Attribute-Based Encryption With Verifiable Outsourced Decryption

Attribute-Based Encryption With Verifiable Outsourced Decryption

Attribute-Based Encryption With Verifiable Outsourced Decryption

ABSTRACT:

Attribute-based encryption (ABE) is a public-keybased one-to-many encryption that allows users to encrypt and decrypt data based on user attributes. A promising application of ABE is flexible access control of encrypted data stored in the cloud, using access polices and ascribed attributes associated with private keys and ciphertexts.One of themain efficiency drawbacks of the existing ABE schemes is that decryption involves expensive pairing operations and the number of such operations grows with the complexity of the access policy. Recently, Green et al. proposed an ABE system with outsourced decryption that largely eliminates the decryption overhead for users. In such a system, a user provides an untrusted server, say a cloud service provider, with a transformation key that allows the cloud to translate any ABE ciphertext satisfied by that user’s attributes or access policy into a simple ciphertext, and it only incurs a small computational overhead for the user to recover the plaintext from the transformed ciphertext. Security of an ABE system with outsourced decryption ensures that an adversary (including a malicious cloud) will not be able to learn anything about the encrypted message; however, it does not guarantee the correctness of the transformation done by the cloud. In this paper, we consider a new requirement of ABE with outsourced decryption: verifiability. Informally, verifiability guarantees that a user can efficiently check if the transformation is done correctly. We give the formal model of ABE with verifiable outsourced decryption and propose a concrete scheme. We prove that our new scheme is both secure and verifiable, without relying on random oracles. Finally, we show an implementation of our scheme and result of performance measurements, which indicates a significant reduction on computing resources imposed on users.

PROJECT OUTPUT VIDEO: (Click the below link to see the project output video):

EXISTING SYSTEM:

Green et al. proposed an ABE system with outsourced decryption that largely eliminates the decryption overhead for users. In such a system, a user provides an untrusted server, say a cloud service provider, with a transformation key that allows the cloud to translate any ABE ciphertext satisfied by that user’s attributes or access policy into a simple ciphertext, and it only incurs a small computational overhead for the user to recover the plaintext from the transformed ciphertext.

DISADVANTAGES OF EXISTING SYSTEM:

One of the main efficiency drawbacks of the most existing ABE schemes is that decryption is expensive for resource-limited devices due to pairing operations, and the number of pairing operations required to decrypt a ciphertext grows with the complexity of the access policy. At the cost of security, only proven in a weak model (i.e., selective security), there exist several expressive ABE schemes where the decryption algorithm only requires a constant number of pairing computations.

PROPOSED SYSTEM:

In this paper, we first modify the original model of ABE with outsourced decryption in existing system to allow for verifiability of the transformations. After describing the formal definition of verifiability, we propose a new ABE model and based on this new model construct a concrete ABE scheme with verifiable outsourced decryption. Our scheme does not rely on random oracles.

 

ADVANTAGES OF PROPOSED SYSTEM:

üProposed scheme does not rely on random oracles

 

üThe scheme substantially reduced the computation time required for resource-limited devices to recover plaintexts.

 

SYSTEM ARCHITECTURE:

 ALGORITHMS USED:

üSetup

üKeyGen

üEncrypt

üDecrypt

üGenTK

üTransform

üDecrypt out

 

SYSTEM CONFIGURATION:-

HARDWARE CONFIGURATION:-

 

üProcessor                     Pentium –IV

üSpeed                                     1.1 Ghz

üRAM                            256 MB(min)

üHard Disk                    20 GB

üKey Board                    Standard Windows Keyboard

üMouse                          Two or Three Button Mouse

üMonitor                        SVGA

SOFTWARE CONFIGURATION:-

 

üOperating System                    : Windows XP

üProgramming Language           : JAVA/J2EE.

üJava Version                           : JDK 1.6 & above.

üDatabase                                 : MYSQL

 

REFERENCE:

Junzuo Lai, Robert H. Deng, Chaowen Guan, and Jian Weng, “Attribute-Based Encryption With Verifiable Outsourced Decryption”, IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 8, NO. 8, AUGUST 2013.

Incentive Compatible Privacy-Preserving Data Analysis

Incentive Compatible Privacy-Preserving Data Analysis

 

ABSTRACT:

In many cases, competing parties who have private data may collaboratively conduct privacy-preserving distributed data analysis (PPDA) tasks to learn beneficial data models or analysis results. Most often, the competing parties have different incentives. Although certain PPDA techniques guarantee that nothing other than the final analysis result is revealed, it is impossible to verify whether participating parties are truthful about their private input data. Unless proper incentives are set, current PPDA techniques cannot prevent participating parties from modifying their private inputs. This raises the question of how to design incentive compatible privacy-preserving data analysis techniques that motivate participating parties to provide truthful inputs. In this paper, we first develop key theorems, then base on these theorems, we analyze certain important privacy-preserving data analysis tasks that could be conducted in a way that telling the truth is the best choice for any participating party.

PROJECT OUTPUT VIDEO: (Click the below link to see the project output video):

EXISTING SYSTEM:

PRIVACY and security, particularly maintaining confidentiality of data, have become a challenging issue with advances in information and communication technology. The ability to communicate and share data has many benefits, and the idea of an omniscient data source carries great value to research and building accurate data analysis models. For example, for credit card companies to build more comprehensive and accurate fraud detection system, credit card transaction data from various companies may be needed to generate better data analysis models.

DISADVANTAGES OF EXISTING SYSTEM:

To our knowledge, all the existing techniques assume that each participating party use its true data during the distributed data mining protocol execution.

PROPOSED SYSTEM:

In this paper, we analyze what types of distributed functionalities could be implemented in an incentive compatible fashion. In other words, we explore which functionalities can be implemented in a way that participating parties have the incentive to provide their true private inputs upon engaging in the corresponding SMC protocols.

