KAUNAS UNIVERSITY OF TECHNOLOGY
DEPARTMENT OF MULTIMEDIA ENGINEERING FACULTY
SWAPNIL PANDURANG GHANGALE
SECURE DATA USING TOKEN SYSTEM OVER CLOUD
Master’s Final Degree Project
Supervisor
Prof. Dr. Armantas Ostreika
KAUNAS 2018
KAUNAS UNIVERSITY OF TECHNOLOGY
DEPARTMENT OF MULTIMEDIA ENGINEERING FACULTY
SECURE DATA USING TOKEN SYSTEM OVER CLOUD
Master’s Final Degree Project
Final Degree Project (code P000M106)
Supervisor
Prof. Dr. Armantas Ostreika
Reviewer
Prof. Dr.

Project made by
Swapnil Pandurang Ghangale
KAUNAS, 2018
KAUNAS UNIVERSITY OF TECHNOLOGY
DEPARTMENT OF MULTIMEDIA ENGINEERING FACULTY
(Faculty)
SWAPNIL PANDURANG GHANGALE
(Student’s name, surname)
Final Degree Project (P000M106)
(Title and code of study programme)
‘SECURE DATA USING TOKEN SYSTEM OVER CLOUD’
DECLARATION OF ACADEMIC INTEGRITY
220 Kaunas I confirm that the final project of mine, Swapnil Pandurang Ghangale, on the topic ‘Secure Data Using Token System Over Cloud’ is written completely by myself; all the provided data and research results are correct and have been obtained honestly. None of the parts of this thesis have been plagiarised from any printed, Internet-based or otherwise recorded sources. All direct and indirect quotations from external resources are indicated in the list of references. No monetary funds (unless required by law) have been paid to anyone for any contribution to this project.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

I fully and completely understand that any discovery of any manifestations/case/facts of dishonesty inevitably results in me incurring a penalty according to the procedure(s) effective at Kaunas University of Technology.

(name and surname filled in by hand) (signature)
Swapnil Pandurang Ghangale. SAUGIAI DUOMENYS, KURI? NAUDOTIS “TOKEN SYSTEM”. Magistro (pasirinkite) baigiamasis projektas / vadovas doc. dr. Armantas Ostreika; Kauno technologijos universitetas, MULTIMEDIJOS INŽINERIJOS DEPARTAMENTAS fakultetas.

Studij? kryptis ir sritis: technologijos mokslai, debesis Kompiuterija
Reikšminiai žodžiai: debesys, saugumas, budrus, simbolis, perdavimo duomenys.

Kaunas, 2018. puslapiai.

SANTRAUKA
Ši si?loma sistema yra “debesys” vartotojui, kur? jie naudoja reguliariai. Debesis kompiuterija mato technin? ir kult?rin? kompiuteri? paslaug? perdavimo funkcij?, kuri gali b?ti prad?ta vietos lygiu nuotoliniu b?du. Duomenys, kurie kažkada buvo naudojami debesies naudotojui, gali b?ti prieinami bet kur, kai jis naudojamas, ir po to, kai jie buvo laikomi pagal paslaug? vartotojo duomen? saugmenos domen?. Šiame baigiamajame darbe randamas sprendimas, kaip saugumas yra geresnis už esam? sistem?, naudojant naujas technologijas, taip pat algoritm?. Ši disertacija taip pat yra tokeno sistemos ?diegimo ir persp?jim? sistema tokioje sistemoje, kai naudotojas pirm? kart? ?registruotas sistemoje, jam suteiktas unikalus identifikavimo numeris, norint pasiekti jo duomenis, o kai kurie bando pasiekti savo s?skait? ar duomenis iš debesies, tada naudotojas gauna persp?jim? apie savo pašto d?žut? vartotojas užregistruotas sistemoje.

Ankstesni šios srities tyrimai ir literat?ra šioje srityje daugiausia buvo orientuoti ? saugum?, ta?iau ne?galiotas asmuo bando išsiaiškinti j? sprendim?, o ?sp?jimo sistemoje negalime tiksliai nustatyti ne?galioto asmens pad?ties, kuri? labai sunku sužinoti. “Debesis” naudotojas turi pakankamai vietos duomen? prieigai ir duomen? saugojimui per debes?, bet vartotojas n?ra patenkintas d?l duomen? saugumo ir neteis?to duomen? perdavimo, tai tur?t? pakenkti naudotojui ar bet kuriai organizacijai. Dabartin?je sistemoje naudotojui suteikiamas simbolis, bet jei kas nors gali pamatyti, kas taip yra, jis taip pat kenkia naudotojui. Šis sistemos simbolis, užšifruotas N-Layer algoritmu, yra derinys Nr. algoritmo. Mes pritaik?me pagrindin? sistem?, kurioje vartotojas gali atlikti savo veiksmus ir ?dieg? N sluoksni? algoritm? bei tokio tipo algoritm?.

Eksperimentin?s dalies palyginimas tarp esamos debesies sistemos ir žeton? debes? sistemos. Nr. parametro naudojamas palyginimui skirtingose ??sekcijose. Kompiuteri?, saugos ir k?r?jo ?rankiai yra naudingi, kai kalbama apie debesies paslaugas, ir aprašoma, kaip si?loma sistema yra geresn? ir naudinga nuolatiniam vartotojui. Išvados ir rekomendacijos pateikiamos tolesniam tyrimui. Išvados ir rekomendacijos pateikiamos tolesniam tyrimui.

Swapnil Pandurang Ghangale. Secure Data Using Token System Over Cloud. Master’s Final Degree Project/supervisor prof. dr. Armantas Ostreika; Faculty of Multimedia Engineering, Kaunas University of Technology.

Study field and area (study field group): Technology science, Cloud Computing
Keywords: Clouds, security, alert, data transmission, token.

Kaunas, 2018. XX pages.

SUMMARY
This proposed system is security over cloud for the user they are using regular basic. Cloud computing sees a technical and cultural shift of computing service provided for begin locally to remotely. Data that was once placed on cloud user can access anywhere for his/her use and once house under the security domain of the services user data has been placed. This thesis finding the solution for how security is better than an existing system using new technology as well as an algorithm. This thesis also token implementation and alerts system, in the token system when the user registered for the first time in the system he got a unique identification number for accessing his data, and some trying to access his account or data from cloud then user get alert on his mail id that user registered when registered in the system.

Previous studies and literature in this area have focused almost on security but the unauthorized person trying to find out their solution and in the alert system, we cannot get the exact location of the unauthorized person, that could very hard find out. On the cloud, the user gets enough space for accessing data and saving data over cloud but user not satisfied about data security and unauthorized transmission of the data this should harmful for the user or any organization. In existing system token given to the user but if anyone can see what it is so it also for harmful to the user. This system token encrypted with the N-Layer algorithm it is a combination for no. of the algorithm. We made application on a basic system where the user can do his operation and implemented the N- layer algorithm as well as token-based system algorithm.
The comparison of the experimental part the comparison between existing cloud system and token cloud system. The no. of the parameter is taken for the comparison in a different section. Compute, security and developer tools are useful when it comes to cloud services and it describes the how proposed system is better and good use for the regular user. Conclusion and recommendations are presented for further investigation.

INTRODUCTION
Information Technology has always been treated a major pain point of enterprise organization, from the aspect of both cost and management. And the Cloud is providing the services to the user for servers, storage, database networking, analytic and more services over the Internet. Cloud computing now offers more choices about data, security and infrastructure and delegate liabilities. Accordingly, the demand for cloud computing delivers the new idea and services, delivery models.

