A PROXY RE-ENCRYPTION APPROACH TO SECURE DATA SHARING IN THE INTERNET OF THINGS BASED ON BLOCKCHAIN

-Nowadays, large amounts of data are stored with cloud service providers. Third-party auditors (TPAs), with the help of cryptography, are often used to verify this data. Cloud Data Auditing Techniques with a Focus on Privacy and Security. It aims to provide a resource based on-demand. It avoids online usage burden of accessing data through internet. Cloud storage supports to maintain data securely in cloud. Cloud is interconnected with group of computers, which is used to store information and run their applications in cloud platform. Through cloud computing, we can access any file, document of user from anywhere in the world. Mainly, cloud can be used for cost savings, high scalability and large storage space. But a major issue in cloud computing is security.

meet manageability and scalability requirements of the applications, PaaS providers offer a predefined combination of OS and application servers, such as LAMP platform (Linux, Apache, MySql and PHP), restricted J2EE, Ruby etc. Google"s App Engine, Force.com,etc are some of the popular PaaS examples.

Infrastructure as a Service (Iaas):
IaaS provides basic storage and computing capabilities as standardized services over the network.Servers, storage systems, networking equipment, data centre space etc. are pooled and made available to handle workloads.The customer would typically deploy his own software on the infrastructure.Some common examples are Amazon, GoGrid, 3 Tera, etc.

Understanding Public and Private Clouds
Enterprises can choose to deploy applications on Public, Private or Hybrid clouds.Cloud Integrators can play a vital part in determining the right cloud path for each organization.

Public Cloud
Public clouds are owned and operated by third parties; they deliver superior economies of scale to customers, as the infrastructure costs are spread among a mix of users, giving each individual client an attractive low-cost, "Pay-as-you-go" model.All customers share the same infrastructure pool with limited configuration, security protections, and availability variances.These are managed and supported by the cloud provider.One of the advantages of a Public cloud is that they may be larger than an enterprises cloud, thus providing the ability to scale seamlessly, on demand.

Private Cloud
Private clouds are built exclusively for a single enterprise.They aim to address concerns on data security and offer greater control, which is typically lacking in a public cloud.There are two variations to a private cloud: On-premise Private Cloud: On-premise private clouds, also known as internal clouds are hosted within one"s own data center.This model provides a more standardized process and protection, but is limited in aspects of size and scalability.IT departments would also need to incur the capital and operational costs for the physical resources.This is best suited for applications which require complete control and configurability of the infrastructure and security.-

Externally hosted Private Cloud:
This type of private cloud is hosted externally with a cloud provider, where the provider facilitates an exclusive cloud environment with full guarantee of privacy.This is best suited for enterprises that don't prefer a public cloud due to sharing of physical resources.

Hybrid Cloud
Hybrid Clouds combine both public and private cloud models.With a Hybrid Cloud, service providers can utilize 3rd party Cloud Providers in a full or partial manner thus increasing the flexibility of computing.The Hybrid cloud environment is capable of providing on-demand, externally provisioned scale.The ability to augment a private cloud with the resources of a public cloud can be used to manage any unexpected surges in workload.

Cloud Computing Benefits
Enterprises would need to align their applications, so as to exploit the architecture models that Cloud Computing offers.Some of the typical benefits are listed below: 1. Reduced Cost There are a number of reasons to attribute Cloud technology with lower costs.The billing model is pay as per usage; the infrastructure is not purchased thus lowering maintenance.Initial expense and recurring expenses are much lower than traditional computing.

Increased Storage
With the massive Infrastructure that is offered by Cloud providers today, storage & maintenance of large volumes of data is a reality.Sudden workload spikes are also managed effectively & efficiently, since the cloud can scale dynamically.

Flexibility
This is an extremely important characteristic.With enterprises having to adapt, even more rapidly, to changing business conditions, speed to deliver is critical.Cloud computing stresses on getting applications to market very quickly, by using the most appropriate building blocks necessary for deployment.

Cloud Computing Challenges:
Despite its growing influence, concerns regarding cloud computing still remain.In our opinion, the benefits outweigh the drawbacks and the model is worth exploring.Some common challenges are:

Data Protection
Data Security is a crucial element that warrants scrutiny.Enterprises are reluctant to buy an assurance of business data security from vendors.They fear losing data to competition and the data confidentiality of consumers.In many instances, the actual storage location is not disclosed, adding onto the security concerns of enterprises.In the existing models, firewalls across data centers (owned by enterprises) protect this sensitive information.In the cloud model, Service providers are responsible for maintaining data security and enterprises would have to rely on them

Data Recovery and Availability
All business applications have Service level agreements that are stringently followed.Operational teams play a key role in management of service level agreements and runtime governance of applications.In production environments, operational teams support appropriate clustering and Fail over Data Replication System monitoring (Transactions monitoring, logs monitoring and others) Maintenance (Runtime Governance) Disaster recovery Capacity and performance management if, any of the abovementioned services is under-served by a cloud provider, the damage & impact could be severe.