In this paper, we assume that the number of malicious or dishonest participating parties can be at most n _ 1, where n is the number of parties. This assumption is very general since most existing works in the area of privacy-preserving data analysis assume either all participating parties are honest (or semi-honest) or the majority of participating parties are honest. Thus, we extend the non-cooperative computation definitions to incorporate cases where there are multiple dishonest parties. In addition, we show that from incentive compatibility point of view, most data analysis tasks need to be analyzed only for two party cases.

ADVANTAGES OF PROPOSED SYSTEM:

Privacy preserving data analysis tasks

SYSTEM CONFIGURATION:-

HARDWARE CONFIGURATION:-

 

üProcessor                     Pentium –IV

üSpeed                                     1.1 Ghz

üRAM                            256 MB(min)

üHard Disk                    20 GB

üKey Board                    Standard Windows Keyboard

üMouse                          Two or Three Button Mouse

üMonitor                        SVGA

SOFTWARE CONFIGURATION:-

 

üOperating System                    : Windows XP

üProgramming Language           : JAVA/J2EE.

üJava Version                           : JDK 1.6 & above.

üDatabase                                 : MYSQL

 

REFERENCE:

Murat Kantarcioglu and Wei Jiang, “Incentive Compatible Privacy-Preserving

Data Analysis”, IEEE TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING, VOL. 25, NO. 6, JUNE 2013.

Multiparty Access Control for Online Social Networks: Model and Mechanisms

Multiparty Access Control for Online Social Networks: Model and Mechanisms

Multiparty Access Control for Online Social Networks: Model and Mechanisms

ABSTRACT:

Online social networks (OSNs) have experienced tremendous growth in recent years and become a de facto portal for hundreds of millions of Internet users. These OSNs offer attractive means for digital social interactions and information sharing, but also raise a number of security and privacy issues. While OSNs allow users to restrict access to shared data, they currently do not provide any mechanism to enforce privacy concerns over data associated with multiple users. To this end, we propose an approach to enable the protection of shared data associated with multiple users in OSNs. We formulate an access control model to capture the essence of multiparty authorization requirements, along with a multiparty policy specification scheme and a policy enforcement mechanism. Besides, we present a logical representation of our access control model that allows us to leverage the features of existing logic solvers to perform various analysis tasks on our model. We also discuss a proof-of-concept prototype of our approach as part of an application in Facebook and provide usability study and system evaluation of our method.

PROJECT OUTPUT VIDEO: (Click the below link to see the project output video):

EXISTING SYSTEM:

The existing work could model and analyze access control requirements with respect to collaborative authorization management of shared data in OSNs. The need of joint management for data sharing, especially photo sharing, in OSNs has been recognized by the recent work provided a solution for collective privacy management in OSNs. Their work considered access control policies of a content that is co-owned by multiple users in an OSN, such that each co-owner may separately specify her/his own privacy preference for the shared content.

 

DISADVANTAGES OF EXISTING SYSTEM:

Although OSNs currently provide simple access control mechanisms allowing users to govern access to information contained in their own spaces, users, unfortunately, have no control over data residing outside their spaces. For instance, if a user posts a comment in a friend’s space, she/he cannot specify which users can view the comment.

PROPOSED SYSTEM:

In this paper, we pursue a systematic solution to facilitate collaborative management of shared data in OSNs. We begin by examining how the lack of multiparty access control (MPAC) for data sharing in OSNs can undermine the protection of user data. Some typical data sharing patterns with respect to multiparty authorization in OSNs are also identified. Based on these sharing patterns, an MPAC model is formulated to capture the core features of multiparty authorization requirements that have not been accommodated so far by existing access control systems and models for OSNs

 

ADVANTAGES OF PROPOSED SYSTEM:

Regulate access over shared data, representing authorization requirements from multiple associated users.

A proof-of-concept implementation of our solution called MController has been discussed as well, followed by the usability study and system evaluation of our method. Indeed, a flexible access control mechanism in a multi-user environment like OSNs should allow multiple controllers, who are associated with the shared data, to specify access control policies. As we identified previously in the sharing patterns in addition to the owner of data, other controllers, including the contributor, stakeholder and disseminator of data, need to regulate the access of the shared data as well. In our multiparty access control system, a group of users could collude with one another so as to manipulate the final access control decision.

SYSTEM ARCHITECTURE:

MODULES:

After careful analysis the system has been identified to have the following modules:

 

1.     Owner Module

2.     Contributor Module

3.     Stakeholder Module

4.     Disseminator Module

5.     MPAC Module

 

MODULES DESCRIPTION:

 

1. Owner Module:

In Owner module let d  be a data item in the space m of a user u in the social network. The user u is called the owner of d. The user u is called the contributor of d. We specifically analyze three scenarios—profile sharing, relationship sharing and content sharing—to understand the risks posted by the lack of collaborative control in OSNs. In this the owner and the disseminator can specify access control policies to restrict the sharing of profile attributes. Thus, it enables the owner to discover potential malicious activities in collaborative control. The detection of collusion behaviors in collaborative systems has been addressed by the recent work.

 

2. Contributor Module:

In Contributor module let d be a data item published by a user u in someone else’s space in the social network. The contributor publishes content to other’s space and the content may also have multiple stakeholders (e.g., tagged users). The memory space for the user will be allotted according to user request for content sharing. A shared content is published by a contributor

 

3. Stakeholder Module:

In Stakeholder module let d be a data item in the space of a user in the social network. Let T be the set of tagged users associated with d. A user u is called a stakeholder of d, if u 2 T who has a relationship with another user called stakeholder, shares the relationship with an accessor. In this scenario, authorization requirements from both the owner and the stakeholder should be considered. Otherwise, the stakeholder’s privacy concern may be violated. A shared content has multiple stakeholders.

