ENABLING AUTHORIZED ENCRYPTED SEARCH FOR MULTI-

AUTHORITY MEDICAL DATABASES

A “Project Stage II” Report submitted to
JNTU Hyderabad in partial fulfillment
of the requirements for the award of the degree

BACHELOR OF TECHNOLOGY
In
COMPUTER SCIENCE AND ENGINEERING
Submitted by

KOLI VAISHALI 20S11A05B7

I M VISHNUVARDHAN REDDY 20S11A05C0
BELLAM KEERTHANA 20S11A0577
KOTIPALLI KANAKA DURGA RAO 20S11A0576

Under the Guidance of

Mrs. ANURADHA REDDY

B.Tech, M.Tech, (PHD)
Assistant Professor of CSE

DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

MALLA REDDY INSTITUTE OF TECHNOLOGY & SCIENCE
(Approved by AICTE New Delhi and Affiliated to JNTUH)
(Accredited by NBA & NAAC with “A” Grade)
An ISO 9001: 2015 Certified Institution
Maisammaguda, Medchal (M), Hyderabad-500100, T. S.
MARCH 2024

i
 DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING
MALLA REDDY INSTITUTE OF TECHNOLOGY & SCIENCE
(Approved by AICTE New Delhi and Affiliated to JNTUH)
(Accredited by NBA & NAAC with “A” Grade)
An ISO 9001: 2015 Certified Institution
Maisammaguda, Medchal (M), Hyderabad-500100, T. S.
MARCH 2024

CERTIFICATE

This is to certify that the “Project Stage II” entitled ENABLING AUTHORIZED
ENCRYPTED SEARCH FOR MULTI-AUTHORITY MEDICAL DATABASES has been
submitted by KOLI VAISHALI (20S11A05B7), ITIKYALA MULINTI
VISHNUVARDHAN REDDY (20S11A05C0), BELLAM KEERTHANA (20S11A0577)
and KOTIPALLI KANAKA DURGA RAO (20S11A0576) in partial fulfillment of the
requirements for the award of BACHELOR OF TECHNOLOGY in COMPUTER
SCIENCE & ENGINEERING. This record of bonafide work carried out by them
under my guidance and supervision. The result embodied in this Project Stage II
report has not been submitted to any other University or Institute for the award
of any degree.

Mrs. Anuradha Reddy Dr. M. Jaganathan

Assistant Professor of CSE Head of the Department
Project Guide

External Examiner

ii
 ACKNOWLEDGEMENT

The Project Stage II work carried out by our team in the Department
of Computer Science and Engineering, Malla Reddy Institute of Technology
and Science, Hyderabad. This work is original and has not been
submitted in part or full for any degree or diploma of any other
university.

We wish to acknowledge our sincere thanks to our project guide

Mrs. Anuradha Reddy, Assistant Professor of CSE, guidance and her
continuous supervision during the course of work.

We acknowledge our sincere thanks to Dr. Vaka Murali Mohan,

Principal and Dr. M. Jaganathan Head of the Department and Coordinator,
faculty members of CSE Department for their kind cooperation in making
this Project Stage II work a success.

We extend our gratitude to Sri. Ch. Malla Reddy, Founder

Chairman MRGI and Sri. Ch. Mahender Reddy, Secretary MRGI,
Dr.Ch. Bhadra Reddy, President MRGI, Sri. Ch. Shalini Reddy,
Director MRGI, Sri. P. Praveen Reddy, Director MRGI, for their kind
cooperation in providing the infrastructure for completion of our Project
Stage II.

We acknowledge our special thanks to the entire teaching faculty and

non-teaching staff members of the Computer Science & Engineering
Department for their support in making this project work a success.
[

KOLI VAISHALI 20S11A05B7 ____________

I M VISHNUVARDHAN REDDY 20S11A05C0 ____________
BELLAM KEERTHANA 20S11A0577 ____________
KOTIPALLI KANAKA DURGA RAO 20S11A0576 ____________

iii
 INDEX

Chapter Page No.

ABSTRACT vi
LIST OF FIGURES vii
1. SYSTEM ANALYSIS 1
1.1 Existing System 1
1.1.1 Disadvantages 2
1.2 Proposed System 2
1.2.1 Advantages 3
1.3 Introduction 3
2. LITERATURE SURVEY 6
3. SYSTEM DESIGN 9
3.1 System Architecture 9
3.2 Data Flow Diagram 10
3.3 UML Diagrams 11
3.3.1 Use Case Diagram 11
3.3.2 Class Diagram 12
3.3.3 Sequence Diagram 13
3.4 Modules 14
3.5 System Requirements 14
3.5.1 Hardware Requirements 14
3.5.2 Software Requirement 14
4. INPUT & OUTPUT DESIGN 15
4.1 Input Design 15
4.2 Output Design 15
5. SYSTEM ENVIRONMENT 17
5.1 Client Server 17
5.1.1 Front end or User Interface Design 18
5.1.2 Communication or Database Connectivity Tier 18
5.2 About Java 19
5.2.1 Features of Java 19
5.3 JavaScript 23

iv
 5.4 Hyper Text Markup Language 24
5.5 Java Database Connectivity 26
5.6 Java Server Pages 30
5.6.1 Features of JSP 31
5.6.2 Tomcat 6.0 web server 32
6. SYSTEM STUDY 33
6.1 Economical feasibility 33
6.2 Technical feasibility 33
6.3 Social feasibility 33
7. SYSTEM TESTING 34
7.1 Types of Tests 34
7.1.1 Unit Testing 34
7.1.2 Integration Testing 35
7.1.3 Functional Testing 36
7.1.4 System testing 37
7.1.5 Acceptance Testing 37
7.2 Test Cases 40
8. RESULTS 41
9. CONCLUSION & FUTURE ENHANCEMENT 49
9.1 Conclusion 49
9.2 Future Enhancement 49
10. BIBLIOGRAPHY 50
11. YUKTHI INNOVATION CERTIFICATE 53

v
 ABSTRACT

Secure outsourced aggregation in the Internet of Things (IoT) can solve the
problem that sensing devices are limited in energy and bandwidth by
outsourcing data aggregation task to a third-party service provider. Location-
based secure outsourced aggregation (LBOA), aggregating data whose location
satisfies user's location strategy, is very important in some location-critical
scenarios (e.g., smart homes, intelligent transportation, and smart city). Recent
work studied secure data aggregation to reduce transmission overhead and
network bandwidth by optimizing topology of networks or adopting the
cryptographic approach. However, as far as we know, scarcely any work
considers the location information of the data source and the privacy protection
of the data at the same time in the studies of secure outsourced aggregation.
First propose an LBOA scheme LBOAMax, which can return the maximum
value of sensory data whose location satisfies location strategy by applying
one-way chain, order-preserving encryption, and some other cryptographic
operation. Then, proposed scheme LBOATopk and scheme LBOASum, which
can return the largest k values of data and the summation value of data based
on location, respectively. The security analysis results show that our schemes
can satisfy the defined requirements and the experiment results show that our
schemes are feasible and efficient for each entity in practice

vi
 LIST OF FIGURES

Figure. No Figure Name Page No.

Figure 3.1 System architecture 9

Figure 3.2 Data Flow Diagram 10
Figure 3.3 Use Case Diagram 11
Figure 3.4 Class Diagram 12
Figure 3.5 Sequence Diagram 13
Figure 5.1 The Development Process of Java Program 21
Figure 5.2 Java Virtual Machine 22
Figure 5.3 Two-tier and Three-tier Models 27
Figure 5.4 JDBC Database 28
Figure 5.5 Tomcat web server 32
Figure 8.1 Home page 41
Figure 8.2 Server Login 41
Figure 8.3 Client Login 42
Figure 8.4 Authority Login 42
Figure 8.5 Client Register 43
Figure 8.6 Authority Register 43
Figure 8.7 Client Home Page 44
Figure 8.8 Authority Home Page 44
Figure 8.9 Downloading a patient file 45
Figure 8.10 Searching a patient file 45
Figure 8.11 Requesting a Master Key 46
Figure 8.12 Accessing the Master Key 46
Figure 8.13 Uploading the patient reports 47
Figure 8.14 Uploaded patient files 48
Figure 8.15 Accessing the patient reports 48

vii
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

CHAPTER-1: SYSTEM ANALYSIS

1.1Existing System
Chor et al in 1995, and it was based on symmetric encryption in a single writer/single reader
(S/S) model. In their work, a retrieval scheme is described that enables the client to access and
retrieve documents stored in the third party without leaking any of the information, which
provided us an encrypted data search technique. After Chor’s work, searchable symmetric
encryption was deeply studied, with most research focused on improving search performance,
search pattern and security. However, with the data sharing cycle taking its toll on sensitive
encrypted data and the inability of S/S model searchable encryption to meet the continuously
increasing demands, a multi-client searchable encryption system is proposed to realize
encrypted search among a number of clients. For example, Sun et al. constructed a
noninteractive searchable encryption system based on Cash’s work for multiple clients.

