ADVANCED KEYWORD SEARCH OVER ENCRYPTED

DATA IN CLOUD
A dissertation submitted to
Jawaharlal Nehru Technological University, Kakinada
In partial fulfillment of the requirement for the award of the degree of

MASTER OF TECHNOLOGY
In
COMPUTER SCIENCE & ENGINEERING

by

SAIKUMAR GOURU
(Regd. No: 17KN1D5803)

Under the Esteemed Guidance of

Dr CH.SURYA KIRAN, Ph.D
Professor

DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

NRI INSTITUTE OF TECHNOLOGY

An Autonomous Institution, Permanently Affiliated to JNTUK, Kakinada
(Accredited by NAAC with ”A” Grade and ISO 9001:2015 Certified Institution)
Pothavarappadu (V), Via Nunna, Agiripalli (M), PIN-521 212.
Ph : 0866 – 2469666 Website : nrigroupofcolleges.com e-mail : [email protected]
July – 2019
 Certificate
This is to certify that dissertation entitled “Advance Keyword Search Over Encrypted

Data In Cloud” is a bonafide work done by G.SAIKUMAR bearing Regd. No. 17KN1D5803

under my guidance and supervision and is submitted to Jawaharlal Nehru Technological

University, Kakinada in partial fulfillment of requirements for the award of Master Of

Technology in COMPUTER SCIENCE & ENGINEERING during the academic year 2018 –

2019.

Signature of Internal Guide Signature of HOD

Dr CH.SURYA KIRAN, Dr CHAITANYA KISHORE REDDY.M,
M.Tech,Professor M.Tech, HOD

Signature of External Examiner

 DECLARATION

I here by declared that this project work entitled “Advanced Keyword Search Over

Encrypted Data In Cloud” is submitted to NRI INSTITUTE OF TECHNOLOGY is a

genuine work carried out by me, for the fulfillment of Master of Technology to the Dept. of

COMPUTER SCIENCE & ENGINEERING during the academic year 2018 – 19, under the

supervision of my internal guide Dr CH.SURYA KIRAN, Prof., Dept of CSE in NRI

INSTITUTE OF TECHNOLOGY and that it has not formed the basis for the award of any

degree/diploma or other similar title to any candidate of the university.

G.SAI KUMAR
(17KN1D5803)
 INDEX PAGE NO
LIST OF FIGURES I
ABSRACT II
CHAPTER-1 INTRODUCTION 1-6
1.1 WHAT IS CLOUD COMPUTING 1
1.2 STRUCTURE OF CLOUD COMPUTING 2
1.3 CHARACTERISTICS AND SERVICE MODELS 2
1.3.1 On-demand Self-Service 2
1.3.2 Broad Network Access 2
1.3.3 Resource Pooling 2
1.3.4 Rapid Elasticity 2
1.3.5 Measured Service 3
1.4 SERVICES MODELS 3
1.5 BENEFITS OF CLOUD COMPUTING 4
1.5.1 Achieve Economies Of Scale 4
1.5.2 Reduce Spending On Technology Infrastructure 4
1.5.3 Globalize Your Workforce On The Cheap 4
1.5.4 Streamline Processes 4
1.5.5 Reduce Capital Costs 4
1.5.6 Improve Accessibility 4
1.5.7 Monitor Projects More Effectively 5
1.5.8 Less Personnel Training Is Needed 5
1.5.9 Minimize Licensing New Software 5
1.5.10 Improve Flexibility 5
1.6 ADVANTAGES 5
1.7 DISADVANTAGES 5
1.8 PROPOSED SYSTEM 6
1.9 EXISTING SYSTEM 6
CHAPTER-2 LITERATURE SURVEY 7-9
2.1 SOFTWARE PROTECTION AND SIMULATION ON OBLIVIOUS 7
RAMS,” J. ACM, VOL. 43, NO. 3, PP. 431–473, 1996
2.2 RESEARCH IN PRIVACY ENHANCING TECHNOLOGIES 7
2.3 OBLIVIOUS KEYWORD SEARCH,” J. COMPLEXITY, VOL. 20, NO. 2- 8
3, PP. 356–371, 2004
2.4 PUBLIC KEY ENCRYPTION WITH KEYWORD SEARCH,” IN 9
ADVANCES IN CRYPTOLOGY - EUROCRYPT 2004, INTERNATIONAL
CONFERENCE ON THE THEORY AND APPLICATIONS OF
CRYPTOGRAPHIC TECHNIQUES, INTERLAKEN, SWITZERLAND, MAY
2-6, 2004, PROCEEDINGS, SER. LECTURE NOTES IN COMPUTER
SCIENCE, VOL. 3027. SPRINGER, 2004, PP. 506–522
2.5 J. LAI, X. ZHOU, R. H. DENG, Y. LI, AND K. CHEN, “EXPRESSIVE 9
SEARCH ON ENCRYPTED DATA,” IN 8TH ACM SYMPOSIUM ON
INFORMATION, COMPUTER AND COMMUNICATIONS SECURITY,
ASIA CCS ’13, HANGZHOU, CHINA - MAY 08 - 10, 2013. ACM, 2013, PP.
243–252
CHAPTER-3 SOFTWARE REQUIREMENT SPECIFICATION 11-29
3.1 SYSTEM REQURIMENTS & ANALYSIS 11
3.1.1 Existing System 11
3.1.2 Disadvantages Of Existing System 11
3.2 PROPOSED SYSTEM 11
3.2.1 Advantages Of Proposed System 11
3.3 SYSTEM CONFIGURATION 12
3.3.1 Hardware System Configuration 12
3.3.2 S/W System Configuration 12
3.4 FEASIBILITY STUDY 12
3.4.1 Economical Feasibility 13
3.4.2 Technical Feasibility 13
3.4.3 Social Feasibility 13
3.5 SOFTWARE ENVIRONMENT 13
3.5.1 Java Technology 13
3.5.2 The Java Programming Language 13
3.5.3 The Java Platform 14
3.6 THE JAVA PLATFORM HAS TWO COMPONENTS 15
3.7 EVERY FULL IMPLEMENTATION OF THE JAVA PLATFORM 16
GIVES YOU THE FOLLOWING FEATURES
3.8 HOW WILL JAVA TECHNOLOGY CHANGE MY LIFE? 17
3.9 ODBC 17
3.10 JDBC 18
3.11 JDBC GOALS 19
3.11.1 Sql Levelapi 19
3.11.2 Java Is A High-Level Programming Language That Is All Of The 20
Following
3.12 NETWORKING 21
3.12.1 Tcp/Ip Stack 21
3.12.2 Udp 22
3.12.3 Tcp 22
3.12.4 Internet Addresses 22
3.12.5 Network Address 22
3.12.6 Subnet Address 22
3.12.7 Host Address 22
3.12.8 Port Addresses 23
3.12.9 Sockets 23
3.12.10 Jfree Chart 23
3.12.11 Map Visualizations 23
3.12.12 Time Series Chart Interactivity 24
3.12.13 Dashboards 24
3.12.14 Property Editors 24
3.13 WHAT IS A JAVA WEB APPLICATION? 24
3.14 WHAT IS JAVA EE? 24
3.15 SOME OF THE FUNDAMENTAL COMPONENTS OF JAVA EE 24
INCLUDE
3.15.1 Javascript And Ajax Development 25
3.15.2 Web Server And Client 25
3.15.3 Html And Http 25
3.16 SOME OF THE IMPORTANT PARTS OF HTTP REQUEST ARE 25
3.16.1 Http Method 25
3.16.2 Url 25
3.16.3 Form Parameters 25
3.16.4 Sample Http Request 25
3.17 SOME OF THE IMPORTANT PARTS OF HTTP RESPONSE ARE 26
3.17.1 Status Code 26
3.17.2 Content Type 26
3.17.3 CONTENT 26
3.17.4 Mime Type Or Content Type 26
3.17.5 Understanding Url 26
3.18 WHY WE NEED SERVLET AND JSPS? 26
3.18.1 Web Container 27
3.18.2 Httpservletrequest And Httpservletresponse 27
3.19 SOME OF THE IMPORTANT WORK DONE BY WEB 27
CONTAINER ARE
3.19.1 Communication Support 27
3.19.2 Lifecycle And Resource Management 27
3.19.3 Multithreading Support 27
3.19.4 Jsp Support 27
3.20 MYSQL 28
3.20.1 MySQL databases are relational 28
3.20.2 MySQL software is Open Source 29
CHAPTER-4 SYSTEM DESIGN 31-37
4.1 SYSTEM ARCHITECTURE 31
4.2 DATA FLOW DIAGRAM 32
4.3 FUNCTIONAL FLOW 33
4.4 USE CASE DIAGRAM 34
4.5 CLASS DIAGRAM 35
4.6 SEQUENCE DIAGRAM 36
4.7 ACTIVITY DIAGRAM 37
CHAPTER-5 SYSTEM ANALYSIS AND DESIGN 38-39
5.1 MODULE SPECIFICATIONS 38
5.1.1 Input Design 38
5.1.2 Input Design considered the following things 38
5.2 OBJECTIVES 38
5.3 OUTPUT DESIGN 38
CHAPTER-6 SOURCE CODE 40-47

CHAPTER-7 SYSTEM TESTING 48-51

7.1 INTRODUCTION ABOUT SYSTEM TESTING 48
7.2 TYPES OF TESTS 48
 7.2.1 Unit Testing 48
7.2.2 Integration testing 48
7.2.3 Functional Test 49
7.2.4 System Testing 49
7.2.5 White Box Testing 50
7.2.6 Black Box Testing 50
7.2.7 Unit Testing 50
7.2.8 Integration Testing 51
7.2.9 Acceptance Testing 51
CHAPTER-8 EXPERIMENT RESULTS 55-56
CHAPTER-9 CONCLUSION 57
CHAPTER-10 REFERENCES 58-59
CHAPTER-11 PUBLISHED ARTICLE
 LIST OF FIGURES

Fig. No Fig. Name PageNo

1.1 Cloud Computing Architecture 1
1.2 Characteristics Of Cloud Computing 3
1.3 Structure Of Service Models 4
3.1 JAVA API (Application Programming Interface) 16
3.2 Java Virtual Machine 20
3.3 Http Architecture 21
3.4 Deployment Descriptor 28
3.5 Types Of Commands 29
4.1 System Architecture 31
4.2 Data Flow Diagram 32
4.3 Functional Flow 33
4.4 Case Diagram 34
4.5 Class Diagram 35
4.6 Sequence Diagram 36
4.7 Activity Diagram 37
8.1 Home Page 55
8.2 Cloud Authentication 55
8.3 Cloud Home Page 56
8.4 Encryption module 56

i
 ABSTRACT

Searchable encryption allows a cloud server to conduct keyword search over encrypted
data on behalf of the data userswithout learning the underlying plaintexts. However, most
existing searchable encryption schemes only support single or conjunctivekeyword search, while
a few other schemes that are able to perform expressive keyword search are computationally
inefficient sincethey are built from bilinear pairings over the composite-order groups. In this
paper, we propose an expressive public-key searchableencryption scheme in the prime-order
groups, which allows keyword search policies (i.e., predicates, access structures) to beexpressed
in conjunctive, disjunctive or any monotonic Boolean formulas and achieves significant
performance improvement overexisting schemes. We formally define its security, and prove that
it is selectively secure in the standard model. Also, we implement theproposed scheme using a
rapid prototyping tool called Charm [37], and conduct several experiments to evaluate it
performance. Theresults demonstrate that our scheme is much more efficient than the ones built
over the composite-order groups.

ii
 CHAPTER-1
INTRODUCTION

1.1 WHAT IS CLOUD COMPUTING?

Cloud computing is the use of computing resources (hardware and software) that are
delivered as a service over a network (typically the Internet). The name comes from the common
use of a cloud-shaped symbol as an abstraction for the complex infrastructure it contains in
system diagrams. Cloud computing entrusts remote services with a user's data, software and
computation. Cloud computing consists of hardware and software resources made available on
the Internet as managed third-party services. These services typically provide access to advanced
software applications and high-end networks of server computers.