 

4. Disseminator Module:

In Disseminator module let d be a data item shared by a user u from someone else’s space to his/her space in the social network. The user u is called a disseminator of d. A content sharing pattern where the sharing starts with an originator (owner or contributor who uploads the content) publishing the content, and then a disseminator views and shares the content. All access control policies defined by associated users should be enforced to regulate access of the content in disseminator’s space. For a more complicated case, the disseminated content may be further re-disseminated by disseminator’s friends, where effective access control mechanisms should be applied in each procedure to regulate sharing behaviors. Especially, regardless of how many steps the content has been re-disseminated, the original access control policies should be always enforced to protect further dissemination of the content.

 

 

5. MPAC Module:

MPAC is used to prove if our proposed access control model is valid. To enable a collaborative authorization management of data sharing in OSNs, it is essential for multiparty access control policies to be in place to regulate access over shared data, representing authorization requirements from multiple associated users. Our policy specification scheme is built upon the proposed MPAC model. Accessor Specification: Accessors are a set of users who are granted to access the shared data. Accessors can be represented with a set of user names, asset of relationship names or a set of group names in OSNs.

SYSTEM CONFIGURATION:-

HARDWARE CONFIGURATION:-

 

üProcessor                     Pentium –IV

üSpeed                                     1.1 Ghz

üRAM                            256 MB(min)

üHard Disk                    20 GB

üKey Board                    Standard Windows Keyboard

üMouse                          Two or Three Button Mouse

üMonitor                        SVGA

SOFTWARE CONFIGURATION:-

 

üOperating System                    : Windows XP

üProgramming Language           : JAVA/J2EE.

üJava Version                           : JDK 1.6 & above.

üDatabase                                 : MYSQL

 

REFERENCE:

Hongxin Hu, Member, IEEE, Gail-Joon Ahn, Senior Member, IEEE, and Jan Jorgensen, “Multiparty Access Control for Online Social Networks: Model and Mechanisms”, IEEE TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING, VOL. 25, NO. 7, JULY 2013

A System for Denial-of-Service Attack Detection Based on Multivariate Correlation Analysis

A System for Denial-of-Service Attack Detection Based on Multivariate Correlation Analysis

ABSTRACT:

Interconnected systems, such as Web servers, database servers, cloud computing servers etc, are now under threads from network attackers. As one of most common and aggressive means, Denial-of-Service (DoS) attacks cause serious impact on these computing systems. In this paper, we present a DoS attack detection system that uses Multivariate Correlation Analysis (MCA) for accurate network traffic characterization by extracting the geometrical correlations between network traffic features. Our MCA-based DoS attack detection system employs the principle of anomaly-based detection in attack recognition. This makes our solution capable of detecting known and unknown DoS attacks effectively by learning the patterns of legitimate network traffic only. Furthermore, a triangle-area-based technique is proposed to enhance and to speed up the process of MCA. The effectiveness of our proposed detection system is evaluated using KDD Cup 99 dataset, and the influences of both non-normalized data and normalized data on the performance of the proposed detection system are examined. The results show that our system outperforms two other previously developed state-of-the-art approaches in terms of detection accuracy.

PROJECT OUTPUT VIDEO: (Click the below link to see the project output video):

EXISTING SYSTEM:

Generally, network-based detection systems can be classified into two main categories, namely misusebased detection systems and anomaly-based detection systems. Misuse-based detection systems detect attacks by monitoring network activities and looking for matches with the existing attack signatures. In spite of having high detection rates to known attacks and low false positive rates, misuse-based detection systems are easily evaded by any new attacks and even variants of the existing attacks. Furthermore, it is a complicated and labor intensive task to keep signature database updated because signature generation is a manual process and heavily involves network security expertise.

DISADVANTAGES OF EXISTING SYSTEM:

·        Most existing IDS are optimized to detect attacks with high accuracy. However, they still have various disadvantages that have been outlined in a number of publications and a lot of work has been done to analyze IDS in order to direct future research.

 

·        Besides others, one drawback is the large amount of alerts produced.

 

PROPOSED SYSTEM:

In this paper, we present a DoS attack detection system that uses Multivariate Correlation Analysis (MCA) for accurate network traffic characterization by extracting the geometrical correlations between network traffic features. Our MCA-based DoS attack detection system employs the principle of anomaly-based detection in attack recognition.

The DoS attack detection system presented in this paper employs the principles of MCA and anomaly-based detection. They equip our detection system with capabilities of accurate characterization for traffic behaviors and detection of known and unknown attacks respectively. A triangle area technique is developed to enhance and to speed up the process of MCA. A statistical normalization technique is used to eliminate the bias from the raw data.

ADVANTAGES OF PROPOSED SYSTEM:

üMore detection accuracy

üLess false alarm

üAccurate characterization for traffic behaviors and detection of known and unknown attacks respectively

 

SYSTEM ARCHITECTURE:

SYSTEM CONFIGURATION:-

H/W SYSTEM CONFIGURATION:-

 

üProcessor             -Pentium –III

üSpeed                                 1.1 Ghz

üRAM                        256 MB(min)

üHard Disk               20 GB

üFloppy Drive           1.44 MB

üKey Board                Standard Windows Keyboard

üMouse                      Two or Three Button Mouse

üMonitor                    SVGA

 

S/W System Configuration:-

v   Operating System          : Windows95/98/2000/XP

v   Front End                      : Java

v   Tool                               : JDK1.7

REFERENCE:

Zhiyuan Tan, Aruna Jamdagni, Xiangjian He, Senior Member, IEEE, Priyadarsi Nanda, Member, IEEE, and Ren Ping Liu, Member, IEEE,A System for Denial-of-Service Attack Detection Based on Multivariate Correlation Analysis”, IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. , NO. , 2013.