Cash et al. design a novel encrypted search scheme that supports Boolean queries, and their
work is the first to realize sublinear conjunctive search for various structured data. Their work
has also motivated research on advanced encrypted search schemes with fine-grained access
control. Designing dynamic encrypted search schemes with physical deletion to reduce extra
storage overhead for deletion operation represents another interesting research avenue.

Except for symmetric searchable encryption, another important work on encrypted data search
is public key encryption scheme with keyword search (PEKS) which was first proposed by
Boenh in 2004. The emergence of PEKS creates the precedence of public key encrypted search
and leads a number of open security and efficiency problems.

Fang et al. present an encrypted search scheme that allows the search token to be transmitted
without a secure channel. Moreover, the scheme is also secure against keyword guessing attack.
In the same year, Zhou et al. use a role-based encryption (RBE) policy to formulate an
agreement about legal access control for encrypted data in the cloud. Through their mechanism,
the client can upload data to the cloud via a secure method and keep the data secure
simultaneously through a RBE-based hybrid cloud storage architecture. Many other schemes

1
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

with special search capabilities are available in practice and they have been proposed to satisfy
real network requirements.

1.1.1 Disadvantages
• Attribute-based encryption schemes provide fine grained access control on encrypted
data, and prior work can no longer meet the security requirements that emerge with
the rapid development of cloud technology.
• This doesn’t have more security in between multi authorities.

1.2 Proposed System

It aims to realize authorized encrypted search for multi-authority medical databases. As
depicted in the proposed system, a complete e-medical system should consist of multiple
authorities (hospitals, insurance companies etc.) and multiple clients (doctors, patients, bank
accountants etc.). We need to fully consider the capability and duty of each entity involved
in this system. However considerable work has been performed to manage the search
capability for a single authority, it is still a challenge to realize it under the multiauthority
architecture.

A multi-authority system is not a simple combination of multiple single authorities, but rather
involves many problems. For example, the authorities need to negotiate with each other to
manage their clients, and for clients in different authorities, one authority needs to generate
different copies of the search capability for the same authorization. These issues are bound
to lead to considerable communication and computation overhead. Inspired by the multi-
authority attribute-based encryption scheme proposed by Chasew,e design an authorized
encrypted search for multi-authority medical databases as presented in Definition and it has
the following features: Each authority in the system can distribute the search capability for
the authorized clients without any negotiation. For one authorized record, one copy of the
search capability is required for all authorized clients, which can save storage overhead.

2
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

1.2.1 Advantages
• It enables search of encrypted data, a promising approach termed searchable encryption
was proposed, and it enables the server to search the encrypted data with client’s secure
search token.

• It is more secured due to the use of attribute-based encryption, this work satisfies multi-
client requirement as well. Because all search capabilities are encrypted under an access
policy before being sent to the clients, only the allowed clients with corresponding
attributes can obtain a valid search token.

1.2 Introduction
E-medical record systems play an essential role in the digital transformation of healthcare,
which allows a patient to create, manage, and control her private personal health record (PHR)
via the internet. To mitigate the local computation and communication overhead, most medical
record services are outsourced to a third-party such as public cloud. However, such outsourcing
may lead to a variety of privacy issues because of the risk of information leakage. Therefore,
cloud services should provide appropriate strategies to protect e medical records.

The most straightforward method of addressing data privacy concerns is to encrypt data before
uploading to the cloud. Subsequently, only the authorized client who has the key or permissions
can decrypt the data. Accordingly, in a PHR system, data owners are usually required to encrypt
their PHRs. As a practical consideration, data owners also need to provide corresponding access
policies to access their PHRs and determine which keywords they can search. However, it is
nontrivial to achieve the aforementioned requirements over encrypted data. Once medical
records are encrypted and outsourced, the cloud server can no longer perform keyword search,
because the server is not expected to obtain any information about the records.

Thus, to search the records of all patients with the keyword “Australia”, all the records must be
downloaded from the cloud and then decrypted to search. the records. This method introduces
huge computation and communication costs. To enable search of encrypted data, a promising
approach termed searchable encryption was proposed, and it enables the server to search the

3
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

encrypted data with client’s secure search token. However, most of the existing searchable
encryption schemes consider the single authority setting, this cannot meet the requirement of
PHR systems in which more than one authority exist and the data records and queries are
encrypted via different keys. To motivate our design, we consider the following scenario in a
smart PHR system. Assume that there are various doctors in different hospitals and they can
write information to PHRs. Due to the sensitive nature of the data, the access right will always
be restricted to certain clients only.

For example, a general practitioner could be authorized to read the records of their patients only,
whereas a cardiologist could be authorized to read all records relating to heart conditions. In
addition, patients may go to more than one hospital, and doctors may want to read patient’s
former records for diagnosis in another hospital. Therefore, the clients should be enforced with
read and search privileges under a scenario of multiple authorities. Furthermore, due to the
privacy of medical data, the access control of the data should be refined to authorized keywords
for searching. For example, cardiologists are only authorized to query medical information
about heart disease and cannot search a patient’s history of skin diseases.

Therefore, the search capability of the clients must be managed so that they are only allowed to
perform queries for authorized keywords. The requirements mentioned above motivate us to
focus on addressing the sensitive medical data authorization management issue and propose a
practical and privacy-preserving encrypted data search solution for multi authority medical
databases. To ensure that the client only performs the valid queries on authorized keywords, we
adopt the RSA function to generate the search capability IEEE Transactions on Emerging Topics
in Computing, Issue Date:18 March 2019 2 (which is used to derive the search token) for a set
of authorized keywords, and then assign these capabilities to different clients. The client can use
the obtained capability to compute the search tokens of the authorized keywords by herself,
while the RSA function achieves a non-interactive setting, meaning that the authority only needs
to calculate and send the search capability once for all authorized keywords. To realize search
capability control in multi authority setting, a new scheme must be designed so that search
capabilities can be assigned to clients from multiple authorities. One simple solution is to adopt
an attribute-based encryption (ABE) scheme to encrypt search capability information under a

4
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

set of policies, and only the clients who satisfy these policies can decrypt the valid search token.
However, under traditional single authority ABE, different copies of the encrypted search
capability must be generated for different clients under different authorities, which will
introduce more computation and communication overhead and complicate the authorization
process.

To address this challenge, we deploy a multi-authority attribute-based encryption primitive to

our system. The authority encrypts the search capability once for all authorized clients and
generates only one copy of the search capability under a set of policies from different authorities.
When the clients satisfy these policies, they can decrypt the valid search token.

5
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

CHAPTER-2: LITERATURE SURVEY

1) “Secure sharing of personal health records in cloud computing: Ciphertext-

policy attribute-based sign encryption,” Future Generation Computer.

Author: J. Liu, X. Huang, and J. K. Liu [20]
Abstract: In their paper titled "Secure sharing of personal health records in cloud computing:
Ciphertext-policy attribute-based sign encryption," J. Liu, X. Huang, and J. K. Liu explore the
critical issue of securely sharing personal health records (PHRs) within the framework of cloud
computing. They propose a novel approach based on ciphertext-policy attribute-based sign
encryption (CP-ABSC), aiming to ensure the confidentiality and integrity of sensitive medical
information while allowing controlled access to authorized users. Cloud computing offers
significant advantages in terms of storage and accessibility for PHRs but raises concerns about
data privacy and security. The authors address these concerns by integrating CP-ABSC, a
cryptographic technique that combines encryption and digital signature functionalities, with
attribute-based access control mechanisms. Their proposed solution enables data owners to
define fine-grained access policies based on attributes such as user roles or affiliations. Only
users satisfying the specified access criteria can decrypt and access the PHR content.