Figure1.1 Cloud Computing Architecture

1
1.2 STRUCTURE OF CLOUD COMPUTING:

HOW CLOUD COMPUTING WORKS?

The goal of cloud computing is to apply traditional supercomputing, or high-performance

computing power, normally used by military and research facilities, to perform tens of trillions of
computations per second, in consumer-oriented applications such as financial portfolios, to
deliver personalized information, to provide data storage or to power large, immersive computer
games.The cloud computing uses networks of large groups of servers typically running low-cost
consumer PC technology with specialized connections to spread data-processing chores across
them. This shared IT infrastructure contains large pools of systems that are linked together.
Often, virtualization techniques are used to maximize the power of cloud computing.

1.3 CHARACTERISTICS AND SERVICES MODELS:

The salient characteristics of cloud computing based on the definitions provided by the
National Institute of Standards and Terminology (NIST) are outlined below:

1.3.1 On-demand Self-service:

A consumer can unilaterally provision computing capabilities, such as server time and
network storage, as needed automatically without requiring human interaction with each
service’s provider.

1.3.2 Broad Network Access:

Capabilities are available over the network and accessed through standard mechanisms
that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops,
and PDAs).

1.3.3 Resource Pooling:

There is a sense of location-independence in that the customer generally has no control or

knowledge over the exact location of the provided resources but may be able to specify location
at a higher level of abstraction (e.g., country, state, or data center). Examples of resources
include storage, processing, memory, network bandwidth, and virtual machines.

1.3.4 Rapid Elasticity:

Capabilities can be rapidly and elastically provisioned, in some cases automatically, to

quickly scale out and rapidly released to quickly scale in. To the consumer, the capabilities

2
available for provisioning often appear to be unlimited and can be purchased in any quantity at
any time.

1.3.5 Measured Service:

Cloud systems automatically control and optimize resource use by leveraging a metering
capability at some level of abstraction appropriate to the type of service (e.g., storage,
processing, bandwidth, and active user accounts). Resource usage can be managed, controlled,
and reported providing transparency for both the provider and consumer of the utilized service.

Figure1.2 Characteristics of cloud computing

1.4 SERVICES MODELS:

Cloud Computing comprises three different service models, namely Infrastructure-as-a-

Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS). The three
service models or layer are completed by an end user layer that encapsulates the end user
perspective on cloud services.

The model is shown in figure below. If a cloud user accesses services on the infrastructure
layer, for instance, she can run her own applications on the resources of a cloud infrastructure
and remain responsible for the support, maintenance, and security of these applications herself. If
she accesses a service on the application layer, these tasks are normally taken care of by the
cloud service provider.

3
 Figure1.3 Structure of service models

1.5 BENEFITS OF CLOUD COMPUTING:

1.5.1 Achieve Economies Of Scale:

Increase volume output or productivity with fewer people. Your cost per unit, project or
product plummets.

1.5.2 Reduce Spending On Technology Infrastructure:

Maintain easy access to your information with minimal upfront spending. Pay as you go
(weekly, quarterly or yearly), based on demand.

1.5.3 Globalize Your Workforce On The Cheap:

People worldwide can access the cloud, provided they have an Internet connection.

1.5.4 Streamline Processes:

Get more work done in less time with less people.

1.5.5 Reduce Capital Costs:

There’s no need to spend big money on hardware, software or licensing fees.

1.5.6 Improve Accessibility:

You have access anytime, anywhere, making your life so much easier!

4
1.5.7 Monitor Projects More Effectively:

Stay within budget and ahead of completion cycle times.

1.5.8 Less Personnel Training Is Needed:

It takes fewer people to do more work on a cloud, with a minimal learning curve on hardware
and software issues.

1.5.9 Minimize Licensing New Software:

Stretch and grow without the need to buy expensive software licenses or programs.

1.5.10 Improve Flexibility:

You can change direction without serious ―people‖ or ―financial‖ issues at stak

1.6 ADVANTAGES:

Price: Pay for only the resources used.

Security: Cloud instances are isolated in the network from other instances for improved
security.
Performance: Instances can be added instantly for improved performance. Clients have
access to the total resources of the Cloud’s core hardware.
Scalability: Auto-deploy cloud instances when needed.
Uptime: Uses multiple servers for maximum redundancies. In case of server failure, instances
can be automatically created on another server.
Control: Able to login from any location. Server snapshot and a software library lets you
deploy custom instances.
Traffic: Deals with spike in traffic with quick deployment of additional instances to handle the
load.
Existingsystem: Due to data outsourcing and untrusted cloud servers, the data access control
becomes a challenging issue in cloud storage systemsExisting access control schemes are no
longer applicable to cloud storage systems, because they either produce multiple encrypted
copies of the same data or require a fully trusted cloud server.

1.7 DISADVANTAGES:
However, cloud storage service separates the roles of the data owner from the data
service provider, and the data owner does not interact with the user directly for providing data
access service, which makes the data access control a challenging issue in cloud storage systems.

5
Because the cloud server cannot be fully trusted by data owners, traditional server-based access
control methods are no longer applicable to cloud storage systems.

1.8 PROPOSED SYSTEM:

The basic idea of our scheme is to modify a key-policy attributed-based encryption (KP-
ABE) scheme constructed from bilinear pairing over prime-order groups. Without loss of
generality, we will use the large universe KP-ABE scheme selectively secure in the standard
model. First, to preserve keyword privacy in an access structure, we adopt the method to divide
each keyword into a generic name and a keyword value. Since keyword values are much more
sensitive than the generic keyword names, the keyword values in an access structure are not
disclosed to the cloud server, whereas a partial hidden access structure with only generic
keyword names is included in a trapdoor and sent to the cloud server. We equip this designated
server with a public and private key pair of which the public key will be used in trapdoor
generation such that it is computationally infeasible for anyone without knowledge of the privacy
key to derive keywords information from the trapdoor. We propose the first expressive SE
scheme in the public-key setting from bilinear pairings in prime order groups. As such, our
scheme is not only capable of expressive multi-keyword search, but also significantly more
efficient than existing schemes built in composite-order groups. Using a randomness splitting
technique, our scheme achieves security against offline keyword dictionary guessing attacks to
the ciphertexts. Moreover, to preserve the privacy of keywords against offline keyword
dictionary guessing attacks to trapdoors, we divide each keyword into keyword name and
keyword value and assign a designated cloud server to conduct search operations in our
construction.

1.9 EXISTING SYSTEM:

After Boneh et al. initiated the study of public-key encryption with keyword search
(PEKS), several PEKS constructions were put forth using different techniques or considering
different situations. They aim to solve two cruces in PEKS: (1) how to make PEKS secure
against offline keyword dictionary guessing attacks; and (2) how to achieve expressive searching
predicates in PEKS. In terms of the offline keyword dictionary guessing attacks, which requires
that no adversary (including the cloud searching server) can learn keywords from a given
trapdoor, to the best of our knowledge, such a security notion is very hard to be achieved in the
public-key setting. In a private-key SE setting, a user uploads its private data to a remote
database and keeps the data private from the remote database administrator. Private-key SE
allows the user to retrieve all the records containing a particular keyword from the remote
database.

6
 CHAPTER-2
LITERATURE SURVEY
2.1 SOFTWARE PROTECTION AND SIMULATION ON OBLIVIOUS
RAMS,” J. ACM, VOL. 43, NO. 3, PP. 431–473, 1996:

Software protection is one of the most important issues concerning computer practice.
There exist many heuristics and ad-hoc methods for protection, but the problem as a whole has
not received the theoretical treatment it deserves. In this paper, we provide theoretical treatment
of software protection. We reduce the problem of software protection to the problem of efficient
simulation on oblivious RAM.
A machine is oblivious if the sequence in which it accesses memory locations is
equivalent for any two inputs with the same running time. For example, an oblivious Turing
Machine is one for which the movement of the heads on the tapes is identical for each
computation. (Thus, the movement is independent of the actual input.
) What is the slowdown in the running time of a machine, if it is required to be
oblivious? In 1979, Pippenger and Fischer showed how a two-tape oblivious Turing Machine can
simulate, on-line, a one-tape Turing Machine, with a logarithmic slowdown in the running time.
We show an analogous result for the random-access machine (RAM) model of computation. In
particular,
we show how to do an on-line simulation of an arbitrary RAM by a
probabilistic oblivious RAM with a polylogaithmic slowdown in the running time. On the other
hand, we show that a logarithmic slowdown is a lower bound.
AUTHORS:O. Goldreich and R. Ostrovsky,

2.2 RESEARCH IN PRIVACY ENHANCING TECHNOLOGIES:

Research in Privacy Enhancing Technologies has a tradition of about 25 years. The basic
technologies and ideas were found until 1995 while the last decade was dominated by the
utilization of such technologies. The question arises if there is a market for Privacy Enhanced
Technology.
The answer is yes, however Privacy Enhancing Technology may not have been broadly
known yet in order to make it profitable. The governments or non-profit organizations must
therefore run such systems or at least promote their further development and deployment.
Especially governments have however conflicting interests:
While governments of democratic nations are responsible to keep the freedom of citizens
(and privacy as a part of it), governments also need instruments to prosecute criminal activities.
Subsequently, Privacy Enhancing Technologies have to consider law enforcement functionality
in order to balance these different targets.