SocialTube: P2P-assisted Video Sharing inOnline Social Networks

SocialTube: P2P-assisted Video Sharing inOnline Social Networks

 

ABSTRACT:

Video sharing has been an increasingly popular application in online social networks (OSNs). However, its sustainable development is severely hindered by the intrinsic limit of the client/server architecture deployed in current OSN video systems, which is not only costly in terms of server bandwidth and storage but also not scalable with the soaring amount of users and video content. The peer-assisted Video-on-Demand (VoD) technique, in which participating peers assist the server in delivering video content has been proposed recently. Unfortunately, videos can only be disseminated through friends in OSNs. Therefore, current VoD works that explore clustering nodes with similar interests or close location for high performance are suboptimal, if not entirely inapplicable, in OSNs. Based on our long-term real-world measurement of over 1,000,000 users and 2,500 videos on Facebook, we propose SocialTube, a novel peer-assisted video sharing system that explores social relationship, interest similarity, and physical location between peers in OSNs. Specifically, SocialTube incorporates four algorithms: a social network (SN)-based P2P overlay construction algorithm, a SN-based chunk prefetching algorithm, chunk delivery and scheduling algorithm, and a buffer management algorithm. Experimental results from a prototype on PlanetLab and an event-driven simulator show that SocialTube can improve the quality of user experience and system scalability over current P2P VoD techniques.

PROJECT OUTPUT VIDEO: (Click the below link to see the project output video):

 

 

EXISTING SYSTEM:

In recent years, much effort has been devoted to improving the client/server architecture for video sharing, with the peer-to-peer (P2P) architecture being the most promising. P2P-based video sharing has been used in on-demand video streaming (e.g., GridCast and Vanderbilt VoD). With each peer contributing its bandwidth to serving others, the P2P architecture provides high scalability for large user bases. Previous P2P VoD systems either randomly cluster peers for video inquiry or form certain peers into a distributed hash table (DHT) for chunk indexing.

DISADVANTAGES OF EXISTING SYSTEM:

Videos can only be disseminated through friends in OSNs

PROPOSED SYSTEM:

We propose SocialTube, a system that explores the social relationship, interest similarity and location to enhance the performance of video sharing in OSNs. Specifically, an OSN has a social network (SN)-based P2P overlay construction algorithm that clusters peers based on their social relationships and interests. Within each cluster, nodes are connected by virtue of their physical location in order to reduce video transmission latency. SocialTube also incorporates an SN-based chunk prefetching algorithm to minimize video playback startup delay.

ADVANTAGES OF PROPOSED SYSTEM:

To our knowledge, this work is the first that studies the distinct characteristics of OSN video sharing that vary from other content-based system-wide video sharing, and builds a P2P-based video sharing system in an OSN by leveraging those characteristics for higher performance.

 

SYSTEM CONFIGURATION:-

HARDWARE CONFIGURATION:-

 

üProcessor                     Pentium –IV

üSpeed                                     1.1 Ghz

üRAM                            256 MB(min)

üHard Disk                    20 GB

üKey Board                    Standard Windows Keyboard

üMouse                          Two or Three Button Mouse

üMonitor                        SVGA

 

SOFTWARE CONFIGURATION:-

üOperating System                    : Windows XP

üProgramming Language           : JAVA/J2EE.

üJava Version                           : JDK 1.6 & above.

üDatabase                                 : MYSQL

 

REFERENCE:

Haiying Shen*, Senior Member, IEEE, Ze Li, Student Member, IEEE, Yuhua Lin

and Jin Li, Fellow, IEEE, “SocialTube: P2P-assisted Video Sharing in Online Social Networks”, IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, 2013.

Using Fuzzy Logic Control to Provide Intelligent Traffic Management Service for High-Speed Networks

Using Fuzzy Logic Control to Provide Intelligent Traffic Management Service for High-Speed Networks

Using Fuzzy Logic Control to Provide Intelligent Traffic Management Service for High-Speed Networks

 

ABSTRACT:

In view of the fast-growing Internet traffic, this paper propose a distributed traffic management framework, in which routers are deployed with intelligent data rate controllers to tackle the traffic mass. Unlike other explicit traffic control protocols that have to estimate network parameters (e.g., link latency, bottleneck bandwidth, packet loss rate, or the number of flows) in order to compute the allowed source sending rate, our fuzzy-logic-based controller can measure the router queue size directly; hence it avoids various potential performance problems arising from parameter estimations while reducing much consumption of computation and memory resources in routers. As a network parameter, the queue size can be accurately monitored and used to proactively decide if action should be taken to regulate the source sending rate, thus increasing the resilience of the network to traffic congestion. The communication QoS (Quality of Service) is assured by the good performances of our scheme such as max-min fairness, low queueing delay and good robustness to network dynamics. Simulation results and comparisons have verified the effectiveness and showed that our new traffic management scheme can achieve better performances than the existing protocols that rely on the estimation of network parameters.

PROJECT OUTPUT VIDEO: (Click the below link to see the project output video):

EXISTING SYSTEM:

Historically, TCP (Transmission Control Protocol) is a widely deployed congestion control protocol that tackles the Internet traffic. It has the important feature that the network is treated as a black box and the source adjusts its window size based on packet loss signal. However, as an implicit control protocol, TCP encounters various performance problems (e.g., utilization, fairness and stability) when the Internet BDP (Bandwidth-Delay Product) continues to increase.

 

DISADVANTAGES OF EXISTING SYSTEM:

They still have the fundamental problem of inaccurate estimation resulting in performance degradation. In addition, their bandwidth probing speed may be too slow when the bandwidth jumps a lot. Also, they cannot keep the queue size stable due to oscillations, which in turn affects the stability of their sending rates.

PROPOSED SYSTEM:

The contributions of our work lie in:

1) Using fuzzy logic theory to design an explicit rate-based traffic management scheme (called the IntelRate controller) for the high-speed IP networks;

2) The application of such a fuzzy logic controller using less performance parameters while providing better performances than the existing explicit traffic control protocols;

3) The design of a Fuzzy Smoother mechanism that can generate relatively smooth flow throughput;

4) The capability of our algorithm to provide max-min fairness even under large network dynamics that usually render many existing controllers unstable.

