A PRIVACY-PRESERVING FRAMEWORK FOR CLOUD

DATA ACCESS USING THE DATA CONCEALMENT

MODEL

A PROJECT REPORT

Submitted by

BRYAN ALAN A (210521104019)

JEIN JASPHER J (210521104047)
LINO FEDRICK J (210521104057)

in partial fulfillment for the award of the degree

of

BACHELOR OF ENGINEERING
In

COMPUTER SCIENCE AND ENGINEERING

DMI COLLEGE OF ENGINEERING, CHENNAI

(An Autonomous Institution)

ANNA UNIVERSITY :: CHENNAI 600 025

JUNE 2025
 ANNA UNIVERSITY : CHENNAI 600 025

BONAFIDE CERTIFICATE

Certified that this project report “A PRIVACY-PRESERVING FRAMEWORK

FOR CLOUD DATA ACCESS USING THE DATA CONCEALMENT MODEL
”, is the bonafide work of “ BRYAN ALAN A (210521104019), JEIN JASPHER
J (210521104047), LINO FEDRICK J (210521104057)” who carried out the project
work under my supervision.

SIGNATURE SIGNATURE

[Link] BRABIN M.E.,Ph.D, MR. D RAJ THILAK M.E,

HEAD OF THE DEPARTMENT SUPERVISOR
PROFESSOR ASSISTANT PROFESSOR
Department of Computer Science and Department of Computer Science and
Engineering, Engineering,
DMI College of Engineering, DMI College of Engineering,

Autonomous Project Viva-Voce held on

INTERNAL EXAMINER EXTERNAL EXAMINER

ACKNOWLEDGEMENT

We are immensely pleased in taking up this opportunity to thank the LORD

ALMIGHTY for showering this unlimited blessing upon us.

We take this opportunity to express our gratitude to our Founder and chairman
[Link], our Correspondent [Link], for allowing us to take
over this project.

We thank our principal [Link] Jamuna Anand, [Link],Ph.D., who has always
served as an inspiration for us to carry out our responsibilities also providing comfort
zone for doing this project work.

We wish to express our sincere thanks to [Link] Brabin, M.E., Ph.D.,

Head of the Department and [Link] M.E.,Ph.D., Project Coordinator for their
scintillating discussion and encouragement towards our project.

We express our deep sense of gratitude to our esteemed Supervisor, MR. D Raj
Thilak M.E, for constant guidance and cooperation during the project work.

It is a pleasure to acknowledge our indebtedness to all the Teaching and Non-

Teaching staff of Department Computer Science and Engineering who aided us
successfully to bring our project as an effective one.

Further thanks to our parents, our family members and friends for their moral support.

BRYAN ALAN A
JEIN JASPHER J
LINO FEDRICK J
 ABSTRACT

Cloud computing has significantly impacted organizational operations by

providing ondemand access to resources, yet cross-organizational data sharing
remains a challenge due to the need for mutual agreement on how data is
processed. Data protection becomes critical in cloud computing, where
organizations must trust that others comply with data-handling agreements and
regulations. Given that cloud data is highly sensitive, robust protection
mechanisms are essential to ensure confidentiality and security during data
access. This project introduces the Data Concealment Model, which enhances
data protection in cloud storage by safeguarding access patterns. The model
integrates four innovative cloaking methods: LongTerm Cloaking, Multi-Region
Based Cloaking, Time-based Cloaking, and Geolocation-based Cloaking. These
techniques work together to detect and differentiate between legitimate users and
bots, ensuring that only authorized users access benign content while
unauthorized users receive disguised content, thereby preventing malicious
intrusions. Additionally, the project employs the Camouflage Data Disguise
technique that combines Chaffing and Winnowing with the ChaCha20 encryption
algorithm to securely disguise content for unauthorized access attempts. This
model not only ensures data confidentiality, location-based access control, and
global consistency but also simplifies certificate and key management, reducing
system workload. By addressing critical data-sharing challenges, the proposed
model offers a secure, privacy-preserving solution for cloud storage, streamlining
security infrastructure and facilitating seamless, protected data access across
organizations.

i
 TABLE OF CONTENTS
C. NO TITLE PAGE NO
ABSTRACT i
LIST OF FIGURES iv
LIST OF TABLES v
LIST OF ABBRIVATION vi
1 INTRODUCTION 1
1.1. Overview 1
1.2. Problem Statement 1
1.3. Cloaking 3
1.4. Aim And Objective 5
1.5. Scope Of The Project 6
2 LITERATURE SURVEY 7
2.1 General 7
2.2 Related Work 7
3 SYSTEM ANALYSIS 13
3.1. Existing System 13
3.2. Proposed System 14
4 SYSTEM IMPLEMENTATION 17
4.1. Modules Description 17
4.1.1. Cloud Service Provider Web App 17
4.1.2. End User Interface 17
4.1.3. Cloaking Wall Model 19
4.1.4. Bot Identification And Data Distribution 20
4.1.5. Disguise Data Generator 21
5 SYSTEM REQUIREMENTS 23
5.1. Hardware Requirements 23
5.2. Software Requirements 23
6 SYSTEM DESIGN 24
6.1. System Architecture 24
6.2. Dataflow Diagram 25
6.3. UML Diagram 26
6.3.1. Use Case Diagram 26
6.3.2. Activity Diagram 27

ii
 6.3.3. Sequence Diagram 28
6.4. Table Design 29
7 SYSTEM TESTING 35
7.1. Software Testing 35
7.2. Test Cases 37
7.3. Test Report 39
8 CONCLUSION AND FUTURE ENHANCEMENT 43
8.1. Conclusion 43
8.2. Future Enhancement 43
APPENDIX 45
I. Source Code 45
II. Snap shots 57
BIBILIOGRAPHY 65
Web References 66

iii
 LIST OF FIGURES

FIGURE TITLE PAGE NO

1.1. Cloud Computing 1
1.2 Securing Cloud Data 2
1.3. Cloaking 3
1.4. Chacha20 5
6.1. System Architecture 24
6.2. Data Flow Diagram 25
6.3. Use case diagram 26
6.4. Activity Diagram 27
5.5. Sequence Diagram 28
7.1 Bug Report 42
9.1 Home Page 57
9.2 Data Owner Registration Page 58
9.3 Admin Login 58
9.4 Admin Dashboard Page 59
9.5 Data Owner Login Page 59
9.6 User Creation Page 60
9.7 File Upload Page 60
9.8 Sharing Files 61
9.9 Selecting The Cloaking 61
Method
9.10 Location Selection Page 62
9.11 Chosen Time Based Cloaking 62
9.12 Data User Login In Database 63
9.13 Viewing Datas of Owner 63
9.14 Concealed Data 64

iv
 LIST OF TABLES

TABLE TABLE NAME PAGE NO

6.1. Admin Login 29
6.2. Data Owner Register 29
6.3. File Uploaded Details 30
6.4 Long Term Wall Model 31
6.5 Geolocation Wall Model 31
6.6 Time Wall Model 32
6.7 Region Wall Model 32
6.8 File Access Log 33
6.9 Unauthorised Access Log 33
6.10 Data User 34

v
 LIST OF ABBREVIATION

[Link] ABBREVIATION EXPANSION

1 CDN Content Delivery Network
2 IAM Identity And Access Management
3 GCP Google Cloud Platform
4 AWS Amazon Web Services
5 APIS Application Processing Interfaces
6 UT Usability Testing

vi
 CHAPTER 1

INTRODUCTION

1.1. OVERVIEW

An enterprise cloud brings together private, public, and distributed clouds

in a unified IT environment. It offers a centralized control point. From there,
businesses can manage enterprise cloud applications and infrastructure in any
cloud. An enterprise cloud provides businesses with a seamless, consistent, and
high-performance experience. Enterprise cloud computing is the process of using
virtualized IT resources such as external servers, processing power, data storage
capacity, databases, developer tools, and networking infrastructure by companies
and organizations. Enterprise cloud solutions help organizations optimize their
operations and cut costs.

Fig 1.1. Cloud Computing

The cloud computing framework provides an optimal environment for

faster, safer and cheaper delivery of IT services within an enterprise. The
enterprise architecture and cloud computing model form the skeleton and
blueprint that gives form to the digital side of your organization.

1.2. PROBLEMS STATEMENT

Rapid globalization of technology and the ever-expanding

interconnectedness of the ‘Internet of Things’ will continue to demand

1
our constant attention to considerations around information security; all channels,
all devices, all the time. Cloud security considerations span a range of concerns;
resource connectivity, user entitlements, data loss prevention,
transitory/stationary data handling and encryption policies, data security
classification restrictions, cross-border information flow...the list goes on. It is
not uncommon for information security considerations to run counter to cloud
solution patterns. Without clear information security guidelines articulated in the
Cloud Strategy, it is unlikely that the organization will be well protected from
security risks in the cloud.

