Professional Documents
Culture Documents
1.1
SYNOPSIS
This project is entitled Cloud Documents Security Using Interactive ZeroKnowledge Proof Prevent using Asp .Net as Front end and SQL Server as back end. Cloud-based outsourced storage relieves the clients burden for storage management and maintenance by providing a comparably low-cost, scalable, location-independent platform. However, the fact that clients no longer have physical possession of data indicates that they are facing a potentially formidable risk for missing or corrupted data. To avoid the security risks, audit services are critical to ensure the integrity and availability of outsourced data and to achieve digital forensics and credibility on cloud computing. Provable data possession (PDP), which is a cryptographic technique for verifying the integrity of data without retrieving it at an untrusted server, can be used to realize audit services. In this project, profiting from the interactive zero-knowledge proof system, we address the construction of an interactive PDP protocol to prevent the fraudulence of prover (soundness property) and the leakage of verified data (zero-knowledge property). We prove that our construction holds these properties based on the computation DiffieHellman assumption and the rewind able black-box knowledge extractor. We also propose an efficient mechanism with respect to probabilistic queries and periodic verification to reduce the audit costs per verification and implement abnormal detection timely. In addition, we present an efficient method for selecting an optimal parameter value to minimize computational overheads of cloud audit services. Our experimental results demonstrate the effectiveness of our approach.
SOFTWARE CONFIGURATION Operating System Environment .Net Framework Language Web Technology Web Server Back End : : : : : : : Windows XP Professional/7 Visual Studio .Net 2008 Version 3.5 C# Active Server Pages.Net (Asp .Net) Internet information Server 5.0 SQL Server 2005
HARDWARE CONFIGURATION
Processor RAM Monitor size Hard Disk Extra Device Keyboard Mouse
: : : : : : :
Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent A new software management facility was introduced to ameliorate that plagues 9x versions of Windows. It is also the first version of Windows to use to combat. Windows XP had also been criticized by some users for security vulnerabilities, tight integration of applications such as, and for aspects of its default user interface. Later versions with, and addressed some of these concerns. According to data generated by as of December 2010, Windows XP is the most widely used operating system for accessing the Internet in the world with a 47.2% market share, having peaked at 76.1% in January 2007
EDITIONS
The two major editions are Windows XP Home Edition, designed for home users, and Windows XP Professional, designed for business and power-users. XP Professional contains advanced features that the average home user would not use. However, these features are not necessarily missing from XP Home. They are simply disabled, but are there and can become functional. These releases were made available at retail outlets that sell computer software and were preinstalled on computers sold by major computer manufacturers. As of mid-2008, both editions continue to be sold. A third edition, called Windows XP Media Center Edition was introduced in 2002 and was updated every year until 2006 to incorporate new digital media, broadcast television and capabilities. Unlike the Home and Professional edition, it was never made available for retail purchase, and was typically either sold through channels, or was preinstalled on computers that were typically marketed as "media center PCs". Two different editions were made available, one designed specifically for Itanium-based workstations, which was introduced in 2001 around the same time as the Home and Professional editions, but was discontinued a few years later when vendors of Itanium hardware stopped selling workstation-class machines due to low sales. The other, called Windows XP Professional x64 Edition supports the x86-64 extension. x86-64 was implemented first by AMD as "AMD64", found in AMD's and chips, and later implemented by Intel as (formerly known as IA-32e and EM64T), found in Intel's and later chips.
Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent Tablet PC Edition was produced for a class of specially designed notebook/laptop computers called. It is compatible with a pen-sensitive screen, supporting handwritten notes and portrait-oriented screens. Microsoft also released an edition for specific consumer electronics, kiosks, medical devices, arcade video games, point-of-sale terminals, and Voice over Internet Protocol components. In July 2006, Microsoft released a version of Windows XP Embedded which targets older machines (as early as the original Pentium). It is only available to customers. It is intended for corporate customers who would like to upgrade to Windows XP to take advantage of its security and management capabilities, but can't afford to purchase new hardware.
LANGUAGES
Windows XP was available in many languages. In addition, packs and translating the user interface were also available for certain languages. ATMs and Vendors (ATM) vendors, and have all adopted Microsoft Windows XP as their migration path from. Wincor Nixdorf, who has been pushing for standardization for many years, began shipping ATMs with Windows when they first arrived on the scene. Diebold initially shipped XP Home Edition exclusively, but, following extensive pressure from customer banks to support a common operating system, switched to support XP Professional to match their primary competitor, NCR Corporation and Wincor Nixdorf. Vending machines run a modified version of XP designed for the full screen of the Vending Touch screen and the DVD vending itself.
SERVICE PACKS
Microsoft occasionally releases for its Windows operating systems to fix problems and add features. Each service pack is a superset of all previous service packs and patches so that only the latest service pack needs to be installed, and also includes new revisions. However if it is still have the earliest version of Windows XP on Retail CD (without any service packs included), it will need to install SP1a or SP2, before SP3 can be installed. Older service packs need not be manually removed before application of the most recent one. Windows Update "normally" takes care of automatically removing unnecessary files. The service pack details below only apply to the 32-bit editions. Windows XP Professional x64 Edition was based on Service Pack 1 and claimed to be "SP1" in system properties from the initial release. It is updated by the same service packs and hot fixes as the x64 edition of Windows Server 2003.
maintenance. It allows organizations to place control of database development in the hands of (DBA) and other specialists. A DBMS is a system software package that helps the use of integrated collection of data records and files known as databases. It allows different user application programs to easily access the same database. DBMS may use any of a variety of the large systems, a DBMS allows users and other software to store and retrieve data in a way. Instead of having to write computer programs to extract information, user can ask simple questions. Thus, many DBMS packages provide (4GLs) and other application development
features. It helps to specify the logical organization for a database and access and use the information within a database. It provides facilities for controlling, enforcing, managing concurrency, and restoring the database from backups. A DBMS also provides the ability to logically present database information to users. A DBMS is a set of that controls the,
management. DBMS are categorized according to their data structures or types. The DBMS accepts requests for data from an application program and instructs to the transfer the appropriate data. The responses must be submitted and received according to a format that conforms to one or more applicable protocols.
