cloud storage and security

REPORT

1. OBJECTIVE AND SCOPE

1.1Objective:

The main objective of this report is to propose a novel highly decentralized information accountability framework to keep track of the actual usage of the user’s data in the cloud.

To make a basic understanding of the existing cloud service model and to make an indepth analysis of the working under cloud storage.

1.2 Scope

The main scope of this report is providing solutions for the security of the data. When we want to download the uploaded file from cloud, a key will be needed and that key is provided by the cloud server and is present in the form of encrypted data.

2. SYSTEM ANALYSIS

2.1 Existing System:

The importance of ensuring the remote data integrity has been highlighted by the following research works under different system and security models. These techniques, while can be useful to ensure the storage correctness without having users possessing local data, are all focusing on single server scenario. They may be useful for quality-of-service testing, but does not guarantee the data availability in case of server failures. Although directly applying these techniques to distributed storage (multiple servers) could be straightforward, the resulted storage verification overhead would be linear to the number of servers. As a complementary approach, researchers have also proposed distributed protocols for ensuring storage correctness across multiple servers or peers. However, while providing efficient cross server storage verification and data availability insurance, these schemes are all focusing on static or archival data. As a result, their capabilities of handling dynamic data remains unclear, which inevitably limits their full applicability in cloud storage scenarios.

2.2 MODULES:

2.2.1 Data integrity:

The cloud infrastructures are much more powerful and reliable than personal computing devices,

broad range of both internal and external threats for data integrity outsourcing data into the cloud

is economically attractive for the cost and complexity of long-term large-scale data storage, its

lacking of offering strong assurance of data integrity and availability may impede its wide

adoption by both enterprise and individual cloud users. The assurances of cloud data integrity

and availability and enforce the quality of cloud storage service, efficient methods that enable

on-demand data correctness verification on behalf of cloud users have to be designed.

2.2.2 Data security for cloud:

The problem of data security in cloud data storage, which is essentially a distributed

storage system. To achieve the assurances of cloud data integrity and availability and enforce the

quality of dependable cloud storage service for users, an effective and flexible distributed

scheme with explicit dynamic data support.

2.2.3 Distributed storage:

To distribute storage (multiple servers) could be straightforward, the resulted storage

verification overhead would be linear to the number of servers. As a complementary approach,

researchers have also proposed distributed protocols for ensuring storage correctness across

multiple servers or peers. An effective and flexible distributed storage verification scheme with

explicit dynamic data support to ensure the correctness and availability of users’ data in the

cloud.

2.3 Feasibility study:

The feasibility of the project is analyzed in this phase and business proposal is put forth with a

very general plan for the project and some cost estimates. During system analysis the feasibility

study of the proposed system is to be carried out. This is to ensure that the proposed system is

not a burden to the company. For feasibility analysis, some understanding of the major

requirements for the system is essential. The assessment is based on an outline design of system

requirements in terms of Input, Processes, Output, Fields, Programs, and Procedures.

This can be quantified in terms of volumes of data, trends, frequency of

updating, etc. in order to estimate whether the new system will perform adequately or not.

Technological feasibility is carried out to determine whether the company has the capability, in

terms of software, hardware, personnel and expertise, to handle the completion of the project.

When writing a feasibility report the following should be taken to consideration:

A brief description of the business to assess more possible factor/s which could affect the

study.

The part of the business being examined

The human and economic factor

The possible solutions to the problems

At this level, the concern is whether the proposal is both technically and legally feasible. Three

key considerations involved in the feasibility analysis are

1. TECHNICAL FEASIBILITY

2. SOCIAL FEASIBILITY

3. ECONOMICAL FEASIBILITY

2.3.1 Technical feasibility:

This study is carried out to check the technical feasibility, that is, the technical

requirements of the system. Any system developed must not have a high demand on the available

technical resources. This will lead to high demands on the available technical resources. This

will lead to high demands being placed on the Outsourcer. The developed system must have a

modest requirement, as only minimal or null changes are required for implementing this system.

2.3.2 Social feasibility:

The aspect of study is to check the level of acceptance of the system by the user. This

includes the process of training the user to use the system efficiently. The user must not feel

threatened by the system, instead must accept it as a necessity. The level of acceptance by the

users solely depends on the methods that are employed to educate the user about the system and

to make him familiar with it. His level of confidence must be raised so that he is also able to

make some constructive criticism, which is welcomed, as he is the final user of the system.