Fig 1.2. Securing Cloud Data

The discipline of cyber security responsible for securing the cloud

computing environment is known as cloud security. Cloud security is aimed at
protecting data, infrastructure, and applications on the cloud. It requires the
administrator to protect data on a third party’s infrastructure. Today, enterprises
are transitioning to cloud-based environments at unimaginable speeds. The
migration of data and business content on the cloud has IT professionals
concerned because of the security and governance of the cloud environment.

2
Protecting customer data is crucial for building trust for the service providers.
Tradition network security and cloud security differ in certain aspects. The access
in traditional network security is controlled using a perimeter model. Due to the
large scale and flexibility of the cloud environment, implementing security
solutions in the cloud environment face numerous challenges. Since the data on
the cloud is accessed outside the corporate networks on numerous occasions
maintaining a record of the data access is difficult. In essence, the problem
revolves around the necessity for an advanced and comprehensive approach to
cloud data storage security. The proposed Cloaking Wall Model aims to provide
a holistic solution by addressing these concerns, offering persistent
confidentiality, global consistency, timed access controls, and location-sensitive
protection.

1.3. CLOAKING

The “cyber cloaking” initiative leverages emerging technology that can

actually hide (make invisible) or “cloak” any IP device, server(s) or secure cloud
services rendering them invisible to internal searches, external cyber-hackers, and
internet bots. Cloaking prevents leakage of information or service that is
vulnerable to web attacks. HTTP headers and return codes are concealed before
sending a response to a client.

Fig 1.3. Cloaking

3
CAMOUFLAGE DATA DISGUISE

Chaffing and Winnowing

Chaffing and Winnowing is a cryptographic algorithm that enhances the

security and privacy of transmitted data by introducing decoy information and
subsequently isolating the genuine content. Chaffing and Winnowing provide a
mechanism to obfuscate data during transmission by blending genuine
information with decoy elements and then selectively extracting the real content
using a secure key or algorithm.
Chaffing: Chaffing is the initial step in the process, where decoy or fake data,
known as "chaff," is intentionally added to the actual information being
transmitted. The chaff is designed to mimic the characteristics of the authentic
data, making it challenging for unauthorized entities to discern between the real
and the decoy elements. This introduces a level of confusion and complexity for
anyone attempting to intercept or analyse the transmitted information.
Winnowing: Winnowing is the complementary process to chaffing. It involves
the selective separation of the genuine data from the added chaff, using a specific
key or algorithm known only to the intended recipient. The key or algorithm
serves as the means to distinguish between the authentic content and the
deliberately introduced decoy elements. By applying this key during the
winnowing process, the recipient can effectively filter out the chaff, revealing the
original and unaltered information.

ChaCha20

ChaCha20 is a symmetric key stream cipher and one of the modern

encryption algorithms. It was designed by Daniel J. Bernstein, and it's a part of
the Salsa20 family of stream ciphers. ChaCha20 is known for its simplicity,
speed, and resistance to cryptanalysis. The ChaCha20 encryption algorithm is
designed to provide a combination of speed and security.

4
 Fig 1.4. ChaCha20

ChaCha20 is a stream cipher, meaning it encrypts data in a continuous stream

rather than fixed-size [Link] generates a continuous keystream of pseudo-
random bits, which are then XORed with the plaintext data to produce the
ciphertext.

1.4. AIM AND OBJECTIVE

Aim
The aim of the project is to establish an advanced cloud data security
framework by designing a Cloaking Wall Model integrated with camouflage
techniques. This framework seeks to enhance privacy and access control for
sensitive data stored in cloud environments.

Objectives
 To Develop a Robust Cloaking Wall Model: Create a secure foundation for
advanced cloud data security.
 To Integrate Camouflage Techniques: Implement Camouflage Data
Disguise for enhanced privacy.
 To Ensure Persistent Confidentiality: Fortify data security to prevent
unauthorized access.

5
  To Achieve Global Consistency and Access Control: Establish
mechanisms for timed access control and global consistency.
 To Implement Location-Sensitive Data Protection: Introduce measures for
enhanced data protection based on user geography.
 To Develop Bot Identification and Targeted Content Distribution: Create a
mechanism for bot identification and selective content distribution.
 To Address Cross-Organizational Data Sharing Challenges: Provide a
robust solution for secure cross-organizational data access.
 To Reduce Workloads of Certificate Management: Implement measures to
streamline certificate management.
 To Simplify Key Management: Develop strategies for key management
simplification while ensuring security.

1.5. SCOPE OF THE PROJECT

The project's scope is to enhance cloud data security through the

implementation of the Cloaking Wall Model integrated with advanced
camouflage techniques. This includes the development of a robust security
framework, leveraging Long-Term Cloaking, Multi-Region, Time-based, and
Geolocation-based Cloaking. The project also explores the integration of
Chaffing and Winnowing with the ChaCha20 encryption algorithm for added
privacy. Key objectives encompass persistent confidentiality, global consistency,
timed access control, and location-sensitive protection. Additionally, the project
addresses challenges in cross-organizational data sharing, integrates a bot
identification mechanism, and optimizes certificate and key management for
reduced workloads. The ultimate goal is to contribute to a secure and privacy-
preserving cloud data access environment while ensuring system efficiency and
simplicity.

6
 CHAPTER 2

LITERATURE SURVEY

2.1 GENERAL

A literature review is a critical analysis and summary of existing research

and scholarly articles on a specific topic or research question. It involves
systematically identifying, evaluating, and synthesizing relevant literature to
provide an overview of the current state of knowledge in a particular field.

2.2. RELATED WORK

Shota Fujii, Takayuki Sato, and Sho Aoki [1], addresses the growing
challenge of detecting cloaking techniques used by malicious hosts to evade
security mechanisms. Focusing on geofencing and time-based cloaking, the
authors developed an active monitoring system called Stargazer, which enables
long-term, multiregional surveillance of malicious domains. By observing 18,397
malicious hosts over a two-year period, the study uncovers how attackers
strategically hide their activities based on geographic location and time,
effectively bypassing traditional, single-point monitoring methods. Stargazer’s
broad data collection approach enhances the visibility of evasive behaviors that
are otherwise missed in short-term or localized analyses. While the paper makes
a significant contribution by revealing the persistence and adaptability of
cloaking strategies, it lacks detailed disclosure of the specific algorithms or
detection techniques employed, which may limit reproducibility and further
advancement.

Caixia Zhang and Zijian Pan [2], explores the pressing issues of data
security and user privacy in cloud-based systems, proposing an innovative
solution that integrates a logit link function with a longitudinal joint learning
framework for the gamma regression model. To further enhance data integrity

7
and traceability, the study leverages semantic web and blockchain technologies,
establishing a distributed, credit-guaranteed traceability mechanism for product
quality and safety throughout the supply chain. A concept verification system is
designed to ensure data accuracy and trust at each stage, promoting
interoperability across diverse systems via standardized ontologies and smart
contracts. While the proposed framework presents a promising direction for
secure, privacy-preserving data management in cloud environments, the study
lacks clarity on real-world implementation results, scalability, and dataset
specifics, which may limit its practical applicability and generalizability across
broader domains.

Seongmo An and Asher Leung[3], introduces Cloud Safe, an automated

tool designed to address the growing security challenges in cloud computing
environments. As cloud adoption increases, so do associated threat vectors,
necessitating tools that can proactively assess and enforce security measures.
Cloud Safe integrates various security tools and employs graphical security
models to evaluate vulnerabilities and recommend optimal countermeasures
within Amazon AWS environments. The tool analyzes four key defense
strategies—Vulnerability Patching, Virtual Patching, Network Hardening, and
Moving Target Defence—and presents proof-of-concept implementations to
validate their effectiveness. While Cloud Safe offers a practical solution for
automating cloud security assessments and control recommendations, the paper
does not provide detailed information on the underlying algorithmic mechanisms,
datasets, or real-world deployment outcomes, which may limit the replicability
and broader applicability of the proposed system.