ADVANTAGES OF PROPOSED SYSTEM:

üThe queue size can be accurately monitored.

üUsed to proactively decide if action should be taken to regulate the source sending rate.

üQoS (Quality of Service) is assured by the good performances of our scheme such as max-min fairness, low queueing delay and good robustness to network dynamics.

SYSTEM ARCHITECTURE:

 

 

 

 

 

SIMULATION SETUP:

 

SYSTEM CONFIGURATION:-

HARDWARE CONFIGURATION:-

 

üProcessor                     Pentium –IV

üSpeed                                     1.1 Ghz

üRAM                            256 MB(min)

üHard Disk                    20 GB

üKey Board                    Standard Windows Keyboard

üMouse                          Two or Three Button Mouse

üMonitor                        SVGA

 

SOFTWARE CONFIGURATION:-

üOperating System                    : Windows XP

üProgramming Language           : JAVA.

üJava Version                           : JDK 1.6 & above.

 

REFERENCE:

Jungang Liu, Student Member, IEEE, and Oliver W. W. Yang, Senior Member, IEEE, “Using Fuzzy Logic Control to Provide Intelligent Traffic Management Service for High-Speed Networks”, IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT, VOL. 10, NO. 2, JUNE 2013.

 

 

 

 

 

                                     

Preventing Private Information Inference Attacks on Social Networks

BASE PAPER TITLE:

Preventing Private Information Inference Attacks on Social Networks

BASE PAPER ABSTRACT:

Online social networks, such as Facebook, are increasingly utilized by many people. These networks allow users to publish details about themselves and to connect to their friends. Some of the information revealed inside these networks is meant to be private. Yet it is possible to use learning algorithms on released data to predict private information. In this paper, we explore how to launch inference attacks using released social networking data to predict private information. We then devise three possible sanitization techniques that could be used in various situations. Then, we explore the effectiveness of these techniques and attempt to use methods of collective inference to discover sensitive attributes of the data set. We show that we can decrease the effectiveness of both local and relational classification algorithms by using the sanitization methods we described.

PROJECT OUTPUT VIDEO: (Click the below link to see the project output video):

PROPOSED ABSTRACT (OUR CONTRIBUTION):

Online Social Networks offer for digital social interactions and information sharing, but it includes security and privacy issues. OSNs allow users to restrict access to shared data; OSNs currently do not provide any mechanism to enforce privacy concerns over data associated with multiple users. To overcome this, we propose an approach which supports the protection of shared data associated with multiple users in OSNs. We are developing an access control model to capture the core of multiparty authorization requirements, along with a multiparty policy specification scheme and a policy enforcement mechanism.

 

EXISTING SYSTEM:

Other papers have tried to infer private information inside social networks. In, He et al. consider ways to infer private information via friendship links by creating a Bayesian network from the links inside a social network. While they crawl a real social network, Live Journal, they use hypothetical attributes to analyze their learning algorithm.

The existing work could model and analyze access control requirements with respect to collaborative authorization management of shared data in OSNs. The need of joint management for data sharing, especially photo sharing, in OSNs has been recognized by the recent work provided a solution for collective privacy management in OSNs. Their work considered access control policies of a content that is co-owned by multiple users in an OSN, such that each co-owner may separately specify her/his own privacy preference for the shared content.

 

DISADVANTAGES OF EXISTING SYSTEM:

This problem of private information leakage could be an important issue in some cases.

PROPOSED SYSTEM:

This paper focuses on the problem of private information leakage for individuals as a direct result of their actions as being part of an online social network. We model an attack scenario as follows: Suppose Facebook wishes to release data to electronic arts for their use in advertising games to interested people. However, once electronic arts has this data, they want to identify the political affiliation of users in their data for lobbying efforts. Because they would not only use the names of those individuals who explicitly list their affiliation, but also—through inference—could determine the affiliation of other users in their data, this would obviously be a privacy violation of hidden details. We explore how the online social network data could be used to predict some individual private detail that a user is not willing to disclose (e.g., political or religious affiliation, sexual orientation) and explore the effect of possible data sanitization approaches on preventing such private information leakage, while allowing the recipient of the sanitized data to do inference on non-private details.

In Proposed System we implemented a proof-of-concept Facebook application for the collaborative management of shared data, called MController. Our prototype application enables multiple associated users to specify their authorization policies and privacy preferences to co-control a shared data item.

 

 

ADVANTAGES OF PROPOSED SYSTEM:

To the best of our knowledge, this is the first paper that discusses the problem of sanitizing a social network to prevent inference of social network data and then examines the effectiveness of those approaches on a real-world data set. In order to protect privacy, we sanitize both details and the underlying link structure of the graph. That is, we delete some information from a user’s profile and remove some links between friends. We also examine the effects of generalizing detail values to more generic values.

SYSTEM CONFIGURATION:-

HARDWARE CONFIGURATION:-

 

üProcessor                     Pentium –IV

üSpeed                                     1.1 Ghz

üRAM                            256 MB(min)

üHard Disk                    20 GB

üKey Board                    Standard Windows Keyboard

üMouse                          Two or Three Button Mouse

üMonitor                        SVGA

 

SOFTWARE CONFIGURATION:-

üOperating System                    : Windows XP

üProgramming Language           : JAVA/J2EE.

üJava Version                           : JDK 1.6 & above.

üDatabase                                 : MYSQL

REFERENCE:

Raymond Heatherly, Murat Kantarcioglu, and Bhavani Thuraisingham, Fellow, IEEE, “Preventing Private Information Inference Attacks on Social Networks”, IEEE TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING, VOL. 25, NO. 8, AUGUST 2013.