DBMS RULES
FOUNDATION RULE A relational database management system must manage its stored data using only its relational capabilities. INFORMATION RULE All information in the database should be represented in one and only one way - as values in a table. GUARANTEED ACCESS RULE Each and every datum (atomic value) is guaranteed to be logically accessible by resorting to a combination of table name, primary key value and column name. SYSTEMATIC TREATMENT OF NULL VALUES Null values (distinct from empty character string or a string of blank characters and distinct from zero or any other number) are supported in the fully relational DBMS for representing missing information in a systematic way, independent of data type. DYNAMIC ON-LINE CATALOG BASED ON THE RELATIONAL MODEL The database description is represented at the logical level in the same way as ordinary data, so authorized users can apply the same relational language to its interrogation as they apply to regular data. COMPREHENSIVE DATA SUBLANGUAGE RULE A relational system may support several languages and various modes of terminal use. However, there must be at least one language whose statements are expressible, per some welldefined syntax, as character strings and whose ability to support all of the following is comprehensible: data definition
8
Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent view definition data manipulation (interactive and by program) integrity constraints authorization Transaction boundaries (begin, commit, and rollback).
VIEW UPDATING RULE All views that are theoretically updateable are also updateable by the system. HIGH-LEVEL INSERT, UPDATE, AND DELETE The capability neither of handling a base relation or a derived relation as a single operand applies nor only to the retrieval of data but also to the insertion, update, and deletion of data. PHYSICAL DATA INDEPENDENCE Application programs and terminal activities remain logically unimpaired whenever any changes are made in either storage representation or access methods.
A Relational DataBase Management System (RDBMS) is software that: Enables you to implement a database with tables, columns, and indexes. Guarantee the Referential Integrity between rows of various tables. Update the indexes automatically. Interprets an SQL query and combines information from various tables.
RDBMS TERMINOLOGY
Database: A database is a collection of tables, with related data. Table: A table is a matrix with data. A table in a database looks like a simple spreadsheet. Column: One column (data element) contains data of one and the same kind, for example the column postcode. Row: A row (= tuple, entry or record) is a group of related data, for example the data of one subscription. Redundancy: Storing data twice, redundantly to make the system faster. Primary Key: A primary key is unique. A key value cannot occur twice in one table. With a key you can find at most one row. Foreign Key: A foreign key is the linking pin between two tables. Compound Key: A compound key (composite key) is a key that consists of multiple columns, because one column is not sufficiently unique.
10
Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent VS.NET supports Windows 2003, Windows XP, and all versions of Windows 2000. Programs created for .NET can also run under Windows NT, Windows 98, and Windows Me, though VS.NET does not run on these systems. Note that in some cases certain service packs are required to run .NET. The framework starts all the way down at the memory management and component loading level and goes all the way up to multiple ways of rendering user and program interfaces. In between, there are layers that provide just about any system-level capability that a developer would need.
12
SECURITY
The runtime enforces code access security. The security features of the runtime thus enable legitimate Internet-deployed software to be exceptionally featuring rich. With regards to security, managed components are awarded varying degrees of trust, depending on a number of factors that include their origin to perform file-access operations, registry-access operations, or other sensitive functions.
13
ROBUSTNESS
The runtime also enforces code robustness by implementing a strict type- and codeverification infrastructure called the common type system (CTS). The CTS ensures that all managed code is self-describing. The managed environment of the runtime eliminates many common software issues.
PRODUCTIVITY
The runtime also accelerates developer productivity. For example, programmers can write applications in their development language of choice, yet take full advantage of the runtime, the class library, and components written in other languages by other developers.
PERFORMANCE
The runtime is designed to enhance performance. Although the common language runtime provides many standard runtime services, managed code is never interpreted. A feature called just-in-time (JIT) compiling enables all managed code to run in the native machine language of the system on which it is executing. Finally, the runtime can be hosted by highperformance, server-side applications, such as Microsoft SQL Server and Internet Information Services (IIS)
14
INTEROPERABILITY
ADO.NET applications can take advantage of the flexibility and broad acceptance of XML. Because XML is the format for transmitting datasets across the network, any component that can read the XML format can process data. The receiving component need not be an ADO.NET component.
MAINTAINABILITY
In the life of a deployed system, modest changes are possible, but substantial, Architectural changes are rarely attempted because they are so difficult. As the performance load on a deployed application server grows, system resources can become scarce and response time or throughput can suffer.
PERFORMANCE
ADO.NET datasets offer performance advantages over ADO disconnected record sets. In ADO.NET data-type conversion is not necessary.
SCALABILITY
ADO.NET accommodates scalability by encouraging programmers to conserve limited resources. Any ADO.NET application employs disconnected access to data; it does not retain database locks or active database connections for long durations.
15
Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent languages leverage the functionality of the .NET Framework and simplify the development of ASP Web applications and XML Web services. Visual Studio supports the .NET Framework, which provides a common language runtime and unified programming classes; ASP.NET uses these components to create ASP Web applications and XML Web services. Also it includes MSDN Library, which contains all the documentation for these development tools. XML WEB SERVICES XML Web services are applications that can receive the requested data using XML over HTTP. XML Web services are not tied to a particular component technology or object-calling convention but it can be accessed by any language, component model, or operating system. In Visual Studio .NET, it can quickly create and include XML Web services using Visual Basic, Visual C#, JScript, Managed Extensions for C++, or ATL Server.
ADO.NET OVERVIEW
ADO.NET is an evolution of the ADO data access model that directly addresses user requirements for developing scalable applications. It was designed specifically for the web with scalability, statelessness, and XML in mind.