Ishu Gupta, Ashutosh Kumar Singh, Chung-Nan Lee, and Rajkumar

Buyya [4], presents a comprehensive and systematic review of the prevailing
methods for ensuring data security and privacy in cloud computing environments.
Recognizing the growing reliance on cloud services and the corresponding

8
increase in data protection concerns, the authors analyze a wide range of
techniques—spanning cryptography, access control, watermarking, machine
learning, differential privacy, and probabilistic models—to evaluate their
functionality, scope, and effectiveness. The paper provides an in-depth
comparison of these approaches, identifies existing research gaps, and offers
guidance for future research directions. It underscores the importance of
integrating multiple security techniques to achieve robust and scalable data
protection. However, the study does not delve into specific algorithmic
implementations or datasets, which may hinder the assessment of practical
feasibility and limit its use as a technical blueprint for deployment in real-world
cloud environments.

Sajid Habib Gill, Mirza Abdur Razzaq, and Muneer Ahmad [5],
explores the critical security and privacy issues in cloud computing, with a
focused lens on smart campus environments. Through a detailed case study, the
authors examine threats such as data breaches, access control vulnerabilities,
cyber-attacks, and data availability concerns, emphasizing the urgent need for
robust security measures in educational and institutional cloud-based systems.
The study highlights the potential of blockchain technology as a transformative
solution for enhancing data integrity, reliability, and privacy in the cloud. By
anchoring the research in a real-world scenario, the paper provides practical
insights into the challenges and possible mitigations specific to smart campuses.
However, the lack of in-depth technical details, such as the specific
implementation of blockchain or any underlying datasets, limits the replicability
and technical validation of the findings, and may reduce its effectiveness as a
guide for deployment in similar environments.

Gajraj Kuldeep and Qi Zhang[6], presents a novel approach to

addressing the data privacy and efficiency challenges in cloud-assisted IoT
environments through a Multi-class Privacy-Preserving Cloud Computing

9
(MPCC) scheme. By leveraging compressive sensing (CS), the proposed MPCC
framework allows for efficient data compression, encryption, and recovery of
sparse signals, thereby reducing the computational burden on resource-
constrained IoT devices. The scheme supports multi-level privacy, with three
distinct variants tailored for different applications, including smart meter
statistics, electrocardiogram (ECG) signal anonymization, and image protection.
Unlike traditional encryption methods that are computationally intensive and ill-
suited for IoT sensors, MPCC enables secure and efficient processing while
minimizing transmission and storage costs. Theoretical security analyses
demonstrate the robustness of the scheme against ciphertext-only attacks.

Bonthala Prabhanjan Yadav and colleagues [7], presents a privacy-

focused approach to managing biometric authentication in cloud environments,
addressing the risks associated with storing and processing sensitive biometric
data on third-party platforms. The proposed strategy involves encrypting
biometric information before transmission to the cloud, where recognition tasks
are performed on the encrypted data—ensuring that the cloud provider cannot
access raw biometric content. This approach enhances both data confidentiality
and authentication accuracy, offering a solution that balances performance with
privacy protection. The system also incorporates a systematic security assessment
to mitigate threats such as detection attacks and collusion risks. Despite its
promise, the paper does not detail the specific encryption methods or recognition
algorithms employed, limiting its reproducibility and technical transparency.
Additionally, the absence of a dataset or implementation metrics restricts the
evaluation of its practical deployment and real-world effectiveness.

Karuna Pande Joshi, Lavanya Elluri, and Ankur Nagar[8], addresses

the growing complexity of data protection regulations in cloud computing by
proposing an automated, semantically rich knowledge graph to streamline
compliance processes. Recognizing that current compliance practices are largely

10
manual and inefficient due to fragmented and non-machine-readable regulations,
the authors design a system that captures data threats, security controls, and
compliance requirements across multiple jurisdictions. This integrated
knowledge graph enables automated reasoning and supports cloud service
providers in aligning their policies with global [Link] the approach
offers a significant step toward automated cloud compliance, the paper lacks
detailed algorithmic descriptions and provides minimal insight into the dataset
used, limiting its technical reproducibility and potential expansion beyond
security-focused compliance into broader IT governance models.

Siqian Gong et al.[9], presents a dynamic and intelligent approach to

resource allocation in cloud environments, where services often contend for
shared resources such as CPU and memory. Recognizing the limitations of single-
resource-focused methods, the authors propose an adaptive multivariable control
strategy that simultaneously manages multiple resources across multiple services,
dynamically adjusting allocations based on real-time fluctuations in workload
demands. This approach not only ensures quality of service (QoS) but also
effectively addresses the interference among co-hosted services, a critical issue
in shared cloud infrastructures. By executing combinatorial resource allocation
tailored to service characteristics, the method adapts to unpredictable changes and
enhances system responsiveness. However, the paper lacks specific algorithmic
details and omits information on the datasets used for validation, which limits the
transparency.

Hongbo Li and Qiong Huang [10], addresses the critical issue of data
privacy in cloud storage by proposing a novel cryptographic solution called
Identity-Based Encryption with Equality Test supporting Flexible Authorization
(IBEET-FA). This scheme allows authorized users to test whether two ciphertexts
encrypted under different keys contain the same underlying message, enabling
efficient searching and comparison of encrypted data without exposing the

11
plaintext. Built upon bilinear pairing, the methodology tackles the complexity of
performing equality tests in an identity-based encryption environment while
providing fine-grained authorization control over who can conduct these tests.
IBEET-FA helps to accelerate secure data sharing among groups and reduces the
key management challenges typical of traditional public key infrastructure.
However, the reliance on bilinear pairing introduces computational overhead, and
the authors acknowledge the need for future work to develop schemes that avoid
this expensive operation, pointing to a limitation in scalability and efficiency of
the current approach.

12
 CHAPTER 3
SYSTEM ANALYSIS

3.1. EXISTING SYSTEM

The existing system of cloud outsourced data protection encompasses

various mechanisms and practices implemented to safeguard data stored in the
cloud environment. Here is an overview of key elements in the current landscape:
 Encryption:
Encryption is a fundamental component of data protection in the cloud. It
involves the use of cryptographic algorithms to convert data into a secure format
that can only be accessed with the appropriate decryption key. Both data at rest
and data in transit are typically encrypted to prevent unauthorized access.
 Access Controls and Identity Management:
Robust access controls and identity management systems are implemented
to regulate who can access data in the cloud. This involves assigning and
managing user roles, permissions, and authentication mechanisms to ensure that
only authorized individuals or systems can interact with sensitive information.
 Firewalls and Network Security:
Network security measures, including firewalls, are employed to protect
the cloud infrastructure. Firewalls monitor and control incoming and outgoing
network traffic based on predetermined security rules. This helps prevent
unauthorized access and potential cyber threats.
 Regular Audits and Monitoring:
Continuous monitoring and regular audits of cloud environments are
conducted to identify and respond to security incidents promptly. This involves
tracking user activities, system events, and potential vulnerabilities, providing a
proactive approach to addressing security concerns. These systems can trigger
immediate alerts or initiate predefined responses, significantly reducing the time
to contain and mitigate potential security threats.

13
Disadvantages

 Encryption complexity may impact system performance.

 Traditional authentication methods may be vulnerable to attacks.
 Difficulty in navigating complex data protection regulations and ensuring
compliance.
 Heavy reliance on cloud service providers, with potential vulnerabilities in
their security practices impacting user data.
 Constraints in tailoring security measures to unique organizational
requirements.
 Service disruptions, maintenance, or cyber-attacks leading to temporary
loss of access to data.
 Secure protocols may be inconsistently implemented

3.2. PROPOSED SYSTEM

The proposed system endeavours to revolutionize cloud data security by
introducing a sophisticated Cloaking Wall Model specifically designed to
safeguard organizational operations in the ever-evolving landscape of cloud
computing. Addressing the inherent challenges of cross-organizational data
sharing, the system prioritizes the development of advanced security measures.
Among these measures are leakage-suppressed access controls, ensuring that data
remains confidential and shielded from unauthorized exposure. Additionally,
lightweight access controls are implemented to streamline user authentication and
authorization processes, minimizing computational overhead. The proposed
system incorporates cutting-edge encryption techniques to ensure persistent
confidentiality of data stored in the cloud, encompassing data at rest, in transit,
and during processing. To enhance global consistency in access controls, the
system adopts a unified policy approach, addressing challenges associated with
multi-region data access. Furthermore, time-based access controls are
implemented, allowing organizations to enforce temporal restrictions on data
14
access and fortify security by limiting access to predefined time windows.
Location-sensitive protection mechanisms are also introduced, providing an
additional layer of security through geofencing and tailored policies based on user
locations. The Cloaking Wall Model incorporates four distinct methods to fortify
data security and protect the access patterns of stored data. These methods are
strategically designed to address various aspects of security challenges in cloud
data storage:
 Long-Term Cloaking
This method focuses on providing extended protection for sensitive data
over prolonged durations. It involves concealing access patterns and data usage
trends over an extended timeframe, ensuring persistent confidentiality. Long-
term cloaking contributes to maintaining the privacy and security of stored data
over extended periods, preventing unauthorized inference from patterns of access.
 Multi-Region Based Cloaking
Recognizing the global nature of cloud services, multi-region-based
cloaking involves implementing security measures that transcend geographical
boundaries. By considering the diverse locations from which data access may
occur, this method ensures a consistent and standardized security posture
globally. It addresses the challenges associated with data access from different
regions, providing a unified approach to access control policies.