2) “Scalable and secure sharing of personal health records in cloud computing

using attribute-based encryption,” IEEE Trans. Parallel Distributed System.
Author: M. Li, S. Yu, Y. Zheng, K. Ren, and W. Lou [25]
Abstract: In the modern era of cloud computing, sharing personal health records (PHRs)
securely and efficiently is a crucial yet challenging task. This paper presents a novel approach
for scalable and secure sharing of PHRs in cloud computing environments using attribute-based
encryption (ABE). The proposed system leverages ABE to provide fine-grained access control
to PHRs based on attributes such as user roles, affiliations, and preferences. By encrypting PHRs
with access policies defined over these attributes, the system enables flexible sharing while
ensuring data confidentiality and integrity. The key contributions of this work include the
development of a scalable framework for PHR sharing in the cloud, which effectively manages
access control policies and supports efficient access delegation. The system architecture
integrates cryptographic techniques with cloud computing infrastructure to achieve both

6
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

security and scalability. Furthermore, the paper discusses practical implementation

considerations and performance evaluations, demonstrating the feasibility and efficiency of the
proposed approach.

3) “All your queries are belong to us: The power of file-injection attacks on
searchable encryption,” in Proc. of 25th USENIX Secur. Symp.
Author: Y. Zhang, J. Katz, and C. Papamanthou [18]
Abstract: The paper investigates the vulnerability of searchable encryption schemes to file-
injection attacks, presenting a novel threat to the confidentiality of sensitive data stored in cloud
environments. Specifically, it introduces a comprehensive study of the security implications of
file-injection attacks on searchable encryption systems. The study reveals the potential for
adversaries to manipulate search results by injecting specially crafted files into the encrypted
database, leading to unauthorized disclosure of sensitive information. The research highlights
the power and sophistication of file-injection attacks, which exploit the search functionality of
encrypted databases to compromise data confidentiality. By strategically injecting files with
carefully crafted content, attackers can manipulate search results and infer information about
encrypted queries, violating the privacy guarantees provided by searchable encryption schemes.
The paper contributes a thorough analysis of file-injection attacks on searchable encryption,
including practical demonstrations and experimental evaluations to demonstrate the feasibility
and impact of such attacks in real-world scenarios.

4) “Private information retrieval,” in Proc. of 36th Annu. Symp. on

Foundations of Comput. Sci.
Author: B. Chor, O. Goldreich, E. Kushilevitz, and M. Sudan [28]
Abstract: The paper presents the concept of private information retrieval (PIR), a
cryptographic protocol designed to enable users to retrieve information from a database without
revealing their queries to the database server. Traditional information retrieval systems require
users to disclose their queries to the server, potentially compromising their privacy. PIR
protocols aim to address this issue by allowing users to retrieve data from the database while
ensuring that the server remains oblivious to the specific queries being executed. The paper
introduces a formal definition of PIR and proposes several constructions for achieving this goal,
focusing on both single-server and multi-server scenarios. These constructions leverage

7
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

cryptographic techniques such as homomorphic encryption and error-correcting codes to enable

private retrieval of information. Furthermore, the paper analyzes the computational and
communication complexity of different PIR schemes, discussing their efficiency and practicality
in real-world applications. It also explores the trade-offs between privacy guarantees and
performance requirements, highlighting the challenges and opportunities in designing efficient
PIR protocols.

5) “Building an encrypted, distributed, and searchable key-value store,” in

Proc. Of the 11th ACM on Asia Conf. on Compute and Communicate
Security.
Author: X. Yuan, X. Wang, C. Wang, C. Qian, and J. Lin [17]
Abstract: The paper introduces a novel approach for constructing an encrypted, distributed,
and searchable key-value store, addressing the challenge of securely storing and retrieving
sensitive data in distributed systems. The proposed system leverages cryptographic techniques
to encrypt data while enabling efficient search operations over encrypted data, thus preserving
data confidentiality and integrity. Key to the system's architecture is the integration of
searchable symmetric encryption (SSE) schemes with distributed storage infrastructure,
allowing users to securely search for specific key-value pairs without compromising data
privacy. The paper discusses the design principles and implementation details of the encrypted
key-value store, highlighting the mechanisms for encryption, indexing, and search functionality.
Furthermore, the paper evaluates the performance and scalability of the proposed system
through experimental studies, demonstrating its effectiveness in handling large-scale datasets
and search queries while maintaining low overhead. It also discusses security considerations
and threat models, addressing potential vulnerabilities and providing insights into mitigating
risks associated with encrypted data storage and retrieval.

8
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

CHAPTER-3: SYSTEM DESIGN

3.1 System Architecture

Figure No 3.1 System architecture

9
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

3.2 Data Flow Diagram

Figure No 3.2 Data flow diagram

10
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

3.3 UML Diagrams

3.3.1 Use Case Diagram

Figure No 3.3 Use Case Diagram

11
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

3.3.2 Class Diagram

Figure No 3.4 Class Diagram

12
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

3.3.3 Sequence Diagram

Figure No 3.5 Sequence diagram

13
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

3.4 Modules
• Cloud Server
• Clients

• Authorities

Cloud Server:
The Cloud server manages which is to provide data storage service for the Data Owners. Data owners
encrypt their data files and store them in the Server for sharing with data consumers. To access the
shared data files, data consumers download encrypted data files of their interest from the Server and
then Server will decrypt them. The server will generate the aggregate key if the end user requests for
file authorization to access and performs the following operations such as View Clients and Authorize,
View Authorities and Authorize, View Attackers, View Transactions, View Secret Key Requests, View
Report with Secret Key, View Secret Key Req/Res Time, View Report Without Secret Key, View Rank
Results, View Time Delay Results, View Throughput Results.
Client:
The client can only access the data file with the secret key. The user can search the file for a specified
keyword and end user and can do the following operations like Search Patient, Download Patient
Report, View Patient Report, Request Secret Key Access, and View Secret Key Access Response.

Authorities:
The key authority acts as a data owner and performs the following operations Upload Patient Report,
View Report, View Delete and Report, Update Patient Details, View Transactions.

3.5 System Requirements

3.5.1 Hardware Requirements
• Processor - Intel core i3
• RAM - 8 GB
• Hard Disk - 256 GB
3.5.2 Software Requirements
• Operating System - Windows 11
• Coding Language - Java/J2EE (JSP, Servlet)
• Front End - HTML, CSS, JavaScript
• Back End - MySQL

14
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

CHAPTER-4: INPUT AND OUTPUT DESIGN

4.1 Input Design
Input Design plays a vital role in the life cycle of software development, it requires very careful
attention of developers. The input design is to feed data to the application as accurate as possible.
So, inputs are supposed to be designed effectively so that the errors occurring while feeding are
minimized. According to Software Engineering Concepts, the input forms or screens are
designed to provide to have a validation control over the input limit, range and other related
validations.
This system has input screens in almost all the modules. Error messages are developed to alert
the user whenever he commits some mistakes and guides him in the right way so that invalid
entries are not made. Let us see deeply about this under module design.
Input design is the process of converting the user created input into a computer-based format.
The goal of the input design is to make the data entry logical and free from errors. The error is
in the input are controlled by the input design. The application has been developed in user-
friendly manner. The forms have been designed in such a way during the processing the cursor
is placed in the position where must be entered. The user is also provided with in an option to
select an appropriate input from various alternatives related to the field in certain cases.

4.2 Output Design

The Output from the computer is required to mainly create an efficient method of
communication within the company primarily among the project leader and his team members,
in other words, the administrator and the clients. The output of VPN is the system which allows
the project leader to manage his clients in terms of creating new clients and assigning new
projects to them, maintaining a record of the project validity and providing folder level access
to each client on the user side depending on the projects allotted to him. After completion of a
project, a new project may be assigned to the client. User authentication procedures are
maintained at the initial stages itself. A new user may be created by the administrator himself
or a user can himself register as a new user but the task of assigning projects and validating a
new user rests with the administrator only.