ADO.NET uses some ADO objects, such as the Connection and Command objects, and also introduces new objects. Key new ADO.NET objects include the DataSet, DataReader, and
DATA ADAPTER
The important distinction between this evolved stage of ADO.NET and previous data architectures is that there exists an object -- the DataSet -- that is separate and distinct from any
16
Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent data stores. Because of that, the DataSet functions as a standalone entity. The DataSet as an always disconnected recordset that knows nothing about the source or destination of the data it contains. Inside a DataSet, much like in a database, there are tables, columns, relationships, constraints, views, and so forth.
A Data Adapter is the object that connects to the database to fill the DataSet. Then, it connects back to the database to update the data there, based on operations performed while the DataSet held the data. In the past, data processing has been primarily connection-based. Now, in an effort to make multi-tiered apps more efficient, data processing is turning to a message-based approach that revolves around chunks of information. At the center of this approach is the Data Adapter, which provides a bridge to retrieve and save data between a DataSet and its source data store. It accomplishes this by means of requests to the appropriate SQL commands made against the data store.
The following sections will introduce some objects that have evolved, and some that are new. These objects are:
Connections. For connection to and managing transactions against a database. Commands. For issuing SQL commands against a database. Data Readers. For reading a forward-only stream of data records from a SQL Server data source.
DataSets. For storing, Remoting and programming against flat data, XML data and relational data.
Data Adapters. For pushing data into a DataSet, and reconciling data against a database.
Connections: Connections are used to 'talk to' databases, and are represented by provider-specific classes such as SqlConnection. Commands travel over connections and resultsets are returned in the form of streams which can be read by a Data Reader object, or pushed into a DataSet object.
17
Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent Commands: Commands contain the information that is submitted to a database, and are represented by provider-specific classes such as SqlCommand. A command can be a stored procedure call, an UPDATE statement, or a statement that returns results. It can also use input and output parameters, and return values as part of your command syntax. The example below shows how to issue an INSERT statement against the Northwind database. Data Readers:
The Data Reader object is somewhat synonymous with a read-only/forward-only cursor over data. The Data Reader API supports flat as well as hierarchical data. A DataReader object is returned after executing a command against a database. The format of the returned Data Reader object is different from a recordset. For example, the use of DataReader is to show the results of a search list in a web page.
18
PRIMARY KEY
Every table in SQL Server has a field or a combination of fields that uniquely identifies each record in the table. The Unique identifier is called the Primary Key, or simply the Key. The primary key provides the means to distinguish one record from all other in a table. It allows the user and the database system to identify, locate and refer to one particular record in the database.
19
RELATIONAL DATABASE
Sometimes all the information of interest to a business operation can be stored in one table. SQL Server makes it very easy to link the data in multiple tables. Matching an employee to the department in which they work is one example. This is what makes SQL Server a relational database management system, or RDBMS. It stores data in two or more tables and enables to define relationships between the table and enables to define relationships between the tables.
FOREIGN KEY
When a field is one table matches the primary key of another field is referred to as a foreign key. A foreign key is a field or a group of fields in one table whose values match those of the primary key of another table.
REFERENTIAL INTEGRITY
Not only does SQL Server allow to link multiple tables, it also maintains consistency between them. Ensuring that the data among related tables is correctly matched is referred to as maintaining referential integrity.
DATA ABSTRACTION
A major purpose of a database system is to provide users with an abstract view of the data. This system hides certain details of how the data is stored and maintained. Data abstraction is divided into three levels. Physical level: This is the lowest level of abstraction at which one describes how the data are actually stored. Conceptual Level: At this level of database abstraction all the attributed and what data are actually stored is described and entries and relationship among them. View level: This is the highest level of abstraction at which one describes only part of the database.
20
ADVANTAGES OF RDBMS
Redundancy can be avoided Inconsistency can be eliminated Data can be Shared Standards can be enforced Security restrictions can be applied Integrity can be maintained Conflicting requirements can be balanced Data independence can be achieved.
DISADVANTAGES OF DBMS
A significant disadvantage of the DBMS system is cost. In addition to the cost of purchasing of developing the software, the hardware has to be upgraded to allow for the extensive programs and the workspace required for their execution and storage. While
centralization reduces duplication, the lack of duplication requires that the database be adequately backed up so that in case of failure the data can be recovered.
Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent SQL SERVER with transactions processing option offers two features which contribute to very high level of transaction processing throughput, which are The row level lock manager
PORTABILITY
SQL SERVER is fully portable to more than 80 distinct hardware and operating systems platforms, including UNIX, MSDOS, OS/2, Macintosh and dozens of proprietary platforms. This portability gives complete freedom to choose the database server platform that meets the system requirements.
OPEN SYSTEMS
SQL SERVER offers a leading implementation of industry standard SQL. SQL
Servers open architecture integrates SQL SERVER and non SQL SERVER DBMS with industries most comprehensive collection of tools, application, and third party software products SQL Servers Open architecture provides transparent access to data from other relational database and even non-relational database.
22
UNMATCHED PERFORMANCE
The most advanced architecture in the industry allows the SQL SERVER DBMS to deliver unmatched performance.
NO I/O BOTTLENECKS
SQL Servers fast commit groups commit and deferred write technologies dramatically reduce disk I/O bottlenecks. While some database write whole data block to disk at commit time, SQL Server commits transactions with at most sequential log file on disk at commit time, On high throughput systems, one sequential writes typically group commit multiple transactions. Data read by the transaction remains as shared memory so that other transactions may access that data without reading it again from disk. Since fast commits write all data necessary to the recovery to the log file, modified blocks are written back to the database independently of the transaction commit, when written from memory to disk.
23
24
To securely introduce an effective third party auditor (TPA), the following two fundamental requirements have to be met: 1) TPA should be able to efficiently audit the cloud data storage without demanding the local copy of data, and introduce no additional on-line burden to the cloud user 2) The third party auditing process should bring in no new vulnerabilities towards user data privacy.