 Time-Based Cloaking
Time-based cloaking introduces temporal restrictions on data access,
allowing organizations to define specific time windows during which data can be
accessed. This method enhances security by limiting access to predefined
timeframes, reducing the exposure of data to potential threats. Time-based
cloaking adds an additional layer of control to access patterns, contributing to a
more secure cloud data storage environment.

15
 Geolocation-Based Cloaking
Geolocation-Based Cloaking tailors data protection based on a user's
physical location, adding a location-sensitive security layer. This approach
ensures access to sensitive data is granted only from approved geographic areas,
making it ideal for globally dispersed [Link], these four methods
form the Cloaking Wall Model, enhancing confidentiality, consistency, timed
access, and location-aware protection.
 Camouflage Data Disguise
Camouflage Data Disguise technique represents an advanced
cryptographic approach that seamlessly integrates Chaffing and Winnowing with
the formidable ChaCha20 encryption algorithm. This technique is strategically
designed to provide disguised data as a countermeasure against unauthorized
access, targeting both unpermitted users and potentially malicious bots.

Advantages

 Ensures data confidentiality at rest, in transit, and during processing.

 Reduces administrative workloads through efficient certificate
management.
 Provides an advanced layer of data privacy, ensuring that sensitive
information remains confidential during transmission.
 Minimizes the risk of unauthorized access

16
 CHAPTER 4

SYSTEM IMPLEMENTATION

4.1 MODULES DESCRIPTION

4.1.1. Cloud Service Provider Web App

The design and development of a Cloud Consumer Web App involve
several interconnected modules, each contributing to the seamless and efficient
management of cloud resources. The user authentication module serves as the
entry point, ensuring secure access through robust registration and authentication
processes, including multi-factor authentication for enhanced security. The heart
of the application lies in the dashboard module, providing an intuitive interface
for users to oversee and manage their cloud resources comprehensively. This
module encompasses features for resource provisioning, scaling, and
configuration, offering a centralized hub for users to interact with their cloud
services seamlessly. The dashboard module, at the core of the application,
seamlessly integrates the Cloaking Wall Model, providing users with an intuitive
interface for comprehensive cloud resource management while ensuring global
consistency in security measures. The monitoring and alert module is essential
for empowering users with real-time insights into the performance of their cloud
resources and timely notifications of any irregularities.

4.1.2. End User Interface

These modules collectively create a comprehensive End User Interface for

both Admins or Data Owners and Data Users, incorporating secure
authentication, data management functionalities, access control policies based on
the Cloaking Wall Model. It ensures seamless collaboration between users while
maintaining strict enforcement of data privacy and access policies. The interface
also supports real-time monitoring and logging of user activities, enhancing
accountability and system transparency.

17
Admin or Data Owner Interface
 Login Module
login module provides a secure authentication process for Admins or Data
Owners, ensuring only authorized access to the cloud management interface.
 Add and Manage Data
Admins can add, organize, and manage data within the cloud storage. This
module allows them to upload, categorize, and control access to various datasets.
It also supports version control and data updates, ensuring consistency and
traceability across modifications.
 Add and Manage Users
Admins have the capability to add new users to the system, defining their
roles and permissions. This module also allows them to modify or revoke access
as needed. It includes activity monitoring features to track user behavior and
ensure compliance with security policies.
 Provide Login Credentials to Users
Admins can generate and distribute login credentials for users added to the
system. This ensures a secure onboarding process for new users.
 Set Access Policy using Cloaking Wall Model
Leveraging the Cloaking Wall Model, this module enables Admins set
access policies. Admins can define Long-Term Cloaking, Multi-Region based
Cloaking, Time-based Cloaking, and Geolocation-based Cloaking to enhance
data security.
 Monitoring Data Access
Admins can monitor and audit data access patterns using this module. It
provides insights into who accessed specific data, when, and from which location,
contributing to overall security and compliance. This feature helps detect
unauthorized access, enforce access policies, and maintain a detailed audit trail
for accountability.

18
Data User Interface
 Login Module
Similar to the Admin interface, the login module provides secure
authentication for Data Users, ensuring that only authorized individuals can
access the cloud resources.
 Access Data
Data Users can use this module to access the data allocated to them. The
interface provides a user-friendly environment for retrieving, modifying, or
analysing data based on their permissions.
 Monitoring Data Access
Data Users have limited access to monitoring tools to track their own data
access. This module allows them to review their activity and ensures transparency
in usage.

4.1.3. Cloaking Wall Model

The Cloaking Wall Model is a sophisticated security framework integrated

into the Cloud Consumer Web App, offering advanced data protection and access
control. The model comprises several modules, each contributing to a robust
security architecture:
 Long-Term Cloaking Module
The Long-Term Cloaking module ensures persistent confidentiality of data
access patterns over extended durations. Admins can set policies to conceal and
protect access trends, preventing unauthorized inference from historical usage
data.
 Multi-Region Based Cloaking Module
This module facilitates a unified security approach across diverse
geographical regions. Admins can define access controls that transcend
geographic boundaries, ensuring consistent security measures globally and
addressing challenges related to multi-region data access.

19
 Time-Based Cloaking Module
Time-Based Cloaking empowers Admins to set temporal restrictions on
data access. This module enhances security by allowing the definition of specific
time windows during which data can be accessed, adding an extra layer of control
over temporal access patterns. It also helps mitigate risks from unauthorized
access during off-hours or non-business periods.
 Geolocation-Based Cloaking Module
The Geolocation-Based Cloaking module tailor’s data protection based on
user location. Admins can define security policies that vary depending on the
physical location of Data Users, adding a location-sensitive layer to access
controls.

4.1.4. Bot Identification and Data Distribution

The Bot Identification Mechanism within the Cloaking Wall Model

ensures that automated bots attempting to access the data in violation of access
policies are promptly identified. This module ensures that benign content is
delivered to authentic users, while malicious content is selectively distributed to
identified bots.

 Access Pattern Deviation

The mechanism continually monitors user access patterns based on the
access policies defined in the Cloaking Wall Model. If an entity exhibits access
patterns that deviate significantly from the established policies, it raises suspicion
for potential bot activity.
 Policy Adherence Assessment
Each user, including potential bots, is assessed against the defined access
policies. Legitimate Data Users are expected to follow the specified Long-Term
Cloaking, Multi-Region based Cloaking, Time-Based Cloaking, and
Geolocation-Based Cloaking rules.

20
 Anomalous Access Timing
Bots often operate on predefined schedules or exhibit unnatural timing
patterns. The mechanism detects anomalous access timings that do not align with
the specified time-based access policies. This helps identify bots attempting to
access data outside permissible time windows.
 Geolocation Inconsistencies
The mechanism evaluates the geolocation of incoming requests in
comparison to the Geolocation-Based Cloaking policies. If there are
inconsistencies, such as requests originating from unexpected or restricted
locations, it signals potential bot activity.
 Rapid, Repetitive Access Attempts
Bots typically attempt to access data rapidly and repetitively, following
scripted sequences. The mechanism identifies patterns associated with rapid,
repetitive access attempts, flagging entities that display such behaviour for further
scrurity.

4.1.5. Disguise Data Generator

The Malicious Data Generator Module, tailored for the Injection of Non-
Compliant Data specifically targeted at users violating the access policy set by
the admin, is a security component designed to simulate and generate data
instances that intentionally breach established policies within the Cloud
Consumer Web App.

Camouflage Data Disguise Technique

The Camouflage Data Disguise technique represents an advanced
cryptographic approach that seamlessly integrates Chaffing and Winnowing with
the formidable ChaCha20 encryption algorithm. This technique is strategically
designed to provide disguised data as a countermeasure against unauthorized
access, targeting both unpermitted users and potentially malicious bots.

21
Chaffing and Camouflage Process:
The module orchestrates a two-fold process: Chaffing, which adds decoy
or chaff data, and Camouflage, which further disguises non-compliant data
through additional obfuscation techniques. This combined approach ensures a
multi-layered defense against unauthorized access. It also helps mislead
malicious entities by obscuring the real data patterns, making it significantly
harder to distinguish valuable information from noise.