7
 We study the problem of searching on data that is encrypted using a public key system.
Consider user Bob who sends email to user Alice encrypted under Alice’s public key. An email
gateway wants to test whether the email contains the keyword ―urgent‖ so that it could route the
email accordingly. Alice, on the other hand does not wish to give the gateway the ability to
decrypt all her messages.
We define and construct a mechanism that enables Alice to provide a key to the gateway
that enables the gateway to test whether the word ―urgent‖ is a keyword in the email without
learning anything else about the email.
We refer to this mechanism as Public Key Encryption with keyword Search. As another
example, consider a mail server that stores various messages publicly encrypted for Alice by
others. Using our mechanism Alice can send the mail server a key that will enable the server to
identify all messages containing some specific keyword.
AUTHORS: R. Clayton, S. J. Murdoch

2.3 OBLIVIOUS KEYWORD SEARCH,” J. COMPLEXITY, VOL. 20, NO.

2-3, PP. 356–371, 2004:
Weng et al. introduced the notion of conditional proxy re-encryption (or C-PRE, for
short), whereby only the cipher text satisfying one condition set by the delegator can be
transformed by the proxy and then decrypted by delegate. Nonetheless, they left an open problem
on how to construct CCA-secure C-PRE schemes with anonymity.
Fang et al. answered this question by presenting a construction of anonymous
conditional proxy re-encryption (C-PRE) scheme without requiring random oracle. Nevertheless,
Fang et al.’s scheme only satisfies the RCCA-security (which is a weaker variant of CCA-
security assuming a harmless mauling of the challenge cipher text is tolerated).
Hence, it remains an open problem whether CCA-secure C-PRE schemes that satisfy
both anonymity and full CCA-security can really be realized. Shao et al. introduced a new
cryptographic primitive, called proxy re-encryption with keyword search (PRES)
which is a combination of PRE and public key encryption with keyword search (PEKS),
and they left an open problem on how to design an efficient unidirectional PRES scheme. In this
paper, we answer the above open problems by proposing a new cryptographic primitive called
conditional proxy re-encryption with keyword search (C-PRES),
which combines C-PRE and PEKS. We note that there are subtleties in combining these
two notions to achieve a secure scheme, and hence, the combination is not trivial. We propose a
definition of security against chosen cipher text attacks for C-PRES schemes with keyword
anonymity, and thereafter present a scheme that satisfies the definition.
The performance of our scheme outperforms Wing et al.’s construction, which has been
regarded as the most efficient C-PRE scheme to date.
AUTHORS:W. Ogata and K. Kurosawa,

8
2.4. PUBLIC KEY ENCRYPTION WITH KEYWORD SEARCH,” IN
ADVANCES IN CRYPTOLOGY - EUROCRYPT 2004, INTERNATIONAL
CONFERENCE ON THE THEORY AND APPLICATIONS OF
CRYPTOGRAPHIC TECHNIQUES, INTERLAKEN, SWITZERLAND,
MAY 2-6, 2004, PROCEEDINGS, SER. LECTURE NOTES IN COMPUTER
SCIENCE, VOL. 3027. SPRINGER, 2004, PP. 506–522.:
In countries such as China or Iran where Internet censorship is prevalent, users usually
rely on proxies or anonymizers to freely access the web. The obvious difficulty with this
approach is that once the address of a proxy or an anonymizer is announced for use to the public,
the authorities can easily filter all traffic to that address.
This poses a challenge as to how proxy addresses can be announced to users without
leaking too much information to the censorship authorities. In this paper, we formulate this
question as an interesting algorithmic problem. We study this problem in a static and a dynamic
model, and give almost tight bounds on the number of proxy servers required to give access to n
people k of whom are adversaries. We will also discuss how trust networks can be used in this
context.
We study the problem of searching on data that is encrypted using a public key system.
Consider user Bob who sends email to user Alice encrypted under Alice's public key. An email
gateway wants to test whether the email contains the keyword "urgent" so that it could route the
email accordingly. Alice, on the other hand does not wish to give the gateway the ability to
decrypt all her messages.
We define and construct a mechanism that enables Alice to provide a key to the gateway
that enables the gateway to test whether the word "urgent" is a keyword in the email without else
about the email. We refer to this mechanism as Public Key Encryption with keyword learning
anything Search. As another example, consider a mail server that stores various messages
publicly encrypted for Alice by others. Using our mechanism Alice can send the mail server a
key that will enable the server to identify all messages containing some specific keyword, but
learn nothing else. We define the concept of public key encryption with keyword search and give
several constructions.
AUTHORS:D. Boneh, G. D. Crescenzo, R. Ostrovsky, and G. Persiano

2.5 J. LAI, X. ZHOU, R. H. DENG, Y. LI, AND K. CHEN, “EXPRESSIVE

SEARCH ON ENCRYPTED DATA,” IN 8TH ACM SYMPOSIUM ON
INFORMATION, COMPUTER AND COMMUNICATIONS SECURITY,
ASIA CCS ’13, HANGZHOU, CHINA - MAY 08 - 10, 2013. ACM, 2013, PP.
243–252:

Cloud computing has drawn much attention from research and industry in recent years.
Plenty of enterprises and individuals are outsourcing their data to cloud servers. As those data

9
may contain sensitive information, it should be encrypted before outsourced to cloud servers. In
order to ensure that only authorized users can search and further access the encrypted data, two
important capabilities must be supported: keyword search and access control. Recently, rigorous
efforts have been made on either keyword search or access control over encrypted data.
However, to the best of our knowledge, there is no encryption scheme supporting both
capabilities in a public-key scenario so far. In this paper, we propose an authorized searchable
public-key encryption scheme supporting expressive search capability and prove it fully secure
in the standard model.
AUTHORS: M. Li, S. Yu, Y. Zheng, K. Ren, andW.

10
 CHAPTER-3
SOFTWARE REQUIREMENT SPECIFICATION
3.1SYSTEM REQURIMENTS&ANALYSIS:

3.1.1 Existing System:

This new paradigm of data hosting and data access services introduces a great challenge
to data access control. Because the cloud server cannot be fully trusted by data owners, they can
no longer rely on servers to do access control. Cipher text-Policy Attribute-based Encryption
(CP-ABE) is regarded as one of the most suitabletechnologies for data access control in cloud
storage systems, because it gives the data owner more direct control on access policies. In CP-
ABE scheme, there is an authority that is responsible for attribute management and key
distribution.

3.1.2 Disadvantages Of Existing System:

Chase’s multi-authority CP-ABE protocol allows the central authority to decrypt allthe
cipher texts, since it holds the master key of the system.
Chase’s protocol does not supportsattribute revocation.

3.2 PROPOSED SYSTEM:

In this paper, we first propose a revocable multiauthority CP-ABE scheme, where an

efficient and secure revocation method is proposed to solve the attribute revocation problem in
the system. Our attribute revocation method is efficient in the sense that it incurs less
communication cost and computation cost, and is secure in the sense that it can achieve both
backward security (The revoked user cannot decrypt any new ciphertext that requires the
revoked attribute to decrypt)and forward security (The newly joined user can also decrypt the
previously published ciphertexts1, if it has sufficient.attributes). Our scheme does not require the
server to be fully trusted, because the key update is enforced by each attribute authority not the
server. Even if the server is not semitrusted in some scenarios, our scheme can still guarantee the
backward security. Then, we apply our proposed revocable multi-authority CP-ABE scheme as
the underlying techniques to construct the expressive and secure data access control scheme for
multi-authority cloud storage systems.

3.2.1 Advantages Of Proposed System:

We modify the framework of the scheme and make it more practical to cloud storage
systems, in which data owners are not involved in the key generation.
We greatly improve the efficiency of the attribute revocation method.
We also highly improve the expressiveness of our access control scheme, where we
remove the limitation that each attribute can only appear at most once in a ciphertext.
11
3.3 SYSTEM CONFIGURATION:

3.3.1 Hardware System Configuration:

Processor Intel(R) Core i5-5200U CPU @2.20GHz 2.20 GHz,

Installed Memory (RAM) : 8.00GB

System Type : 64-bit operating System, x64-based Processor
Hard Disk 1TB
Key Board Logitech Wireless Bluetooth Multimedia
Keyboard

Mouse Optical Mouse / Pointing Device

Monitor LCD

3.3.2 S/W System Configuration:

Operating System Windows 10
Application Server Tomcat 8.5
Front End HTML, Java, Jsp
Scripts JavaScript.
Server side Script Java Server Pages.
Database Mysql 5.5
Database Connectivity JDBC.

3.4 FEASIBILITY STUDY:

The feasibility of the project is analyzed in this phase and business proposal is put forth
with a very general plan for the project and some cost estimates. During system analysis the
feasibility study of the proposed system is to be carried out. This is to ensure that the proposed
system is not a burden to the company. For feasibility analysis, some understanding of the major
requirements for the system is essential.
Three Key Considerations Involved In The Feasibility Analysis Are

ECONOMICAL FEASIBILITY
TECHNICAL FEASIBILITY
SOCIAL FEASIBILITY

12
3.4.1 Economical Feasibility:

This study is carried out to check the economic impact that the system will have on the
organization. The amount of fund that the company can pour into the research and development
of the system is limited. The expenditures must be justified. Thus the developed system as well
within the budget and this was achieved because most of the technologies used are freely
available. Only the customized products had to be purchased.

3.4.2 Technical Feasibility:

This study is carried out to check the technical feasibility, that is, the technical
requirements of the system. Any system developed must not have a high demand on the available
technical resources. This will lead to high demands on the available technical resources. This
will lead to high demands being placed on the client. The developed system must have a modest
requirement, as only minimal or null changes are required for implementing this system.

3.4.3 Social Feasibility:

The aspect of study is to check the level of acceptance of the system by the user. This
includes the process of training the user to use the system efficiently. The user must not feel
threatened by the system, instead must accept it as a necessity. The level of acceptance by the
users solely depends on the methods that are employed to educate the user about the system and
to make him familiar with it. His level of confidence must be raised so that he is also able to
make some constructive criticism, which is welcomed, as he is the final user of the system.

3.5 SOFTWARE ENVIRONMENT:

3.5.1 Java Technology:

Java technology is both a programming language and a platform.

3.5.2 The Java Programming Language:

The Java programming language is a high-level language that can be characterized by all
of the following buzzwords:
Simple
Architecture neutral
Object oriented
Portable
Distributed
High performance
Interpreted
Multithreaded
Robust

13
 With most programming languages, you either compile or interpret a program so that you
can run it on your computer. The Java programming language is unusual in that a program is
both compiled and interpreted. With the compiler, first you translate a program into an
intermediate language called Java byte codes —the platform-independent codes interpreted by
the interpreter on the Java platform. The interpreter parses and runs each Java byte code
instruction on the computer. Compilation happens just once; interpretation occurs each time the
program is executed. The following figure illustrates how this works.

You can think of Java byte codes as the machine code instructions for the Java Virtual
Machine (Java VM). Every Java interpreter, whether it’s a development tool or a Web browser
that can run applets, is an implementation of the Java VM. Java byte codes help make ―write
once, run anywhere‖ possible. You can compile your program into byte codes on any platform
that has a Java compiler. The byte codes can then be run on any implementation of the Java VM.
That means that as long as a computer has a Java VM, the same program written in the Java
programming language can run on Windows 2000, a Solaris workstation, or on an iMac.