This thesis poses development the new technology for Cloud Security and their possible future cloud computing trends. Using this technology in the situation of technical, business, and other services. This technology could be a clash of the following aspects of Cloud Computing
Architecture
Security
Costs
Software trends (Open vs. Closed-source)
Organization
This thesis focusses on Cloud security, and in this using no of mixing algorithm cryptography like AES, DES, and Triple-DES, doing the new algorithm called as an N-Layer algorithm. When user saving their data on the cloud we produce a token to the user for each user. That token should be encrypted by N-Layer cryptography algorithm.so the user only knows the key. If a hacker or someone trying to take that data or access that data user gets immediately alert on their mail id., from which place someone tries to access user data. And user tries to save data using making new encrypted token or making a new password to the personal account.

AIM
Try to Safe Data from unauthorized access, disclosure, modification, and monitoring. Prevent unauthorized access to cloud computing infrastructure.
OBJECTIVE
Unauthorized access to cloud computing infrastructure resources. This includes implementing security domains that have a logical separation between computing resources and using default to no-access configurations
Design Web applications deployed in a cloud for an Internet threat model and embed security into the software development process.

Protect Data from attacks to mitigate end-user security vulnerabilities. This includes taking measures to protect Internet-connected personal computing devices by applying security software, personal firewalls, and patches on a regular maintenance schedule.

To give an alert about data to the user for unauthorized access from anywhere by mail.

MOTIVATION
I got motivation for this thesis to increase more security to the user for their data.

User operation: –
User Doing operation i.e. given by application for the use. Create an account, saved the data and using basic operation.

Encrypt User Token: –
After Creating user account user get his token no for accessing his account and use only know his token no and secret key to decrypting it.
Key to the user: –
There is only private key for the user, and the user only knows the key its confidential for privacy.

Access data by the user: –
Whenever the user wants his data, that can access data over the cloud, there is no restriction or limitation accessing his data, but user having imitated space for saving data.

Give alert If Try To access it: –
If anyone tries to access user private data or access account with permission, the user gets alert on his mail, and he tries to protect the account.

LITERATURE SURVEY
“Modeling Implementation of TBDSA-Token based Data Security Algorithm in Cloud Computing. IEEE Volume 114 -No. 2015” 1
Security during data transmission in cloud computing using TBDSA (Token Based Data Security Algorithm) along with implementation.in this paper they define how we secure cloud data using this algorithm. And auto-generated token base certificate activation approach with SSL (Secure Socket Layer) provides the appropriate collaboration between the cloud client and the cloud services provider. For preventing confidential data from the attackers, the cloud services providers have a duty to provide security at separate levels. The benefit of the using this service secure treatment and calculations for data storage in the database.

Pros:
Giving Token to the user: –
It gives the random token to the user for saving data and that will user access anywhere over the internet.

Automatic Create Digital Signature: –
After creating user account get a random token and for verification, it was thrown by digital verification that digital signature that shown access is enabled to the user.
Testing Token: –
Token check two times by the system and if unwanted access trying to approach user account it will unauthorize shown by the system if he succeeded to access account but again checked by digital signature if not verified again used to access his/her account.

Cons:
Random Token: –
The user should wait for the random token if it no creates use should do the whole process again.

Derby Database: –
Indexes are not backed for columns defined on COLB, BLOB, VARCHAR and XML data types. 3
“Hybrid Security Algorithms for Data Transmission using AES-DES” 2
The current paper shows the design and implementation of a hybrid based 128-bit key AES-DES algorithm as a security enhancement.in this paper, the fast evolution of digital data exchange has forced the information security to be of much importance in data storage and transmission. For a multiple of data in the network is essential to secure i.e. all type of data before sending to user.in this article expansion, key mixing, and substitution, permutation and define for the making hybrid of AES-DES. the basic action in enciphering a 64-bit data block and 56-bit key using DES. and it consists of an initial permutation,16 round of a complex key-dependent calculation and final permutation of being the inverse if IP.

Pros: –
Efficient and reliable: –
Being a hybrid of two powerful encryption standards the algorithm will act as efficient and reliable encryption technique for data.

Key approaches: –
using two keys of both algorithm should make it resistant to linear attack from a hacker or illegal user.

Time Consumption:
The average time may differ depending on the process availability and process speed. Might get different time for encryption and decryption.

Cons: –
Limitation: –
Using most only image and audio and it takes more time for the size of the file.

Key Sharing: –
Symmetric key encryption is that you need to have a way to get key of the party and this will harmful for data and user.

“DES, AES, and TRIPLE DES: Symmetric Key Cryptography Algorithm” 5
In this paper, the well defines a symmetric key cryptography algorithm. Now a day’s security is one of the most challenging conditions of the internet and network. And therefore we must find secure data over internet and network, Cryptography is one of the main solutions to convert information into an unreadable format.in Cryptography there is allow to people carry their confidential data or information over the internet or network with worries and insecurity. This paper which is better cryptography algorithm is shown and prove.
Pros: –
Comparison: –
AES,3DES, DES working and their key length are main important thing explain. Block size and cycle round of each algorithm.

Key in Algorithm: –
Possible no of the key in each algorithm and possible time appropriate for their execution with each round.

Cons: –
Alert: –
Non-repudiation is a part of the system which keeps a record of previously occurred events. Due to this property, a receiver cannot assert that the message was not received.

Security: –
Confidentiality ensures the secrete of the information but hacker success to crack it difficult to recover it and it defines any method of recovery data or shot to avoid it.
“Integrating AES, DES and 3-DES Encryption Algorithm for Enhanced Data Security” 6
In this paper, describing the importance of security, now a day speedy development of computer technology and advancement of the internet the value of and importance data exchange or saving over the internet is more and more. And for this data to have to find the solution for saving as well not going to misuse by anyone, Cryptography is a key technology for achieving information security in the various field. The Key is the main concept of the Cryptography algorithm, it might be public is called an asymmetric algorithm and the private key is called a symmetric algorithm. study of the three popular modern encryption algorithms has been done that is ASE, DES,3-DES and in modern encryption algorithm the best result shown by AES because it takes less time to assassinate, i.e. encrypt and decrypt as compare to DES and 3-DES.using multiple algorithms might be increasing the space and time complexity of the system.

Pros: –
Comparison: –
The best Cryptographic algorithm is shown with the comparisons and it takes less time as well space is shown with another algorithm.

Reliability: –
3Des or Triple DES is a good deal with hardware, and it is popular is the financial system because of protecting biometric information in the electronic passport.

Cons: –
Requirement Output: –
The 3des is used only 56-key and AES having 3 key set that is 128,192 and 256 and that’s the 3des is mostly used only in hardware section not mostly in the software section.

Limited Data Use: –
When is the largest data are user must store or exchange 3des are not used because after the 32Gb of data the information should be leak are possible?
“A Study of Encryption Algorithm AES, DES, and RSA for Security” 7
In this paper, shows how encryption algorithm plays an important role for communication security. The all studies algorithm show using text files and AES is better performance and RSA is longest encryption time for Encryption as well as Decryption. The recent year network security has become an important issue because of hacker and cracker also strong. And encryption is the given solution and play an important role in information security system. The difference between symmetric and asymmetric key encryption algorithm is shown how it works for a different condition. The working of AES, DES, RSA algorithm and compared their performance of encrypting techniques based on the analysis their performance of its simulated time at the time of encryption and decryption.

Pros: –
Simulation: –
The best descriptions of each algorithm that should use for comparison as well as real-time use.

Improvement: –
Showing the Asymmetric is best encryption algorithm rather than a symmetric algorithm and how it takes less time for any text file.

Cons: –
File Limitation: –
In This experiment in this paper just use for text file. The user must be having audio as well as a video file or other data for encryption.

Key Explanation: –
The RSA is an asymmetric algorithm and so as for comparison to this AES most widely used for security.

“A New Secure Cryptography Algorithm Based on Symmetric Key Encryption” 8
In this paper, a new powerful and secure cryptography algorithm based on symmetric key encryption. The type of selectable file for cryptography, the method of the key and give the secret file cryptography used of them, and the key store for the numbers, Randoms and unreadable numbers. For storing key randomly selected byte, the determining of key and result using XOR logical operation. Of course the basic features of cryptography algorithm defining the ability to encrypt the secret file successfully to decrypt i.e. unreadable format.in this no limitation of number key and creative key for each stage of cryptography. All independent key in all stages of used for encryption as well decryption.

