAGRAM TYPES Class Diagram Deployment Diagram Component Diagram Sequence Diagram State chart Diagram Object Diagram Activity Diagram Use case Diagram Profile Diagram Interaction Overview Diagram Package Diagram Timing Diagram Communication Diagram Composite Structure Diagram5.1 USE CASE DIAGRAM Ause case diagramat its simplest is a representation of a user's interaction with the system and depicting the specifications of ause case. It can portray the different types of users of a system and the various ways in which they interact with the system.It describes the functional behavior of the system as seen by the user. Use case diagram is a graph of actors, a set of usecases enclosed by a system boundary,communication associations between the actors and usecases and generalization among the usecases.It defines the outside and inside of the system behavior and captures system functionality.It also captures the requirement of a system.Usecase is shown as an ellipse containing the name of usecase.An actor is represented as

SystemData OwnerUserFile UploadRequest to fileGiven PermissionDownloadServerLoginGenerate security keysesesecurityRegistrationEnter security keyFig 4:Use case diagram of IBSDDS

5.2 ACTIVITY DIAGRAMS Activity diagramsare graphical representations ofworkflows of stepwise activities and actionswith support for choice, iteration and concurrency. In theUnified Modeling Language, activity diagrams are intended to model both computational and organisational processes (i.e. workflows).It shows the overall flow of control.Activity diagrams are constructed from a limited number of shapes, connected with arrows.The most important shape types are: rounded rectanglesrepresentactions; diamondsrepresentdecisions; barsrepresent the start (split) or end (join) of concurrent activities; ablack circlerepresents the start (initial state) of the workflow; anencircled black circlerepresents the end (final state).Arrows run from the start towards the end and represent the order in which activities happen.

LoginGenerate security keyFile UploadRegistrationFig 5 : Acitivity diagram for data owner

LoginEnter key valueDownload fileRegistrationFig 6:Activity diagram for data user

5.3 SEQUENCE DIAGRAM

Password matchesifPassword mismatchifAuthenticateData OwnerProxy ServerReceiversStorageAttackers1 : Login()2 : Authentication()3 : Authenticated()4 : Authenticate Person()5 : Unauthenticated()6 : File Upoload()7 : User Login()8 : Authentication()9 : Authenticated()10 : Authenticate user()11 : Unauthenticated()12 : File Upload()13 : Request to file()14 : Request()1516 : Permit to access()ElseElseFig 7 :Sequence diagram for IBSDDS

ASequence diagramis aninteraction diagramthat shows how processes operate with one another and in what order. It is a construct of aMessage Sequence Chart. A sequence diagram shows object interactions arranged in time sequence. It depicts the objects and classes involved in the scenario and the sequence of messages exchanged between the objects needed to carry out the functionality of the scenario. Sequence diagrams are typically associated with use case realizations in the logical view of the system under development. Sequence diagrams are sometimes calledevent diagramsorevent scenarios. A sequence diagram shows, as parallel vertical lines (lifelines), different processes or objects that live simultaneously, and, as horizontal arrows, the messages exchanged between them, in the order in which they occur. This allows the specification of simple runtime scenarios in a graphical manner.

Data User+username +password +email +address +dob +gender +registration() +login() +enter security key() +download file()5.4 CLASS DIAGRAM

Data Owner +id+password+login()+generate security key()+fileupload()

Insoftware engineering, aclass diagramin theUnified Modeling Language(UML) is a type of static structure diagram that describes the structure of a system by showing the system'sclasses, their attributes, operations (or methods), and the relationships among objectsIn the diagram, classes are represented with boxes which contain three parts: The top part contains the name of the class. It is printed in Bold, centered and the first letter capitalized. The middle part contains the attributes of the class. They are left aligned and the first letter is lower case. The bottom part gives the methods or operations the class can take or undertake. They are also left aligned and the first letter is lower case.