Spatial Approximate String Search

Spatial Approximate String Search

            

ABSTRACT:

This work deals with the approximate string search in large spatial databases. Specifically, we investigate range queries augmented with a string similarity search predicate in both Euclidean space and road networks. We dub this query the spatial approximate string (SAS) query. In Euclidean space, we propose an approximate solution, the MHR-tree, which embeds min-wise signatures into an R-tree. The min-wise signature for an index node u keeps a concise representation of the union of q-grams from strings under the sub-tree of u. We analyze the pruning functionality of such signatures based on the set resemblance between the query string and the q-grams from the sub-trees of index nodes. We also discuss how to estimate the selectivity of a SAS query in Euclidean space, for which we present a novel adaptive algorithm to find balanced partitions using both the spatial and string information stored in the tree. For queries on road networks, we propose a novel exact method, RSASSOL, which significantly outperforms the baseline algorithm in practice. The RSASSOL combines the q-gram based inverted lists and the reference nodes based pruning. Extensive experiments on large real data sets demonstrate the efficiency and effectiveness of our approaches.

 

PROJECT OUTPUT VIDEO: (Click the below link to see the project output video):

EXISTING SYSTEM

                       

Keyword search over a large amount of data is an important operation in a wide range of domains. Felipe et al. has recently extended its study to spatial databases, where keyword search becomes a fundamental building block for an increasing number of real-world applications, and proposed the IR -Tree.

 

DISADVANTAGES OF EXISTING SYSTEM:

vA main limitation of the IR -Tree is that it only supports exact keyword search.

 

vExact Keyword Require For Searching the Results.

 

PROPOSED SYSTEM:

 

For RSAS queries, the baseline spatial solution is based on the Dijkstra’s algorithm. Given a query point q, the query range radius r, and a string predicate, we expand from q on the road network using the Dijkstra algorithm until we reach the points distance r away from q and verify the string predicate either in a post-processing step or on the intermediate results of the expansion. We denote this approach as the Dijkstra solution. Its performance degrades quickly when the query range enlarges and/or the data on the network increases. This motivates us to find a novel method to avoid the unnecessary road network expansions, by combining the prunings from both the spatial and the string predicates simultaneously.

We demonstrate the efficiency and effectiveness of our proposed methods for SAS queries using a comprehensive experimental evaluation. For ESAS queries, our experimental evaluation covers both synthetic and real data sets of up to 10 millions points and 6 dimensions. For RSAS queries, our evaluation is based on two large, real road network datasets, that contain up to 175,813 nodes, 179,179 edges, and 2 millions points on the road network. In both cases, our methods have significantly outperformed the respective baseline methods.

 

ADVANTAGES OF PROPOSED SYSTEM:

          This is very helpful for Exact Result from Non Exact keywords .

 

SYSTEM CONFIGURATION:-

HARDWARE CONFIGURATION:-

 

üProcessor                     Pentium –IV

üSpeed                                     1.1 Ghz

üRAM                            256 MB(min)

üHard Disk                    20 GB

üKey Board                    Standard Windows Keyboard

üMouse                          Two or Three Button Mouse

üMonitor                        SVGA

SOFTWARE CONFIGURATION:-

 

üOperating System                    : Windows XP

üProgramming Language           : JAVA/J2EE.

üJava Version                           : JDK 1.6 & above.

üDatabase                                 : MYSQL

 

REFERENCE:

Feifei Li, Member, IEEE, Bin Yao, Mingwang Tang, and Marios Hadjieleftheriou, “Spatial Approximate String Search”, IEEE TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING, VOL. 25, NO. 6, JUNE 2013.

 

 

 

Cross-Domain Privacy-Preserving Cooperative Firewall Optimization

Cross-Domain Privacy-Preserving Cooperative Firewall Optimization

Cross-Domain Privacy-Preserving Cooperative

Firewall Optimization

ABSTRACT:

Firewalls have been widely deployed on the Internet for securing private networks. A firewall checks each incoming or outgoing packet to decide whether to accept or discard the packet based on its policy. Optimizing firewall policies is crucial for improving network performance. Prior work on firewall optimization focuses on either intrafirewall or interfirewall optimization within one administrative domain where the privacy of firewall policies is not a concern. This paper explores interfirewall optimization across administrative domains for the first time. The key technical challenge is that firewall policies cannot be shared across domains because a firewall policy contains confidential information and even potential security holes, which can be exploited by attackers. In this paper, we propose the first cross-domain privacy-preserving cooperative firewall policy optimization protocol. Specifically, for any two adjacent firewalls belonging to two different administrative domains, our protocol can identify in each firewall the rules that can be removed because of the other firewall. The optimization process involves cooperative computation between the two firewalls without any party disclosing its policy to the other. We implemented our protocol and conducted extensive experiments. The results on real firewall policies show that our protocol can remove as many as 49% of the rules in a firewall, whereas the average is 19.4%. The communication cost is less than a few hundred kilobytes. Our protocol incurs no extra online packet processing overhead, and the offline processing time is less than a few hundred seconds.

PROJECT OUTPUT VIDEO: (Click the below link to see the project output video):

ARCHITECTURE:

 

AIM:

To provide an innovative policy anomaly management framework for firewalls, adopting a rule-based segmentation technique to identify policy anomalies and derive effective anomaly resolutions.

 

SYNOPSIS:

A novel anomaly management framework for firewalls based on a rule-based segmentation technique to facilitate not only more accurate anomaly detection but also effective anomaly resolution. Based on this technique, a network packet space defined by a firewall policy can be divided into a set of disjoint packet space segments. Each segment associated with a unique set of firewall rules accurately indicates an overlap relation among those rules. We also introduce a flexible conflict resolution method to enable a fine grained conflict resolution with the help of several effective resolution strategies with respect to the risk assessment of protected networks and the intention of policy definition.