Pros: –
Selectable File Cryptography: –
Creating a key for each stage of cryptography and interdependence stage of cryptography storing a file using all key.

Process: –
Key Storing for several aimlessly selected bytes and the key determining the result of the XOR operation and number of aimless bytes for storing the key.

Cons: –
Logical Operation: –
Is best to use logical operation and store result best the thing is it not hard to break it and recover data, it might be harmful to the end user.

Random Key: –
Its good thing that random key but might be it’s hard to maintain the which key is for which data if a virus or something user going to do the wrong operation.

“Secure User Data in Cloud Computing Using Encryption Algorithm”9
In this paper, encryption algorithms have been proposed to make cloud data secure, vulnerable and gave concern to security issues. And made a comparison between AES, DES, Blowfish, and RSA algorithm to find which better one. And decide that which is better for the cloud for the making cloud more secure and prevent unauthorized access. This paper gives a good explanation of encryption algorithms play an important role in data security for the cloud. The cloud computing is the ability to access pool computing resources owned ; maintain by the third party. And why is the best i.e. ‘Cloud’ composed of hardware, storage, network, interfaces and services that provided by the third party? The basic concept of Cloud computing IaaS, PaaS, SaaS which means services-oriented architecture, and this come to the first benefit to cloud computing.

Pros: –
Cloud Computing: –
The Comparison is the best result give anyway using that thing user can understand which better for which data and where the user can use the best security for the own data.

Characteristic of Working: –
Scalability that is for every algorithm, and less use of memory that should be less time of execution, more security for which type of data, and data capacity for encryption as well decryption.

Cons: –
Process: –
The Process of decryption is known by the hackers that used of most time, and it might be harmful or non-acceptable by the user.

Security Concern: –
The number of security are given with different name and explanation and that might show how its working and where user or organization might be used.

Security Issue: –
Cloud having a security issue that might be overcome using some tools, but the paper cannot give any tool or concern.

“Security as a Services Model for Cloud Environment” 10
In This paper, security architecture that provides a security as a services model that a cloud provider can offer to its multiple tenants and customers of its tenants. Also providing described the design of the security architecture and how different are counter by this architecture. The new security mechanisms and performance are being worked on the new thing that should new technology are invented by hacker cracker. The reason for chosen tenants in the cloud it can be run on different operating system and application. The application and virtual machine target by the attacker for the accessing data and another thing then in this paper it clearly shows the different type of attack are potentially exploited and must find out the new solution or the architecture for this issue. the main contribution of this paper is security architecture that should provide the flexible security as a service model and cloud provide tenants of the user of its tenants. The services model while providing baseline security to the provider protect their own cloud infrastructure and provides flexibility to tenants to determine how much they can control over their virtual machine.
Pros: –
Security Architecture: –
The produces the architecture and its cloud provided the security to multiple tenants and customers of its tenants.

Cloud Deployment: –
In this technique, the administrators from different cloud deployments report to a Cloud Access Manager on their requirement.

Tenants Concept: –
According to this paper policy, single sign-on for the user of tenants, and the tenant’s services provided by serval virtual machine in different cloud platform and clusters.

Cons: –
Process: –
If the process can understand by normal it’s hard to working for the user and handling the process as well as their own tenants.

System Architecture: –
This paper cannot define well system architecture for working and it’s hard to understand how it is working in practice.

“A Survey on Various Cryptography Techniques” 11
In this paper, it clearly shown nowadays the world is wireless now and for this security are a more important thing, that should be selling or buying the product over the open network and something bad happens with user we frequently occur. The cryptography is the art and science to secure data over the internet. The high growth in the networking technology leads a common culture for interchanging of the data very drastically. And hence it is more important that data should be secure from a hacker. And try more secure and vulnerable while transmitting like credit card payment, other banking operations, social security should be protected. Encryption is a very common technique to prevent data, and this paper show number encryption method and new technique and their comparison. The survey is done more popular encryption technique currently use and their advantages and disadvantages. The cryptography is always defining in two categories i.e. Symmetric key Cryptography and Asymmetric key cryptography and to prevent an attack or unauthorized access of data developer should know the where we share key in public and where the key is hidden from the public.in Symmetric key cryptography algorithm like DES, AES, TDES Blowfish this is a specific area of this algorithm because of restriction and their pros and cons. The same thing Asymmetric key cryptography algorithm like RSA also having a specific area of work.
Pros: –
Specification: –
The explanation of the working Symmetric key and Asymmetric key algorithm are with times as well as memory used. And this is useful when we have select for the prevent data.

Average Time: –
The less time working algorithm is chosen by the developer, because of time consume and it perfectly showed AES take less time rather than others.

Process: –
The process of each algorithm is shown with advantages and disadvantages that might be more helpful to the user as well as a developer when time to decide which one technique is used.

Cons: –
Using: –
Everyone known the how to crack this algorithm and this will harmful for the user might be access data and other information.

Best One: –
Asymmetric and Symmetric algorithm there is the difference between public key and a private key that should be easy to choose which best one.

Time Difference: –
The average time of each algorithm might be useful and that should hacker know how it takes time for accessing unauthorized data from another party over the cloud or any data like credit card information or other banking data or social networking data.

In the recent research work, investigate that if anyone tries to find unauthorized user, that might be he finds is IP address and that will be using different location at same time, so then we have to produce new alert system for the prevent unauthorized access from anyone and prevent data, then we find number of resources and paper that said that it hard to find exact location of the hacker cracker, the related work said that we can find the IP address but still we not confirm that might be fix or not. Or we find the country and time that should anyone try to access account. So, our trial is to find his zip code that should be his location and we know the from which place the data are accessing or account are accessing.

The Simple article of IP address says that “Pairing of IP address to geographical location is called geolocation”, 12 that mean when a user or anyone wants to identify or locate the where your web visitors are coming from. Might be on the website or the other selling website and avoid the accessing data from the third party. Or might find our credit card fraud, illegal spammers, and hackers. And it is almost impossible to find out the exact location of giving host that our website visitors and hackers. Right now, we have tools are present that might help to find the approximate location of the host.
After that most rise question is where they can find the data and how they manage the database for this accessing without user permission and access user data. This data commercially available databases, most of the database vendor offers API and code for accessing this data. The daily user used the number of websites that should be commercial or social so that database to offer a free geolocational data on hacker used websites.

Finding the accurate IP location or geolocation is depend on which database hacker or spammer are using, For IP to country database, some vendor is an offer that they will find the 50% to 75 % if it is neighboring cities are treated as correct. That should not enough to find out the spammer.

The Recent work related to “IP Based Security Applications Using Location, Port And/or Device Identifier Information” 13 is directed to a communication system and particularly to a method for giving security and authorization screening services in IP communication system. The present some features related to this attempt to obtain IP address by faking a MAC address in a data portion of an IP address request are finding detected. Methods and apparatus for finding the fraudulent attempt to obtain IP address are given. The address resolutions table is generated by snooping DHCP sessions, then faked MAC address used to obtain IP address will be entered snooping table. The advance security before initiating a DHCP session, the edge router, compares MAC address in the body of an IP address assignment request to the MAC address in the header portion of the frame.in application services, this might be used when accessing the services via IP network to devices and then find out the physical location. The stole password gives the example of this case if anyone has he can access the account without permission and we can’t find. In present service i.e. screening attempts to obtain service VOD(video-on-demand) there is the type of subscriptions or pay services provides based on the location of the user, and IP address begins used from edge router port which services are requested. In addition to location-based authorization applications, the present method invention is applicable to wide range of other security. In present material/data finding the physical location of the hacker based on the IP address and it is possible when we have the physical location of the stolen item. And several additional embodiments, features, and applications for the methods and apparatus of the present data are not possible to find physical position or location.