6. DATA FLOW DIAGRAMS

Data OwnerProxy ServerReceiver

Fig 8:Level 0 DFD

Data OwnerUpload encrypted fileReceiverDownload fileProxy Server

Fig 9:Level 1 DFD

Data OwnerReceiverDownload fileProxy ServerUpload encrypted fileSent request to download filesRequestAcceptedAccepted to download

Fig 10:Level 2 DFD

7. REFERENCES[1] P. Samarati and S. D. C. di Vimercati, Data protection in outsourcing scenarios: Issues and directions, in Proc. ACM Symposium on Information, Computer and Communications Security -ASIACCS10 (D. Feng, D. A. Basin, and P. Liu, eds.), (Beijing,China), pp. 114, ACM, Apr. 2010.[2] V. Kher and Y. Kim, Securing distributed storage: Challenges,techniques, and systems, in Proc. ACM Workshop On Storage Security And Survivability - StorageSS05 (V. Atluri, P. Samarati,W. Yurcik, L. Brumbaugh, and Y. Zhou, eds.), (Fairfax, VA, USA),pp. 925, ACM, Nov. 2005[3] S. Jiang, X. Zhang, S. Liang, and K. Davis, Improving networked file system performance using a locality-aware cooperative cache protocol, IEEE Transactions on Computers, vol. 59, no. 11, pp. 15081519, 2010.[4] R. Sandberg, D. Goldberg, S. Kleiman, D. Walsh, and B. Lyon,Design and implementation of the sun network file system,in Proc. USENIX Technical Conference - USENIX85, (Portland),pp. 119130, USENIX, 1985.[5] M. Satyanarayanan, Scalable, secure, and highly available distributed file access, IEEE Computer, vol. 23, no. 5, pp. 921, 1990. [6] A. G. Pennington, J. L. Griffin, J. S. Bucy, J. D. Strunk, and G. R.Ganger, Storage-based intrusion detection, ACM Transactions on Information and System Security, vol. 13, no. 4, pp. 30:130:27, 2010.[7] M. Banikazemi, D. Poff, and B. Abali, Storage-based intrusion detection for storage area networks (SANs), in Proc. Conference on Mass Storage Systems and Technologies - MSST05, (Monterey,CA, USA), pp. 118127, IEEE, Apr. 2005.[8] A. G. Pennington, J. D. Strunk, J. L. Griffin, C. A. Soules, G. R.Goodson, and G. R. Ganger, Storage-based intrusion detection:Watching storage activity for suspicious behavior, in Proc. The USENIX Security Symposium - USENIX03, (Washington, D.C.USA), pp. 137152, USENIX, Aug. 2003.[9] M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu,Plutus: Scalable secure file sharing on untrusted storage, in Proc.Conference on File and Storage Technologies -FAST03, (San Francisco,CA, USA), pp. 2942, USENIX, Mar. 2003.[10] B. Blanchet and A. Chaudhuri, Automatic formal analysis of a protocol for secure file sharing on untrusted storage, in Proc.Symposium on Security and Privacy - S & P08), (Oakland, California,USA), pp. 417431, IEEE, May 2008.[11] M. Blaze, A cryptographic file system for unix, in Proc. ACM Conference on Computer and Communications Security - CCS93,(Fairfax, Virginia, USA), pp. 916, ACM, Nov. 3-5 1993.[12] E.-J. Goh, H. Shacham, N. Modadugu, and D. Boneh, SiRiUS: Securingremote untrusted storage, in Proc. Network and Distributed System Security Symposium - NDSS03, (San Diego, California,USA), pp. 115, The Internet Society, Feb. 2003. [13] A. Shamir, Identity-based cryptosystems and signature scheme,in Proc. Advances in Cryptology - CRYPTO84 (G. R. Blakley and D. Chaum, eds.), vol. 196 of Lecture Notes in Computer Science,(Santa Barbara, California, USA), pp. 4753, Springer, Aug. 1984.1