3.5.3 The Java Platform:

A platform is the hardware or software environment in which a program runs. We’ve

already mentioned some of the most popular platforms like Windows 2000, Linux, Solaris, and
MacOS. Most platforms can be described as a combination of the operating system and
hardware. The Java platform differs from most other platforms in that it’s a software-only
platform that runs on top of other hardware-based platforms.

14
3.6 THE JAVA PLATFORM HAS TWO COMPONENTS:
The Java Virtual Machine (Java VM)
The Java Application Programming Interface (Java API)

You’ve already been introduced to the Java VM. It’s the base for the Java platform and is
ported onto various hardware-based platforms.
The Java API is a large collection of ready-made software components that provide many useful
capabilities, such as graphical user interface (GUI) widgets. The Java API is grouped into
libraries of related classes and interfaces; these libraries are known as packages. The next
section, What Can Java Technology Do? Highlights what functionality some of the packages in
the Java API provide.
The following figure depicts a program that’s running on the Java platform. As the figure shows,
the Java API and the virtual machine insulate the program from the hardware.

Native code is code that after you compile it, the compiled code runs on a specific
hardware platform. As a platform-independent environment, the Java platform can be a bit
slower than native code. However, smart compilers, well-tuned interpreters, and just-in-time byte
code compilers can bring performance close to that of native code without threatening
portability.
What Can Java Technology Do?
The most common types of programs written in the Java programming language are
applets and applications. If you’ve surfed the Web, you’re probably already familiar with
applets. Aapplet is a program that adheres to certain conventions that allow it to run within a
Java-enabled browser.
However, the Java programming language is not just for writing cute, entertaining applets
for the Web. The general-purpose, high-level Java programming language is also a powerful
software platform. Using the generous API, you can write many types of programs.
An application is a standalone program that runs directly on the Java platform. A special
kind of application known as a server serves and supports clients on a network. Examples of
servers are Web servers, proxy servers, mail servers, and print servers.
Another specialized program is a servlet. A servlet can almost be thought of as an applet
that runs on the server side. Java Servlets are a popular choice for building interactive web
applications, replacing the use of CGI scripts.
Servlets are similar to applets in that they are runtime extensions of applications. Instead
of working in browsers, though, servlets run within Java Web servers, configuring or tailoring
the server.
How does the API support all these kinds of programs? It does so with packages of
software components that provides a wide range of functionality.

15
3.7 EVERY FULL IMPLEMENTATION OF THE JAVA PLATFORM
GIVES YOU THE FOLLOWING FEATURES:

The Essentials: Objects, strings, threads, numbers, input and output, data structures, system
properties, date and time, and so on.
Applets: The set of conventions used by applets.

Networking: URLs, TCP (Transmission Control Protocol), UDP (User Data gram Protocol)
sockets, and IP (Internet Protocol) addresses.

Internationalization: Help for writing programs that can be localized for users worldwide.
Programs can automatically adapt to specific locales and be displayed in the appropriate
language.

Security: Both low level and high level, including electronic signatures, public and private key
management, access control, and certificates.

Software Components: Known as JavaBeansTM, can plug into existing component

architectures.

Object Serialization: Allows lightweight persistence and communication via Remote

Method Invocation (RMI).

Java Database Connectivity (Jdbctm): Provides uniform access to a wide range of

relational databases.The Java platform also has APIs for 2D and 3D graphics, accessibility,
servers, collaboration, telephony, speech, animation, and more. The following figure depicts
what is included in the Java 2 SDK.

Figure 3.1 JAVA API (Application programming Interface)

16
3.8 HOW WILL JAVA TECHNOLOGY CHANGE MY LIFE?
We can’t promise you fame, fortune, or even a job if you learn the Java programming
language. Still, it is likely to make your programs better and requires less effort than other
languages.

We Believe That Java Technology Will Help You Do The Following:

Get Started Quickly: Although the Java programming language is a powerful object-
oriented language, it’s easy to learn, especially for programmers already familiar with C or C++.

Write Less Code: Comparisons of program metrics (class counts, method counts, and so on)
suggest that a program written in the Java programming language can be four times smaller than
the same program in C++.

Write Better Code: The Java programming language encourages good coding practices, and
its garbage collection helps you avoid memory leaks. Its object orientation, its JavaBeans
component architecture, and its wide-ranging, easily extendible API let you reuse other people’s
tested code and introduce fewer bugs.

Develop Programs More Quickly: Your development time may be as much as twice as
fast versus writing the same program in C++. Why? You write fewer lines of code and it is a
simpler programming language than C++.

Avoid Platform Dependencies With 100% Pure Java: You can keep your program
portable by avoiding the use of libraries written in other languages. The 100% Pure
JavaTMProduct Certification Program has a repository of historical process manuals, white
papers, brochures, and similar materials online.

Write Once, Run Anywhere: Because 100% Pure Java programs are compiled into
machine-independent byte codes, they run consistently on any Java platform.

Distribute Software More Easily: You can upgrade applets easily from a central server.
Applets take advantage of the feature of allowing new classes to be loaded ―on the fly,‖ without
recompiling the entire program.

3.9 ODBC:
Microsoft Open Database Connectivity (ODBC) is a standard programming interface for
application developers and database systems providers. Before ODBC became a de facto
standard for Windows programs to interface with database systems, programmers had to use
proprietary languages for each database they wanted to connect to. Now, ODBC has made the
choice of the database system almost irrelevant from a coding perspective, which is as it should
be. Application developers have much more important things to worry about than the syntax that

17
is needed to port their program from one database to another when business needs suddenly
change.
Through the ODBC Administrator in Control Panel, you can specify the particular
database that is associated with a data source that an ODBC application program is written to
use. Think of an ODBC data source as a door with a name on it. Each door will lead you to a
particular database. For example, the data source named Sales Figures might be a SQL Server
database, whereas the Accounts Payable data source could refer to an Access database. The
physical database referred to by a data source can reside anywhere on the LAN.
The ODBC system files are not installed on your system by Windows 95. Rather, they
are installed when you setup a separate database application, such as SQL Server Client or
Visual Basic 4.0. When the ODBC icon is installed in Control Panel, it uses a file called
ODBCINST.DLL. It is also possible to administer your ODBC data sources through a stand-
alone program From a programming perspective, the beauty of ODBC is that the application can
be written to use the same set of function calls to interface with any data source, regardless of the
database vendor. The source code of the application doesn’t change whether it talks to Oracle or
SQL Server.
We only mention these two as an example. There are ODBC drivers available for several
dozen popular database systems. Even Excel spreadsheets and plain text files can be turned into
data sources. The operating system uses the Registry information written by ODBC
Administrator to determine which low-level ODBC drivers are needed to talk to the data source
(such as the interface to Oracle or SQL Server). The loading of the ODBC drivers is transparent
to the ODBC application program. In a client/server environment, the ODBC API even handles
many of the network issues for the application programmer.
The advantages of this scheme are so numerous that you are probably thinking there must
be some catch. The only disadvantage of ODBC is that it isn’t as efficient as talking directly to
the native database interface. ODBC has had many detractors make the charge that it is too slow.
Microsoft has always claimed that the critical factor in performance is the quality of the driver
software that is used. In our humble opinion, this is true. The availability of good ODBC drivers
has improved a great deal recently. And anyway, the criticism about performance is somewhat
analogous to those who said that compilers would never match the speed of pure assembly
language. Maybe not, but the compiler (or ODBC) gives you the opportunity to write cleaner
programs, which means you finish sooner. Meanwhile, computers get faster every year.

3.10 JDBC:

In an effort to set an independent database standard API for Java; Sun Microsystems
developed Java Database Connectivity, or JDBC. JDBC offers a generic SQL database access
mechanism that provides a consistent interface to a variety of RDBMSs. This consistent interface
is achieved through the use of ―plug-in‖ database connectivity modules, or drivers. If a database
vendor wishes to have JDBC support, he or she must provide the driver for each platform that the
database and Java run on.
To gain a wider acceptance of JDBC, Sun based JDBC’s framework on ODBC. As you
discovered earlier in this chapter, ODBC has widespread support on a variety of platforms.
Basing JDBC on ODBC will allow vendors to bring JDBC drivers to market much faster than
developing a completely new connectivity solution.

18
JDBC was announced in March of 1996. It was released for a 90 day public review that ended
June 8, 1996. Because of user input, the final JDBC v1.0 specification was released soon after.
The remainder of this section will cover enough information about JDBC for you to
know what it is about and how to use it effectively. This is by no means a complete overview of
JDBC. That would fill an entire book.

3.11 JDBC GOALS:

Few software packages are designed without goals in mind. JDBC is one that, because of
its many goals, drove the development of the API. These goals, in conjunction with early
reviewer feedback, have finalized the JDBC class library into a solid framework for building
database applications in Java.
The goals that were set for JDBC are important. They will give you some insight as to
why certain classes and functionalities behave the way they do. The eight design goals for JDBC
are as follows:

3.11.1 Sql Levelapi:

The designers felt that their main goal was to define a SQL interface for Java. Although
not the lowest database interface level possible, it is at a low enough level for higher-level tools
and APIs to be created. Conversely, it is at a high enough level for application programmers to
use it confidently. Attaining this goal allows for future tool vendors to ―generate‖ JDBC code
and to hide many of JDBC’s complexities from the end user.
SQL syntax varies as you move from database vendor to database vendor. In an effort to
support a wide variety of vendors, JDBC will allow any query statement to be passed through it
to the underlying database driver. This allows the connectivity module to handle non-standard
functionality in a manner that is suitable for its users.
The JDBC SQL API must ―sit‖ on top of other common SQL level APIs. This goal allows JDBC
to use existing ODBC level drivers by the use of a software interface. This interface would
translate JDBC calls to ODBC and vice versa.
Provide a Java interface that is consistent with the rest of the Java system
Because of Java’s acceptance in the user community thus far, the designers feel that they should
not stray from the current design of the core Java system.
Keep it simple
This goal probably appears in all software design goal listings. JDBC is no exception.
Sun felt that the design of JDBC should be very simple, allowing for only one method of
completing a task per mechanism. Allowing duplicate functionality only serves to confuse the
users of the API.
Strong typing allows for more error checking to be done at compile time; also, less error
appear at runtime.
Because more often than not, the usual SQL calls used by the programmer are simple
SELECT’s, INSERT’s, DELETE’s and UPDATE’s, these queries should be simple to perform
with JDBC. However, more complex SQL statements should also be possible.
Java ha two things: a programming language and a platform.

19
3.11.2 Java Is A High-Level Programming Language That Is All Of The
Following:
Java is also unusual in that each Java program is both compiled and interpreted. With a
compile you translate a Java program into an intermediate language called Java byte codes the
platform-independent code instruction is passed and run on the computer.

Compilation happens just once; interpretation occurs each time the program is executed.
The figure illustrates how this works.

Figure 3.2 Java Virtual Machine

You can think of Java byte codes as the machine code instructions for the Java Virtual
Machine (Java VM). Every Java interpreter, whether it’s a Java development tool or a Web
browser that can run Java applets, is an implementation of the Java VM. The Java VM can also
be implemented in hardware.Java byte codes help make ―write once, run anywhere‖ possible.