“Method and Apparatus for Securing Location Information and Access Control Using the Location Information” 14
The location is might be physical location is located at the base of information and contextual location-related information. The location information might be used for and identification purpose or granting access. The location might be combined with time information.
Figure 1.1 Block Diagram of Location Server 14
Showing this diagram, the working of location server that accesses the SIM and finds the location of the user or unauthorized access from anyone trying. The SIM includes the processor that is trusted platform module used for the trusted module using for storage the real-time clock and its perform the basic all function of SIM that must help locate user location. The next procedure of the identified location is the verify certification using the public key. Check if it valid signature or no otherwise it denied the access and invalid certification. This signature is checked or verified by calculating a new hash from location information.in this paper used for hashing and a digital signature for the location is important because for help secure communication between the user and their location information are identified. The location sensing entity and the location information might be integrated and re-integrated set with reliability. this may be carried out for using taking the data for authentication procedure securely in SIM.

Some of the basic techniques might be used in conjunction with the security mechanism and close the security and other operations. Cryptography digital signature algorithm like RSA, NTRU might be used as a device for the unique private key for sign certification. The hardware protected key might be used. A device key used for location certificate signing for hardware temper-resistant used. A software-protection mechanism might use for security, generating a key by software running on general purpose hardware. Then the key may be unauthorized for an entity may ever decipher the value of the private key is never completely exposed in memory. A method generating location information certification associated with the location sensing entity, verifying the integrity of location entity by using a trusted processing module to verify the trust with the location sensing entity. And, wireless transmitting and receiving unit for generating location information certification.

Pros: –
Location of Service: –
The finding the user last location using their SIM information and finding the physical location of the user using the last location information.

Method and Technique: –
The using method this technique is good for finding the location of the user like a digital signature and user certification.

Location Server: –
In Location server using Processor that is process user information and the processed give the best result.in this also use the receiving unit that uses for receiving the information user and store.

“Cloud-Based Address Processing” 15
Mail processing system and method include receiving a plurality of mail-pieces in mail processing system and associating a unique identifier. The method includes obtaining destination address information for each plurality of mail-pieces of destination address information with potential move to determine destination addresses for which there is a potential change of address.

Figure 1.2 Architecture of embodiments. 15
A data processing system in accordance with an embodiment of the present disclosure includes an operating system a graphical user interface. The basic problem of finding the location is address-processing systems was too many timeouts, and this is not returning a result before the sorter link jet decision even though the local to the mail transport system. Disclosed embodiments break the traditional processing concept from single-pass performed the first-pass operations into between the first pass to secondary pass.

To facilitate two-pass operations, a unique identifier is created or associated with each mail-piece.one problem with the prior address-processing system was it too many outputs, it’s not returning the result before the sorter ink jet decision. The unique identifier applying the barcode ID tag or either in front or rear of the mail-piece. Or another unique technique is used such as Siemens Fingerprint technology.

In above diagram shows local mail processing system which can be implemented for mail processing. Local mail processing system communicate over a network with the server system, that saved the database. Each function as described in the figure that illustrates for the local mail processing system. Some various embodiments could perform the processing describe during a single pass or a multi-pass process.

Pros: –
Mail processing: –
This method includes receiving a plurality of mail-pieces for mail processing system and associated with the unique identifier.

Data Processing: –
The LAN/Wireless connected with the adapter in the network which can be any public or private so data transfer over server system and easy to maintain a database for the user.

Summary
The Purpose of this review was to view the trend of Cloud security changing past twenty years and how its changing day by day. It is clear from this review this evolution is very important for making more n more changes in the cloud. Along with this, it is also clear that field wants more technology and techniques for saving user data. And new methodology is very important in this field for better concern with data. Helping to improve security become better over the cloud is extremely now a day. And day by day we need to improve our security. Above a lot of paper describe that they are trying to improve the security of data because its time needs. No of the article said there is a lot of security algorithm are available for the secure data and they are providing the security to user data over cloud or internet, a social account that should need more improvement. In this report, we are trying to be making new improvement for security that we tried for the more and more secure user data over the cloud. Token System giving a unique ID for each user and then data save over cloud, the benefit of the using this service secure treatment and calculations for data storage in the database. The basic concept of Cloud computing IaaS, PaaS, SaaS which means services-oriented architecture, and this come to the first benefit to cloud computing. The services model while providing baseline security to the provider protect their own cloud infrastructure and provides flexibility to tenants to determine how much they can control over their virtual machine. Symmetric key cryptography algorithm like DES, AES, TDES Blowfish this are a specific area of this algorithm because of restriction and their pros and cons. The same thing Asymmetric key cryptography algorithm like RSA also having a specific area of work. Finding the accurate IP location or geolocation is depend on which database hacker or spammer are using, For IP to country database, some vendor is an offer that they will find the 50% to 75 % if it is neighboring cities are treated as correct. That should not enough to find out the spammer. features and applications for the methods and apparatus of the present data are not possible to find physical position or location. Some various embodiments could perform the processing describe during a single pass or a multi-pass process. Mail processing system and method include receiving a plurality of mail-pieces in mail processing system and associating a unique identifier. The location is might be physical location is located at the base of information and contextual location-related information. The location information might be used for and identification purpose or granting access. The location might be combined with time information. A method generating location information certification associated with the location sensing entity, verifying the integrity of location entity by using a trusted processing module to verify the trust with the location sensing entity. In below table, we tried to summarize some point from Literature Review.
Citation Study Purpose Method Limitation Key Finding
Modeling Implementation of TBDSA-Token based Data Security Algorithm in Cloud Computing. IEEE Volume 114 -No. 2015
Finding relevant information of cloud security
Cross-Sectional Study
Random Token, Derby database.

Giving Token to the user, Automatically create a digital signature, testing token.

Hybrid Security Algorithms for Data Transmission using AES-DES
Finding if only two algorithms are mixed for security
Objective Study
Key sharing, data use limitation.

Efficient and reliable, key approaches, time consumption.
A Study of Encryption Algorithm AES, DES, and RSA for Security
Comparison between algorithm
Objective study
File limitation, the key explanation
Simulation in real time, improvement for algorithm
A New Secure Cryptography Algorithm Based on Symmetric Key Encryption Exiting technology going on
Objective study
The logical operation, random key
Selectable file cryptography, process key storing for no of random key
Security as a Services Model for Cloud Environment Working of cloud and how cloud provide security to cloud
Objective study
Process hard for a normal user, system architecture does not define well enough
Security architecture for multiple tenants, cloud deployment for administrators, tenants for VM and different cloud platform
Method and Apparatus for Securing Location Information and Access Control Using the Location Information
Finding which technique using for track or access physical location
Objective study
Long process, a result found.

The location server, a method using digital signature and user certification, location server.
Cloud-Based Address Processing
Working address process over a cloud of the user.

Objective study
Architecture, working
Mail processing, data processing
IP Based Security Applications Using Location, Port And/or Device Identifier Information
IP based finding location of the user in a general way.

Objective study
Method and process over limitation.

Direct communication over system, session and edge router.
Table 1: Summary of Literature Review
SOFTWARE REQUIREMENT SPECIFICATION
A Software requirements specification (SRS) is an illustration of a software system to be enlarged, laying out functional and non-functional requirements, and may include a set of use cases that describe intercourse the users will have with the software. The Software Requirement Specification (SRS) documents provide a complete description of requirements, design issues and required specification challenges for a different approach towards multidimensional packet classification.

Software requirement specification establishes the basis for an agreement between customers and contractors or supplier (in market-driven projects, these parts may be played by the marketing and development teams) on what the software product is to do as well as what it is not expected to do. Software requirements specification allows a conscientious assessment of requirement before design can begin and reduces later redesign. It should also provide a realistic basis for estimating product costs, threat and schedules.
The Software requirements specification document enlists adequate and imperative requirements that are required for the project development. To derive the requirements, I need to have a clear and thorough interpretation of the products to be developed or being developed. This is achieved and refined with detailed and continuous communications with the project team customer till the completion of the software.