2.3.3 Economical feasibility:

This study is carried out to check the economic impact that the system will have on the

organization. The amount of fund that the company can pour into the research and development

of the system is limited. The expenditures must be justified. Thus the developed system as well

within the budget and this was achieved because most of the technologies used are freely

available. Only the customized products had to be purchased. Economic analysis is the most

frequently used method for evaluating the effectiveness of a new system. More commonly

known as cost/benefit analysis, the procedure is to determine the benefits and savings that are

expected from a candidate system and compare them with costs. If benefits outweigh costs, then

the decision is made to design and implement the system. An entrepreneur must accurately

weigh the cost versus benefits before taking an action.

1 Authentication

RegisterLogin

D1 DATA STORE

D2 DATA STORE2 User

BrowseUploadDownload

pload

Download

D3 DATA STORE3 Cloud Server

Key Generate

3.SYSTEM DESIGN

3.1 Applicable Diagram:

3.1.1 Data Flow Diagram:

A two-dimensional diagram that explains how data is processed and transferred in a system.

The graphical depiction identifies each source of data and how it interacts with other

data sources to reach a common output.

3.1.2 E-R Diagram:

User/cloud Server

In software engineering, an entity-relationship model (ERM) is an abstract and conceptual

representation of data. Entity-relationship modeling is a database modeling method, used to

produce a type of conceptual schema or semantic data model of a system, often a relational

database, and its requirements in a top-down fashion. Diagrams created by this process are

called entity-relationship diagrams, ER diagrams, or ERDs.

An entity-relationship (ER) diagram is a specialized graphic that illustrates the relationships

between entities in a database. ER diagrams often use symbols to represent three different types

of information. Boxes are commonly used to represent entities. Diamonds are normally used to

represent relationships and ovals are used to represent attributes.

An entity-relationship (ER) diagram is a specialized graphic that illustrates

the relationships between entities in a database. ER diagrams often use symbols to represent

three different types of information. Boxes are commonly used to represent entities. Diamonds

are normally used to represent relationships and ovals are used to represent attributes.

3.1.3 System Flow Diagram:

Authentication

Users

Upload the File

Download the File

Cloud server

Key Generate Throw answers in cloud provider

Get key from cloud server

View the Files

Login Registration

The new users have to register the application and then login. This module helps to recognize the authorized user of the application as cloud server. Registration module helps to provide authentication to new user. User verification is needed for every system to keep security and for any other misuse. Each authorized user will have a user-id /name and a password for login. The users upload the file after the login and for downloading the file they need a key and that key is generated from the cloud server. After giving the key, user can download the file.

3.1.4 Activity Diagram:

Login Cloud Server

Cloud provider Upload the File Key Generate

Users

Activity diagram is a loosely defined diagram to show workflows of stepwise activities and actions, with support for choice, iteration and concurrency. UML, activity diagrams can be used to describe the business and operational step-by-step workflows of components in a system. UML activity diagrams could potentially model the internal logic of a complex operation. In many ways UML activity diagrams are the object-oriented equivalent of flow charts and data flow diagrams (DFDs) from structural development.

Login

Browse

Upload File

Key Generate for Downloading file

View the File

3.1.5 Use-Case Diagram:

A use case diagram is a type of behavioral diagram created from a Use-case analysis. The

purpose of use case is to present overview of the functionality provided by the system in terms of

actors, their goals and any dependencies between those use cases.

User

register

login

file upload to cloud server

key

response to user

cloud server

3.1.6 Sequence Diagram:

A sequence diagram in UML is a kind of interaction diagram that shows how processes

operate with one another and in what order.

It is a construct of a message sequence chart. Sequence diagrams are sometimes called

Event-trace diagrams, event scenarios, and timing diagrams.

The below diagram shows the sequence flow of the Anonymous Database Management

System.

USER REGISTER LOGIN UPLOAD FILE CLOUD STORAGE

DISTRIBUTED STOREAGE

DATABASEADMIN

user register

user login

user upload file

store the file on cloud

distributed storeage

inforamtion store

ADMIN LOGIN

ADMIN DATA STORE

ADD TO DATABASE

3.1.7 Collaboration Diagram:

A collaboration diagram shows the objects and relationships involved in an interaction, and the

sequence of messages exchanged among the objects during the interaction.

The collaboration diagram can be a decomposition of a class, class diagram, or part of a

class diagram. It can be the decomposition of a use case, use case diagram, or part of a use case

diagram.

The collaboration diagram shows messages being sent between classes and object

(instances). A diagram is created for each system operation that relates to the current

development cycle (iteration).