Management Capabilities
Despite there being multiple cloud providers, the management of platform and infrastructure is still in its infancy.Features like "Auto-scaling" for example, are a crucial requirement for many enterprises.There is huge potential to improve on the scalability and load balancing features provided today.

Regulatory and Compliance Restrictions
In some of the European countries, Government regulations do not allow customer's personal information and other sensitive information to be physically located outside the state or country.In order to meet such requirements, cloud providers need to setup a data center or a storage site exclusively within the country to comply with regulations.Having such an infrastructure may not always be feasible and is a big challenge for cloud providers.

EXISTING SYSTEM
While Cloud Computing makes these advantages more appealing than ever, it also brings new and challenging security threats towards users' outsourced data.Since cloud service providers (CSP) are separate administrative entities, data outsourcing is actually relinquishing user's ultimate control over the fate of their data.As a result, the correctness of the data in the cloud is being put at risk due to the following reasons.Although the infrastructures under the cloud are much more powerful and reliable than personal computing devices, they are still facing the broad range of both internal and external threats for data integrity.There do exist various motivations for CSP to behave unfaithfully towards the cloud users regarding their outsourced data status.For examples, CSP might reclaim storage for monetary reasons by discarding data that has not been or is rarely accessed, or even hide data loss incidents to maintain a reputation.In short, although outsourcing data to the cloud is economically attractive for long-term large-scale storage, it does not immediately offer any guarantee on data integrity and availability.This problem, if not properly addressed, may impede the success of cloud architecture.
As users no longer physically possess the storage of their data, traditional cryptographic primitives for the purpose of data security protection cannot be directly adopted.In particular, simply downloading all the data for its integrity verification is not a practical solution due to the expensiveness in I/O and transmission cost across the network.Besides, it is often insufficient to detect the data corruption only when accessing the data, as it does not give users correctness assurance for those un accessed data and might be too late to recover the data loss or damage.Considering the large size of the outsourced data and the user's constrained resource capability, the tasks of auditing the data correctness in a cloud environment can be formidable and expensive for the cloud users.Moreover, the overhead of using cloud storage should be minimized as much as possible, such that a user does not need to perform too many operations to use the data (in additional to retrieving the data).In particular, users may not want to go through the complexity in verifying the data integrity.Besides, there may be more than one user accesses the same cloud storage, say in an enterprise setting.For easier management, it is desirable that cloud only entertains verification request from a single designated party.

•
Abuse and Nefarious Use of Cloud Computing IaaS providers offer their customers the illusion of unlimited compute, network, and storage capacity often coupled with a 'frictionless' registration process where anyone with a valid credit card can register and immediately begin using cloud services.Some providers even offer free limited trial periods.By abusing the relative anonymity behind these registration and usage models, spammers, malicious code authors, and other criminals have been able to conduct their activities with relative impunity.PaaS providers have traditionally suffered most from this kind of attacks; however, recent evidence shows that hackers have begun to target IaaS vendors as well.Future areas of concern include password and key cracking, DDOS, launching dynamic attack points, hosting malicious data, botnet command and control, building rainbow tables, and CAPTCHA solving farms.

•
Insecure Interfaces and APIs Cloud computing providers expose a set of software interfaces or APIs that customers use to manage and interact with cloud services.Provisioning, management, orchestration, and monitoring are all performed using these interfaces.The security and availability of general cloud services is dependent upon the security of these basic APIs.This introduces the complexity of the new layered API; it also increases risk, as organizations may be required to relinquish their credentials to third parties in order to enable their agency.

•
Malicious Insiders The threat of a malicious insider is well-known to most organizations.This threat is amplified for consumers of cloud services by the convergence of IT services and customers under a single management domain, combined with a general lack of transparency into provider process and procedure

•
Shared Technology Issues IaaS vendors deliver their services in a scalable way by sharing infrastructure.Often, the underlying components that make up this infrastructure were not designed to offer strong isolation properties for a multi-tenant architecture.

•
Data Loss or Leakage There are many ways to compromise data.Deletion or alteration of records without a backup of the original content is an obvious example • Account or Service Hijacking Account or service hijacking is not new.Attack methods such as phishing, fraud, and exploitation of software vulnerabilities still achieve results

•
Unknown Risk Profile .Security by obscurity may be low effort, but it can result in unknown exposures.It may also impair the in-depth analysis required highly controlled or regulated operational areas.