The project is mainly focused on the problem of data security over the cloud. The purpose is to provide security service, Intrusion Detection(ID) is a type of security management system for computers and networks. An ID system gathers and analyses information from various areas within a computer or a network to identify possible security issue. Which include both intrusions (Attack from outside or in Organization) and misuse. ID uses vulnerability assessment, which is a technology developed to access the security of a computer system or account.
2.1PRODUCT OVERVIEW
Create Account by the user.

Get Token No.

Token Encrypted By developer
Key share with User
Accessing Data on Cloud
Get Alert on mail-id if try to access data
2.2USE-CASE Scenario
This section provides a usages scenario for the software.

2.3USE-CASE
The use case is a record of steps, typically defining intercommunication between a user and a system to achieve a goal. The actor can be a human or an external system.

In Software and system engineering, a use case is a list of steps, typically defining the interaction between a role known in UML as an actor and a system, to achieve a goal. The actor can be a human or an external system. A use case illustrates a unit if functionality provided by the system, the main purpose of the use-case diagram is to anticipate the functional requirements of a system, including the relationship of “actors” to essential processes, as well as the relationship among different use cases.

2.4USE-CASE DIAGRAM
A use diagram is a graphic representation of the interactions among the component of a system. A use case diagram is a graphic representation of the interactions between the components of a system. A use case is a methodology used in system analysis to identify, clarify, and organize system requirements. The below use cases are used to show the use-case view of the system as shown in fig. 18

Figure: Use-case diagram for working in the cloud with token encryption. 18
2.5CLASS DIAGRAM
A Class Diagram in the Unified Modelling Language(UML) is a kind of static structure graph that depend on data provided by the user how developer handle with this. This framework demonstrating the class framework, their properties, operation between classes, or strategies, and the communication between article.

Figure: Class-Diagram of working in the cloud with token encryptions. 18
2.6ACTIVITY DIAGRAM
Activity Diagram is a graphical representation of work processes of stepwise flow of the working software. In UML action outline are planned to demonstrate both computational and hierarchical procedure that is workflow. We can say that activity diagram demonstrates the general stream of control.

Figure: Activity diagram for the working in the cloud with token encryption. 18
2.7COMMUNICATION DIAGRAM
Communication diagram we also called as collaboration diagram in the Unified modeling language. Is an also, one type of interaction diagram that shows the interaction objects or parts using a sequence of operation. Communication diagram we can say that replaced by to simple sequence diagram. With frame, lifeline message using these e major aspect is using in communication diagram. Follow communication diagram show the sequence of operation over the cloud.

Figure: Communication diagram for working in the cloud with token encryption 18
2.8FUNCTIONAL MODEL
The functional model defines a function of a software and how the system must behave when presented with specific inputs or conditions. These may include calculations, data manipulation and processing and other specific functionality. A description of each major software function, along with class is presented in the figure. In the functional model, there is a working sequence of the software and this will use when actual software developer making. The data model is used in this, in this, we use DFD (Data Flow Model) this describe the overview of software and basic content of software. In this Model Level 0 and Level 1. Data flow model is valuable because of capture and documenting how data identified with the process and move through. The data-flow diagram has advantages that, modeling notations, they are simple and intuitive. It easy to explain the potential system to the user who can participate in validation and analysis.

2.9DFD (Data-Flow Model)
4602479311150001943100334010486918059690SERVICE PROVIDER
00SERVICE PROVIDER
4282440311150262128052070ACCOUNT CREATION
ACCOUNT CREATION
147828034163000left105410 USER
0 USER

3901440110490ALERT SYSTEM
0ALERT SYSTEM
1120140140970CLOUD SERVICES
0CLOUD SERVICES

Figure: DFD Level 0
A level 0 data flow diagram (DFD), we can also Context Diagram, shows data system with the boundary between the system, or part of a system, and its environment. Data system and indicate the way it interacts with external entities.

In Above the entities are shown and this follows the action for the user to alert system, that user or the user in the system. User basic operation how user access that with the cloud services, when someone trying to access his account or data that should be alert by the mail. And it useful for the prevent user account and his private data.

In DFD (Data-Flow Model) Level 1 diagram describe the inside contents of the software how the working process is work in general. In general, we can say that data flow of the software for developer understand as well as a user for the normal uses. The below Level 1 diagram shows the process and data flow of Secure Data Using Token System Over Cloud. 19
2827020-129540Administrator / Provider
00Administrator / Provider
-15240-114300 Cloud Database
00 Cloud Database
14249402895601455420-45720
358140012573002628900132715
3665220295910Website Activity
Website Activity
1965960288290Website Management
0Website Management

2415540342265USER
USER

4015740246380Report
Report
36499802921005250180276860Issue
00Issue
1371600170180Information
0Information
13030207874000
3764280244475Access Website
0Access Website
3413760236855001577340252095Operation
00Operation
131826029781500left-635Services
00Services

3116580825500024460209779000
357378083185User Get Alert on Mail
00User Get Alert on Mail
100584067945Unauthorized
Access
00Unauthorized
Access

2476500107315Alert System
00Alert System

Figure: DFD Level 1
2.10ESTIMATION OF SOFTWARE RESPONSE
Project Cost
The model followed is the Constructive Cost Model (COCOMO) for estimating the effort required in completing the project. Like all the estimation models, the COCOMO model requires sizing information. This information can be specified in the form of. 20
Object Point
Function Point FP
Lines of Source Code KLOC
For my project, I use the sizing information in the form of Lines of Source Code.

Total Lines of Code for my project, KLOC = 10K (approx.).

Cost of each person per month Cp = €14 (per person-hour)
Equations
The initial effort (Ei) in man-months is calculated using the equation:
E = a*KLOCbWhere, a=3.0, b=1.12, for a semi-detached project
E=Effort in person-hour
D= a*EbWhere, a=2.5, b=0.32, for a semi-detached project
D=Duration of the project in months. 20
2.11Summary
COCOMO consist of a hierarchy of three increasing detailed and accurate forms.

The first level, Basic COCOMO is good for a quick rough order of magnitude estimate of software costs, but its accuracy is limited due to its lack of factors to account for the difference in project attributes.

Traditional COCOMO takes these Cost Drivers into account and Detailed COCOMO additionally in project attributes.

The detailed model uses different effort multipliers for each cost drivers attribute these point sensitive effort multipliers are each to determine the amount of effort required to complete each point. 21
2.12Performance Bounds
2.12.1Technical Performance
Technical feasibility is evaluated based on factors like performance, ease of development, availability of hardware and re-usable code availability. It was using these parameters that platform was selected. Since the feasibility of running this software was estimated to be of minimal risk, these were selected as the platform for development. Java works well with very slow system configurations also. This assures us the feasibility of installing and using the system without imposing very high system requirement. Technical feasibility is to estimate either it is feasible to develop the proposed system with the available hardware and software and cloud resources. Since proposed hardware, Software, and cloud requirement are easily available, the development of the application is feasible.

2.12.2Operational Performance
Operational performance is feasible on human resources access for the current project and they involve projecting whether the system will be used if is developed and implemented. It also determines how to propose well system resolve the problem and takes their advantages of the proposed system. Giving opportunities identified during scope definition. To find feasibility it is very important to understood management commitment.
The essential query that helps in testing the operational practicability of a system include the following.

Does current model of operation provide appropriate throughput and response time?
Does current system provide end users and managers with timely, pertinent accurate and useful formatted information?
Does current mode of operations provide fruitful information services to the business?
Could there be a reduction in cost and or an increase in benefits?
Does current mode of operations offer effective controls to protect against deception and to promise accuracy and security of data and information?
Does current mode of operations make maximum use of available resources, including people, time, and flow of forms?
Does current mode of operation provide reliable services?
Are the services flexible and expandable?
Are the current work practices and procedures appropriate to support the new system? 27
2.13Software Quality Attributes
Availability – (Reliability quality attributes falls under this category) The measure of time that the system is up and running correctly, the length of time between failures and the length of time needed to resume operation after a failure.