 ChaCha20 Encryption:
Genuine, chaff, and camouflaged data undergo encryption using the
ChaCha20 algorithm. ChaCha20's strength in providing a secure and efficient
encryption process contributes significantly to safeguarding the confidentiality of
the disguised information.

 Winnowing Process:
At the recipient's end, the winnowing process disentangles the genuine data
from the chaff and camouflage layers. The ChaCha20 decryption algorithm,
combined with the appropriate key, unveils the original, non-compliant data. At
the recipient's end, the winnowing process disentangles the genuine data from the
chaff and camouflage layers. The ChaCha20 decryption algorithm, combined
with the appropriate key, unveils the original, non-compliant data. This ensures
that only authorized users can reconstruct the intended information, preserving
data confidentiality. The process adds an extra layer of obfuscation, making it
extremely difficult for unauthorized entities to interpret or misuse intercepted
data.

22
 CHAPTER 5

SYSTEM REQUIREMENTS

5.1. SYSTEM REQUIREMENTS

5.1.1. HARDWARE REQUIREMENTS

 Processor: Intel Core i5 or higher (recommended)
 RAM: 8GB or more
 Storage: SSD with at least 256GB capacity
 Network Interface: Ethernet or Wi-Fi adapter
 Monitor: Minimum resolution of 1280x800 pixels
 Input Devices: Keyboard and mouse

5.1.2. SOFTWARE REQUIREMENTS

 Operating System: Windows 10 or later
 Web Server: WAMP (Windows, Apache, MySQL, Python/PHP/Perl) stack
 Database Server: MySQL
 Programming Language: Python 3.8
 Web Framework: Flask
 Python Libraries: Pandas, Scikit-Learn, Matplotlib, NumPy, Seaborn,
 Integrated Development Environment (IDE): PyCharm,

23
 CHAPTER 6

SYSTEM DESIGN

6.1. SYSTEM ARCHITECTURE

Data Concealment
Login Model

Upload Data Long Term Cloaking

Add and Manage User Region based Cloaking

Data Owner
Configure Data Location based Cloaking
Concealment
Access Monitoring Time Based Cloaking

Admin Enterprise Cloud Server

Cloaking Area

Request File Response File

Malicious Content

Data User

Fig 6.1. System Architecture

24
6.2. DATA FLOW DIAGRAM

Fig 6.2. Dataflow Diagram

25
6.3. UML DIAGRAM

6.3.1. USE CASE DIAGRAM

Fig 6.3. Use case diagram

26
6.3.2. ACTIVITY DIAGRAM

Fig 6.4 Activity Diagram

27
6.3.3. SEQUENCE DIAGRAM

Fig 6.5. Sequence Diagram

28
6.4. TABLE DESIGN

Admin Login
[Link] Field Data Type Field Constraint Description
size
1 username Varchar 20 Null Admin
Username
2 password Varchar 20 Null Admin Password

6.6. Admin Login

The Admin Login module provides a secure authentication interface for

system administrators, allowing access to backend controls and system
monitoring functions.

CC: Data Owner Register

[Link] Field Data Type Field Constraint Description
size
1 id Int(11) 11 Primary owner Id
Key
2 name Varchar(100) 100 Null Owner Name
3 city Varchar(100) 100 Null Owner City
4 mobile Bidint(20) 20 Null Owner Mobile
5 email Varchar(40) 40 Null owner Email
6 owner id Varchar(20) 20 Primary Owner id
Key
7 password Varchar(20) 20 Null Owner
password
8 approved Int(11) 11 Null Reg. approved
status status

6.7. Data Owner Register

29
 The Data Owner Register module is designed to securely capture and
manage the registration details of data owners, ensuring proper identity
verification and access control. It includes key fields such as contact information,
authentication credentials, and approval status to facilitate secure interactions
within the cloud system.

CC: Data User

[Link] Field Data Type Field Constraint Description
size
1 id Int(11) 11 Null Unique Id
2 owner id Varchar(20) 20 Foreign key Owner id
3 name Varchar(20) 20 Null user Name
4 gender Varchar(20) 20 Null user gender
5 dob Varchar(20) 20 Null User dob
6 mobile Bidint(20) 20 Null User Mobile
7 email Varchar(40) 40 Null user Email
8 location Varchar(30) 30 Null User location
9 user id Varchar(20) 20 Primary user id
Key
10 password Varchar(20) 20 Null user password

6.8. Data User

The table structure is designed to store and manage basic information about
users. There are several string fields, with constraints on length, and references
(foreign key and primary key) to ensure data integrity. The dob field is stored as
a string, which might need conversion to a date type for better handling of dates.
Additionally, there seems to be a small issue with the mobile field type (Bidint),
which should be checked and corrected.

30
 CC: File Uploaded Details
[Link] Field Data Type Field Constraint Description
size
1 File id Int(11) 11 Primary File Id
Key
2 Owner id Varchar(20) 20 Foreign key Owner id
3 File Varchar(20) 20 Null File description
description
4 File path Varchar(20) 20 Null File path
5 File size Varchar(20) 20 Null File size
6 Upload date timestamp Null Null Upload date

6.9. File Uploaded Details

The File Uploaded Details module records metadata for each file
uploaded by data owners, ensuring traceability and efficient file management. It
includes information such as file ID, owner ID, file path, and upload timestamp
to support secure storage and retrieval in the cloud environment.

CC: Long Term Wall Model

[Link] Field Data Type Field Constraint Description
size
1 id Int(11) 11 Primary Unique Id
Key
2 Owner id Varchar(20) 20 Foreign key Owner id
3 User id Varchar(20) 20 Null User id
4 File id Int(11) 11 Null File id
5 Shared date Timestamp Null Null File shared date

6.10. Long Term Wall Model

31
 CC: Geolocation Wall Model
[Link] Field Data Type Field Constraint Description
size
1 id Int(11) 11 Null Unique Id
2 Owner id Varchar(20) 20 Foreign key Owner id
3 User id Varchar(20) 20 Null User id
4 location Varchar(30) 30 Null File access
5 Geo location Varchar(100) 100 Null Geo location
path date
6 File id Int(11) 11 Null File id
7 Shared date Time stamp Null Null File share date

6.11. Geolocation Wall Model

CC: Time Wall Model

[Link] Field Data Type Field Constraint Description
size
1 id Int(11) 11 Null Unique Id
2 Owner id Varchar(20) 20 Foreign key Owner id
3 User id Varchar(20) 20 Null User id
4 Start time Varchar(20) 20 Null Start time
5 End time Varchar(20) 20 Null File end time
6 Access date Varchar(20) 20 Null File access date
7 Shared date Time stamp Null Null File share date

6.12. Time Wall Model

This model supports time-restricted file sharing and access logging, which
is particularly useful in systems where security and controlled data visibility are
priorities. It can be integrated into cloud data security models or time-sensitive
collaboration platforms.

32
 CC: Region Wall Model
[Link] Field Data Type Field Constraint Description
size
1 id Int(11) 11 Null Unique Id
2 Owner id Varchar(20) 20 Foreign key Owner id
3 User id Varchar(20) 20 Null User id
4 Region Varchar(30) 30 Null Region Name
5 Location Varchar(100) 100 Null Location
6 File id Int(11) 11 Null File id
7 Shared date Time stamp Null Null File share date

6.13. Region Wall Model

CC_File Access Log

[Link] Field Data Type Field Constraint Description
size
1 id Int(11) 11 Null Unique Id
2 User id Varchar(20) 20 Foreign key User id
3 File id Int(11) 11 Null File id
4 Cloaking Int(11) 11 Null Access Ploicy
Model
5 timestamp Null Null File shared date
Date time

6.14. File Access Log

This table supports auditing, security, and policy enforcement by keeping

a detailed record of file access events. It’s particularly valuable in cloud-based or
privacy-sensitive environments where tracking data usage and access behavior is
critical.