15
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

The application starts running when it is executed for the first time. The server has to be started
and then the internet explorer in used as the browser. The project will run on the local area
network so the server machine will serve as the administrator while the other connected systems
can act as the clients. The developed system is highly user friendly and can be easily understood
by anyone using it even for the first time.

16
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

CHAPTER-5: SYSTEM ENVIRONMENT

5.1 Client Server
With the varied topic in existence in the fields of computers, Client Server is one, which has
generated more heat than light, and also more hype than reality. This technology has acquired a
certain critical mass attention with its dedication conferences and magazines. Major computer
vendors such as IBM and DEC, have declared that Client Servers is their main future market. A
survey of DBMS magazine reveled that 76% of its readers were actively looking at the client
server solution. The growth in the client server development tools from $200 million in 1992 to
more than $1.2 billion in 1996.
Client server implementations are complex but the underlying concept is simple and powerful.
A client is an application running with local resources but able to request the database and relate
the services from separate remote server. The software mediating this client server interaction
is often referred to as MIDDLEWARE.
The typical client either a PC or a Work Station connected through a network to a more powerful
PC, Workstation, Midrange or Main Frames server usually capable of handling request from
more than one client. However, with some configuration server may also act as client. A server
may need to access other server in order to process the original client request.
The key client server idea is that client as user is essentially insulated from the physical location
and formats of the data needs for their application. With the proper middleware, a client input
from or report can transparently access and manipulate both local database on the client machine
and remote databases on one or more servers. An added bonus is the client server opens the door
to multi-vendor database access indulging heterogeneous table joins.
What is a Client Server
Two prominent systems in existence are client server and file server systems. It is essential to distinguish
between client servers and file server systems. Both provide shared network access to data but the
comparison dens there! The file server simply provides a remote disk drive that can be accessed by LAN
applications on a file by file basis. The client server offers full relational database services such as SQL-
Access, Record modifying, Insert, Delete with full relational integrity backup/ restore performance for
high volume of transactions, etc. the client server middleware provides a flexible interface between
client and server, who does what, when and to whom.

17
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

Why Client Server

Client server has evolved to solve a problem that has been around since the earliest days of
computing: how best to distribute your computing, data generation and data storage resources
in order to obtain efficient, cost effective departmental an enterprise wide data processing.
During mainframe era choices were quite limited. A central machine housed both the CPU and
DATA (cards, tapes, drums and later disks). Access to these resources was initially confined to
batched runs that produced departmental reports at the appropriate intervals. A strong central
information service department ruled the corporation. The role of the rest of the corporation
limited to requesting new or more frequent reports and to provide hand written forms from
which the central data banks were created and updated. The earliest client server solutions
therefore could best be characterized as “SLAVE-MASTER”.
Time-sharing changed the picture. Remote terminal could view and even change the central data, subject
to access permissions. And, as the central data banks evolved in to sophisticated relational database with
non-programmer query languages, online users could formulate adhoc queries and produce local reports
without adding to the MIS applications software backlog. However remote access was through dumb
terminals, and the client server remained subordinate to the Slave\Master.

5.1.1 Front end or User Interface Design

The entire user interface is planned to be developed in browser specific environment with a
touch of Intranet-Based Architecture for achieving the Distributed Concept.
The browser specific components are designed by using the HTML standards, and the
dynamism of the designed by concentrating on the constructs of the Java Server Pages.
5.1.2 Communication or Database Connectivity Tier
The Communication architecture is designed by concentrating on the Standards of Servlets and
Enterprise Java Beans. The database connectivity is established by using the Java Data Base
Connectivity. The standards of three-tier architecture are given major concentration to keep the
standards of higher cohesion and limited coupling for effectiveness of the operations.
Features of The Language Used
In my project, I have chosen Java language for developing the code.

18
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

5.2 About Java

Initially the language was called as “oak” but it was renamed as “Java” in 1995. The primary
motivation of this language was the need for a platform-independent (i.e., architecture neutral)
language that could be used to create software to be embedded in various consumer electronic
devices.
• Java is a programmer’s language.
• Java is cohesive and consistent.
• Except for those constraints imposed by the Internet environment, Java gives the
programmer, full control.
• Finally, Java is to Internet programming where C was to system programming.
Importance of Java to the Internet
Java has had a profound effect on the Internet. This is because; Java expands the Universe of
objects that can move about freely in Cyberspace. In a network, two categories of objects are
transmitted between the Server and the Personal computer. They are: Passive information and
Dynamic active programs. The Dynamic, Self-executing programs cause serious problems in
the areas of Security and probability. But Java addresses those concerns and by doing so, has
opened the door to an exciting new form of program called the Applet.
Java can be used to create two types of programs
Applications and Applets
An application is a program that runs on our Computer under the operating system of that
computer. It is more or less like one creating using C or C++. Java’s ability to create Applets
makes it important. An Applet is an application designed to be transmitted over the Internet and
executed by a Java –compatible web browser. An applet is actually a tiny Java program,
dynamically downloaded across the network, just like an image. But the difference is, it is an
intelligent program, not just a media file. It can react to the user input and dynamically change.
5.2.1 Features of Java
Security
Every time you that you download a “normal” program, you are risking a viral infection. Prior
to Java, most users did not download executable programs frequently, and those who did
scanned them for viruses prior to execution. Most users still worried about the possibility of
infecting their systems with a virus. In addition, another type of malicious program exists that

19
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

must be guarded against. This type of program can gather private information, such as credit
card numbers, bank account balances, and passwords. Java answers both these concerns by
providing a “firewall” between a network application and your computer.
When you use a Java-compatible Web browser, you can safely download Java applets without
fear of virus infection or malicious intent.
Portability
For programs to be dynamically downloaded to all the various types of platforms connected to
the Internet, some means of generating portable executable code is needed. As you will see, the
same mechanism that helps ensure security also helps create portability. Indeed, Java’s solution
to these two problems is both elegant and efficient.
The Byte code
The key that allows the Java to solve the security and portability problems is that the output of
Java compiler is Byte code. Byte code is a highly optimized set of instructions designed to be
executed by the Java run-time system, which is called the Java Virtual Machine (JVM). That is,
in its standard form, the JVM is an interpreter for byte code.
Translating a Java program into byte code helps makes it much easier to run a program in a wide
variety of environments. The reason is, once the run-time package exists for a given system, any
Java program can run on it.
Although Java was designed for interpretation, there is technically nothing about Java that
prevents on-the-fly compilation of byte code into native code. Sun has just completed its Just in
Time (JIT) compiler for byte code. When the JIT compiler is a part of JVM, it compiles byte
code into executable code in real time, on a piece-by-piece, demand basis. It is not possible to
compile an entire Java program into executable code all at once, because Java performs various
run-time checks that can be done only at run time. The JIT compiles code, as it is needed, during
execution.
Java Virtual Machine (JVM)
Beyond the language, there is the Java virtual machine. The Java virtual machine is an important
element of the Java technology. The virtual machine can be embedded within a web browser or
an operating system. Once a piece of Java code is loaded onto a machine, it is verified. As part
of the loading process, a class loader is invoked and does byte code verification makes sure that
the code that’s has been generated by the compiler will not corrupt the machine that it’s loaded

20
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

on. Byte code verification takes place at the end of the compilation process to make sure that is
all accurate and correct. So byte code verification is integral to the compiling and executing of
Java code.
Overall Description

Java Source Java byte code JavaVM

Java .Class
Figure No 5.1 the development process of JAVA Program
Picture showing the development process of JAVA Program
Java programming uses to produce byte codes and executes them. The first box indicates that
the Java source code is located in a. Java file that is processed with a Java compiler called javac.
The Java compiler produces a file called a. class file, which contains the byte code. The. Class
file is then loaded across the network or loaded locally on machine into the execution
environment is the Java virtual machine, which interprets and executes the byte code.
Java Architecture
Java architecture provides a portable, robust, high performing environment for development.
Java provides portability by compiling the byte codes for the Java Virtual Machine, which is
then interpreted on each platform by the run-time environment. Java is a dynamic system, able
to load code when needed from a machine in the same room or across the planet. Compilation
of code When you compile the code, the Java compiler creates machine code (called byte code) for a
hypothetical machine called Java Virtual Machine (JVM). The JVM is supposed to execute the byte
code.