PROPOSED SYSTEM
The proposed system can be summarized as the following three aspects: 1) We motivate the public auditing system of data storage security in Cloud Computing and provide a privacy-preserving auditing protocol, i.e., our scheme supports an external auditor to audit user's outsourced data in the cloud without learning knowledge on the data content.
2) To the best of our knowledge, our scheme is the first to support scalable and efficient public auditing in the Cloud Computing.In particular, our scheme achieves batch auditing where multiple delegated auditing tasks from different users can be performed simultaneously by the TPA.
3) We prove the security and justify the performance of our proposed schemes through concrete experiments and comparisons with the state-of-the-art.


Novel automatic and enforceable logging mechanism in the cloud.


Proposed architecture is platform independent and highly decentralized, in that it does not require any dedicated authentication or storage system in place.


Provide a certain degree of usage control for the protected data after these are delivered to the receiver  The results demonstrate the efficiency, scalability, and granularity of our approach.We also provide a detailed security analysis and discuss the reliability and strength of our architecture.

REQUIREMENT & ANALYSIS
The software requirement specification gives the system specification in which process requirements are presented in an easily understandable way.Thus it contains all the inputs required, processes in the system and outputs produced by the system.Software Requirements Specification plays an important role in creating quality software solutions.Specification is basically a representation process.Requirements are represented in a manner that ultimately leads to successful software implementation.
Requirements may be specified in a variety of ways.However there are some guidelines worth following • Representation format and content should be relevant to the problem.

•
Information contained within the specification should be nested.
Requirement analysis enables the system engineer to specify software function and perform, indicate software's interface with the other system elements, and establish constraints that software must meet.Requirement analysis allows the analyst to refine the software allocation and build models of the data, functional and behavioral domains that will be treated by software.
The first step is to understand the user's requirement within the framework of the organization's objectives and the environment in which the system is installed.Considerations are given to the user to carry on with the work within the organization's specified objectives.
Using swings in java we will develop the proposed system.The proposed application can be implemented by taking minimum of three systems into consideration.The server is implemented in one system TPA is implemented in another system and client can be implemented from n no of systems it can be implemented on any operating system like windows or linux.The client system will store data like files images on to server through TPA.The TPA will store the metadata information of file on TPA where as server will store files as well as metadata data information about the files.Whenever the client asks for the verification of files on cloud the TPA will check for the data integrity on the server.This application demands minimum three systems should be connected within a network.

2) A survey on auditing techniques used for preserving privacy of data stored on cloud:
Providing security to the stored data on the cloud is one of the important challenges in cloud computing.Encrypted data which is stored on the cloud may be viewed or modified by the cloud service provider.To overcome this problem many techniques have been developed but, those cannot guarantee accurately about the security of the stored data.These modifications of the data by the service provider or by others should also be known to the data owner.For such purpose, data tagging technique can be used to audit the data.Auditing is done by using Third Party Auditor (TPA).TPA stores data information of the data owner and challenges to the cloud server, depending upon the data owner request.With the help of such mechanism, TPA can convince both, data owner and cloud server.

3)Auditing in Cloud Computing Solutions with OpenStack:
This presentation will walk through how auditing works in a Cloud environment.We will touch upon things like Cloud Auditing Data standard (CADF), the auditing challenges in a distributed cloud platform like OpenStack and how they are overcome using by CADF.

4)Cloud Security Auditing: Challenges and Emerging Approaches:
IT auditors collect information on an organization's information systems, practices, and operations and critically analyze the information for improvement.One of the primary goals of an IT audit is to determine if the information system and its maintainers are meeting both the legal expectations of protecting customer data and the company standards of achieving financial success against various security threats.These goals are still relevant in the newly emerging cloud computing model of business, but they need customization.There are clear differences between cloud and traditional IT security auditing.In this article, the authors explore potential challenges unique to cloud security auditing; examine additional challenges specific to particular cloud computing domains such as banking, medical, and government sectors; and present emerging cloud-specific security auditing approaches and provide critical analysis.

5)Dynamic-Hash-Table Based Public Auditing for Secure Cloud Storage:
Cloud storage is an increasingly popular application of cloud computing, which can provide on-demand outsourcing data services for both organizations and individuals.However, users may not fully trust the cloud service providers (CSPs) in that it is difficult to determine whether the CSPs meet their legal expectations for data security.Therefore, it is critical to develop efficient auditing techniques to strengthen data owners' trust and confidence in cloud storage.In this paper, we present a novel public auditing scheme for secure cloud storage based on dynamic hash table (DHT), which is a new two-dimensional data structure located at a third parity auditor (TPA) to record the data property information for dynamic auditing.Differing from the existing works, the proposed scheme migrates the authorized information from the CSP to the TPA, and thereby significantly reduces the computational cost and communication overhead.Meanwhile, exploiting the structural advantages of the DHT, our scheme can also achieve higher updating efficiency than the state-of-the-art schemes.In addition, we extend our scheme to support privacy preservation by combining the homomorphic authenticator based on the public key with the random masking generated by the TPA, and achieve batch auditing by employing the aggregate BLS signature technique.We formally prove the security of the proposed scheme, and evaluate the auditing performance by detailed experiments and comparisons with the existing ones.The results demonstrate that the proposed scheme can effectively achieve secure auditing for cloud storage, and outperforms the previous schemes in computation complexity, storage costs and communication overhead.ARCHITECTURE:

MODULES
The system is proposed to have the following modules: The Unified Modelling Language allows the software engineer to express an analysis model using the modelling notation that is governed by a set of syntactic semantic and pragmatic rules.
A UML system is represented using five different views that describe the system from distinctly different perspective.Each view is defined by a set of diagram, which is as follows.
• User Model View • This view represents the system from the user's perspective.
• The analysis representation describes a usage scenario from the end-users perspective.
• Structural model view • In this model the data and functionality are arrived from inside the system.
• This model view models the static structures.
• Behavioral Model View It represents the dynamic of behavioral as parts of the system, depicting the interactions of collection between various structural elements described in the user model and structural model view.

• Implementation Model View
In this the structural and behavioral as parts of the system are represented as they are to be built.

• Environmental Model View
In this the structural and behavioral aspect of the environment in which the system is to be implemented are represented.
UML is specifically constructed through two different domains they are: • UML Analysis modeling, this focuses on the user model and structural model views of the system.
• UML design modeling, which focuses on the behavioral modeling, implementation modeling and environmental model views.
Use case Diagrams represent the functionality of the system from a user's point of view.Use cases are used during requirements elicitation and analysis to represent the functionality of the system.Use cases focus on the behavior of the system from external point of view.Actors are external entities that interact with the system.Examples of actors include users like administrator, bank customer …etc., or another system like central database.

CLASS DIAGRAM AUDITING FOR SECURE DATA STORAGE IN CLOUD
This class diagram contains four classes that are Server, TPA, Client and Database.Server will perform operations like it maintains client details & session information, stores details & files and generate graphs.Client will perform operations like registration, login, upload files, download files, verify documents, add blocks, delete blocks.TPA will perform operations like take file size, divide file into blocks, maintain metadata information, send response and verification message.And this diagram shows the relationship between this classes.

COMPONENT DIAGRAM:
This component diagram contains three components that are Server, TPA, Client and.Server will perform operations like it maintains client details & session information stores details & files and generate graphs.Client will perform operations like registration, login, upload files, download files, verify documents, add blocks, delete blocks.TPA will perform operations like take file size, divide file into blocks, maintain metadata information, send response and verification message.And this diagram shows the actions performed by these components.

ER-DIAGRAMS
This ER-Diagram contains three entities that are Server, TPA, Client and.Server will perform operations like it maintains client details & session information stores details & files and generate graphs.Client will perform operations like registration, login, upload files, download files, verify documents, add blocks, delete blocks.TPA will perform operations like take file size, divide file into blocks, maintain metadata information, send response and verification message.And this diagram shows the relationship between these entities.

SOFTWARE ENVIRONMENT INTRODUCTION
Java is one of the world's most important and widely used computer languages, and it has held this distinction for many years.Unlike some other computer languages whose influence has weared with passage of time, while Java's has grown.

APPLICATION OF JAVA
Java is widely used in every corner of world and of human life.Java is not only used in softwares but is also widely used in designing hardware controlling software components.There are more than 930 million JRE downloads each year and 3 billion mobile phones run java.Following are some other usage of Java: 1.
Developing Desktop Applications 2.
Mobile Operating System like Android 4.
Robotics and games etc.
IJSDR2304323www.ijsdr.orgInternational Journal of Scientific Development and Research (IJSDR) 2092 IJSDR2304323 www.ijsdr.orgInternational Journal of Scientific Development and Research (IJSDR) 2094 USECASE DIAGRAM: This use case diagram contains three actors that are Server, TPA, Client and.Server will perform operations like it maintains client details & session information, stores details & files and generate graphs.Client will perform operations like registration, login, upload files, download files, verify documents, add blocks, delete blocks.TPA will perform operations like take file size, divide file into blocks, maintain metadata information, send response and verification message.And this diagram shows the use cases of each actor and relationship between this actors and use cases.
This activity diagram contains three activities that are Server, TPA, Client and.This diagram shows the flow of control between these activities.

Data Auditing Techniques with a Focus on Privacy and Security:
Nowadays, large amounts of data are stored with cloud service providers.Third-party auditors (TPAs), with the help of cryptography, are often used to verify this data.However, most auditing schemes don't protect cloud user data from TPAs.A review of the state of the art and research in cloud data auditing techniques highlights integrity and privacy challenges, current solutions, and future research directions.
and he can login with his user id and password and he can upload the data to cloud space area BLOCK VERIFICATION MODULE User can check that the uploaded file is modified by any one or not (like server area)