20
3.12 NETWORKING :

3.12.1 Tcp/Ip Stack:

The TCP/IP stack is shorter than the OSI one:

TCP is a connection-oriented protocol; UDP (User Datagram Protocol) is a connectionless

protocol.

figure 3.3 http architecture

The IP layer provides a connectionless and unreliable delivery system. It considers each
datagram independently of the others. Any association between datagram must be supplied by
the higher layers. The IP layer supplies a checksum that includes its own header. The header
includes the source and destination addresses. The IP layer handles routing through an Internet. It
is also responsible for breaking up large datagram into smaller ones for transmission and
reassembling them at the other end.

21
3.12.2 Udp:

UDP is also connectionless and unreliable. What it adds to IP is a checksum for the
contents of the datagram and port numbers. These are used to give a client/server model - see
later.

3.12.3 Tcp:

TCP supplies logic to give a reliable connection-oriented protocol above IP. It provides a
virtual circuit that two processes can use to communicate.

3.12.4 Internet Addresses:

In order to use a service, you must be able to find it. The Internet uses an address scheme
for machines so that they can be located. The address is a 32 bit integer which gives the IP
address. This encodes a network ID and more addressing. The network ID falls into various
classes according to the size of the network address.

3.12.5 Network Address:

Class A uses 8 bits for the network address with 24 bits left over for other addressing.
Class B uses 16 bit network addressing. Class C uses 24 bit network addressing and class D uses
all 32.

3.12.6 Subnet Address:

Internally, the UNIX network is divided into sub networks. Building 11 is currently on
one sub network and uses 10-bit addressing, allowing 1024 different hosts.

3.12.7 Host Address:

8 bits are finally used for host addresses within our subnet. This places a limit of 256
machines that can be on the subnet.
Total address

The 32 bit address is usually written as 4 integers separated by dots.

22
3.12.8 Port Addresses:
A service exists on a host, and is identified by its port. This is a 16 bit number. To send a
message to a server, you send it to the port for that service of the host that it is running on. This
is not location transparency! Certain of these ports are "well known".

3.12.9 Sockets:

A socket is a data structure maintained by the system to handle network connections. A

socket is created using the call socket. It returns an integer that is like a file descriptor. In
fact, under Windows, this handle can be used with Read File and Write File functions.
#include <sys/types.h>
#include <sys/socket.h>
int socket(int family, int type, int protocol);
Here "family" will be AF_INET for IP communications, protocol will be zero, and type
will depend on whether TCP or UDP is used. Two processes wishing to communicate over a
network create a socket each. These are similar to two ends of a pipe - but the actual pipe does
not yet exist.

3.12.10 Jfree Chart:

JFreeChart is a free 100% Java chart library that makes it easy for developers to display
professional quality charts in their applications. JFreeChart's extensive feature set includes:
A consistent and well-documented API, supporting a wide range of chart types;
A flexible design that is easy to extend, and targets both server-side and client-side applications;
Support for many output types, including Swing components, image files (including PNG and
JPEG), and vector graphics file formats (including PDF, EPS and SVG);
JFreeChart is "open source" or, more specifically, free software. It is distributed under the terms
of the GNU Lesser General Public Licence (LGPL), which permits use in proprietary
applications.

3.12.11 Map Visualizations:

Charts showing values that relate to geographical areas. Some examples include: (a)
population density in each state of the United States, (b) income per capita for each country in
Europe, (c) life expectancy in each country of the world.

The tasks in this project include:

Sourcing freely redistributable vector outlines for the countries of the world,
states/provinces in particular countries (USA in particular, but also other areas);Creating an
appropriate dataset interface (plus default implementation), a rendered, and integrating this with
the existing XYPlot class in JFreeChart;Testing, documenting, testing some more, documenting
some more.

23
3.12.12 Time Series Chart Interactivity:

Implement a new (to JFreeChart) feature for interactive time series charts --- to display a
separate control that shows a small version of ALL the time series data, with a sliding "view"
rectangle that allows you to select the subset of the time series data to display in the main chart.

3.12.13 Dashboards:

There is currently a lot of interest in dashboard displays. Create a flexible dashboard

mechanism that supports a subset of JFreeChart chart types (dials, pies, thermometers, bars, and
lines/time series) that can be delivered easily via both Java Web Start and an applet.

3.12.14 Property Editors:

The property editor mechanism in JFreeChart only handles a small subset of the
properties that can be set for charts. Extend (or reimplement) this mechanism to provide greater
end-user control over the appearance of the charts.

3.13 WHAT IS A JAVA WEB APPLICATION?

A Java web application generates interactive web pages containing various types of
markup language (HTML, XML, and so on) and dynamic content. It is typically comprised of
web components such as JavaServer Pages (JSP), servlets and JavaBeans to modify and
temporarily store data, interact with databases and web services, and render content in response
to client requests.
Because many of the tasks involved in web application development can be repetitive or
require a surplus of boilerplate code, web frameworks can be applied to alleviate the overhead
associated with common activities. For example, many frameworks, such as JavaServer Faces,
provide libraries for templating pages and session management, and often promote code reuse.

3.14 WHAT IS JAVA EE?

provides a set of APIs (application programming interfaces) for developing and running
portable, robust, scalable, reliable and secure server-side applications.

3.15 SOME OF THE FUNDAMENTAL COMPONENTS OF JAVA EE

INCLUDE:
Enterprise JavaBeans (EJB): a managed, server-side component architecture used to
encapsulate the business logic of an application. EJB technology enables rapid and simplified
development of distributed, transactional, secure and portable applications based on Java
technology. Java EE (Enterprise Edition) is a widely used platform containing a set of
coordinated technologies that significantly reduce the cost and complexity of developing,
deploying, and managing multi-tier, server-centric applications. Java EE builds upon the Java
SE platform and

24
Java Persistence API (JPA): a framework that allows developers to manage data using object-
relational mapping (ORM) in applications built on the Java Platform.

3.15.1 Javascript And Ajax Development:

JavaScript is an object-oriented scripting language primarily used in client-side interfaces

for web applications. Ajax (Asynchronous JavaScript and XML) is a Web 2.0 technique that
allows changes to occur in a web page without the need to perform a page refresh. JavaScript
toolkits can be leveraged to implement Ajax-enabled components and functionality in web
pages.

3.15.2 Web Server And Client:

Web Server is a software that can process the client request and send the response back to
the client. For example, Apache is one of the most widely used web server. Web Server runs on
some physical machine and listens to client request on specific port.
A web client is a software that helps in communicating with the server. Some of the most widely
used web clients are Firefox, Google Chrome, Safari etc. When we request something from
server (through URL), web client takes care of creating a request and sending it to server and
then parsing the server response and present it to the user.

3.15.3 Html And Http:

Web Server and Web Client are two separate softwares, so there should be some common
language for communication. HTML is the common language between server and client and
stands for HyperTextMarkup Language.
Web server and client needs a common communication protocol, HTTP
(HyperTextTransfer Protocol) is the communication protocol between server and client. HTTP
runs on top of TCP/IP communication protocol.

3.16 SOME OF THE IMPORTANT PARTS OF HTTP REQUEST ARE:

3.16.1 Http Method: Action to be performed, usually GET, POST, PUT etc.

3.16.2 Url: Page to access

3.16.3 Form Parameters: Similar to arguments in a java method, for example

user,password details from login page.

3.16.4 Sample Http Request:

1GET /FirstServletProject/jsps/hello.jsp HTTP/1.1
2Host: localhost:8080
3Cache-Control: no-cache

25
3.17 SOME OF THE IMPORTANT PARTS OF HTTP RESPONSE ARE:

3.17.1 Status Code:

An integer to indicate whether the request was success or not. Some of the well known
status codes are 200 for success, 404 for Not Found and 403 for Access Forbidden.

3.17.2 Content Type:

Text, html, image, pdf etc. Also known as MIME type

3.17.3 CONTENT :
Actual data that is rendered by client and shown to user.

3.17.4 Mime Type Or Content Type:

If you see above sample HTTP response header, it contains tag ―Content-Type‖. It’s also
called MIME type and server sends it to client to let them know the kind of data it’s sending. It
helps client in rendering the data for user.
Some of the mostly used mime types are text/html, text/xml, application/xml etc.

3.17.5 Understanding Url:

URL is acronym of Universal Resource Locator and it’s used to locate the server and
resource. Every resource on the web has it’s own unique address. Let’s see parts of URL with an
example.
http://localhost:8080/FirstServletProject/jsps/hello.jsp
http:// – This is the first part of URL and provides the communication protocol to be used in
server-client communication.
localhost – The unique address of the server, most of the times it’s the hostname of the server
that maps to unique IP address. Sometimes multiple hostnames point to same IP addresses and
web server virtual host takes care of sending request to the particular server instance.
8080 – This is the port on which server is listening, it’s optional and if we don’t provide it in
URL then request goes to the default port of the protocol. Port numbers 0 to 1023 are reserved
ports for well known services, for example 80 for HTTP, 443 for HTTPS, 21 for FTP etc.
FirstServletProject/jsps/hello.jsp – Resource requested from server. It can be static html, pdf,
JSP,servlets, PHP etc.

3.18 WHY WE NEED SERVLET AND JSPS?

Web servers are good for static contents HTML pages but they don’t know how to
generate dynamic content or how to save data into databases, so we need another tool that we can
use to generate dynamic content.
There are several programming languages for dynamic content like PHP, Python, Ruby
on Rails, Java Servlets and JSPs.
Java Servlet and JSPs are server side technologies to extend the capability of web servers
by providing support for dynamic response and data persistence.

26
3.18.1 Web Container:
Tomcat is a web container, when a request is made from Client to web server, it passes
the request to web container and it’s web container job to find the correct resource to handle the
request (servlet or JSP) and then use the response from the resource to generate the response and
provide it to web server. Then web server sends the response back to the client.
When web container gets the request and if it’s for servlet then container creates two Objects

3.18.2 Httpservletrequest And Httpservletresponse:

Then it finds the correct servlet based on the URL and creates a thread for the request.
Then it invokes the servlet service() method and based on the HTTP method service() method
invokes doGet() or doPost() methods. Servlet methods generate the dynamic page and write it to
response. Once servlet thread is complete, container converts the response to HTTP response and
send it back to client.

3.19 SOME OF THE IMPORTANT WORK DONE BY WEB CONTAINER

ARE:

3.19.1 Communication Support:

Container provides easy way of communication between web server and the servlets and
JSPs. Because of container, we don’t need to build a server socket to listen for any request from
web server, parse the request and generate response. All these important and complex tasks are
done by container and all we need to focus is on our business logic for our applications.

3.19.2 Lifecycle And Resource Management :

Container takes care of managing the life cycle of servlet. Container takes care of loading
the servlets into memory, initializing servlets, invoking servlet methods and destroying them.
Container also provides utility like JNDI for resource pooling and management.