EXISTING SYSTEM:

Prior work on firewall optimization focuses on either intrafirewall optimization, or interfirewall optimization within one administrative domain where the privacy of firewall policies is not a concern.

 

Firewall policy management is a challenging task due to the complexity and interdependency of policy rules. This is further exacerbated by the continuous evolution of network and system environments.

 

The process of configuring a firewall is tedious and error prone. Therefore, effective mechanisms and tools for policy management are crucial to the success of firewalls.

 

Existing policy analysis tools, such as Firewall Policy Advisor and FIREMAN, with the goal of detecting policy anomalies have been introduced. Firewall Policy Advisor only has the capability of detecting pair wise anomalies in firewall rules. FIREMAN can detect anomalies among multiple rules by analyzing the relationships between one rule and the collections of packet spaces derived from all preceding rules.

 

However, FIREMAN also has limitations in detecting anomalies. For each firewall rule, FIREMAN only examines all preceding rules but ignores all subsequent rules when performing anomaly analysis. In addition, each analysis result from FIREMAN can only show that there is a misconfiguration between one rule and its preceding rules, but cannot accurately indicate all rules involved in an anomaly.

 

DISADVANTAGES OF EXISTING SYSTEM:

 

*    The number of rules in a firewall significantly affects its throughput.

*    Fireman can detect anomalies among multiple rules by analyzing the relationships between one rule and the collections of packet spaces derived from all preceding rules. For each firewall rule, FIREMAN only examines all preceding rules but ignores all subsequent rules when performing anomaly analysis.

 

PROPOSED SYSTEM:

 

In this paper, we represent a novel anomaly management framework for firewalls based on a rule-based segmentation technique to facilitate not only more accurate anomaly detection but also effective anomaly resolution.

 

Based on this technique, a network packet space defined by a firewall policy can be divided into a set of disjoint packet space segments. Each segment associated with a unique set of firewall rules accurately indicates an overlap relation (either conflicting or redundant) among those rules.

 

We also introduce a flexible conflict resolution method to enable a fine-grained conflict resolution with the help of several effective resolution strategies with respect to the risk assessment of protected networks and the intention of policy definition.

 

 

ADVANTAGES OF PROPOSED SYSTEM:

 

In our framework conflict detection and resolution, conflicting segments are identified in the first step. Each conflicting segment associates with a policy conflict and a set of conflicting rules. Also, the correlation relationships among conflicting segments are identified and conflict correlation groups are derived. Policy conflicts belonging to different conflict correlation groups can be resolved separately, thus the searching space for resolving conflicts is reduced by the correlation process.

 

MODULES:

·        Correlation of Packet Space Segment

·        Action Constraint Generation

·        Rule Reordering

·        Data Package

 

MODULES DESCRIPTION:

Correlation of Packet Space Segment:

The major benefit of generating correlation groups for the anomaly analysis is that anomalies can be examined within each group independently, because all correlation groups are independent of each other. Especially, the searching space for reordering conflicting rules in conflict resolution can be significantly lessened and the efficiency of resolving conflicts can be greatly improved.

 

Action Constraint Generation:

In a firewall policy are discovered and conflict correlation groups are identified, the risk assessment for conflicts is performed. The risk levels of conflicts are in turn utilized for both automated and manual strategy selections. A basic idea of automated strategy selection is that a risk level of a conflicting segment is used to directly determine the expected action taken for the network packets in the conflicting segment. If the risk level is very high, the expected action should deny packets considering the protection of network perimeters

Rule Reordering:

The solution for conflict resolution is that all action constraints for conflicting segments can be satisfied by reordering conflicting rules. In conflicting rules in order that satisfies all action constraints, this order must be the optimal solution for the conflict resolution.

 

Data Package:

When conflicts in a policy are resolved, the risk value of the resolved policy should be reduced and the availability of protected network should be improved comparing with the situation prior to conflict resolution based on the threshold value data will be received in to the server.

SYSTEM CONFIGURATION:-

H/W SYSTEM CONFIGURATION:-

 

üProcessor             -Pentium –III

üSpeed                                 1.1 Ghz

üRAM                        256 MB(min)

üHard Disk               20 GB

üFloppy Drive           1.44 MB

üKey Board                Standard Windows Keyboard

üMouse                      Two or Three Button Mouse

üMonitor                    SVGA

 

S/W System Configuration:-

 

v   Operating System          : Windows95/98/2000/XP

v   Front End                      : Java

 

 

 

REFERENCE:

Fei Chen, Bezawada Bruhadeshwar, and Alex X. Liu, “Cross-Domain Privacy-Preserving Cooperative Firewall Optimization”, IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 21, NO. 3, JUNE 2013

 

 

 

 

 

                                     

Combining Cryptographic Primitives to Prevent Jamming Attacks in Wireless Networks

Combining Cryptographic Primitives to Prevent Jamming Attacks in Wireless Networks

ABSTRACT:

The Open Nature of wireless medium leaves an intentional interference attack, typically referred to as jamming. This intentional interference with wireless transmission launch pad for mounting Denial-Of- Service attack on wireless networks. Typically, jamming has been addresses under an external threat model. However, adversaries with internal knowledge of protocol specification and network secrets can launch low-effort jamming attacks that are difficult to detect and counter. In this work we address the problem of jamming attacks and adversary is active for short period of time, selectively targeting the messages of high importance. We show that the selective jamming attacks can be launched by performing real-time packet classification at the physical layer. To mitigate these attacks, we develop three schemes that prevent real time packet classification by combining cryptographic primitives with physical-layer attributes. They are Strong Hiding Commitment Schemes (SHCS), Cryptographic Puzzles Hiding Schemes (CPHS), and All- Or-Nothing Transformation Hiding Schemes (AONTSHS). Random key distribution methods are done along with three schemes to give more secured packet transmission in wireless networks.