Usability – The ease of use and of training the end users of the system. Sub qualities: learnability, efficiency, affect, helpfulness, control.
Interoperability – The ability of two or more systems to cooperate at runtime.

Modifiability – The ease with which a software system can accommodate changes to its software.

Portability – The ability of a system to run in different computing environments.
Reusability – The degree to which existing applications can be reused in a new application.

Testability – The content with which software can be made to demonstrate its faults.

Accessibility – Software access user-friendly.

2.14DESIGNING SOFTWARE
The proposed architecture is based on the concept of token encryption for the user data and belonging to the user account. The existence of a signature increases the size of data and user which require more careful and secure. The data overhead is independent of cloud services hardware architecture, data transmission standard and encryptions standard.

2.15ARCHITECTURAL DESIGN
2.15.1 System Architecture
System Architecture defining the how developer designed the software using the basic requirement. And this will help when using real life, that much better experience gets by the user and give feedback about this developer team. In this system, architecture system is divided into three parts, and this three-part working in a different condition that should be client and server. Three parts listed below.

Client Group
Cloud Services
Developer Group
1. Client Group: –
The Client Group is basically participant they actual user of the software. This Client Group Consist of end user system such as desktop/laptop, mobile tablet, and smartphone etc. It might be also including a separate app server form the participant. Or any organization or university. If the participant is using the Cloud Services as per cloud server, the client systems must combine with the server via Cloud services. If the user wants any push messages are a requirement, the client system must support the cloud services.

2. Cloud Service: –
Cloud services are provided by any cloud services like Google, Amazon, Microsoft. We use their cloud space for our system access for the participant. It uses serval common standard technologies provided by the services if there can be unified communication between the devices.

3. Developer Group: –
This section there is core teamwork for the end user and that will take requirement of the user and new technologies of the cloud or any user requirement. We can change as per your requirement and what they need for the using new software. maintenance of the software and new updating as per technologies upgradation.

The Following architecture shows the working of three part of the system and it’s showing how workflow going in the system.

2644140-708660Front-End Application
0Front-End Application
2430780-815340
Application using over cloud
0
Application using over cloud
4754880205740Front-End Application
0Front-End Application
4480560-708660Front-End Application
0Front-End Application
3192780-3048005539740-35814041529004114802743200243840Front-End Application
Front-End Application
1165860-15240-480060-243840End-user System
00End-user System
Authentication
32080209525
25603203152775Different Services Provider in cloud
Aws DB Google DBOracle DB
SomeX DB SomeXY DB
0Different Services Provider in cloud
Aws DB Google DBOracle DB
SomeX DB SomeXY DB
5273040245237032004008743951691640127063543205406610352567940318135 Access Over Cloud Cloud Database Cloud Data Storage
Access Over Cloud Cloud Database Cloud Data Storage
5006340136969558064409810752842260447675 Data
0 Data
-327660653415Security Services over Cloud
Security Services over Cloud
-5029201581150-1752601743075Digital Signature
00Digital Signature
-2133603175635Encrypted Token Creation
Encrypted Token Creation
-1371604333875Alert System for User
Alert System for User
Accessing Data over Cloud
center3619500left12700030403801651034518601270433578012705158740165103002280127000
4099560355603246120971550573024018034050139601955800
Figure: System Architecture
2.16TECHNOLOGY
2.16.1SSL (SECURE SOCKET LAYER)
A browser or server attempts to connect to a Websites, a.k.a. Web Server, secured with SSL. The browser/server requests that the Web Server identify itself.

The Web Server sends the browser/server a copy of its SSL certification.

The browser/server checks to see whether it trusts the SSL certification. If so, it sends a message to the Web Servers.

The Web servers send back a digitally signed acknowledgment to start an SSL encrypted session.

Encrypted data is shared between the browser/server and the Web Server.

Figure: SSL (Secure Socket Layer) Working. 22
4.16.2 N-LAYER ARCHITECTURE
A public-key cryptography algorithm which used prime factorization as the trapdoor one-way function.

Define
N==p, q
For p and q primes. Also defines a private key d and public key e such that,
de = 1 (mod (n)),
(e, mod(n)) = 1,
Where Ø (n) is the totient function, (a, b) denotes the greatest common divisor (so (a, b) = 1, means that a and b are relatively prime), and a =b (mod m) is a congruence. Let the message be converted to a number M. The sender then makes n and e public and sends.

E=M e(mod n)
To decode, the receiver (who knows d) computes
Ed=(Me)d=Me d=MN mod (n)+1=M (mod n)
since  is an integer. To crack the code,  must be found. But this requires factorization of  since,
mod(n)=(p-1) (q-1),
Both p and q should be picked so that P+1 and q+1 are divisible by large primes since otherwise the Pollard p-1 factorization method or Williams p+1 factorization method potentially factor n easily. It is also desirable to have Ø (Ø (p q)) large and divisible by large primes.

Then We make a table that defines the separate working as well as they integrated. 23
Cryptographic Algorithm Applicable Specification Cryptographic Function Code Size (in bytes) Data Rate (2) (Kbytes/sec)
T-Des FIPS 46-3 Basic Encryption and Decryption 7500 19.8(16 MIPs)
37.2(30 MIPs)
AES(128-bit) FIPS 197 Basic Encryption 3018 74.1(16 MIPs)
138.9(30 MIPs)
N- Layer FIPS 243 Basic Encryption and Decryption 10518 93.1 (32 MIPs)
176.1(62 MIPs)
Table 2: Working of Algorithm
2.17DATA DESIGN
2.17.1INTERNAL SOFTWARE DATA STRUCTURE
Hardware Requirement
RAM: 512 MB
Disk Space: 256 For JRE; 2 MB for Java Update
Processor: P4 366MHz Processor
Software Requirement
Operating System: Windows, Linux
Coding Language: JDK 1.7 or higher version.

IDE: Eclipse, NetBeans.

Web Server: Tomcat
3EXPERIMENTAL PART
3.1TEST SPECIFICATION
Software Testing is a study, conducted to provided stakeholders with statistics, about the quality of the product or services beneath test. Software testing can also arrange an objective, self-absorbed view of the software to allow to business to commend and understand the risks the risks of software implementation. Test techniques include the process if executing a program or application with the objective of finding software bugs (error or other defects)
It necessitates the execution of a software component or system component to access one or more properties of interest. In general, these properties indicate the extent to which the component or system under test: –
Encounter the requirements that lead its design and development.

Acknowledge correctly to all kinds of inputs.

Performs its functions within an acceptable time.

Is sufficiently usable.

Can be installed and run its deliberate environments.

Accomplish the general result its stakeholder’s desire.

As the number of possible tests for even simple software components is practically absolute, all software testing uses some action to select tests that are appropriate for the available time and resources. As a result, software testing typically (but not exclusively) attempt to find bugs and execute the program. The job of testing is a simple process as when a bug fixes, it can flash other, deeper bugs, or can even create a new one. Software testing can provide objective, independent information about the quality of software and risk of failure to users and/or sponsor. Software testing can be performed as soon as early software. The overall access to software development often determines when and how testing conducted. 24
3.2GOALS AND OBJECTIVES
Searching defects which may get produced by the programmer while developing the software.

Gaining assurance in and providing information about the level of quality.to negate defects.

To make protect, that the result fascinates the business and user requirements.

To ensure that it fascinates the BRS that is Business Requirement Specification and SRS that is System Requirement Specification.