USER

REGISTER

LOGIN

DISTRIBUTED STOREAGE

UPLOAD FILE

CLOUD STORAGEDATABAS

E

ADMIN

1: user register

2: user login

3: user upload file

4: store the file on cloud5: distributed storeage

6: ADMIN LOGIN

7: inforamtion store

8: ADMIN DATA STORE

9: ADD TO DATABASE

3.2 TABLE DESCRIPTION:

3.2.1 User registration:

COLUMN NAME DATATYPE

E-mail id Varchar(100)

Username Varchar(100)

Password Varchar(100)

Conform Password Varchar(100)

Address Varchar(100)

Zip Code Varchar(100)

Mobile No Varchar(100)

3.2.2 User login:


Email Add Varchar(100)







image password Varchar(50)

3.2.3 FILES:


ID int


Name Varchar(100)

Content type Varchar(50)

Size int

Data VarBinary(MAX)

3.2.3 FILES UPLOAD:


FileName Varchar(100)

File Path Varchar(100)

RKey Numeric(18,0)

Size Int

3.2.4 CLOUD REGISTRATION:


Userid Varchar(100)







3.2.5 CLOUD SERVER:

4. SYSTEM TESTING AND IMPLEMENTATION

Testing is the one step in the Software Engineering process that could be viewed as

destructive rather than constructive. Software testing is a critical element of software quality

assurance and represents the ultimate reviews of specification, design and coding. Testing

is representing an interesting anomaly for the software.

Testing is vital to the success of the system. Errors can be injected at any stage during

development. System testing makes a logical assumption that if all the parts of the system are



File Path Varchar(100)

Key Generate Varchar(100)

IPad dress Varchar(100)

Date Varchar(100)

Up Key Varchar(100)

correct, the goal will be successfully achieved. During testing, the program to be tested is

executed with set of data and the output of program for the test data is evaluated to determine if

the program is performing as expected. Testing cannot show the absence of defects, it can only

show that software defects are present.

The objectives of testing are

Testing is a process of executing a program with the intent of finding an error.

A good test care is one that has a high probability of finding an as yet undiscovered error.

A successful test is one that uncovers and as yet undiscovered error. The software

developed has been tested successfully using the following strategies and any errors that

are encountered are corrected and again the part of the program or the procedure or

function is put to testing until all the errors are removed.

The testing steps are:

Unit Testing

Module Testing

Integration Testing

Unit testing:

Unit testing focuses verification effort on the smallest unit of the software design. This

project compromises the set performed by an individual programmer prior to the integration of

the unit into a larger system. This testing is carried out during the coding itself. In this testing

step each module such as registration, login, etc going to be working satisfactorily as the

expected output from the module.

Module testing:

Since it is a real time project the modules in this project may collects inputs from another

module or any sub modules. Likewise they can forward their output as inputs to some modules

or sub modules. So a module testing is one of the important testing in system development cycle.

This testing is used in login module. The output form registration is used as input for login

module.

Integration testing:

In this project the data can be lost across an interface; one module can have adverse effort

on another, sub function when combined may not produce the desired function. Integration

testing is a systematic technique for constructing the program while at the same time conducting

test to uncover errors associated within the interface.

The objective is to take unit-tested module and built the program structure that has been

dictated by design. All modules are combined in this testing. The entire program is tested a

whole. Correction is difficult at this stage because the isolation of module. At the integration

testing, software is completely assembled as a package. Interfacing errors have been uncovered

and corrected and a final series of software test validation testing begins.

Validation testing can be defined in many ways, but a simple definition is that validation

succeeds when the software functions in manner that is reasonably expected by the customer.

Software validation is achieved through a series of black box tests that demonstrate conformity

with requirement. After validation test has been conducted, one of the two conditions exists. The

function or performance characteristics confirm to specification and are accepted.

A validation from specification is uncovered and a deficiency created. Deviation of errors

discovered at this step in this project is corrected prior to the completion of the project with the

help of the user by negotiating to establish a method for resolving deficiencies. Thus the

proposed system under consideration has been tested by using validation testing and found to be

working satisfactorily.

Advantage of Testing:

More effective on larger units of code than glass box testing.

Tester needs no knowledge of implementation, including specific programming

language.

Tester and programmer are independent of each other

Tests are done from a user’s of view.

Black Box Test will help to expose any ambiguities or inconsistencies in the

specification.

Disadvantages of Testing:

Only a small number of possible inputs can actually be tested.

To test every possible input stream would take nearly forever without clear and

concise specifications.

Test cases are hard to design.

There may be unnecessary repetition of test inputs, if the tester is not informed of

test cases the programmer has already tried may leave many program paths untested

cannot be directed toward specific segment of code which may be very complex most

testing related research has been directed toward glass box testing.

5. FUTURE ENHANCEMENTS

In this report we proposed a global wait method for security proof to avoid hacking in cloud

infrastructure. The key generated by service provider regarding user queries will send to their

respective registered login id. In the existing ones the key will be displayed to the user and hence

there is a chance for hacking user details. To avoid such circumstances, the user must get their

details with their respective key generated by the service provider.

cloud storage and security

Documents