3.19.3 Multithreading Support :

Container creates new thread for every request to the servlet and when it’s processed the
thread dies. So servlets are not initialized for each request and saves time and memory.

3.19.4 Jsp Support:

JSPs doesn’t look like normal java classes and web container provides support for JSP.
Every JSP in the application is compiled by container and converted to Servlet and then
container manages them like other servlets.
Miscellaneous Task: Web container manages the resource pool, does memory optimizations,
run garbage collector, provides security configurations, support for multiple applications, hot
deployment and several other tasks behind the scene that makes our life easier.
Web Application Directory Structure:
Java Web Applications are packaged as Web Archive (WAR) and it has a defined structure. You
can export above dynamic web project as WAR file and unzip it to check the hierarchy. It will be
something like below image.

27
 Figure 3.4 Deployment Descriptor
web.xml file is the deployment descriptor of the web application and contains mapping
for servlets (prior to 3.0), welcome pages, security configurations, session timeout settings etc.
Thats all for the java web application startup tutorial, we will explore Servlets and JSPs more in
future posts.

3.20 MYSQL:
MySQL, the most popular Open Source SQL database management system, is developed,
distributed, and supported by Oracle Corporation.
The MySQL Web site (http://www.mysql.com/) provides the latest information about
MySQL software. MySQL is a database management system.
A database is a structured collection of data. It may be anything from a simple shopping
list to a picture gallery or the vast amounts of information in a corporate network. To add, access,
and process data stored in a computer database, you need a database management system such as
MySQL Server. Since computers are very good at handling large amounts of data, database
management systems play a central role in computing, as standalone utilities, or as parts of other
applications.

3.20.1 MySQL databases are relational:

A relational database stores data in separate tables rather than putting all the data in one
big storeroom. The database structures are organized into physical files optimized for speed. The
logical model, with objects such as databases, tables, views, rows, and columns, offers a flexible
programming environment. You set up rules governing the relationships between different data
fields, such as one-to-one, one-to-many, unique, required or optional, and ―pointers‖ between
different tables. The database enforces these rules, so that with a well-designed database, your
application never sees inconsistent, duplicate, orphan, out-of-date, or missing data.
The SQL part of ―MySQL‖ stands for ―Structured Query Language‖. SQL is the most
common standardized language used to access databases. Depending on your programming
environment, you might enter SQL directly (for example, to generate reports), embed SQL
statements into code written in another language, or use a language-specific API that hides the
SQL syntax.

28
 SQL is defined by the ANSI/ISO SQL Standard. The SQL standard has been evolving
since 1986 and several versions exist. In this manual, ―SQL-92‖ refers to the standard released in
1992, ―SQL:1999‖ refers to the standard released in 1999, and ―SQL:2003‖ refers to the current
version of the standard. We use the phrase ―the SQL standard‖ to mean the current version of the
SQL Standard at any time.
SQL Commands:

Figure 3.5 Types of Commands

3.20.2 MySQL software is Open Source:

Open Source means that it is possible for anyone to use and modify the software.
Anybody can download the MySQL software from the Internet and use it without paying
anything. If you wish, you may study the source code and change it to suit your needs. The
MySQL software uses the GPL (GNU General Public License), http://www.fsf.org/licenses/, to
define what you may and may not do with the software in different situations. If you feel
uncomfortable with the GPL or need to embed MySQL code into a commercial application, you
can buy a commercially licensed version from us. See the MySQL Licensing Overview for more
information (http://www.mysql.com/company/legal/licensing/).

29
 If that is what you are looking for, you should give it a try. MySQL Server can run
comfortably on a desktop or laptop, alongside your other applications, web servers, and so on,
requiring little or no attention. If you dedicate an entire machine to MySQL, you can adjust the
settings to take advantage of all the memory, CPU power, and I/O capacity available. MySQL
can also scale up to clusters of machines, networked together. You can find a performance
comparison of MySQL Server with other database managers on our benchmark page.

MySQL Server was originally developed to handle large databases much faster than
existing solutions and has been successfully used in highly demanding production environments
for several years. Although under constant development, MySQL Server today offers a rich and
useful set of functions. Its connectivity, speed, and security make MySQL Server highly suited
for accessing databases on the Internet.

MySQL Server works in client/server or embedded systems. The MySQL Database

Software is a client/server system that consists of a multi-threaded SQL server that supports
different backends, several different client programs and libraries, administrative tools, and a
wide range of application programming interfaces (APIs).
We also provide MySQL Server as an embedded multi-threaded library that you can link into
your application to get a smaller, faster, easier-to-manage standalone product.

A large amount of contributed MySQL software is available. MySQL Server has a

practical set of features developed in close cooperation with our users. It is very likely that your
favorite application or language supports the MySQL Database Server.

The official way to pronounce ―MySQL‖ is ―My Ess Que Ell‖ (not ―my sequel‖), but we
do not mind if you pronounce it as ―my sequel‖ or in some other localized way.

30
 CHAPTER-4
SYSTEM DESIGN
4.1 SYSTEM ARCHITECTURE:

Figure 4.1 System Architecture

31
4.2 DATA FLOW DIAGRAM:

Figure 4. 2 Dataflow Diagram

32
 The DFD is also called as bubble chart. It is a simple graphical formalism that can be
used to represent a system in terms of input data to the system, various processing carried out on
this data, and the output data is generated by this system.
The data flow diagram (DFD) is one of the most important modeling tools. It is used to
model the system components. These components are the system process, the data used by the
process, an external entity that interacts with the system and the information flows in the system.
DFD shows how the information moves through the system and how it is modified by a
series of transformations. It is a graphical technique that depicts information flow and the
transformations that are applied as data moves from input to output.
DFD is also known as bubble chart. A DFD may be used to represent a system at any
level of abstraction. DFD may be partitioned into levels that represent increasing information
flow and functional detail.

4.3 FUNCTIONAL FLOW:

Figure 4.3 Functional Flow

33
4.4 .USE CASE DIAGRAM:
A use case diagram in the Unified Modeling Language (UML) is a type of behavioral
diagram defined by and created from a Use-case analysis.

Its purpose is to present a graphical overview of the functionality provided by a system in

terms of actors, their goals (represented as use cases), and any dependencies between those use
cases.

The main purpose of a use case diagram is to show what system functions are performed
for which actor. Roles of the actors in the system can be depicted.

Figure 4.4 Case Diagram

34
4.5 CLASS DIAGRAM:

In software engineering, a class diagram in the Unified Modeling Language (UML) is a

type of static structure diagram that describes the structure of a system by showing the system's
classes, their attributes, operations (or methods), and the relationships among the classes. It
explains which class contains information.

Figure 4.5 Class Diagram

35
4.6 SEQUENCE DIAGRAM:
A sequence diagram in Unified Modeling Language (UML) is a kind of interaction
diagram that shows how processes operate with one another and in what order. It is a construct of
a Message Sequence Chart. Sequence diagrams are sometimes called event diagrams, event
scenarios, and timing diagrams.

Figure 4.6 Sequence Diagram

36
4.7 ACTIVITY DIAGRAM:
Activity diagrams are graphical representations of workflows of stepwise activities and
actions with support for choice, iteration and concurrency. In the Unified Modeling Language,
activity diagrams can be used to describe the business and operational step-by-step workflows of
components in a system. An activity diagram shows the overall flow of control.

Sign up

Login

User Authorized Trapdoor Cloud

Owner Generator

Attackers
Search ViewFiles
Add Documents

Authorized
My profile Users

Add Patients View

Transactions Authorized
View Files Owners

View
Search Documents
View Upload & Generate
Permissions verify Details Trapdoor
View Pateint
Details
Trapdoor
Permissions
Search
Permission

Top Search
Keywords

Figure 4.7 Activity Diagram

37
 CHAPTER-5
SYSTEM ANALYSIS AND DESIGN
5.1 MODULE SPECIFICATIONS:

5.1.1 Input Design:

The input design is the link between the information system and the user. It comprises the
developing specification and procedures for data preparation and those steps are necessary to put
transaction data in to a usable form for processing can be achieved by inspecting the computer to
read data from a written or printed document or it can occur by having people keying the data
directly into the system.
The design of input focuses on controlling the amount of input required, controlling the
errors, avoiding delay, avoiding extra steps and keeping the process simple. The input is
designed in such a way so that it provides security and ease of use with retaining the privacy.

5.1.2 Input Design considered the following things:

What data should be given as input?
How the data should be arranged or coded?
The dialog to guide the operating personnel in providing input.
Methods for preparing input validations and steps to follow when error occur.

5.2 OBJECTIVES:

Input Design is the process of converting a user-oriented description of the input into a
computer-based system. This design is important to avoid errors in the data input process and
show the correct direction to the management for getting correct information from the
computerized system.
It is achieved by creating user-friendly screens for the data entry to handle large volume
of data. The goal of designing input is to make data entry easier and to be free from errors. The
data entry screen is designed in such a way that all the data manipulates can be performed. It also
provides record viewing facilities.
When the data is entered it will check for its validity. Data can be entered with the help of
screens. Appropriate messages are provided as when needed so that the user will not be in maize
of instant. Thus the objective of input design is to create an input layout that is easy to follow

5.3 OUTPUT DESIGN:

A quality output is one, which meets the requirements of the end user and presents the
information clearly. In any system results of processing are communicated to the users and to
other system through outputs. In output design it is determined how the information is to be
displaced for immediate need and also the hard copy output. It is the most important and direct
source information to the user. Efficient and intelligent output design improves the system’s
relationship to help user decision-making.

38
 Designing computer output should proceed in an organized, well thought out manner; the
right output must be developed while ensuring that each output element is designed so that
people will find the system can use easily and effectively.

When analysis design computer output, they should Identify the specific output that is
needed to meet the requirements. Select methods for presenting information.

Create document, report, or other formats that contain information produced by the
system.

