Design and Implementation of a Secure File Storage on the Cloud Using Hybrid Cryptography
Chapter One
AIMS OF THE STUDY
The aims of this study include:
- Creating a functioning web application capable of storing files and encrypting them in a cloud database.
- Test the web application using a cloud service for its hosting and the data storage.
- Deploy the web application and come up with strategies to improve it.
OBJECTIVES OF THE STUDY
The objectives of the study include:
- Examining previous studies in the field of hybrid cryptography and cloud computing.
- Studying in detail he various encryption techniques.
- Figuring out a system that can effectively store, encrypt and decrypt data using the encryption keys.
CHAPTER TWO
REVIEW OF LITERATURE
OVERVIEW OF CLOUD COMPUTING
Cloud computing simply refers to a means of access to applications in form of utilities over the internet. Cloud computing allows for the creation, configuration and the customization of the applications online.
The cloud simply refers to a network or the internet. A cloud is present at remote locations and provides services to clients across borders. The cloud is made to provide services over public and private networks.
Some of the applications that is provided through the use of cloud computing include email services, web conferencing and customer relationship management applications.
Cloud Computing as a concept refers to the manipulation, configuration and the access to hardware and software resources remotely. It offers a online data, storage, infrastructure and application.
Cloud computing offers platform independence, as the software is not required to be installed locally on the PC. Hence, the Cloud Computing is making our business applications mobile and collaborative.
Models for Cloud Computing
- Deployment Models
- Service Models
Deployment models define the type of access to the cloud.. The Cloud can have any of the four types of access: Public, Private, Hybrid, and Community.
- Public Cloud: The public cloud allows systems and services to be easily accessible to the general public. Public cloud may be less secure because of its openness.
- Private Cloud: The private cloud allows systems and services to be accessible within an organization. It is more secured because of its private nature.
- Community Cloud: The community cloud allows systems and services to be accessible by a group of organizations.
- Hybrid Cloud:The hybrid cloud is a mixture of public and private cloud, in which the critical activities are performed using private cloud while the non-critical activities are performed using public cloud.
The Service models are categorized into three basic service models:
- Infrastructure-as-a-Service(IaaS): This is considered the most basic level of service. Each of the service models inherit the security and management mechanism from the underlying model. This is illustrated in the diagram below IaaS provides access to fundamental resources such as physical machines, virtual machines, virtual storage and many other services.
- Platform-as-a-Service(PaaS): PaaS provides the runtime environment for applications, development and deployment tools.
- Software-as-a-Service(SaaS): SaaS model allows users to use software application an services.
- Anything-as-a-Service(XaaS): This is a business model that includes Network-as-a-Service, Business-as-a-Service, Identity-as-a-Service, database-as-a-Service or Strategy-as-a-Service
Benefits of Cloud Computing
Cloud Computing has numerous advantages. Some of them are listed below
- One can access applications as utilities, over the Internet.
- One can manipulate and configure the applications online at any time.
- It does not require to install a software to access or manipulate cloud application.
- Cloud Computing offers online development and deployment tools, programming runtime environment through PaaS model.
- Cloud resources are available over the network in a manner that provide platform independent access to any type of clients.
- Cloud Computing offers on-demand self-service. The resources can be used without interaction with cloud service provider.
- Cloud Computing is highly cost effective because it operates at high efficiency with optimum utilization. It just requires an Internet connection
- Cloud Computing offers load balancing that makes it more reliable.
Risks related to Cloud Computing
Although cloud Computing is a promising innovation with various benefits in the world of computing, it comes with risks. Some of them are discussed below:
Security and Privacy
It is the biggest concern about cloud computing. Since data management and infrastructure management in cloud is provided by third-party, it is always a risk to handover the sensitive information to cloud service providers. Although the cloud computing vendors ensure highly secured password protected accounts, any sign of security breach may result in loss of customers and businesses.
CHAPTER THREE
METHODOLOGY
This chapter reviews how the existing system works as well as how to produce a better alternative for its improvement. The relationship among actors, entities, platform and information flows within the organization is very important. In a nutshell, system investigation and analysis studies an existing system with the view of improving on it or developing an entirely new system to replace the existing one. The major task here is to design a new system using tested and trusted development methods that is as efficient and probably more efficient than the existing one. The software development model is the Waterfall model.
FACTS FINDING
Fact finding is an approach taken to acquire data about a specific or subject with the aim of analyzing and synthesizing the analyzed data to come up with a better system. Fact finding for this study was done by examining related publications, research work, journals and books.
ANALYSIS OF THE EXISTING SYSTEM(S)
In this section, thorough studying and analysis of the gathered data and fact were done on the existing system.
The typical process of a personalized file storage system generally follows the processes of:
- Registration
- Log In
- Select file to upload and store
- Retrieving files
- Exit
SYSTEM DESIGN
The system as extensively described in previous chapters seeks to use the standard software development models which in this case is the Waterfall model, to create a standardized secure file storage system. To achieve this goal above, we:
- Ensure that user details are kept secure.
- Ensure proper maintenance of the database.
- Ensure only admins are granted admin a privilege access to affect the database tables.
CHAPTER FOUR
IMPLEMENTATION AND RESULTS
INTRODUCTION
This chapter discusses the deployment and testing of the phishing detection system after the design and development. The Hardware and Software Requirements as well as Development tools are identified in this chapter.
PROGRAMMING LANGUAGE SELECTION
The programming languages used in this project include PHP, CSS, HTML and JavaScript. PHP was chosen as the server scripting language due to its reputation as a secure framework. It also has ease of use as all its functions are executed on the server. PHP was also considered based on its friendliness with databases. It is database driven.
CHAPTER FIVE
SUMMARY, CONCLUSION AND RECOMMENDATION
SUMMARY
A secure file storage system was developed in this project. The system was able to register users and store their information and enabling login to store various forms of file formats on the platform. This and all with the use of the cloud computing concept and hybrid cryptography.
This project also explored the basic and the more complex encryption techniques, the hybrid techniques proposed by earlier students of the field and the potential for improvement.
CONCLUSION
In conclusion, the file storage system development is providing a way to have a good user experience, effectively and reduce the cost, slow nature and labour of the traditional methods. However, we have been able to increase the level of trust among internet users due to the cryptography aspects of the platform.
RECOMMENDATION
For future works, improvements can be made in terms of user identification and verification. Data security, data retrieval and fraud detection and reporting should be a vital consideration in development of any further web based cryptographic systems.
REFERENCES
- Rivest, Ronald L.(1990). “Cryptography”. In J. Van Leeuwen (ed.). Handbook of Theoretical Computer Science. 1. Elsevier.
- Bellare, Mihir; Rogaway, Phillip (21 September 2005). “Introduction”. Introduction to Modern Cryptography. p. 10.
- Menezes, A.J.; van Oorschot, P.C.; Vanstone, S.A. (1997). Handbook of Applied Cryptography. ISBN978-0-8493-8523-0.
- Biggs, Norman (2008). Codes: An introduction to Information Communication and Cryptography. Springer. p. 171.
- Schneier, Bruce(15 June 2000). “The Data Encryption Standard (DES)”. CryptoGram.
- Cramer R, Shoup V (2002) Universal hash proofs and a paradigm for chosen ciphertext secure public key encryption. EuroCrypt’02, LNCS vol 2332. Springer, Berlin, pp 45–64