25
We utilize the public Provable data possession (PDP), which is a cryptographic technique for verifying the integrity of data without retrieving it at an untrusted server; can be used to realize audit services. It is with random mask technique to achieve a privacy-preserving public auditing system for cloud data storage security while keeping all above requirements in mind. To support efficient Handling of multiple auditing tasks, we further explore the technique of bilinear aggregate signature to extend our main result into a multi-user setting, where TPA can perform multiple auditing tasks simultaneously. Extensive security and performance analysis shows the proposed schemes are provably secure and highly efficient. We also show how to extent our main scheme to support batch auditing for TPA upon delegations from multi-users.
26
Admin
Audit Head
Junior Auditor
Login
Login
View Auditors
Set Auditor
Get Documents
Send Reports
View Reports
27
Entry Admin
Entry
Auditor
CLOUD DOCUMENTS SECURITY USING INTERACTIVE ZERO Get Clarify of Audit Details Auditor Get Clarify of Audit
28
Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent LEVEL 2 Add Audit Details Admin Add new Auditor Add Auditor details View Audit details Auditor Head Head Select any Auditor Select Auditor View Details of Audit Schedule Auditor View Audit Documents Enter Document s View Documents Add Audit Documents Get Clarify of Audit View Audits View stored Audits Store Audit Schedule Add new Audits Store
DB
29
DB
Add new Auditor View Auditors Feed back Get Auditors Documents
30
Login from DB Auditor Entry Auditor Head Login Get User Query View Audit Schedule View admins Information View admin Announcement Select Auditor
DB
31
DB Store Documents Select Audit Docum ents Select Audit Documents Send Documents
32
COLUMN NAME Aud_Id Aud_Name Dept Aud_Type Experience Email Mob_No Address
DATA TYPE Varchar(30) Varchar(30) Varchar(30) Varchar(30) Varchar(30) Varchar(30) Numeric Text
DESCRIPTION Auditor Id Auditor Name Department Auditor Type Experience Email Contact Number Address
33
SCHEDULE AUDIT
COLUMN NAME Aud_Id Org_Name Org_Type Description Address Aud_Date Doc_To_Audit Aud_Team To_Aud Auditor_Name Aud_Type Aud_Key
DATA TYPE Varchar(30) Varchar(30) Varchar(30) Text Text Varchar(30) Text Varchar(30) Varchar (30) Varchar(30) Varchar(30) Varchar(30)
DESCRIPTION Auditor Id Organization Name Organization Type Description Address Audit Date Documents to Audit Audit Team To Auditor Auditor Name Auditor Type Secret Key
34
SET AUDIT
COLUMN NAME Org_Name Org_Type Description Address Audit_Date Aud_Doc Aud_Id Aud_Name
DATA TYPE Varchar(30) Varchar(30) Varchar(30) Varchar(30) Text Varchar(30) Varchar(30) Varchar(30)
DESCRIPTION Organization Name Organization Type Desgination Address Audit Date Documents to Audit Auditor Id Auditor Name
35
AUDITOR REPORT
COLUMN NAME Aud_Id Aud_Name Org_Name Org_Type Description Aud_Doc Doc_Aud Aud_Report Status Aud_Date
DATA TYPE Varchar(30) Varchar(30) Varchar(30) Varchar(30) Text Text Text Varchar(30) Varchar(30) Varchar(30)
DESCRIPTION Auditor Id Auditor Name Organization Name Organization Type Description Documents to Audit Audited Documents Audited Report Status Audited Date
36
MODULES
Audit Service System Data Storage Service System Audit Outsourcing Service System Secure and Performance Analysis
Audit Service System In this module we provide an efficient and secure cryptographic interactive audit scheme for public audit ability. We provide an efficient and secure cryptographic interactive retains the soundness property and zero-knowledge property of proof systems. These two properties ensure
37
Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent that our scheme can not only prevent the deception and forgery of cloud storage providers, but also prevent the leakage of outsourced data in the process of verification. Data Storage Service System In this module, we considered FOUR entities to store the data in secure manner: 1. Data owner (DO) Has a large amount of data to be stored in the cloud. 2. Cloud service provider (CSP) Provides data storage service and have enough storage spaces and computation resources. 3. Third party auditor (TPA) Have capabilities to manage or monitor outsourced data under the delegation of data owner. 4. Granted applications (GA) Who have the right to access and manipulate stored data. These applications can be either inside clouds or outside clouds according to the specific requirements. Audit Outsourcing Service System In this module the client (data owner) uses the secret key to preprocess the file, which consists of a collection of blocks, generates a set of public verification information that is stored in TPA, transmits the file and some verification tags to Cloud service provider CSP, and may delete its local copy. At a later time, using a protocol of proof of retrievability, TPA (as an audit agent of clients) issues a challenge to audit (or check) the integrity and availability of the outsourced data in terms of the public verification information. It is necessary to give an alarm for abnormal events.
38
Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent Secure and Performance Analysis In this module, we considered to secure the data and give performance to the following: Audit-without-downloading Verification-correctness To ensure there exists no cheating CSP that can pass the audit from TPA without indeed storing users data intact. Privacy-preserving To ensure that there exists no way for TPA to derive users data from the information collected during the auditing process. High-performance To allow TPA to perform auditing with minimum overheads in storage, communication and computation, and to support statistical audit sampling and optimized audit schedule with a long enough period of time.
39
Software testing, depending on the testing method employed, can be implemented at any time in the development process. However, most of the test effort occurs after the requirements have been defined and the coding process has been completed. As such, the methodology of the test is governed by the software development methodology adopted. Different software development models will focus the test effort at different points in the development process. Newer development models, such as Agile, often employ test driven development and place an increased portion of the testing in the hands of the developer, before it reaches a formal team of testers. In a more traditional model, most of the test execution occurs after the requirements have been defined and the coding process has been completed. FUNCTIONAL VS NON-FUNCTIONAL TESTING Functional testing refers to activities that verify a specific action or function of the code. These are usually found in the code requirements documentation, although some development methodologies work from use cases or user stories. Functional tests tend to answer the question of "can the user do this" or "does this particular feature work".