To gain the principle of the customers by providing them an aspect product. 25
3.3STATEMENT OF SCOPE
The universal goal of testing is to ensure the xyz…. Application, application encounter all its technical, functional and business requirements. The purpose of this document is to describe the overall test plan and strategy for testing the XYZ… application. The approach defines in this document provides the framework for all testing related to this application. Separate test cases will be written for each version of the application this is released. This document will also be updated as required for each release.
Factors influencing test scope
Size of Project
Complexity of Project
Amount of money needed for the project
Time scope for Project
Number of staff
Why test at different levels.

Software development naturally split into phases.

Easily track bugs
Ensure a working subsystem/component/library
3.4TEST PLAN
A document defining the scope, approach, resource, and schedule of intended test action. It identifies amongst others test items, the features to be tested, the testing tasks, who will do each task grade of tester independence, the test set, the test design techniques and entry and exit criteria to be used, and the rationale for their choice, and any risks contingency planning. It is a record of the test planning process.

A test strategy is a reduction that recounts the testing approach of the software development cycle. It is created to inform project managers, testers, and developers about some key issues of the testing process. This includes the testing goals, techniques for testing new functions, total time and resources required for the project, and the testing environment. Test method describes how the product risks of the stakeholders are diminished at the test, level, which types of test are to be performed, and which entry and exit criteria apply. They are created based on enlargement design documents. System design documents are essentially used and occasionally, conceptual design documents may be referred to. Design documents describe the functionality of the software to be empowered in the upcoming release. For each stage of development design, a corresponding test strategy should be created to test the new feature sets. 26
3.5UNIT TESTING
Here, I have performing module level testing, checking for each input to be tested in computer programming, unit testing is a procedure used to validate that individual unit of the source code are working perfectly. A Unit is the smallest testable piece of an application, in procedural programming, a unit may be an individual program, function, procedure etc. While in object programming, the smallest element is a method, which may belong to a base or super class, abstract class or derived/child class.

Ideally, each test case is separate from others, mock or fake objects, as well as a test harness, can be used to assist testing a module in desolation. Unit testing is typically done by developers and not by software testers or end users.

The goal of unit testing is to desolation each part of the program and show that the separate parts are correct. A unit test provides a script, written contract that the piece of code must satisfy. As a result, affords several assets.24
3.6INTEGRATION TESTING
Integration testing is the phase of software testing in which individual software module are combined and tested as a group. It follows unit testing and precedes system testing. Integration testing takes as its input modules that have been unit tested groups them in aggregates, applies test defined in an integration test plan to those aggregates and delivers as its output the integrated system ready for system testing. The purpose of integration testing it to verify functional, performance and reliability requirements placed on major design items, This “Design items”. i.e. assemblages (or group of units) are exercised through their interfaces using black box testing, success and error cases begin simulated via appropriate parameters and data inputs. Simulated usage of shared data areas and interprocess communication is tested and individual subsystems are exercised through their input interfaces. Test cases are constructed to test that all components within assemblages interact correctly, for example across procedure or process activation and this is done after testing individual modules i.e. unit testing. 24
Test ID Test Case Procedure Expected Results Actual Results Pass/ Fail
1 Starting Getting Started Opening Webpage As expected Result Pass
2 Buffer Size Entering any buffer size Able to take any buffer size As expected result Pass
3 User Account Creation All user information Storage in cloud As expected result Pass
4 Check Account Details All information right Checking from cloud As expected result Pass
5 Account Details Wrong Information Wrong Checking from cloud As expected result Pass
6 New Account Creation Fill all details of new User Saved in cloud As expected result Pass
7 Checking cloud Data Information Fill Update cloud As expected result Pass
8 New Account Confirmation Check user verification Information saved to cloud and confirmation to the user As expected result Pass
9 Token Creation Encryption using N- layer algorithm Private key share with the user As expected result Pass
10 User Operation Save data Accessing all data As expected result Pass
11 Key Lost Verification of user associated with the account Check all information and share key As expected result Pass
12 Account Pass lost Verification of Database information Check all Account information As expected result Pass
13 Update website All new design Developer design As expected result Pass
14 Try to access account Key wrong password wrong Not open and send email to the user As expected result Pass
15 Alert for user Registered Mail Send alert mail to a user As expected result Pass
16 User data Saving data n cloud Data save successfully As expected result Pass
17 User Change Password Getting alert mail for security Data changed in the cloud As expected result Pass
18 Access account using new details New details Data change for the user As expected result Pass
19 All operation did User logout Data saved, the user successfully logs out As expected result Pass
Table 3: Test Cases
3.7VALIDATION TESTING
Deciding, if the system observes, with the requirements and performs functions for which it is deliberate and meets the organization goals and user needs.

Validation is done at the end of the development process and takes place after verification is accomplished.

It answers the question like: Am I building the right product?
Am I accessing the right data (in term of the data crucial to fulfilling the requirement)?
It is a high-level action.

Performed after a work product is produced against established criteria ensuring that the product integrates precisely into the environment.

Determination of precision of the final software product by a development project with respect to the user needs and requirements. 24
3.8GUI TESTING
GUI is a hierarchical, graphical front-end to the application, contains graphical objects with a set of properties.

During execution, the values of the properties of each object of a GUI defines the GUI state.

It has potential to exercise GUI events like key press/mouse click.

Able to provide inputs to the GUI objects.

To check the GUI representations to see if they are uniform with the expected ones.

It strongly relies on the used technology. 24
3.9TEST PROCEDURE
Test work products that represent that represent how the system is tested (e.g. test strategies and plans), that test the system (e.g. manual and automated tester), or that present test result (e.g. test dashboards as discussed in Communicating test status and progress in Agile).
Requirement Analysis: Testing should begin, in the requirements phase of the software development lifecycle. During the design phase, testers work to decide what aspects of a design are testable and with what variable those tests work.

Test Planning: Test procedure, test plan, testbed creation. Since many actions will be borne out during testing, a plan is needed.

Test Development: Test procedures, test scenarios, test cases, datasets, test scripts to use in testing software.

Text Execution: Testers assassinate the software based on the idea and test documents the defect found to the development team.

Test Reporting: Once testing is completed, tester make matrices and make final reports on their test attempt and whether the software tested is fir for discharge.
Test Result Analysis: Defect analysis, is done by the development team usually along with the client, to determine what defect should be allocated, fixed, rejected (i.e. found software working properly) or deferred to be dealt with later.

Defect Retesting: Once a defect has been detected by the development team, it is retested by the testing team. AKA resolution testing.

Regression Testing: It is common to have a small test program developed of a subdivision of tests, for each combo of new, altered, or fixed software, to ensure that the latest shipment has not ruined anything and that the software product as a complete is still working correctly.

Test Closure: Once the test meets the exits benchmark, the activates such as grab the key outputs, lessons learned, result, logs, documents combine to the project are archived and used as a reference for future projects.
When we are making new software using technology is essential that we should compare with other product that is using right now using in the market. Because of no of the reason behind that. Some of follow.

User Satisfaction: No of the product is available in online market, but still we can attract the user to our product. Showing best user-friendly ness and feature is available in our product.

Simple Working: This much matter in product or software, the user wants to consume their time to save data and other operation of data.

Large Amount of data: to get a large amount of data on cloud better option to having rather than using other Hardware (hard drive, pen drive).

We can make basic differentiation from right now situation.

Sr. No. Parameters Existing Approach Proposed Approach
1 Algorithm for encryption Asymmetric Symmetric
2 Encryption Slower Faster
3 Security Less Secure More Secure
4 Data Consumption Low High
5 Throughput Low High
6 Confidentiality Less More
Table 4: Basic Difference Between System
3.10ANALYSIS OF PRODUCT
In above differentiation, the basic difference clears the right now existing approach and proposed approach. This Proposed system is better than the existing system. Comparing Scenarios showed in above table, this can be divided into two distinct grouping concerning the style of interaction. The Following Some Point that clear scenarios of comparison the experiment.

Compute
Storage
Database
Security
Developer Tools
3.10.1COMPUTE
In modern computing, we can refer to related to activities, applications or workloads the more require processing resources than its memory. Generally, computing is used to describe the concept of and objects geared towards computation and processing.