33
 CC: Unauthorised Access Log
[Link] Field Data Type Field Constraint Description
size
1 id Int(11) 11 Null Unique Id
2 User id Varchar(20) 20 Foreign key User id
3 Download Varchar(20) 20 Null Download
mode mode id
4 Download Int(11) 11 Null File
file id downloaded id
5 Date time timestamp Null Null File shared date

6.15. Unauthorised Access Log

34
 CHAPTER 7

SYSTEM TESTING

7.1. SOFTWARE TESTING

System testing for the project would encompass various types of testing to
ensure the robustness, functionality, and security of the system. Here are some
key types of testing that would be relevant:

7.1.1. TYPES OF TESTING

 Functional Testing
This type of testing verifies that each function of the system operates in
accordance with the requirements specified in the design documents. It includes
testing features like user authentication, data management, access control
policies, and monitoring capabilities.
 Integration Testing
Integration testing ensures that individual components of the system work
together seamlessly as a whole. It validates interactions between different
modules, APIs, and external systems, including the integration of the Cloaking
Wall Model with the Cloud Consumer Web App.
 Performance Testing
Performance testing assesses the responsiveness, scalability, and stability of
the system under various load conditions. It includes testing the system's ability
to handle concurrent users, process requests efficiently, and maintain acceptable
response times.
 Security Testing
Security testing evaluates the system's resilience against potential security
threats and vulnerabilities. It includes testing for authentication mechanisms,
encryption protocols, access control measures, data masking techniques.

35
 Usability Testing
Usability testing focuses on assessing the system's user interface (UI) design,
navigation flow, and overall user experience. It involves gathering feedback from
end-users to identify any areas for improvement in terms of user interaction and
interface design.
 Compatibility Testing
It verifies that the application is compatible with popular web browsers,
mobile devices, and screen resolutions, ensuring a consistent user experience
across diverse environments.
 Regression Testing
Regression testing validates that recent code changes or enhancements do not
introduce new defects or regressions in existing functionality. It involves retesting
previously validated features and conducting automated regression test suites to
ensure that the system remains stable and reliable after updates.
 Load Testing
Load testing evaluates the system's performance under expected and peak load
conditions. It involves simulating a high volume of concurrent users or data
requests to assess how the system handles stress, scalability, and resource
utilization.
 Stress Testing
Stress testing assesses the system's behavior under extreme conditions beyond
its normal operational capacity. It involves pushing the areas of weakness under
heavy load, unexpected inputs, or adverse environmental conditions.
 Data Integrity Testing

Data integrity testing verifies the accuracy, consistency, and reliability of data
stored and processed by the system. It includes testing data validation rules,
data manipulation operations, and data integrity constraints to ensure that data
remains intact and error-free throughout its lifecycle.

36
7.2. TEST CASES

User Authentication
 Test Case ID: UA_TC_001
 Input: Valid username and password with correct multi-factor authentication.
 Expected Result: Successful authentication, granting access to the system.
 Actual Result: User successfully authenticated, and access granted.
 Status: Pass

Dashboard Access
 Test Case ID: DA_TC_001
 Input: Successful authentication credentials.
 Expected Result: Access to the dashboard module.
 Actual Result: User gained access to the dashboard.
 Status: Pass

Cloaking Wall Model Integration

 Test Case ID: CW_TC_001
 Input: Accessing the dashboard module.
 Expected Result: Integration of the Cloaking Wall Model into the dashboard.
 Actual Result: Cloaking Wall Model successfully integrated.
 Status: Pass

Access Policy Configuration

 Test Case ID: APC_TC_001
 Input: Admin accessing the Access Policy Configurator.
 Expected Result: Successful configuration of access policies.
 Actual Result: Access policies configured without errors.
 Status: Pass

37
Data Management by Admins
 Test Case ID: DMA_TC_001
 Input: Admin uploading and managing data.
 Expected Result: Successful organization and control of data.
 Actual Result: Admin successfully managed and organized data.
 Status: Pass

User Management by Admins

 Test Case ID: UMA_TC_001
 Input: Admin adding and managing users.
 Expected Result: Successful addition and management of users.
 Actual Result: Admin added and managed users without issues.
 Status: Pass

Data Access by Data Users

 Test Case ID: DAU_TC_001
 Input: Data User accessing allocated data.
 Expected Result: Successful access to designated data.
 Actual Result: Data User accessed allocated data successfully.
 Status: Pass

Monitoring Data Access

 Test Case ID: MDA_TC_001
 Input: Admin or Data User accessing monitoring tools.
 Expected Result: Insightful tracking of data access patterns.
 Actual Result: Monitoring tools provided insightful data access patterns.
 Status: Pass

38
Bot Identification Mechanism
 Test Case ID: BIM_TC_001
 Input: Monitoring user access patterns.
 Expected Result: Accurate identification of potential bot activity.
 Actual Result: Bot Identification Mechanism accurately identified potential
bot activity.
 Status: Pass

Disguise Data Generation

 Test Case ID: DDG_TC_001
 Input: Generating disguised data.
 Expected Result: Successful simulation of non-compliant data.
 Actual Result: Disguise Data Generator successfully simulated non-
compliant data.
 Status: Pass

7.3. TEST REPORT

Introduction

The Test Report provides a comprehensive overview of the testing

activities conducted for the Advanced Cloud Data Security System. This report
aims to summarize the results of the testing phase, including the status of each
test case and an overall assessment of the system's functionality.

Test Objective

The primary objective of the testing phase was to evaluate the performance,
reliability, and functionality of the Advanced Cloud Data Security System.
Specific goals included validating user authentication, assessing data access
controls, and ensuring the successful integration of security features.

39
 To verify the functionality of user authentication and authorization
mechanisms.
 To validate the implementation of access control policies based on the
Cloaking Wall Model.
 To assess the system's ability to manage data securely and enforce data access
policies effectively.
 To evaluate the system's resilience against security threats and vulnerabilities.
 To ensure that the system performs reliably under different scenarios and
workloads.

Test Scope

The testing scope covered various modules within the system, including user
authentication, dashboard access, Cloaking Wall Model integration, access policy
configuration, data management, monitoring, and security features such as bot
identification and disguise data generation.
 Testing of user authentication, including login, registration, and multi-factor
authentication.
 Testing of access control mechanisms, such as role-based access control and
policy enforcement.
 Testing of data management functionalities, including data upload, storage,
retrieval, and deletion.
 Testing of security features, such as encryption, data masking, and intrusion
detection.
 Performance testing to assess system responsiveness, scalability, and resource
utilization.

40
Test Environment
The testing environment was set up with the following components:
Hardware
 Processor: Intel Core i5-9400F CPU @ 2.90GHz
 RAM: 8GB DDR4
 Storage: 256GB SSD
 Network Interface Card: Gigabit Ethernet

Software
 Operating System: Windows 10 Home
 Web Browser: Google Chrome, Mozilla Firefox
 Database Management System: MySQL 8.0
 Web Server: WampServer 3.2.0

Test Result
The following table outlines the results of each test case conducted during the
testing phase:
 User Authentication: Successful authentication and access granted.
 Access Control: Access policies enforced based on Cloaking Wall Model.
 Data Management: Secure and efficient data management operations.
 Security Testing: Resilience against security threats and vulnerabilities.
 Performance Testing: Reliable performance under different scenarios.

Bug Report
A bug report is a document that details issues, defects, or unexpected
behavior encountered in software during testing or usage. It typically includes
information about the problem, steps to reproduce it, and any relevant system
configurations. Bug reports are essential for developers to identify and fix issues
in the software.

41
 BID TCID Bug Description Status Output

BR_001 UA_TC_001 Authentication Closed Error message

Failure displayed: "Invalid
credentials."

BR_003 BIM_TC_001 Bot Identification Closed Legitimate user

Inaccuracy flagged as potential
bot; investigation
ongoing.

7.1. Bug Report

Test Conclusion

The testing phase concludes with an overall positive assessment of the

Advanced Cloud Data Security System. The majority of test cases have been
successfully executed, meeting expected results. Identified issues were minimal
and addressed promptly. The system is deemed ready for deployment with
necessary enhancements.

42
 CHAPTER 8

CONCLUSION AND FUTURE ENHANCEMENT

8.1. Conclusion

In conclusion, the project introduces a robust solution to enhance data

security in cloud computing. The Cloaking Wall Model, with features like Long-
Term Cloaking and Geolocation-based Cloaking, ensures persistent
confidentiality and global consistency. The Camouflage Data Disguise technique,
integrating Chaffing and Winnowing with ChaCha20 encryption, adds an extra
layer of defense. The Cloud Consumer Web App's modular design caters to both
administrators and users, offering secure functionalities like user authentication,
data management, and monitoring. The project's testing phase, outlined in the test
report, demonstrates a rigorous approach to quality assurance. The innovative Bot
Identification Mechanism, coupled with the Disguise Data Generator module,
adds an intelligent layer to the security framework. By accurately identifying
potential bot activity and simulating non-compliant data instances, the system
actively responds to emerging threats. The Monitoring and Auditing modules,
along with the immediate Alerts and Notifications system, empower
administrators to maintain real-time oversight, respond promptly to policy
violations, and uphold the integrity of the system. Thus the project provides a
adaptive solution to evolving cloud data security challenges, aligning with the
demands for secure and privacy-preserving cloud computing practices.