40
Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent Non-functional testing refers to aspects of the software that may not be related to a specific function or user action, such as scalability or security. Non-functional testing tends to answer such questions as "how many people can log in at once". UNIT TESTING In computer programming, unit testing is a method by which individual units of source code are tested to determine if they are fit for use. A unit is the smallest testable part of an application. In procedural programming a unit may be an individual function or procedure. Unit tests are created by programmers or occasionally by white box testers. Ideally, each test case is independent from the others: substitutes like method stubs, mock objects, fakes and test harnesses can be used to assist testing a module in isolation. Unit tests are typically written and run by software developers to ensure that code meets its design and behaves as intended. Its implementation can vary from being very manual (pencil and paper) to being formalized as part of build automation. The goal of unit testing is to isolate each part of the program and show that the individual parts are correct. A unit test provides a strict, written contract that the piece of code must satisfy. As a result it affords several benefits. Unit tests find problems early in the development cycle. SYSTEM TESTING System testing of software or hardware is testing conducted on a complete, integrated system to evaluate the system's compliance with its specified requirements. System testing falls within the scope of black box testing and as such should require no knowledge of the inner design of the code or logic. As a rule, system testing takes as its input all of the "integrated" software components that have successfully passed integration testing and also the software system itself integrated with any applicable hardware system(s). The purpose of integration testing is to detect any inconsistencies between the software units that are integrated together (called assemblages) or between any of the assemblages and the hardware. System testing is a more limited type of testing it seeks to detect defects both within the "inter-assemblages" and also within the system as a whole.
41
Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent ACCEPTANCE TESTING Acceptance testing generally involves running a suite of tests on the completed system. Each individual test known as a case, exercises a particular operating condition of the user's environment or feature of the system, and will result in a pass or fail, or Boolean, outcome. There is generally no degree of success or failure. The test environment is usually designed to be identical or as close as possible to the anticipated user's environment including extremes of such. These test cases must each be accompanied by test case input data or a formal description of the operational activities (or both) to be performed intended to thoroughly exercise the specific case and a formal description of the expected results. MODULE TESTING A module is the collection of dependant components such as an object class, an abstract data type or some collection of procedures and functions. The module encapsulates related components that can be tested without other system modules. SOFTWARE TESTING STRATEGIES A number of software testing strategies have been proposed. All provide the software development with the procedure for testing and all have the following characteristics. Testing begins at the module level and works towards the integration of entire component based system. Different testing techniques are appropriated at different point of time. The developer of the software and an independent test group conducts the testing. Testing and debugging are different activities, but debugging must be accommodated in any testing strategy. WHITE BOX TESTING The Project is tested for its execution step by step for every file that is used in this project. Each module in every file is tested completely for execution of each operation.
42
Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent The testing operation was successful and every module works properly. BLACK BOX TESTING The project is tested with the various input and output test cases. For the appropriate input values the corresponding outputs were seen. The error messaging system was also checked by giving improper values to check if the validation processes are done properly. INTEGRATION TESTING The whole system which has been divided into modules has been integrated into a single system and the testing operation is done to the whole system to find if any error has occurred to the project due to integrating it or joining the various modules of the system.
MAINTANANCE
Software maintenance in software engineering is the modification of a software product after delivery to correct faults, to improve performance or other attributes. A common perception of maintenance is that it is merely fixing bugs. However, studies and surveys over the years have indicated that the majority, over 80%, of the maintenance effort is used for non-corrective actions (Pigosky 1997). This perception is perpetuated by users submitting problem reports that in reality are functionality enhancements to the system. Software maintenance and evolution of systems was first addressed by Meir M. Lehman in 1969. Over a period of twenty years, his research led to the formulation of eight Laws of Evolution (Lehman 1997). Key findings of his research include that maintenance is really evolutionary developments and that maintenance decisions are aided by understanding what happens to systems (and software) over time. Lehman demonstrated that systems continue to evolve over time. As they evolve, they grow more complex unless some action such as code recapturing is taken to reduce the complexity. The key software maintenance issues are both managerial and technical. Key management issues are: alignment with customer priorities, staffing, which organization does maintenance, estimating costs. Key technical issues are: limited understanding, impact analysis, testing, and maintainability measurement.
43
Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent SOFTWARE MAINTENANCE PLANNING The integral part of software is the maintenance part which requires accurate maintenance plan to be prepared during software development and should specify how users will request modifications or report problems and the estimation of resources such as cost should be included in the budget and a new decision should address to develop a new system and its quality objectives .The software maintenance which can last for 5-6 years after the development calls for an effective planning which addresses the scope of software maintenance, the tailoring of the post delivery process, the designation of who will provide maintenance, an estimate of the lifecycle costs. SOFTWARE MAINTENANCE PROCESSES This section describes the six software maintenance processes as: 1. The implementation processes contains software preparation and transition activities, such as the conception and creation of the maintenance plan, the preparation for handling problems identified during development, and the follow-up on product configuration management. 2. The problem and modification analysis process, which is executed once the application has become the responsibility of the maintenance group. The maintenance programmer must analyze each request, confirm it (by reproducing the situation) and check its validity, investigate it and propose a solution, document the request and the solution proposal, and, finally, obtain all the required authorizations to apply the modifications. 3. The process considering the implementation of the modification itself. 4. The process acceptance of the modification, by confirming the modified work with the individual who submitted the request in order to make sure the modification provided a solution. 5. The migration process (platform migration, for example) is exceptional, and is not part of daily maintenance tasks. If the software must be ported to another platform without any
44
Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent change in functionality, this process will be used and a maintenance project team is likely to be assigned to this task. 6. Finally, the last maintenance process, also an event which does not occur on a daily basis, is the retirement of a piece of software. Implementation is the most crucial stage in achieving a successful system and giving the users confidence that the new system is workable and effective. Implementation of a modified application is to replace an existing one. This type of conversation is relatively easy to handle, provide there are no major changes in the system. Each program is tested individually at the time of development using the data and has verified that this program linked together in the way specified in the programs specification, the computer system and its environment is tested to the satisfaction of the user. The system that has been developed is accepted and proved to be satisfactory for the user. And so the system is going to be implemented very soon. A simple operating procedure is included so that the user can understand the different functions clearly and quickly. Initially as a first step the executable form of the application is to be created and loaded in the common server machine which is accessible to the entire user and the server is to be connected to a network. The final stage is to document the entire system which provides components and the operating procedures of the system.