21
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

Java
PC Compiler Interpreter
Java
(PC)
Source
Code Byte code
……….. Macintosh Java
……….. Compiler Interpreter
(Platform
indepen (Macintosh)
……….. dent)
SPARC
Java
Interpreter
(Sparc)

Figure No 5.2 Java Virtual Machine

The JVM is created for overcoming the issue of portability. The code is written and compiled for one
machine and interpreted on all machines. This machine is called JVM.
Compiling and interpreting Java Source Code
During run-time the Java interpreter tricks the byte code file into thinking that it is running on a
Java Virtual Machine. In reality this could be an Intel Pentium Windows 95 or Sun SARC station
running Solaris or Apple Macintosh running system and all could receive code from any
computer through Internet and run the Applets.
Simple
Java was designed to be easy for the Professional programmer to learn and to use effectively. If
you are an experienced C++ programmer, learning Java will be even easier. Because Java
inherits the C/C++ syntax and many of the object oriented features of C++. Most of the
confusing concepts from C++ are either left out of Java or implemented in a cleaner, more
approachable manner. In Java there are a small number of clearly defined ways to accomplish a
given task.
Object-Oriented
Java was not designed to be source-code compatible with any other language. This allowed the
Java team the freedom to design with a blank slate. One outcome of this was a clean usable,
pragmatic approach to objects. The object model in Java is simple and easy to extend, while

22
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

simple types, such as integers, are kept as high-performance non-objects.

Robust
The multi-platform environment of the Web places extraordinary demands on a program,
because the program must execute reliably in a variety of systems. The ability to create robust
programs was given a high priority in the design of Java. Java is strictly typed language; it
checks your code at compile time and run time.
Java virtually eliminates the problems of memory management and deallocation, which is
completely automatic. In a well-written Java program, all run time errors can –and should –be
managed by your program
5.3 JavaScript
JavaScript is a script-based programming language that was developed by Netscape
Communication Corporation. JavaScript was originally called Live Script and renamed as
JavaScript to indicate its relationship with Java. JavaScript supports the development of both
client and server components of Web-based applications. On the client side, it can be used to
write programs that are executed by a Web browser within the context of a Web page. On the
server side, it can be used to write Web server programs that can process information submitted
by a Web browser and then updates the browser’s display accordingly.
Even though JavaScript supports both client and server Web programming, we prefer JavaScript
at Client side programming since most of the browsers supports it. JavaScript is almost as easy
to learn as HTML, and JavaScript statements can be included in HTML documents by enclosing
the statements between a pair of scripting tags.
<SCRIPTS>..</SCRIPT>.
<SCRIPT LANGUAGE = “JavaScript”>
JavaScript statements
</SCRIPT>
Here are a few things can do with JavaScript :
• Validate the contents of a form and make calculations.
• Add scrolling or changing messages to the Browser’s status line.
• Animate images or rotate images that change when move the mouse over them.
• Detect the browser in use and display different content for different browsers.
• Detect installed plug-ins and notify the user if a plug-in is required.

23
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

• Can do much more with JavaScript, including creating entire application.

Java Script VS Java

JavaScript and Java are entirely different languages. A few of the most glaring differences are:
• Java applets are generally displayed in a box within the web document; JavaScript can
affect any part of the Web document itself.
• While JavaScript is best suited to simple applications and adding interactive features to
Web pages; Java can be used for incredibly complex applications.
• There are other differences but the important thing to remember is that JavaScript and
Java are separate languages. They are both useful for different things; they can be used
together to combine their advantages.
Advantages
• JavaScript can be used for Sever-side and Client-side scripting.
• It is more flexible than VBScript.
JavaScript is the default scripting languages at Client-side since all the browsers supports it.
5.4 Hyper Text Markup Language
Hypertext Markup Language (HTML), the languages of the World Wide Web (WWW), allows
users to produces Web pages that include text, graphics and pointer to other Web pages
(Hyperlinks).
HTML is not a programming language but it is an application of ISO Standard 8879, SGML
(Standard Generalized Markup Language), but specialized to hypertext and adapted to the Web.
The idea behind Hypertext is that instead of reading text in rigid linear structure, can easily jump
from one point to another point. Can navigate through the information based on our interest and
preference. A markup language is simply a series of elements, each delimited with special
characters that define how text or other items enclosed within the elements should be displayed.
Hyperlinks are underlined or emphasized works that load to other documents or some portions
of the same document.
HTML can be used to display any type of document on the host computer, which can be
geographically at a different location. It is a versatile language and can be used on any platform
or desktop.

24
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

HTML provides tags (special codes) to make the document look attractive. HTML tags are not
case-sensitive. Using graphics, fonts, different sizes, color, etc., can enhance the presentation of
the document. Anything that is not a tag is part of the document itself.
Basic HTML Tags :
<!-- --> Specifies comments
<A>……….</A> Creates hypertext links
<B>……….</B> Formats text as bold
<BIG>……….</BIG> Formats text in large font.
…</BODY> Contains all tags and text in the HTML document
<CENTER>...</CENTER> Creates text
<DD>…</DD> Definition of a term
<DL>...</DL> Creates definition list
<FONT>…</FONT> Formats text with a particular font
<FORM>...</FORM> Encloses a fill-out form
>...</FRAME> Defines a particular frame in a set of frames
<H#>…</H#> Creates headings of different levels
..</HEAD> Contains tags that specify information about a document
<HR>...</HR> Creates a horizontal rule
<HTML>…</HTML> Contains all other HTML tags
</META> Provides meta-information about a document
<SCRIPT>…</SCRIPT> Contains client-side or server-side script
<TABLE>…</TABLE> Creates a table
<TD>…</TD> Indicates table data in a table
<TR>…</TR> Designates a table row
<TH>…</TH> Creates a heading in a table

Advantages
• A HTML document is small and hence easy to send over the net. It is small because it
does not include formatted information.
• HTML is platform independent.
• HTML tags are not case-sensitive.

25
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

5.5 Java Database Connectivity

What Is JDBC?
JDBC is a Java API for executing SQL statements. (As a point of interest, JDBC is a
trademarked name and is not an acronym; nevertheless, JDBC is often thought of as standing
for Java Database Connectivity. It consists of a set of classes and interfaces written in the Java
programming language. JDBC provides a standard API for tool/database developers and makes
it possible to write database applications using a pure Java API.
Using JDBC, it is easy to send SQL statements to virtually any relational database. One can
write a single program using the JDBC API, and the program will be able to send SQL
statements to the appropriate database. The combinations of Java and JDBC lets a programmer
write it once and run it anywhere.
What Does JDBC Do?

Simply put, JDBC makes it possible to do three things:

• Establish a connection with a database
• Send SQL statements
• Process the results.
JDBC versus ODBC and other APIs
At this point, Microsoft's ODBC (Open Database Connectivity) API is that probably the most
widely used programming interface for accessing relational databases. It offers the ability to
connect to almost all databases on almost all platforms.
So why not just use ODBC from Java? The answer is that you can use ODBC from Java, but
this is best done with the help of JDBC in the form of the JDBC-ODBC Bridge, which will
cover shortly. The question now becomes "Why do you need JDBC?" There are several answers
to this question:

• ODBC is not appropriate for direct use from Java because it uses a C interface. Calls
from Java to native C code have a number of drawbacks in the security, implementation,
robustness, and automatic portability of applications.
• A literal translation of the ODBC C API into a Java API would not be desirable. For
example, Java has no pointers, and ODBC makes copious use of them, including the

26
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

notoriously error-prone generic pointer "void *". You can think of JDBC as ODBC
translated into an object-oriented interface that is natural for Java programmers.
• ODBC is hard to learn. It mixes simple and advanced features together, and it has
complex options even for simple queries. JDBC, on the other hand, was designed to keep
simple things simple while allowing more advanced capabilities where required.
• A Java API like JDBC is needed in order to enable a "pure Java" solution. When ODBC
is used, the ODBC driver manager and drivers must be manually installed on every client
machine. When the JDBC driver is written completely in Java, however, JDBC code is
automatically installable, portable, and secure on all Java platforms from network
computers to mainframes.