8.2. Future Enhancement

The future evolution of the system holds exciting possibilities, with key
areas of focus. Integrating machine learning algorithms stands out as a potential
enhancement, enabling dynamic analysis of access patterns to adeptly respond to

43
evolving security threats. Behavioural analytics is another avenue, offering a
nuanced understanding of user behaviour to distinguish normal activities from
potential risks. Additionally, exploring blockchain integration is on the horizon,
aiming to enhance data integrity and transparency by leveraging the decentralized
and tamper-resistant nature of blockchain technology. These enhancements
collectively propel the system towards a more adaptive, context-aware, and
secure future. Future enhancements may also include automated incident
response systems, where predefined workflows are triggered upon detection of
suspicious [Link] with threat intelligence platforms will allow the
Cloaking Wall Model to stay updated on the latest vulnerabilities and attack
vectors, ensuring proactive defense mechanisms.

44
 APPENDIX I: SOURCE CODE

Packages
import os
import base64
from [Link] import default_backend
from [Link] import hashes
from [Link].pbkdf2 import PBKDF2HMAC
from [Link] import Fernet
from Crypto import Random
from flask import Flask, render_template, Response, redirect, request, session,
abort, url_for
import [Link]
import hashlib
import shutil
from datetime import date
import datetime
import math
from random import randint
from flask_mail import Mail, Message
from flask import send_file
Database Connection
mydb = [Link](
host="localhost",
user="root",
password="",

45
charset="utf8",
database="cloud_cloaking"
Login
def login():
msg=""
if [Link]=='POST':
uname=[Link]['uname']
pwd=[Link]['pass']
cursor = [Link]()
[Link]('SELECT * FROM data_owner WHERE owner_id = %s AND
password = %s && status=1', (uname, pwd))
account = [Link]()
if account:
session['username'] = uname
return redirect(url_for('upload'))
else:
msg = 'Incorrect username/password!'
Data Owner Registration
def register():
msg=""
mycursor = [Link]()
[Link]("SELECT max(id)+1 FROM data_owner")
maxid = [Link]()[0]
now = [Link]()
rdate=[Link]("%d-%m-%Y")
if maxid is None:
maxid=1
if [Link]=='POST':
name=[Link]['name']

46
mobile=[Link]['mobile']
email=[Link]['email']
city=[Link]['city']
uname=[Link]['uname']
pass1=[Link]['pass']
cursor = [Link]()
[Link]('SELECT count(*) FROM data_owner WHERE owner_id = %s
', (uname,))
cnt = [Link]()[0]
if cnt==0:
sql = "INSERT INTO
data_owner(id,name,mobile,email,city,owner_id,password,reg_date) VALUES
(%s, %s, %s, %s, %s, %s, %s, %s)"
val = (maxid,name,mobile,email,city,uname,pass1,rdate)
[Link](sql, val)
[Link]()
print([Link], "Registered Success")
msg="success"
else:
msg='fail'
Upload Files
def upload():
msg=""
act=""
if 'username' in session:
uname = session['username']
mycursor = [Link]()
[Link]('SELECT * FROM data_owner where owner_id=%s',(uname,
))

47
rr=[Link]()
name=rr[1]
now = [Link]()
rdate=[Link]("%d-%m-%Y")
rtime=[Link]("%H:%M")
if [Link]=='POST':
description=[Link]['description']
[Link]("SELECT max(id)+1 FROM data_files")
maxid = [Link]()[0]
if maxid is None:
maxid=1
if 'file' not in [Link]:
flash('No file part')
return redirect([Link])
file = [Link]['file']
file_type = file.content_type
if [Link] == '':
flash('No selected file')
return redirect([Link])
if file:
fname = "F"+str(maxid)+[Link]
filename = secure_filename(fname)
[Link]([Link]([Link]['UPLOAD_FOLDER'], filename))
bsize=[Link]("static/upload/"+filename)
fsize=bsize/1024
file_size=round(fsize,2)
ff=[Link]('.')
i=0
file_ext=''

48
for fimg in imgext:
if fimg==ff[1]:
file_ext=img[i]
break
else:
file_ext=img[0]
i+=1
sql = "INSERT INTO
data_files(id,owner_id,description,file_name,file_type,file_size,reg_date,reg_ti
me,file_extension) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s)"
val = (maxid,uname,description,filename,file_type,file_size,rdate,rtime,file_ext)
[Link](sql,val)
[Link]()
msg="success"
Share Files
File_id=[Link]("file_id")
uname=""
msg=""
act = [Link]('act')
if 'username' in session:
uname = session['username']
mycursor = [Link]()
[Link]("SELECT * FROM data_owner where
owner_id=%s",(uname,))
value = [Link]()
name=value[1]
now = [Link]()
rdate=[Link]("%d-%m-%Y")

49
[Link]("SELECT * FROM data_user where
owner_id=%s",(uname,))
udata = [Link]()
[Link]("SELECT count(*) FROM data_user where
owner_id=%s",(uname,))
ucnt = [Link]()[0]
[Link]("SELECT * FROM data_files where id=%s",(fid,))
fdata = [Link]()
fname=fdata[3]
if [Link]=='POST':
selected_users=[Link]('uu[]')
for u1 in selected_users:
[Link]("SELECT max(id)+1 FROM data_share")
maxid = [Link]()[0]
if maxid is None:
maxid=1
sql = "INSERT INTO data_share(id, owner_id, file_id, username, share_type,
share_date) VALUES (%s, %s, %s, %s, %s, %s)"
val = (maxid, uname, file_id, u1, '1', rdate)
act="success"
[Link](sql, val)
[Link]()
ChaCha20 Encryption
import struct
def yield_chacha20_xor_stream(key, iv, position=0):
"""Generate the xor stream with the ChaCha20 cipher."""
if not isinstance(position, int):
raise TypeError
if position & ~0xffffffff:

50
raise ValueError('Position is not uint32.')
if not isinstance(key, bytes):
raise TypeError
if not isinstance(iv, bytes):
raise TypeError
if len(key) != 32:
raise ValueError
if len(iv) != 8:
raise ValueError
def rotate(v, c):
return ((v << c) & 0xffffffff) | v >> (32 - c)
def quarter_round(x, a, b, c, d):
x[a] = (x[a] + x[b]) & 0xffffffff
x[d] = rotate(x[d] ^ x[a], 16)
x[c] = (x[c] + x[d]) & 0xffffffff
x[b] = rotate(x[b] ^ x[c], 12)
x[a] = (x[a] + x[b]) & 0xffffffff
x[d] = rotate(x[d] ^ x[a], 8)
x[c] = (x[c] + x[d]) & 0xffffffff
x[b] = rotate(x[b] ^ x[c], 7)
ctx = [0] * 16
ctx[:4] = (1634760805, 857760878, 2036477234, 1797285236)
ctx[4 : 12] = [Link]('<8L', key)
ctx[12] = ctx[13] = position
ctx[14 : 16] = [Link]('<LL', iv)
while 1:
x = list(ctx)
for i in range(10):
quarter_round(x, 0, 4, 8, 12)

51
quarter_round(x, 1, 5, 9, 13)
quarter_round(x, 2, 6, 10, 14)
quarter_round(x, 3, 7, 11, 15)
quarter_round(x, 0, 5, 10, 15)
quarter_round(x, 1, 6, 11, 12)
quarter_round(x, 2, 7, 8, 13)
quarter_round(x, 3, 4, 9, 14)
for c in [Link]('<16L', *(
(x[i] + ctx[i]) & 0xffffffff for i in range(16))):
yield c
ctx[12] = (ctx[12] + 1) & 0xffffffff
if ctx[12] == 0:
ctx[13] = (ctx[13] + 1) & 0xffffffff
def chacha20_encrypt(data, key, iv=None, position=0):
"""Encrypt (or decrypt) with the ChaCha20 cipher."""
if not isinstance(data, bytes):
raise TypeError
if iv is None:
iv = b'\0' * 8
if isinstance(key, bytes):
if not key:
raise ValueError('Key is empty.')
if len(key) < 32:
# TODO(pts): Do key derivation with PBKDF2 or something similar.
key = (key * (32 // len(key) + 1))[:32]
if len(key) > 32:
raise ValueError('Key too long.')
return bytes(a ^ b for a, b in
zip(data, yield_chacha20_xor_stream(key, iv, position)))