45
7. SAMPLE CODE
ADMIN LOGIN
using System; using System.Collections; using System.Configuration; using System.Data; using System.Linq; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.HtmlControls; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Xml.Linq; public partial class AdminLogin : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { } protected void ImageButton1_Click(object sender, ImageClickEventArgs e) { if (TextBox1.Text == "Admin" && TextBox2.Text == "Admin") { Response.Redirect("Admin.aspx"); } else { Response.Write("Invalid Login"); } }
46
AUDITOR REGISTRATION
using System; using System.Collections; using System.Configuration; using System.Data; using System.Linq; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.HtmlControls; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Xml.Linq; using System.Data.SqlClient; public partial class Registration : System.Web.UI.Page { ClsDbLayer _objDb = new ClsDbLayer(); int i; protected void Page_Load(object sender, EventArgs e) { } protected void ImageButton1_Click(object sender, ImageClickEventArgs e) { string Query = "insert into Audit_Reg values('" + TextBox1.Text + "','" + TextBox2.Text + "','" + TextBox3.Text + "','" + DropDownList1.SelectedItem.ToString() + "','" + DropDownList2.SelectedItem.ToString() + "','" + TextBox4.Text + "','" + TextBox5.Text + "','" + TextBox6.Text + "')"; i = _objDb.InserEditDelete(Query); if (i != -1) {
47
Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent Response.Write("Saved Successfully"); } else { Response.Write("Not Saved"); } } }
SCHEDULE AUDIT
using System; using System.Collections; using System.Configuration; using System.Data; using System.Linq; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.HtmlControls; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Xml.Linq; using System.Data.SqlClient; using System.Security.Cryptography; using System.Text; public partial class ScheduleAudit : System.Web.UI.Page { ClsDbLayer _objDB = new ClsDbLayer(); int i; DataSet ds;
48
Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent SqlDataReader dr; protected void Page_Load(object sender, EventArgs e) { if (IsPostBack.Equals(false)) { string Query = "select Aud_Id from Audit_Reg"; ds = _objDB.Display(Query); DropDownList2.DataTextField = "Aud_Id"; DropDownList2.DataValueField="Aud_Id"; DropDownList2.DataSource = ds; DropDownList2.DataBind(); DropDownList2.Items.Insert(0, "-Select-"); } } protected void ImageButton1_Click(object sender, ImageClickEventArgs e) { string Query = "insert into Schedule_Audit values('" + TextBox1.Text + "','" + TextBox2.Text + "','" + DropDownList1.SelectedItem.ToString() + "','" + TextBox3.Text + "','" + TextBox4.Text + "','" + TextBox5.Text + "','" + Label1.Text + "','" + TextBox7.Text + "','" + DropDownList2.SelectedItem.ToString() + "','" + TextBox8.Text + "','" + TextBox9.Text + "','" + TextBox10.Text + "')"; i = _objDB.InserEditDelete(Query); if (i != -1) { Response.Write("Sucessfull"); } else { Response.Write("Not Success"); } }
49
Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent protected void DropDownList2_SelectedIndexChanged(object sender, EventArgs e) { string Query = "select Aud_Name,Aud_Type from Audit_Reg where Aud_Id like '" + DropDownList2.SelectedItem.ToString() + "'"; dr = _objDB.Select(Query); if (dr.Read()) { TextBox8.Text = dr[0].ToString(); TextBox9.Text = dr[1].ToString(); } } protected void Button1_Click(object sender, EventArgs e) { Label1.Text = Convert.ToBase64String(Encoding.Unicode.GetBytes(TextBox6.Text)); } protected void Button2_Click(object sender, EventArgs e) { Random rnd = new Random(); int myrnd = rnd.Next(1, 99);
TextBox10.Text = myrnd.ToString(); } }
VIEW AUDITORS
using System; using System.Collections; using System.Configuration; using System.Data; using System.Linq;
50
Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.HtmlControls; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Xml.Linq; using System.Data.SqlClient; public partial class ViewAuditors : System.Web.UI.Page { ClsDbLayer _objDb = new ClsDbLayer(); DataSet ds; protected void Page_Load(object sender, EventArgs e) { if (IsPostBack.Equals(false)) { string Query = "select * from Audit_reg"; ds = _objDb.Display(Query); GridView1.DataSource = ds; GridView1.DataBind(); } } }
Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.HtmlControls; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Xml.Linq; using System.Data.SqlClient; public partial class ViewAuditReport : System.Web.UI.Page { ClsDbLayer _objDb = new ClsDbLayer(); DataSet ds; SqlDataReader dr; protected void Page_Load(object sender, EventArgs e) { if (IsPostBack.Equals(false)) { string Query = "select Org_Name from Schedule_Audit"; ds = _objDb.Display(Query); DropDownList1.DataTextField = "Org_Name"; DropDownList1.DataValueField = "Org_Name"; DropDownList1.DataSource = ds; DropDownList1.DataBind(); } } protected void DropDownList1_SelectedIndexChanged(object sender, EventArgs e) { string Query = "select * from Audit_Report where Org_Name like '" + DropDownList1.SelectedItem.ToString() + "'"; ds = _objDb.Display(Query); GridView1.DataSource = ds;
52
AUDITOR LOGIN
using System; using System.Collections; using System.Configuration; using System.Data; using System.Linq; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.HtmlControls; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Xml.Linq; using System.Data.SqlClient; public partial class AuditorLogin : System.Web.UI.Page { ClsDbLayer _objDb = new ClsDbLayer(); SqlDataReader dr; protected void Page_Load(object sender, EventArgs e) { } protected void ImageButton1_Click(object sender, ImageClickEventArgs e) { if (DropDownList1.SelectedItem.Value == "Head") {