39
 CHAPTER-6
SOURCE CODE
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Blocked and UnBlocked Users Rank</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="css/style.css" rel="stylesheet" type="text/css" />
<link rel="stylesheet" type="text/css" href="css/coin-slider.css" />
<script type="text/javascript" src="js/cufon-yui.js"></script>
<script type="text/javascript"src="js/droid_sans_400-droid_sans_700.font.js"></script>
<script type="text/javascript" src="js/jquery-1.4.2.min.js"></script>
<script type="text/javascript" src="js/script.js"></script>
<script type="text/javascript" src="js/coin-slider.min.js"></script>
<style type="text/css">
<!—
.style1 {font-size: 30px}
.style2 {
font-size: 24px;
color: #d86d5a;
}
.style6 {
font-size: 20px;
color: #FF0000;
}
-->
</style>
</head>
<body>
<div class="main">
<div class="header">
<div class="header_resize">
<div class="menu_nav">
<ul>
<li><a href="index.html"><span>Home Page</span></a></li>
<li class="active"><a href="a_login.jsp"><span>Admin</span></a></li>
<li><a href="u_login.jsp"><span>User</span></a></li>
<li><a href="attacker.jsp"><span>Attacker</span></a></li>

40
</ul>
</div>
<div class="logo">
<h1><a href="index.html" class="style1">Detecting Mobile Malicious<br /> Webpages in Real
Time</a></h1>
</div>
<div class="clr"></div>
<div class="slider">
<div id="coin-slider"><a href="#"><imgsrc="images/slide1.jpg" width="940" height="310"
alt="" /></a><a href="#"><imgsrc="images/slide2.jpg" width="940" height="310" alt=""
/></a><a href="#"><imgsrc="images/slide3.jpg" width="940" height="310" alt="" /></a></div>
<div class="clr"></div>
</div>
<div class="clr"></div>
</div>
</div>
<div class="content">
<div class="content_resize">
<div class="mainbar">
<div class="article">
<h1 align="center" class="style2">VIEW NO.OF BLOCKED AND UNBLOCKED USERS IN
RANK</h1>
<p>&nbsp;</p>
<%@ include file="connect.jsp"%>
<%
try
{
ResultSetrs=connection.createStatement().executeQuery("select * from bnb_users");
if(rs.next())
{
%>
<p><iframe src="graph2.jsp" width="500" height="400" style="border:3px;"></iframe></p>
<%
}else{
%>
<span class="style6">No Users Blocked Yet.</span>
<%
}

41
catch(Exception e)
{
out.print(e);
}
%>
<p>&nbsp;</p>
<p align="right"><a href="a_main.jsp">Back</a></p>
</div>
</div>
<div class="sidebar">
<div class="gadget">
<h2 class="star"><span>Admin</span> Menu</h2>
<div class="clr"></div>
<ul class="sb_menu">
<li><a href="a_main.jsp"><span>Admin Main</span></a></li>
<li><a href="a_login.jsp"><span>Log Out</span></a></li>
</ul>
</div>
</div>
<div class="clr"></div>
</div>
</div>
<div class="fbg">
<div class="fbg_resize">
<div class="col c1">
<h2><span>Image</span> Gallery</h2>
<a href="#"><imgsrc="images/gal1.jpg" width="75" height="75" alt="" class="gal" /></a><a
href="#"><imgsrc="images/gal2.jpg" width="75" height="75" alt="" class="gal" /></a><a
href="#"><imgsrc="images/gal3.jpg" width="75" height="75" alt="" class="gal" /></a><a
href="#"><imgsrc="images/gal4.jpg" width="75" height="75" alt="" class="gal" /></a><a
href="#"><imgsrc="images/gal5.jpg" width="75" height="75" alt="" class="gal" /></a><a
href="#"><imgsrc="images/gal6.jpg" width="75" height="75" alt="" class="gal" /></a></div>
<div class="clr"></div>
</div>
</div>
<div class="footer">
<div class="footer_resize">
<div style="clear:both;"></div>
</div>
</div>

42
</div>
<div align=center></div>
</body>
</html>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Admin Main</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="css/style.css" rel="stylesheet" type="text/css" />
<link rel="stylesheet" type="text/css" href="css/coin-slider.css" />
<script type="text/javascript" src="js/cufon-yui.js"></script>
<script type="text/javascript" src="js/droid_sans_400-droid_sans_700.font.js"></script>
<script type="text/javascript" src="js/jquery-1.4.2.min.js"></script>
<script type="text/javascript" src="js/script.js"></script>
<script type="text/javascript" src="js/coin-slider.min.js"></script>

<style type="text/css">
<!--
.style1 {font-size: 30px}
.style2 {
font-size: 24px;
color: #d86d5a;
}
.style6 {color: #FF0000}
.style7 {font-weight: bold}
.style8 {
color: #FF0000;
font-weight: bold;
font-style: italic;
}
.style9 {font-style: italic}
-->
</style>
</head>
<body>
<div class="main">
<div class="header">
<div class="header_resize">

43
<div class="menu_nav">
<ul>
<li><a href="index.html"><span>Home Page</span></a></li>
<li class="active"><a href="a_login.jsp"><span>Admin</span></a></li>
<li><a href="u_login.jsp"><span>User</span></a></li>
<li><a href="attacker.jsp"><span>Attacker</span></a></li>
</ul>
</div>
<div class="logo">
<h1><a href="index.html" class="style1">Detecting Mobile Malicious<br /> Webpages in Real
Time</a></h1>
</div>
<div class="clr"></div>
<div class="slider">
<div id="coin-slider"><a href="#"><imgsrc="images/slide1.jpg" width="940" height="310"
alt="" /></a><a href="#"><imgsrc="images/slide2.jpg" width="940" height="310" alt=""
/></a><a href="#"><imgsrc="images/slide3.jpg" width="940" height="310" alt="" /></a></div>
<div class="clr"></div>
</div>
<div class="clr"></div>
</div>
</div>
<div class="content">
<div class="content_resize">
<div class="mainbar">
<div class="article">
<h1 align="center" class="style2">WELCOME TO ADMIN MAIN</h1>
<p align="center" class="style2">&nbsp;</p>
<p align="center" class="style2"><imgsrc="images/Admin.jpg" width="626" height="500"
/></p>
<p align="center" class="style2">&nbsp;</p>
</div>
</div>
<div class="sidebar">
<div class="gadget">
<h2 class="star"><span>Admin</span> Menu</h2>
<div class="clr"></div>
<ul class="sb_menu">
<li>
<div align="center" class="style6">

44
<div align="left"><span class="style7"><span class="style9"><a href="a_all_users.jsp">View
All Users and Authorise</a></span></span></div>
</div>
</li>
<li class="style8">
<div align="left"><a href="a_add_topic.jsp">Add Topics</a></div>
</li>
<li class="style8">
<div align="left"><a href="a_all_topics.jsp">List All Topics</a></div>
</li>
<li class="style8">
<div align="left"><a href="a_limit_wb.jsp">Set and View Limit </a></div>
</li>
<li class="style8">
<div align="left"><a href="a_list_mal_webpages.jsp">List All MalaciousWebPages</a></div>
</li>
<li class="style8">
<div align="left"><a href="a_user_viewed_mal.jsp">List All MalaciousWebPage Accessed
Users</a></div>
</li>
<li class="style8">
<div align="left"><a href="a_blocked_user.jsp">List All Blocked Users</a></div>
</li>
<li class="style8">
<div align="left"><a href="a_unblock_user.jsp">User Requests to Unblock</a></div>
</li>
<li class="style8">
<div align="left"><a href="a_rec_webpages.jsp">View All Recommended
WebPages</a></div>
</li>
<li class="style8">
<div align="left"><a href="a_wb_viewed.jsp">View All WebPages Viewed</a></div>
</li>
<li class="style8">
<div align="left"><a href="a_mal_viewed.jsp">View Malacious Web Page Access <br />
in Chart</a></div>
</li>
<li class="style8">
<div align="left"><a href="a_topics_rank.jsp">View Topic Ranks in Chart</a></div>
</li>

45
<li class="style8">
<div align="left"><a href="a_b_nb_users.jsp">View No.Of Blocked and Un-Blocked Users in
Chart</a></div>
</li>
<li>
<div align="left"><span class="style8"><a href="a_login.jsp">Log Out</a></span></div>
</li>
<li></li>
<li></li>
</ul>
</div>
</div>
<div class="clr"></div>
</div>
</div>
<div class="fbg">
<div class="fbg_resize">
<div class="col c1">
<h2><span>Image</span> Gallery</h2>
<a href="#"><imgsrc="images/gal1.jpg" width="75" height="75" alt="" class="gal" /></a><a
href="#"><imgsrc="images/gal2.jpg" width="75" height="75" alt="" class="gal" /></a><a
href="#"><imgsrc="images/gal3.jpg" width="75" height="75" alt="" class="gal" /></a><a
href="#"><imgsrc="images/gal4.jpg" width="75" height="75" alt="" class="gal" /></a><a
href="#"><imgsrc="images/gal5.jpg" width="75" height="75" alt="" class="gal" /></a><a
href="#"><imgsrc="images/gal6.jpg" width="75" height="75" alt="" class="gal" /></a></div>
<div class="clr"></div>
</div>
</div>
<div class="footer">
<div class="footer_resize">
<div style="clear:both;"></div>
</div>
</div>
</div>
<div align=center></div>
</body>
</html>

<%@ page import="java.sql.*"%>

<%@ include file="connect.jsp" %>

46
<%@ page import="java.util.Date" %>
<%@ page import="com.oreilly.servlet.*"%>
<%@ page import ="java.text.SimpleDateFormat" %>
<%@ page import ="javax.crypto.Cipher" %>
<%@ page import ="org.bouncycastle.util.encoders.Base64" %>
<%

try
{

String username=request.getParameter("userid");
String Password=request.getParameter("pass");

application.setAttribute("admin",username);

String sql="SELECT * FROM admin where name='"+username+"' and

pass='"+Password+"'";
Statement stmt = connection.createStatement();
ResultSetrs =stmt.executeQuery(sql);

if (rs.next()==true)
{

response.sendRedirect("a_main.jsp");

}
else
{
out.print("Invalid Login Details");
%><br/><br/><a href="a_login.jsp">Back</a><%
}
}
catch(Exception e)
{
out.print(e);
}

%>

47
 CHAPTER-7
SYSTEM TESTING
7.1 INTRODUCTION ABOUT SYSTEM TESTING :
The purpose of testing is to discover errors. Testing is the process of trying to discover
every conceivable fault or weakness in a work product. It provides a way to check the
functionality of components, sub assemblies, assemblies and/or a finished product It is the
process of exercising software with the intent of ensuring that the software system meets its
requirements and user expectations and does not fail in an unacceptable manner. There are
various types of test. Each test type addresses a specific testing requirement.

7.2 TYPES OF TESTS:

7.2.1 Unit Testing:

Unit testing involves the design of test cases that validate that the internal program logic is
functioning properly, and that program inputs produce valid outputs. All decision branches and
internal code flow should be validated. It is the testing of individual software units of the
application .it is done after the completion of an individual unit before integration. This is a
structural testing, that relies on knowledge of its construction and is invasive. Unit tests perform
basic tests at component level and test a specific business process, application, and or system
configuration. Unit tests ensure that each unique path of a business process performs accurately
to the documented specifications and contains clearly defined inputs and expected results.

7.2.2 Integration testing:

Integration tests are designed to test integrated software components to determine if they
actually run as one program. Testing is event driven and is more concerned with the basic
outcome of screens or fields. Integration tests demonstrate that although the components were
individually satisfaction, as shown by successfully unit testing, the combination of components is
correct and consistent. Integration testing is specifically aimed at exposing the problems that
arise from the combination of components.

48
7.2.3 Functional Test:

Functional tests provide systematic demonstrations that functions tested are available as
specified by the business and technical requirements, system documentation, and user manuals.