PROJECT OUTPUT VIDEO: (Click the below link to see the project output video):

EXISTING SYSTEM:

Conventional ant-jamming techniques extensively on spread-spectrum communications, or some form of jamming evasion (e.g., slow frequency hopping or spatial retreats). SS techniques provide bit-level protection by spreading bits according to a secret pseudo noise (PN) code, Known only to the communicating parties. These methods can only protect wireless transmissions under the external threat model. Potential disclosure of secrets due to node compromise neutralizes the gains of SS. Broadcast communications are particularly vulnerable under an internal threat model because all intended receivers must be aware of the secrets used to protect transmissions. Hence, the compromise of a single receiver is sufficient to reveal relevant cryptographic information.

DISADVANTAGES OF EXISTING SYSTEM:

Under this model, jamming strategies include the continuous or random transmission of high power interference signals. However, adopting an “always-on” strategy has several disadvantages.

·        First, the adversary has to expend a significant amount of energy to jam frequency bands of interest.

·        Second, the continuous presence of unusually high interference levels makes this type of attacks easy to detect.

 

PROPOSED SYSTEM:

In this paper, we address the problem of jamming under an internal threat model. We consider a sophisticated adversary who is aware of network secrets and the implementation details of network protocols at any layer in the network stack. The adversary exploits his internal knowledge for launching selective jamming attacks in which specific messages of “high importance” are targeted. For example, a jammer can target route-request/route-reply messages at the routing layer to prevent route discovery, or target TCP acknowledgments in a TCP session to severely degrade the throughput of an end-to end flow.

 

ADVANTAGES OF PROPOSED SYSTEM:

Evaluated the impact of selective jamming attacks on network protocols such as TCP and routing and show that a selective jammer can significantly impact performance with very low effort and developed three schemes that transform a selective jammer to a random one by preventing real-time packet classification. Schemes combine cryptographic primitives such as commitment schemes, cryptographic puzzles, and all-or-nothing transformations with physical layer characteristics and analyzed the security of our schemes and quantified their computational and communication overhead. With these schemes a random key distribution has been implemented to more secure the packet transmission in the wireless networks.

AIM:

To show that selective jamming attacks can be launched by performing real time packet classification at the physical layer. To mitigate these attacks develop a schemes that prevent real-time packet classification by combining cryptographic primitives with physical layer attributes.

 

SYNOPSIS:

To address the problem of jamming under an internal threat model and consider a sophisticated adversary who is aware of network secrets and the implementation details of network protocols at any layer in the network stack. The adversary exploits his internal knowledge for launching selective jamming attacks in which specific messages of high importance are targeted. For example, a jammer can target route-request/route-reply messages at the routing layer to prevent route discovery, or target TCP acknowledgments in a TCP session to severely degrade the throughput of an end-to-end flow.

The jammer may decode the first few bits of a packet for recovering useful packet identifiers such as packet type, source and destination address. After classification, the adversary must induce a sufficient number of bit errors so that the packet cannot be recovered at the receiver.

MODULES:

üReal Time Packet Classification

üA Strong Hiding Commitment Scheme

üCryptographic Puzzle Hiding Scheme

üHiding based on All-Or-Nothing Transformations

 

MODULES DESCRIPTION:

 

Real Time Packet Classification:

At the Physical layer, a packet m is encoded, interleaved, and modulated before it is transmitted over the wireless channel. At the receiver, the signal is demodulated, de-interleaved and decoded to recover the original packet m. Nodes A and B communicate via a wireless link. Within the communication range of both A and B there is a jamming node J. When A transmits a packet m to B, node J classifies m by receiving only the first few bytes of m. J then corrupts m beyond recovery by interfering with its reception at B.

 

A Strong Hiding Commitment Scheme

A strong hiding commitment scheme (SHCS), which is based on symmetric cryptography. Assume that the sender has a packet for Receiver. First, S constructs commit( message ) the commitment function  is an off-the-shelf symmetric encryption algorithm is a publicly known permutation, and k  is a randomly selected key of some desired key length s (the length of k is a security parameter). Upon reception of d, any receiver R computes.

 

Cryptographic Puzzle Hiding Scheme

A sender S has a packet m for transmission. The sender selects a random key k , of a desired length. S generates a puzzle (key, time), where puzzle() denotes the puzzle generator function, and tp denotes the time required for the solution of the puzzle. Parameter is measured in units of time, and it is directly dependent on the assumed computational capability of the adversary, denoted by N and measured in computational operations per second. After generating the puzzle P, the sender broadcasts (C, P). At the receiver side, any receiver R solves the received puzzle to recover key and then computes.

         

Hiding based on All-Or-Nothing Transformations

The packets are pre-processed by an AONT before transmission but remain unencrypted. The jammer cannot perform packet classification until all pseudo-messages corresponding to the original packet have been received and the inverse transformation has been applied. Packet m is partitioned to a set of x input blocks m = {m1, m2, m3….}, which serve as an input to an The set of pseudo-messages m = {m1, m2, m3,…..} is transmitted over the wireless medium.

 

 

 

SYSTEM REQUIREMENTS:

HARDWARE REQUIREMENTS:

PROCESSOR        :    PENTIUM IV 2.6 GHz

RAM                    :         512 MB

MONITOR          :         15”

HARD DISK         :       20 GB

CDDRIVE            :         52X

KEYBOARD         :       STANDARD 102 KEYS

MOUSE                :         3 BUTTONS

 

SOFTWARE REQUIREMENTS:

FRONT END                  :    JAVA, SWING

TOOLS USED                :    JFRAME BUILDER

OPERATING SYSTEM:    WINDOWS XP

 

REFERENCE:

Ngangbam Herojit Singh and, A.Kayalvizhi, M.Tech. “Combining Cryptographic Primitives to Prevent Jamming Attacks in Wireless Networks” IEEE CONFERENCE 2013.