Two-tier and Three-tier Models

The JDBC API supports both two-tier and three-tier models for database access. In the two-tier
model, a Java applet or application talks directly to the database.

JAVA
Application Client machine

JDBC DBMS-proprietary protocol

DBMS Database server

Figure No 5.3 Two-tier and Three-tier Models

This requires a JDBC driver that can communicate with the particular database management
system being accessed. A user's SQL statements are delivered to the database, and the results of
those statements are sent back to the user. The database may be located on another machine to
which the user is connected via a network. This is referred to as a client/server configuration,
with the user's machine as the client, and the machine housing the database as the server. The
network can be an Intranet, which, for example, connects employees within a corporation, or it

27
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

can be the Internet. In the three-tier model, commands are sent to a "middle tier" of services,
which then send SQL statements to the database to the middle tier, which then sends them to
the user. MIS directors find the three-tier model very attractive because the middle tier makes
it possible to maintain control over access and the kinds of updates that can be made to corporate
data. Another advantage is that when there is a middle tier, the user can employ an easy-to-use
higher-level API which is translated by the middle tier into the appropriate low-level calls.
Finally, in many cases the three-tier architecture can provide performance advantages.

Until now he middle tier has typically been written in languages such as C or C++, which offer
fast performance. However, with the introduction of optimizing compilers that translate Java
byte code into efficient machine-specific code, it is becoming practical to implement the middle
tier in Java. This is a big plus, making it possible to take advantage of Java's robustness,
multithreading, and security features. JDBC is important to allow database access from a Java
middle tier. management system being accessed. A user's SQL statements are delivered to the
database, and the results of those statements are sent back to the user.

Java applet or
Html browser Client machine (GUI)

HTTP, RMI, or CORBA calls

Application Server machine (business Logic)

Server (Java)
JDBC DBMS-proprietary protocol

Database server

DBMS

Figure No 5.4 JDBC Database

The database may be located on another machine to which the user is connected via a network.
This is referred to as a client/server configuration, with the user's machine as the client, and the
machine housing the database as the server. The network can be an Intranet, which, for example,
connects employees within a corporation, or it can be the Internet. In the three-tier model,
commands are sent to a "middle tier" of services, which then send SQL statements to the
database. The database processes the SQL statements and sends the results back to the middle

28
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

tier, which then sends them to the user. MIS directors find the three-tier model very attractive
because the middle tier makes it possible to maintain control over access and the kinds of
updates that can be made to corporate data. Another advantage is that when there is a middle
tier, the user can employ an easy-to-use higher-level API which is translated by the middle tier
into the appropriate low-level calls. Finally, in many cases the three-tier architecture can provide
performance advantages.

Until now the middle tier has typically been written in languages such as C or C++, which offer
fast performance. However, with the introduction of optimizing compilers that translate Java
byte code into efficient machine-specific code, it is becoming practical to implement the middle
tier in Java. This is a big plus, making it possible to take advantage of Java's robustness,
multithreading, and security features. JDBC is important to allow database access from a Java
middle tier.
JDBC Driver Types
The JDBC drivers that are aware of at this time fit into one of four categories:
• JDBC-ODBC bridge plus ODBC driver
• Native-API partly-Java driver
• JDBC-Net pure Java driver
• Native-protocol pure Java driver
JDBC-ODBC Bridge
If possible, use a Pure Java JDBC driver instead of the Bridge and an ODBC driver. This
completely eliminates the client configuration required by ODBC. It also eliminates the
potential that the Java VM could be corrupted by an error in the native code brought in by the
Bridge (that is, the Bridge native library, the ODBC driver manager library, the ODBC driver
library, and the database client library).
Native-API partly-Java driver
Native-API partly-Java driver: Native-API partly-Java drivers combine Java code with native
(platform-specific) code to establish connections with databases. These drivers leverage vendor-
specific APIs for database interaction, offering better performance compared to the JDBC-
ODBC bridge. However, they may sacrifice portability due to reliance on platform-specific
native libraries. This approach is commonly used when performance is a priority and when
developers need to access database features not fully supported by

29
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

JDBC-Net pure Java driver

JDBC. JDBC-Net pure Java driver: JDBC-Net pure Java drivers are entirely written in Java and
communicate directly with databases over a network protocol. These drivers do not rely on
native code or middleware, making them highly portable across different platforms. Known for
their simplicity and ease of deployment, JDBC-Net drivers are commonly used in modern JDBC
applications where portability and simplicity are paramount. They offer a straightforward and
efficient way to connect Java applications to databases without platform-specific dependencies.
Native-protocol pure Java driver
Native-protocol pure Java driver: Native-protocol pure Java drivers, like JDBC-Net drivers, are
entirely written in Java. However, instead of using a network protocol, they employ vendor-
specific native protocols for communication with databases. This approach offers better
performance compared to JDBC-Net drivers but may sacrifice some portability due to reliance
on vendor-specific protocols. Native-protocol drivers are suitable for applications where
performance is critical and platform dependencies can be managed. They provide an efficient
means of connecting Java applications to databases while leveraging native protocols for
optimal performance and compatibility with database systems.
What Is the JDBC- ODBC Bridge?
The JDBC-ODBC Bridge is a JDBC driver, which implements JDBC operations by translating
them into ODBC operations. To ODBC it appears as a normal application program. The Bridge
implements JDBC for any database for which an ODBC driver is available. The Bridge is
implemented as the sun.jdbc.odbc Java package and contains a native library used to access
ODBC. The Bridge is a joint development of Intersolv and JavaSoft.
5.6 Java Server Pages (JSP)
Java server Pages is a simple, yet powerful technology for creating and maintaining dynamic-
content web pages. Based on the Java programming language, Java Server Pages offers proven
portability, open standards, and a mature re-usable component model. The Java Server Pages
architecture enables the separation of content generation from content presentation. This
separation not eases maintenance headaches, it also allows web team members to focus on their
areas of expertise. Now, web page designer can concentrate on layout, and web application
designers on programming, with minimal concern about impacting each other’s work.

30
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

5.6.1 Features of JSP

Portability
Java Server Pages files can be run on any web server or web-enabled application server that
provides support for them. Dubbed the JSP engine, this support involves recognition,
translation, and management of the Java Server Page lifecycle and its interaction components.
Components
It was mentioned earlier that the Java Server Pages architecture can include reusable Java
components. The architecture also allows for the embedding of a scripting language directly
into the Java Server Pages file. The components current supported include Java Beans, and
Servlets.
Processing
A Java Server Pages file is essentially an HTML document with JSP scripting or tags. The Java
Server Pages file has a JSP extension to the server as a Java Server Pages file. Before the page
is served, the Java Server Pages syntax is parsed and processed into a Servlet on the server side.
The Servlet that is generated outputs real content in straight HTML for responding to the client.
Access Models
A Java Server Pages file may be accessed in at least two different ways. A client’s request comes
directly into a Java Server Page. In this scenario, suppose the page accesses reusable Java Bean
components that perform particular well-defined computations like accessing a database. The
result of the Beans computations, called result sets is stored within the Bean as properties. The
page uses such Beans to generate dynamic content and present it back to the client.
In both of the above cases, the page could also contain any valid Java code. Java Server Pages
architecture encourages separation of content from presentation.
Steps in the execution of a JSP Application:
• The client sends a request to the web server for a JSP file by giving the name of the JSP
file within the form tag of a HTML page.
• This request is transferred to the JavaWebServer. At the server side JavaWebServer
receives the request and if it is a request for a jsp file server gives this request to the JSP
engine.
• JSP engine is program which can understands the tags of the jsp and then it converts
those tags into a Servlet program and it is stored at the server side. This Servlet is loaded

31
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

in the memory and then it is executed and the result is given back to the JavaWebServer
and then it is transferred back to the result is given back to the JavaWebServer and then
it is transferred back to the client.

JDBC connectivity

The JDBC provides database-independent connectivity between the J2EE platform and a wide
range of tabular data sources. JDBC technology allows an Application Component Provider to:
• Perform connection and authentication to a database server
• Manager transactions
• Move SQL statements to a database engine for preprocessing and execution
• Execute stored procedures
• Inspect and modify the results from Select statements.
5.6.2 Tomcat 6.0 web server
Tomcat is an open source web server developed by Apache Group. Apache Tomcat is the servlet
container that is used in the official Reference Implementation for the Java Servlet and Java
Server Pages technologies. The Java Servlet and Java Server Pages specifications are developed
by Sun under the Java Community Process. Web Servers like Apache Tomcat support only web
components while an application server supports web components as well as business
components (BEAs Weblogic, is one of the popular application server). To develop a web
application with jsp/servlet install any web server like JRun, Tomcat etc to run your application.