Example – CPUs, APUs, and GPUs are considered compute resources while graphics processing application in 3-D rendering and video games. The following table describes the difference between existing cloud system and new approach cloud system.

Services Digital Ocean Fujitsu OVH Token System Cloud
Deploy, manage and maintain virtual servers Elastic Compute Cloud(EC2) Compute Engine Virtual Machine Scale Sets Web Platform
Platform-as- as-services Elastic Beanstalk Google App Engine Cloud Services Web Services
(Website Access)
Virtual private servers made easy LightSail Virtual machine Images Google Chrome, Internet Explorer
Management Support EC2 Container Service Kubernetes Engine Container Services Container Services created by developer
Docker Container deployment Container Engine Container Service Container Services
Cross-premises connectivity API Gateway Cloud VPN VPN Gateway Local Host
Manage DNS and record Route 53 Google Cloud DNS Traffic manager Wireshark
Load Balancing Configuration Elastic Load Balancing Cloud Load Balancing Load Balancer Apache web server
Integrated System Lambda Cloud Function Web Jobs User Integration Services
Private Cloud Private Networking Virtual Private Cloud Virtual Private Cloud
Virtual Network Virtual Private Cloud Space
Table 5: Comparison Between Compute of Services 17
We show in graph format so it’s easy to understand the existing approach versus new approach.

Figure: Experimental output of Compute working.

3.10.2STORAGE
The main function of Cloud is storage capabilities. So, in this section, we discuss storage and their basic requirement. In our case, we are taking Cloud from outside. So, for we are taking large required space we took one services provider and we distributed them. The following table shows the difference between other services and Token system cloud
Services Digital Ocean Fujitsu OVH Token System Cloud
Object Storage Simple Storage Services Google Cloud Storage Block Blob Simple Storage Services
Archive Storage Data Archive Cold line Archive Archive
Create a shared file system Elastic File System Avere Files Encrypted File
Bulk Data Transfer Import/Export Disk Storage Transfer Service Azure Data Box Local Disk Services
Automatic Recovery Disaster Recovery Site Recovery Account Recovery with user data
Table 6: Comparison Between Storage System 17
We show in graph format so it’s easy to understand the existing approach versus new approach.

Figure: Experimental output of Storage working.

3.10.3DATABASE
The main implementation is required Database and their operation for the user. User requirement of the account and complain about services we can store in Database. We also must take care of their username, password, and other important user information. The Following table shows the Difference user friendly-ness other services and Token System Cloud. Right now, in an existing system using NoSQL services in this approach, we are using MYSQL. The Following table show difference between storage services
Services Digital Ocean Fujitsu OVH Token System Cloud
Relational Database for services RDS Cloud SQL SQL Database PL/SQL
NoSQL
(Indexed) Dynamo DB Cloud Datastore Cosmos DB Oracle Database
NoSQL(Key-value) Simple DB Cloud Datastore Table Storage Simple DB
Caching ElastiCache Cloud CDN Redis Cache PGA Memory
Database Migration Database Migration Service Database Migration Services Schema Conversion Services
Managed Data
Warehouse Redshift SQL Data Warehouse Oracle Data
Warehouse
Table 6: Comparison Between Database System 17
We show in graph format so it’s easy to understand the existing approach versus new approach.

Figure: Experimental output of Database working.

3.10.4SECURITY
While Security and privacy concerns, Cloud computing is the best thing that gives the best security. The economical, scalable, and on-demand services are most used. And cloud attracts the attention of industry and community. The Following table shows the difference between the security issue and their solution to the existing system and token system cloud.
Services Digital Ocean Fujitsu OVH Token System Cloud
Authentication and Authorization Identify and Access Management Cloud IAM Active Directory User Validation with Digital signature
Information Protection Information Protection Token Given After registration
Protect with Data encryptions Key Management Services Storage Services Encryption N-Layer Architecture Encryption
Hardware-based Security modules Cloud HSM Cloud Key Key Vault Private Key
Firewall Web Application Firewall Application Firewall Web Application Firewall
Cloud assessment and certification services Inspector Security Center Digital signature
Directory Services AWS Directory Services Domain Services User Database
Identity management Cognito Active Directory Digital signature
Support Cloud directories Directory Services Windows Server Active Directory Services
Compliance Artifact Service Trust Portal Feedback community
Cloud Services protection Shield DDoS Protection Services Shield
Table 7: Comparison Between Security 17
We show in graph format so it’s easy to understand the existing approach versus new approach.

Figure: Experimental output of security working.
3.10.5DEVELOPER TOOLS
And Finally, the tools we need build, diagnose, debug, and manage multiplatform, scalable applications and services. Cloud computing is becoming a more convenient mechanism for a developer for deploy application. Where IaaS and SaaS providers offer access to such services as online.

Services Digital Ocean Fujitsu OVH Token System Cloud
Media transcoding Elastic Transcoder Media Service Media Services
Improve Workflow Simple Workflow Services Logic Apps User Services
API management API Gateway API management API management
App Testing Device Farm Cloud Test Lab DevTest Labs(backend) Maven
Git Repositories AWS Source Repositories Cloud Source Repositories Azure Source Repositories GitHub Repositories
DevOps Code Build Visual Studio Team Services NetBeans
Programmatic access Command Line Interface Cloud Tools for PowerShell Command Line Interface Editor Tools
Predefined Templates Quick Start QuickStart Templates QuickStart
Managed Hosting Platform Elastic Beanstalk Web Apps Launching Website
Application Deployment Code Deploy Visual Studio Team Services NetBeans
Table 8: Comparison Between Developer Tools 17
We show in graph format so it’s easy to understand the existing approach versus new approach.

Figure: Experimental output of Developer Tools working.

3.11ALGORITHM
Algorithm No 1: – Token Encryptions
The Algorithm implemented for user token encryption in first fall step from the developer side. This Token is useful when a user accesses his data from his/her account.

Step 1)
When CC send RQ= CS, then new account created, and client registered.
Step 2)
If MEM=CON, then unique token ID is generated on that ‘U’ for a specific user.

Step 3)
User ID= *****, user pass= *****, created and the token encrypted with N-Layer algorithm.

Step 4)
If (U_ID= correct)
{
Authorized User
}
Else
{
Intruder (Fake Client)
}
Step 5)
If Token ID does not match with the database entry for a specific user that indicate the presence of Intruder and repeat Step 1 or else data transfer through secure channel and receiver.

Step 6)
User Lost key, user get option recover his key option and account recovery.

Algorithm No 2: – N-Layer Algorithm
Step 1)
Using the DES Algorithm, string “Information Security” into by applying the 128-bit key.

‘M)Q(Z=Pm7Goud’zo)-Y”
Key K= { ?,”,1,~,F,S,J,O }
Step 2)
Now using 3DES algorithm convert string “Information Security” to get the encrypted string
“OC.=S$+M|=Pun|OU-{E ” (using 192-bit key)
K={$, ! ,+,t,(,w,{,s,j,H,~,6,d,o,$,2,6,1,;,@,a,#}
Step 3)
Add the splitter “~>6″ to the output obtain step 1 to result become
‘M)Q(Z=Pm7Goud’zo)-Y” “~;6″
Step 4)
Add the output of the 3DES algorithm to result obtained into step 3 to the result become
‘M)Q(Z=Pm7Goud’zo)-Y” “~>6” “OC.=S$+M|=Pun|OU-{E ”
Step 5)
Again, add the splitter “~>6″ to the result obtained in step 4 result
‘M)Q(Z=Pm7Goud’zo)-Y” “~;6” “OC.=S$+M|=Pun|OU-{E ” ~>6″
Step 6)
Finally, AES encrypted algorithm having 256-bit key
K = {d,*,u,?,~,!,`,k,-,2,f,a,,I,+,k } is applied to the input string “Information Security” then the result
“CEAgU=Yf+7t