52
assert chacha20_encrypt(
b'Hello World', b'chacha20!') == b'\xeb\xe78\xad\xd5\xab\x18R\xe2O~'
assert chacha20_encrypt(
b'\xeb\xe78\xad\xd5\xab\x18R\xe2O~', b'chacha20!') == b'Hello World'
def run_tests():
import binascii
uh = lambda x: [Link](bytes(x, 'ascii'))
for i, (ciphertext, key, iv) in enumerate((
(uh('76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770d
c7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669'),
uh('0000000000000000000000000000000000000000000000000000000000000
000'), uh('0000000000000000')),
assert chacha20_encrypt(b'\0' * len(ciphertext), key, iv) == ciphertext
print('Test %d OK.' % i)
Set Geo Location
Def shrea_geolocation:
[Link]('SELECT * FROM data_user where username=%s',(uname,
))
rr=[Link]()
name=rr[1]
owner=rr[2]
ff=open("static/[Link]","r")
loc=[Link]()
[Link]()
[Link]("SELECT count(*) FROM data_files f,data_share s where
[Link]=[Link] && [Link]=%s",(uname,))
c1 = [Link]()[0]
if c1>0:

53
[Link]("SELECT * FROM data_files f,data_share s where [Link]=[Link]
&& [Link]=%s",(uname,))
dat = [Link]()
for d1 in dat:
status=''
if d1[13]==1:
status='1'
if d1[13]==2:
lat1=[Link]('.')
lt1=lat1[0]
lt11=lat1[1]
lt2=lt11[0:4]
lon1=[Link]('.')
lo1=lon1[0]
lo2=lon1[1]
[Link]("SELECT * FROM share_location where
share_id=%s",(d1[9],))
d33 = [Link]()
for d3 in d33:
[Link]("SELECT * FROM geo_location where id=%s",(d3[4],))
d4 = [Link]()
g1=d4[2]
geo_location=[Link]('new [Link](')
g21=''.join(geo_location)
g22=[Link]('), ')
g23='-'.join(g22)
g24=[Link]('-')
gn=len(g24)-1
i=0

54
while i<gn:
f1=[Link]('.')
geo1=f1[0]
f2=f1[1]
f3=f2[0:4]
[Link](f3)
Set Time and Date
def share_time:
date_st=''
time_st=''
days_st=''
#between date
sdate=d1[15]
edate=d1[16]
sd1=[Link]('-')
ed1=[Link]('-')
import datetime
sdd = [Link](int(sd1[2]), int(sd1[1]),int(sd1[0]))
cdd = [Link](int(cd1[2]), int(cd1[1]),int(cd1[0]))
edd = [Link](int(ed1[2]), int(ed1[1]),int(ed1[0]))
if sdd<cdd<edd:
date_st='1'
else:
date_st='1'
#days
dys=d1[19]
dy=[Link](',')
x=0
from datetime import datetime

55
dty = [Link]()
ddy=[Link]('%A')
ddr=['Sunday','Monday','Tuesday','Wednesday','Thursday','Friday','Saturday']
i=0
for ddr1 in ddr:
i+=1
if ddr1==ddy:
break
cdy=str(i)
for dy1 in dy:
if cdy==dy1:
x+=1
if x>0:
days_st='1'
def file_download():
fid = [Link]('fid')
mycursor = [Link]()
[Link]("SELECT * FROM data_files where id=%s",(fid,))
value = [Link]()
path="static/upload/"+value[3]
return send_file(path, as_attachment=True)

56
 APPENDIX II: SNAP SHORTS

Overview
User Interface (UI) design plays a critical role in the adoption and usability
of the “A Privacy-Preserving Framework for Cloud Data Access Using the Data
Concealment Model” system.
Home Page
Introduce A Privacy-Preserving Framework for Cloud Data Access Using
the Data Concealment Model and guide users to the correct flows based on their
roles. The home page can be viewed in Fig .9.1
These indicate that the system supports multiple user roles, each likely having
different privileges and views
 Data Owner: Uploads and manages cloud data.
 Data User: Requests and accesses data.
 Admin: Manages users, permissions, and monitors the system.

57
 Fig: 9.1 Home Page

Data Owner Registration Page

This page enables a Data Owner to Create a secure account with
identification and location details. Set and confirm login credentials can be
viewed in fig.9.2 Data Owner Registration Page

Fig:9.2 Data Owner Registration Page

58
Admin Login

Fig:9.3 Admin Login

Admin Dashboard Panel

This is an Admin Dashboard view designed to monitor and manage data

owner registrations in a cloud-based system that uses the Cloaking Wall Model
for secure cloud data access can be viewed in fig.9.4 Admin Dashboard Page

Fig.9.4 Admin Dashboard Page

Data Owner Login

The Data Owner Login Page allows registered data owners to securely
access their account to upload, encrypt, and manage data in the cloud. that can be
viewed in the fig.9.5 Data Owner Login Page.

59
 Fig:9.5 Data Owner Login Page

User Creation

The User Creation Page is designed to allow administrators or data owners

to register new Data Users who will interact with the cloud system. These users
typically have access to view, request, or download encrypted data stored in the
database can be viewed in fig.9.6 User Creation Page.

Fig.9.6 User Creation Page

60
File Upload Section

Fig.9.7 File Upload Page

Sharing files to user

Fig.9.8 Sharing Files

Select Cloaking Method

61
 Fig.9.9 Selecting The Cloaking Method

Selecting Location

Fig:9.10 Location Selection Page

Selecting Time Based Cloaking

62
 Fig:9.11 Chosen Time Based Cloaking

Data User Login

Fig:9.12 Data User Login In database

Viewing Owner Data in Shared Files

63
 Fig:9.13 Viewing Datas of Owner

Concealed Data

Fig:9.14 Concealed Data

64
 BIBILIOGRAPHY
1. J. Gao, H. Yu, X. Zhu and X. Li, "Blockchain-based digital rights
management scheme via multiauthority ciphertext-policy attribute-based
encryption and proxy re-encryption", IEEE Syst. J., vol. 15, no. 4, pp.
5233-5244, Dec. 2021.
2. J. Sun, D. Chen, N. Zhang, G. Xu, M. Tang, X. Nie, et al., "A privacy-
aware and traceable fine-grained data delivery system in cloud-assisted
healthcare IIoT", IEEE Internet Things J., vol. 8, no. 12, pp. 10034-10046,
Jun. 2021.
3. P. Patil and M. Sangeetha, "Blockchain-based decentralized KYC
verification framework for banks", Proc. Comput. Sci., vol. 215, pp. 529-
536, Jan. 2022.
4. P. Sanchol, S. Fugkeaw and H. Sato, "A mobile cloud-based access control
with efficiently outsourced decryption", Proc. 10th IEEE Int. Conf. Mobile
Cloud Comput. Services Eng. (MobileCloud), pp. 1-8, Aug. 2022.

65
 5. S. Fugkeaw, "A lightweight policy update scheme for outsourced personal
health records sharing", IEEE Access, vol. 9, pp. 54862-54871, 2021.
6. S. Qi, W. Wei, J. Wang, S. Sun, L. Rutkowski, T. Huang, et al., "Secure
data deduplication with dynamic access control for mobile cloud
storage", IEEE Trans. Mobile Comput., pp. 1-18, 2023.
7. S. Wang, H. Wang, J. Li, H. Wang, J. Chaudhry, M. Alazab, et al., "A fast
CP-ABE system for cyber-physical security and privacy in mobile
healthcare network", IEEE Trans. Ind. Appl., vol. 56, no. 4, pp. 4467-4477,
Jul. 2020.
8. X. Li, T. Liu, C. Chen, Q. Cheng, X. Zhang and N. Kumar, "A lightweight
and verifiable access control scheme with constant size ciphertext in edge-
computing-assisted IoT", IEEE Internet Things J., vol. 9, no. 19, pp.
19227-19237, Oct. 2022.
9. Y. Chen, J. Li, C. Liu, J. Han, Y. Zhang and P. Yi, "Efficient attribute based
server-aided verification signature", IEEE Trans. Services Comput., vol.
15, no. 6, pp. 3224-3232, Nov. 2022.
10. Y. Lin, J. Li, X. Jia and K. Ren, "Multiple-replica integrity auditing
schemes for cloud data storage", Concurrency Comput. Pract. Exper., vol.
33, no. 7, pp. 1, Apr. 2021.

REFERENCES

1. Mozilla Developer Network (MDN): [Link]

2. W3Schools: [Link]
3. Stack Overflow: [Link]
4. CSS-Tricks: [Link]
5. A List Apart: [Link]

66