53
Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent string Query = "select Aud_Id,Aud_Name,Dept,Aud_Type from Audit_Reg where Aud_Id like '" + TextBox1.Text + "' and Aud_Name like '" + TextBox2.Text + "' and Dept like '" + TextBox3.Text + "' and Aud_Type like '" + DropDownList1.SelectedItem.ToString() + "'"; dr = _objDb.Select(Query); if (dr.Read()) { TextBox1.Text = dr[0].ToString(); TextBox2.Text = dr[1].ToString(); TextBox3.Text = dr[2].ToString(); DropDownList1.SelectedValue = dr[3].ToString(); Session["1"] = TextBox1.Text; Session["2"] = TextBox2.Text; Session["3"] = TextBox3.Text; Session["4"] = DropDownList1.SelectedItem.ToString(); Response.Redirect("AuditorHead.aspx"); } else { Response.Write("Invalid Login"); } } else { string Query = "select Aud_Id,Aud_Name,Dept,Aud_Type from Audit_Reg where Aud_Id like '" + TextBox1.Text + "' and Aud_Name like '" + TextBox2.Text + "' and Dept like '" + TextBox3.Text + "' and Aud_Type like '" + DropDownList1.SelectedItem.ToString() + "'"; dr = _objDb.Select(Query); if (dr.Read()) { TextBox1.Text = dr[0].ToString(); TextBox2.Text = dr[1].ToString();
54
Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent TextBox3.Text = dr[2].ToString(); DropDownList1.SelectedValue = dr[3].ToString(); Session["1"] = TextBox1.Text; Session["2"] = TextBox2.Text; Session["3"] = TextBox3.Text; Session["4"] = DropDownList1.SelectedItem.ToString(); Response.Redirect("AuditJunior.aspx"); } else { Response.Write("Invalid Login"); } } } }
VIEW SCHEDULE
using System; using System.Collections; using System.Configuration; using System.Data; using System.Linq; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.HtmlControls; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Xml.Linq; using System.Data.SqlClient;
55
Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent using System.Security.Cryptography; using System.Text; public partial class ViewSchedule : System.Web.UI.Page { ClsDbLayer _objDb = new ClsDbLayer(); DataSet ds; protected void Page_Load(object sender, EventArgs e) { Label3.Text = Session["1"].ToString(); Label2.Text = "Welcome " + Session["2"].ToString(); if (IsPostBack.Equals(false)) { Panel1.Visible = false; Panel2.Visible = false; Button1.Visible = false; Label1.Visible = false; TextBox1.Visible = false; string Query = "select Aud_Id from Schedule_Audit where To_Aud like '" + Label3.Text + "'"; ds = _objDb.Display(Query); DropDownList1.DataTextField = "Aud_Id"; DropDownList1.DataValueField = "Aud_Id"; DropDownList1.DataSource = ds; DropDownList1.DataBind(); } } protected void Button1_Click(object sender, EventArgs e) { string Query = "select Aud_Key from Schedule_Audit where Aud_Id like '" + DropDownList1.SelectedItem.ToString() + "' "; SqlDataReader dr = _objDb.Select(Query);
56
Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent if (dr.Read()) { ClientScript.RegisterStartupScript(GetType(), "Onload", "alert('" + dr[0].ToString() + "')", true); Label1.Visible = true; TextBox1.Visible = true; } else { Response.Write("Invalid Key"); } } protected void Button2_Click(object sender, EventArgs e) { Panel1.Visible = false; Panel2.Visible = true; } protected void Button3_Click(object sender, EventArgs e) { string Query = "select Aud_Id,Aud_Name from Audit_Reg where Aud_Id like '"+TextBox4.Text+"' and Aud_Name like '"+TextBox5.Text+"'"; SqlDataReader dr = _objDb.Select(Query); if (dr.Read()) { TextBox4.Text = dr[0].ToString(); TextBox5.Text = dr[1].ToString(); Button1.Visible = true; Panel2.Visible = false; Panel1.Visible = true; } else
57
Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent { Response.Write("Invalid Login"); } } protected void TextBox1_TextChanged(object sender, EventArgs e) { TextBox3.Text = Encoding.Unicode.GetString(Convert.FromBase64String(TextBox2.Text)); } protected void GridView1_SelectedIndexChanging(object sender, GridViewSelectEventArgs e) { string Aud_Id=GridView1.Rows[e.NewSelectedIndex].Cells[2].Text; Session["a"]=Aud_Id.ToString(); string Org_Name = GridView1.Rows[e.NewSelectedIndex].Cells[3].Text; Session["b"]=Org_Name.ToString(); string Org_Type = GridView1.Rows[e.NewSelectedIndex].Cells[4].Text; Session["c"]=Org_Type.ToString(); string Description = GridView1.Rows[e.NewSelectedIndex].Cells[5].Text; Session["d"]=Description.ToString(); string Address = GridView1.Rows[e.NewSelectedIndex].Cells[6].Text; Session["e"]=Address.ToString(); Response.Redirect("SetAuditor.aspx"); } protected void DropDownList1_SelectedIndexChanged1(object sender, EventArgs e) { string Query = "select Doc_To_Audit from Schedule_Audit where Aud_Id like '" + DropDownList1.SelectedItem.ToString() + "'"; SqlDataReader dr = _objDb.Select(Query); if (dr.Read()) {
58
Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent Panel1.Visible = true; TextBox2.Text = dr[0].ToString(); string Query1 = "select Aud_Id,Org_Name,Org_Type,Description,Address,Aud_Date,Aud_Team from Schedule_Audit where Aud_Id like '" + DropDownList1.SelectedItem.ToString()+ "'"; ds = _objDb.Display(Query1); GridView1.DataSource = ds; GridView1.DataBind(); } else { Response.Write("No Values"); } } }
Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent public partial class SetAuditor : System.Web.UI.Page { ClsDbLayer _objDb = new ClsDbLayer(); DataSet ds; int i; SqlDataReader dr; protected void Page_Load(object sender, EventArgs e) { if (IsPostBack.Equals(false)) { string Query = "select Aud_Id from Audit_Reg where Aud_Type like 'Junior'"; ds = _objDb.Display(Query); DropDownList1.DataTextField = "Aud_Id"; DropDownList1.DataValueField = "Aud_Id"; DropDownList1.DataSource = ds; DropDownList1.DataBind(); } TextBox1.Text = Session["a"].ToString(); TextBox2.Text = Session["b"].ToString(); TextBox3.Text = Session["c"].ToString(); TextBox4.Text = Session["d"].ToString(); TextBox5.Text = Session["e"].ToString(); } protected void DropDownList1_SelectedIndexChanged(object sender, EventArgs e) { string Query = "select Aud_Name from Audit_Reg where Aud_Id like '" + DropDownList1.SelectedItem.ToString() + "'"; dr = _objDb.Select(Query); if (dr.Read()) { TextBox7.Text = dr[0].ToString();
60
Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent } else { Response.Write("No Values"); } } protected void Button1_Click(object sender, EventArgs e) { string Query = "insert into Set_Audit values('" + TextBox1.Text + "','" + TextBox2.Text + "','" + TextBox3.Text + "','" + TextBox4.Text + "','" + TextBox5.Text + "','" + TextBox6.Text + "','" + DropDownList1.SelectedItem.ToString() + "','" + TextBox7.Text + "')"; i = _objDb.InserEditDelete(Query); if (i != -1) { Response.Write("Submitted Successfully"); } else { Response.Write("Not Submitted"); } } }
Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent using System.Web.Security; using System.Web.UI; using System.Web.UI.HtmlControls; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Xml.Linq; using System.Data.SqlClient; public partial class ViewAudit : System.Web.UI.Page { ClsDbLayer _objDb = new ClsDbLayer(); DataSet ds; int i; protected void Page_Load(object sender, EventArgs e) { Label1.Text = Session["1"].ToString(); Label2.Text = "Welcome "+Session["2"].ToString(); if (IsPostBack.Equals(false)) { string Query = "select Org_Name,Org_Type,Description,Address,Audit_Date,Aud_Doc from Set_Audit where Aud_Id like '" + Label1.Text + "'"; ds = _objDb.Display(Query); GridView1.DataSource = ds; GridView1.DataBind(); } } protected void GridView1_SelectedIndexChanging(object sender, GridViewSelectEventArgs e) { string OrgName = GridView1.Rows[e.NewSelectedIndex].Cells[1].Text; TextBox1.Text = OrgName.ToString(); string OrgType = GridView1.Rows[e.NewSelectedIndex].Cells[2].Text;
62
Cloud Documents Security Using Interactive Zero-Knowledge Proof Prevent TextBox2.Text = OrgType.ToString(); string Desc = GridView1.Rows[e.NewSelectedIndex].Cells[3].Text; TextBox3.Text = Desc.ToString(); string Doc = GridView1.Rows[e.NewSelectedIndex].Cells[6].Text; TextBox4.Text = Doc.ToString(); } protected void Button1_Click(object sender, EventArgs e) { string Query = "insert into Audit_Report values('" + Label1.Text + "','" + Label2.Text + "','" + TextBox1.Text + "','" + TextBox2.Text + "','" + TextBox3.Text + "','" + TextBox4.Text + "','" + TextBox5.Text + "','" + TextBox6.Text + "','" + TextBox7.Text + "','" + TextBox8.Text + "')"; i = _objDb.InserEditDelete(Query); if (i != -1) { Response.Write("Saved Successfully"); } else { Response.Write("Not Saved"); } } }
63
64
ADMIN LOGIN
65
ADMIN PAGE
66
AUDITOR REGISTRATION
67
SCHEDULE AUDIT
68
VIEW AUDIOTRS
69
70
AUDITOR LOGIN
71
AUDITOR PAGE
72
73
74
75
DECRYPTION OF DOCUMENTS
76
77
78
79
DOCUMENTS AUDITED
80
81
9. REPORTS
AUDITORS
82
AUDIT SCHEDULE
83
AUDIT REPORTS
84
10. CONCLUSION
In this project, we addressed the construction of an efficient audit service for data integrity in clouds. Profiting from the standard interactive proof system, we proposed an interactive audit protocol to implement the audit service based on a third party auditor. In this audit service, the third party auditor, known as an agent of data owners, can issue a periodic verification to monitor the change of outsourced data by providing an optimized schedule. To realize the audit model, we only need to maintain the security of the third party auditor and deploy a lightweight daemon to execute the verification protocol. Hence, our technology can be easily adopted in a cloud computing environment to replace the traditional Hash-based solution.
Considering TPA may concurrently handle multiple audit sessions from different users for their outsourced data files, we further extend our privacy preserving public auditing protocol into a multiusersetting, where the TPA can perform multiple auditing tasks in a batch manner for better efficiency. Extensive analysis shows that our schemes are provably secure and highly efficient. Our preliminary experiment conducted on Amazon EC2 instance further demonstrates the fast performance of our design on both the cloud and the auditor side. We leave the fullfledged implementation of the mechanism on commercial public cloud as an important future extension, which is expected to robustly cope with very large scale data and thus encourage users to adopt cloud storage services more confidently
85
11. BIBLIOGRAPHY
Active Server Page Unleashed, Stephen Walther, Second Edition, Sums Publishing 2003
Active Server Page 2.0, Richard Launcher, Second Reprint, Queue 2003
Roger S. Pressman, 1997, Software Engineering A Parishioners Approach, Fourth Edition, McGraw-Hill International
MS SQL Server 2000, Kaleen Delaney JOE Cellos SQL for smartens, JOE
86