Figure No 5.5 Tomcat web serve

32
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

CHAPTER-6: SYSTEM STUDY

Feasibility Study

The feasibility of the project is analyzed in this phase and business proposal is put forth with a
very general plan for the project and some cost estimates. During system analysis the feasibility
study of the proposed system is to be carried out. This is to ensure that the proposed system is
not a burden to the company. For feasibility analysis, some understanding of the major
requirements for the system is essential.

Three key considerations involved in the feasibility analysis are

• Economical feasibility
• Technical feasibility
• Social feasibility
6.1 Economical Feasibility
This study is carried out to check the economic impact that the system will have on the
organization. The amount of fund that the company can pour into the research and development
of the system is limited. The expenditures must be justified. Thus the developed system as well
within the budget and this was achieved because most of the technologies used are freely
available. Only the customized products had to be purchased.

6.2 Technical Feasibility

This study is carried out to check the technical feasibility, that is, the technical requirements of
the system. Any system developed must not have a high demand on the available technical
resources. This will lead to high demands on the available technical resources. This will lead to
high demands being placed on the client. The developed system must have a modest
requirement, as only minimal or null changes are required for implementing this system.
6.3 Social Feasibility
The aspect of study is to check the level of acceptance of the system by the user. Includes the
process of training the user to use the system efficiently. The user must not feel threatened by
the system. The level of acceptance by the users solely depends on the methods that are
employed to educate the user about the system and to make him familiar with it.

33
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

CHAPTER-7: SYSTEM TESTING

The purpose of testing is to discover errors. Testing is the process of trying to discover every
conceivable fault or weakness in a work product. It provides a way to check the functionality of
components, sub assemblies, assemblies and/or a finished product It is the process of exercising
software with the intent of ensuring that the
Software system meets its requirements and user expectations and does not fail in an
unacceptable manner. There are various types of test. Each test type addresses a specific testing
requirement.
7.1 Types Of Tests
7.1.1 Unit testing
Unit testing involves the design of test cases that validate that the internal program logic is
functioning properly, and that program inputs produce valid outputs. All decision branches and
internal code flow should be validated. It is the testing of individual software units of the
application .it is done after the completion of an individual unit before integration. This is a
structural testing, that relies on knowledge of its construction and is invasive. Unit tests perform
basic tests at component level and test a specific business process, application, and/or system
configuration. Unit tests ensure that each unique path of a business process performs accurately
to the documented specifications and contains clearly defined inputs and expected results.
Unit testing is usually conducted as part of a combined code and unit test phase of the software
lifecycle, although it is not uncommon for coding and unit testing to be conducted as two distinct
phases.
Unit testing focuses verification effort on the smallest unit of Software design that is the module.
Unit testing exercises specific paths in a module’s control structure to ensure complete coverage
and maximum error detection. This test focuses on each module individually, ensuring that it
functions properly as a unit. Hence, the naming is Unit Testing.

During this testing, each module is tested individually and the module interfaces are verified for
the consistency with design specification. All important processing path are tested for the
expected results. All error handling paths are also tested.

Test strategy and approach

Field testing will be performed manually and functional tests will be written in detail.

34
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

Test objectives
• All field entries must work properly.
• Pages must be activated from the identified link.
• The entry screen, messages and responses must not be delayed.
Features to be tested
• Verify that the entries are of the correct format
• No duplicate entries should be allowed
• All links should take the user to the correct page.
7.1.2 Integration testing
Integration tests are designed to test integrated software components to determine if they
actually run as one program. Testing is event driven and is more concerned with the basic
outcome of screens or fields. Integration tests demonstrate that although the components were
individually satisfaction, as shown by successfully unit testing, the combination of components
is correct and consistent. Integration testing is specifically aimed at exposing the problems that
arise from the combination of components.
Software integration testing is the incremental integration testing of two or more integrated
software components on a single platform to produce failures caused by interface defects.
The task of the integration test is to check that components or software applications, e.g.
components in a software system or – one step up – software applications at the company level
– interact without error.
Integration testing addresses the issues associated with the dual problems of verification and
program construction. After the software has been integrated a set of high order tests are
conducted. The main objective in this testing process is to take unit tested modules and builds a
program structure that has been dictated by design.

The following are the types of Integration Testing:

Top-Down Integration
This method is an incremental approach to the construction of program structure. Modules are
integrated by moving downward through the control hierarchy, beginning with the main
program module. The module subordinates to the main program module are incorporated into
the structure in either a depth first or breadth first manner.

35
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

In this method, the software is tested from main module and individual stubs are replaced when
the test proceeds downwards.

Bottom-up Integration
This method begins the construction and testing with the modules at the lowest level in the
program structure. Since the modules are integrated from the bottom up, processing required for
modules subordinate to a given level is always available and the need for stubs is eliminated.
The bottom up integration strategy may be implemented with the following steps:
• The low-level modules are combined into clusters into clusters that perform a specific
Software sub-function.
• A driver (i.e.) the control program for testing is written to coordinate test case input and
output.
• The cluster is tested.
• Drivers are removed and clusters are combined moving upward in the program structure
• The bottom up approaches tests each module individually and then each module is
module is integrated with a main module and tested for functionality.
• Test Results: All the test cases mentioned above passed successfully. No defects
encountered.
7.1.3 Functional testing
Functional tests provide systematic demonstrations that functions tested are available as
specified by the business and requirements, system documentation, and user manuals.
Functional testing is centered on the following items:
Valid Input : identified classes of valid input must be accepted.
Invalid Input : identified classes of invalid input must be rejected.
Functions : identified functions must be exercised.
Output : identified classes of application outputs must be exercised.
Systems/Procedures : interfacing systems or procedures must be invoked.
Organization and preparation of functional tests is focused on requirements, key functions, or
special test cases. In addition, systematic coverage pertaining to identify Business process flows;
data fields, predefined processes, and successive processes must be considered for testing.

36
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

Before functional testing is complete, additional tests are identified and the effective value of
current tests is determined.
7.1.4 System Testing
System testing ensures that the entire integrated software system meets requirements. It tests a
configuration to ensure known and predictable results. An example of system testing is the
configuration oriented system integration test. System testing is based on process descriptions
and flows, emphasizing pre-driven process links and integration points.
White Box Testing
White Box Testing is a testing in which in which the software tester has knowledge of the inner
workings, structure and language of the software, or at least its purpose. It is purpose. It is used
to test areas that cannot be reached from a black box level.
Black Box Testing
Black Box Testing is testing the software without any knowledge of the inner workings,
structure or language of the module being tested. Black box tests, as most other kinds of tests,
must be written from a definitive source document, such as specification or requirements
document, such as specification or requirements document. It is a testing in which the software
under test is treated, as a black box. you cannot “see” into it. The test provides inputs and
responds to outputs without considering how the software works.
7.1.5 Acceptance Testing
User Acceptance of a system is the key factor for the success of any system. The system under
consideration is tested for user acceptance by constantly keeping in touch with the prospective
system users at the time of developing and making changes wherever required. The system
developed provides a friendly user interface that can easily be understood even by a person who
is new to the system.
Output Testing
After performing the validation testing, the next step is output testing of the proposed system,
since no system could be useful if it doesn’t produce the required output in the specified format.
Asking the users about the format required by them tests the outputs generated or displayed by
system consideration. Hence considered in 2 ways one is on screen, another in printed format.