Functional testing is centered on the following items:

Valid Input : identified classes of valid input must be accepted.

Invalid Input : identified classes of invalid input must be rejected.
Functions : identified functions must be exercised.
Output : identified classes of application outputs must be exercised.

Systems/Procedures: interfacing systems or procedures must be invoked.

Organization and preparation of functional tests is focused on requirements, key functions, or
special test cases.

In addition, systematic coverage pertaining to identify Business process flows; data

fields, predefined processes, and successive processes must be considered for testing. Before
functional testing is complete, additional tests are identified and the effective value of current
tests is determined.

7.2.4 System Testing:

System testing ensures that the entire integrated software system meets requirements. It
tests a configuration to ensure known and predictable results. An example of system testing is the
configuration oriented system integration test.

System testing is based on process descriptions and flows, emphasizing pre-driven

process links and integration points.

49
7.2.5 White Box Testing :

White Box Testing is a testing in which in which the software tester has knowledge of the
inner workings, structure and language of the software, or at least its purpose. It is purpose. It is
used to test areas that cannot be reached from a black box level.

7.2.6 Black Box Testing:

Black Box Testing is testing the software without any knowledge of the inner workings,
structure or language of the module being tested. Black box tests, as most other kinds of tests,
must be written from a definitive source document, such as specification or requirements
document, such as specification or requirements document. It is a testing in which the software
under test is treated, as a black box .you cannot ―see‖ into it. The test provides inputs and
responds to outputs without considering how the software works.

7.2.7 Unit Testing:

Unit testing is usually conducted as part of a combined code and unit test phase of the
software lifecycle, although it is not uncommon for coding and unit testing to be conducted as
two distinct phases.
Test strategy and approach
Field testing will be performed manually and functional tests will be written in detail.
Test objectives
 All field entries must work properly.
 Pages must be activated from the identified link.
 The entry screen, messages and responses must not be delayed.
Features to be tested
 Verify that the entries are of the correct format
 No duplicate entries should be allowed
 All links should take the user to the correct page.

50
 7.2.8 Integration Testing:

Software integration testing is the incremental integration testing of two or more

integrated software components on a single platform to produce failures caused by interface
defects.
The task of the integration test is to check that components or software applications, e.g.
components in a software system or – one step up – software applications at the company level –
interact without error.
Test Results: All the test cases mentioned above passed successfully. No defects encountered.

7.2.9 Acceptance Testing:

User Acceptance Testing is a critical phase of any project and requires significant
participation by the end user. It also ensures that the system meets the functional requirements.
Test Results: All the test cases mentioned above passed successfully. No defects encountered.
C
o T
m es
Tes Pr Steps Pa m t
t io Input to be ss/ e ca Pri
cas Test rit Precon test execut Expecte Actual fai nt se Test orit
e id cases y ditions data ed d results results l s id cases y
1)Enter
input(c
orrect
)userna
me and
passwo
rd on
the User
Test if correct respect must Test if
user is User userna ive successf (note user is
able to must be me,corr fields ully down the able to
login register ect 2)click login to results login
success ed passwo submit/ the web you have succes
1 fully. A already rd login page observed) 1 sfully. A
Test if incorre 1)Enter Proper (note Test if
2 unregis A ct input(i error down the 2 unregi A

51
 tered userna ncorrec must be results stered
users is me,inco t displaye you have users
not rrect )userna d and observed) is not
able to passwo me and prompt able to
login to rd passwo to enter login
the site rd on login to the
the again site
respect
ive
fields
2)click
submit/
login
1)enter Test
Test the with
with valid valid
valid userna userna
userna me in me
me the and
and user id Proper empty
empty and error passw
passwo enter must be ord
rd such valid no displaye such
that User userna passwo d and (note that
login must be me and rd in prompt down the login
must register empty the to enter results must
get ed passwo passwo login you have get
3 failed B already rd rd field again observed) 3 failed B
1)leave
the Test
Test userna with
with me empty
empty empty userna
userna in the me
me user id and
and and Proper valid
valid enter a error passw
passwo valid must be ord
rd such empty user's displaye such
that register userna passwo d and (note that
login ed me and rd in prompt down the login
must user's valid the to enter results must
get passwo passwo passwo login you have get
4 failed B rd rd rd field again observed) 4 failed B
Test 1)Enter Proper Test
5 with A - - nothing error 5 with A

52
 empty in the must be empty
userna mail id displaye userna
me and and d and me
empty passwo prompt and
passwo rd field to enter empty
rd and 2)click login passw
check submit again ord
if login button and
fails check
if
login
fails
The Check
passwor of the
Check d field passw
of the should ord is
passwo display maske
rd is the d on
masked character the
on the s in screen
screen 1) asterisks i.e.,
i.e., some Enter or bullets passw
passwo passwo the such that ord
rd must rd(can passwo the must
be in be a rd field passwor be in
bullets register with d is not bullets
or ed/unre some visible or
asterisk gistered charact on the asteris
6 s B ) ers screen 6 ks B
register 1)Enter
ed the
user's case
passwo change
rd d
which userna
is me
original /passw
Check ly in ord in Check
if the lower the if the
login case case respect Login login
functio change change ive must fail functi
n d to d field saying on
handles upper userna and incorrect handle
case case or me 2)click usernam s case
sensitiv vice /passwo login e/passwo sensiti
7 ity B versa rd button rd 7 vity B

53
 After
loggin
1)Enter g in
userna try to
After me and copy/c
logging passwo ut the
in try rd in passw
to the ord
copy/c respect and
ut the ive paste
passwo fields. it on
rd and Copy anothe
paste it the r
on passwo screen
another rd (pass
screen( field's passwor words
passwo content d are
rds are (which shouldn’ usuall
usually is in t get y in *
in * Registe *s) pasted / such
such red 3)paste passwor that its
that its user's the d should not
not login id content not be visible
visible and on visible on the
on the passwo another on the screen
8 screen) B rd screen screen 8 ) B
Account
1)Try should
to be
login locked
with a and
register access
ed user should
Registe name be
red and granted
user's incorre only
login id ct after
and passwo gettting
incorre rd for certain Verify
Verify ct more assuranc accou
account passwo than 3 e from nt
9 lock B rd times the user 9 lock B

54
 CHAPTER-8
EXPERIMENT RESULTS

Figure 8.1 Home page

Figure 8.2 Cloud Authentication

55
Figure 8.3 Cloud Home Page

Figure 8.4 Encryption module

56
 CHAPTER-9
CONCLUSION

9.1 CONCLUSION:

In order to allow a cloud server to search on encrypted data without learning the
underlying plaintexts in the public key setting, Boneh [7] proposed a cryptographic primitive
called public-key encryption with keyword search (PEKS). Since then, considering different
requirements in practice, e.g., communication overhead, searching criteria and security
enhancement, various kinds of searchable encryption systems have been put forth. However,
there exist only a few public-key searchable encryption systems that support expressive keyword
search policies, and they are all built from the inefficient composite-order groups [9]. In this
paper, we focused on the design and analysis of public-key searchable encryption systems in the
prime-order groups that can be used to search multiple keywords in expressive searching
formulas. Based on a large universe key-policy attribute-based encryption scheme given in [12],
we presented an expressive searchable encryption system in the prime order group which
supports expressive access structures expressed in any monotonic Boolean formulas. Also, we
proved its security in the standard model, and analyzed its efficiency using computer simulations

57
 CHAPTER-10
REFERENCES

References for the Project Development were take n from the following
Books and Web Sites .
[1] O. Goldreich and R. Ostrovsky, ―Software protection and simulation on oblivious rams,‖ J.
ACM, vol. 43, no. 3, pp. 431–473, 1996.
[2] D. X. Song, D. Wagner, and A. Perrig, ―Practical techniques for searches on encrypted data,‖
in 2000 IEEE Symposium on Security mn and Privacy, Berkeley, California, USA, May 14-17,
2000. IEEE Computer Society, 2000, pp. 44–55.
[3] E. Goh, ―Secure indexes,‖ IACR Cryptology ePrint Archive, vol. 2003, p. 216, 2003.
[4] C. Cachin, S. Micali, and M. Stadler, ―Computationally private information retrieval with
polylogarithmic communication,‖ in Advances in Cryptology - EUROCRYPT ’99, International
Conference on the Theory and Application of Cryptographic Techniques, Prague, Czech
Republic, May 2-6, 1999, Proceeding, ser. Lecture Notes in Computer Science, vol. 1592.
Springer, 1999, pp. 402–414.
[5] G. D. Crescenzo, T. Malkin, and R. Ostrovsky, ―Single database private information retrieval
implies oblivious transfer,‖ in Advances in Cryptology - EUROCRYPT 2000, International
Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May
14-18, 2000, Proceeding, ser. Lecture Notes in Computer Science, vol. 1807. Springer, 2000, pp.
122–138.
[6] W. Ogata and K. Kurosawa, ―Oblivious keyword search,‖ J. Complexity, vol. 20, no. 2-3, pp.
356–371, 2004.
[7] D. Boneh, G. D. Crescenzo, R. Ostrovsky, and G. Persiano, ―Public key encryption with
keyword search,‖ in Advances in Cryptology - EUROCRYPT 2004, International Conference on
the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, May 2-6,
2004, Proceedings, ser. Lecture Notes in Computer Science, vol. 3027. Springer, 2004, pp. 506–
522.

58
[8] J. Lai, X. Zhou, R. H. Deng, Y. Li, and K. Chen, ―Expressive search on encrypted data,‖ in
8th ACM Symposium on Information, Computer and Communications Security, ASIA CCS ’13,
Hangzhou, China - May 08 - 10, 2013. ACM, 2013, pp. 243–252.
[9] P. Golle, J. Staddon, and B. R. Waters, ―Secure conjunctive keyword search over encrypted
data,‖ in Applied Cryptography and Network Security, Second International Conference, ACNS
2004, Yellow Mountain, China, June 8-11, 2004, Proceedings, ser. Lecture Notes in Computer
Science, vol. 3089. Springer, 2004, pp. 31–45.
[10] D. J. Park, K. Kim, and P. J. Lee, ―Public key encryption with conjunctive field keyword
search,‖ in Information Security Applications, 5th International Workshop, WISA 2004, Jeju
Island, Korea, August 23- 25, 2004, Revised Selected Papers, ser. Lecture Notes in Computer
Science, vol. 3325. Springer, 2004, pp. 73–86.
[11] Y. H. Hwang and P. J. Lee, ―Public key encryption with conjunctive keyword search and its
extension to a multi-user system,‖ in Pairing-Based Cryptography - Pairing 2007, First
International Conference, Tokyo, Japan, July 2-4, 2007, Proceedings, ser. Lecture Notes in
Computer Science, vol. 4575. Springer, 2007, pp. 2–22.
[12] B. Zhang and F. Zhang, ―An efficient public key encryption with conjunctive-subset
keywords search,‖ J. Network and Computer Applications, vol. 34, no. 1, pp. 262–267, 2011.7

59