37
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

Validation Checking
Validation checks are performed on the following fields.
Text Field
The text field can contain only the number of characters lesser than or equal to its size. The text
fields are alphanumeric in some tables and alphabetic in other tables. Incorrect entry always
flashes and error message.
Numeric Field
The numeric field can contain only numbers from 0 to 9. An entry of any character flashes an
error messages. The individual modules are checked for accuracy and what it has to perform.
Each module is subjected to test run along with sample data. The individually tested modules
are integrated into a single system. Testing involves executing the real data information is used
in the program the existence of any program defect is inferred from the output. The testing
should be planned so that all the requirements are individually tested.
A successful test is one that gives out the defects for the inappropriate data and produces and
output revealing the errors in the system.
Preparation of Test Data
Making various kinds of test data does the above testing. Preparation of test data plays a vital
role in the system testing. After preparing the test data the system under study is tested using
that test data. While testing the system by using test data errors are again uncovered and
corrected by using above testing steps and corrections are also noted for future use.

Using Live Test Data

Live test data are those that are actually extracted from organization files. After a system is
partially constructed, programmers or analysts often ask users to key in a set of data from their
normal activities. Then, the systems person uses this data as a way to partially test the system.
In other instances, programmers or analysts extract a set of live data from the files and have
them entered themselves. It is difficult to obtain live data in sufficient amounts to conduct
extensive testing. And, although it is realistic data that will show how the system will perform
for the typical processing requirement, assuming that the live data entered are in fact typical,
such data generally will not test all combinations or formats that can enter the system. This bias
toward typical values then does not provide a true systems test and in fact ignores the cases most
likely to cause system failure.

38
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

Using Artificial Test Data

Artificial test data are created solely for test purposes, since they can be generated to test all
combinations of formats and values. In other words, the artificial data, which can quickly be
prepared by a data generating utility program in the information systems department, make
possible the testing of all login and control paths through the program.
The most effective test programs use artificial test data generated by persons other than those
who wrote the programs. Often, an independent team of testers formulates a testing plan, using
the systems specifications.
The package “Virtual Private Network” has satisfied all the requirements specified as per
software requirement specification and was accepted.
User Training
Whenever a new system is developed, user training is required to educate them about the
working of the system so that it can be put to efficient use by those for whom the system has
been primarily designed. Its working is easily understandable and since the expected users are
people who have good knowledge of computers, the use of this system is very easy.
Maintenance
This covers a wide range of activities including correcting code and design errors. To reduce
the need for maintenance in the long run, have more accurately defined the user’s requirements
during the process of system development. Depending on the requirements, this system has been
developed to satisfy the needs to the largest possible extent. With development in technology,
it may be possible to add many more features based on the requirements in future. The coding
and designing is simple and easy to understand which will make maintenance easier.
Testing Strategy
A strategy for system testing integrates system test cases and design techniques into a well
planned series of steps that results in the successful construction of software. The testing strategy
must co-operate test planning, test case design, test execution, and the resultant data collection
and evaluation. A strategy for software testing must accommodate low-level tests that are
necessary to verify that a small source code segment has been correctly implemented as well
as high level tests that validate major system functions against user requirements. Software
testing is a critical element of software quality assurance and represents the ultimate review of
specification design and coding. Testing represents an interesting anomaly for the software.

39
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

Thus, a series of testing are performed for the proposed system before the system is ready for
user acceptance testing.
7.2 Test Cases
Sample Test Cases

40
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

CHAPTER-8: RESULTS
Home Page

Figure No 8.1 Home Page

Server Login

Figure No 8.2 Server Login

41
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

Client Login

Figure No 8.3 Client Login

Authority Login

Figure No 8.4 Authority Login

42
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

Client Register

Figure No 8.5 Client Register

Authority Register

Figure No 8.6 Authority Register

43
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

Client Home Page

Figure No 8.7 Client Home Page

Authority Home Page

Figure No 8.8 Authority Home Page

44
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

Downloading a patient file

Figure No 8.9 Downloading a patient file

Searching a patient file

Figure No 8.10 Searching a patient file

45
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

Requesting a Master Key

Figure No 8.11 Requesting a Master Key

Accessing the Master Key

Figure No 8.12 Accessing the Master Key

46
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

Uploading the patient reports

Figure No 8.13 Uploading the patient reports

47
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

Uploaded patient files

Figure No 8.14 Uploaded patient files

Accessing the patient reports

Figure No 8.15 Accessing the patient reports

48
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

CHAPTER-9: CONCLUSION & FUTURE ENHANCEMENT

9.1 Conclusion
A practical and efficient authorized encrypted search scheme for multi-authority medical
databases, and it also supports forward security. Our construction is L-adaptive-secure with the
designed leakage functions, which are also non-interactive. The proposed system shows how to
build a fine-grained encrypted database search system for multiple authorities. In addition, we
also present an analysis of our framework properties. There are some interesting open problems
that deserve further investigation, such as, designing more practical Boolean query searchable
encryption with forward security, exploiting the method of simplifying access control for data
owners or clients etc.

9.2 Future Enhancement

It holds immense promise for the future of healthcare data management and privacy protection.
This innovative approach addresses critical challenges in healthcare, including data security,
privacy compliance, and interoperability among diverse medical institutions.
By implementing this technology, healthcare providers can securely access and share sensitive
patient information across multiple authorities while ensuring data confidentiality through
encryption. Authorized users can conduct searches within these encrypted databases without
compromising patient privacy.
The future scope of this solution lies in its potential to revolutionize medical research,
personalized medicine, and healthcare analytics. Moreover, encrypted search capabilities
facilitate collaboration among healthcare institutions, allowing for seamless data exchange
while maintaining confidentiality.
Furthermore, as the healthcare industry continues to adopt digital health technologies and cloud-
based platforms, the demand for secure data management solutions will only increase. It offers
a scalable and adaptable solution to meet these evolving needs, positioning it as a cornerstone
of future healthcare data infrastructure. As technology advances and regulatory frameworks
evolve, this approach will play a pivotal role in ensuring patient privacy, data security, and
innovation in healthcare delivery and research.

49
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

CHAPTER 10: BIBLIOGRAPHY

[1] Chungen Xu, Joseph K. Liu, Cong Zuo, Xingliang Yuan, Shifeng Sun, “Enabling Authorized
Encrypted Search for Multi-Authority Medical Databases” Jan.-March 2021, pp. 534-546, vol.
9 DOI Bookmark: 10.1109/TETC.2019.2905572.
[2] IJARSCT Volume 9, Issue 3, September 2020 Copyright to IJARCST DOI:
XX.082020/IJARSCT 79, “Enabling Authorized Encrypted Search for Multi-Authority Medical
Databases” Prof. Miriam Thomas1, Padmaja S2 and Dr. Mahalekshmi3.
[3] Corpus ID: 88496684, “ Enabling Authorized Encrypted Search for Multi-Authority Medical
Databases” Lei Xu, Shifeng Sun, +3 authors Chungen Xu Published in IEEE Transactions on
Emerging… 18 March 2019.
[4] L. Xu, X. Yuan, C. Wang, Q. Wang, and C. Xu, “Hardening database padding for searchable
encryption,” in Proc. of the 2019 Conf. on Int. Conf. on Comput. Commun. IEEE, 2018.
[5] Y. Guo, X. Yuan, X. Wang, C. Wang, B. Li, and X. Jia, “Enabling encrypted rich queries in
distributed key-value stores,” IEEE Trans. on Parallel and Distributed Systems, 2018.
[6] S.-F. Sun, X. Yuan, J. K. Liu, R. Steinfeld, A. Sakzad, V. Vo, and S. Nepal, “Practical
backward-secure searchable encryption from symmetric puncturable encryption,” in Proc. of
the 2018 Conf. on Comput. and Commun. Secur. ACM, 2018, pp. 763–780.
[7] S. Lai, S. Patranabis, A. Sakzad, J. K. Liu, D. Mukhopadhyay, R. Steinfeld, S.-F. Sun, D.
Liu, and C. Zuo, “Result pattern hiding searchable encryption for conjunctive queries,” in Proc.
of the 2018 Conf. on Comput. and Commun. Secur. ACM, 2018, pp. 745–762.
[8] C. Zuo, J. Macindoe, S. Yang, R. Steinfeld, and J. K. Liu, “Trusted boolean search on cloud
using searchable symmetric encryption,” in Proc. of 2016 IEEE Trustcom/BigDataSE/ISPA,
2016, pp. 113–120. IEEE Transactions on Emerging Topics in Computing, issue
Date:18.March.2019 12
[9] C. Zuo, J. Shao, Z. Liu, Y. Ling, and G. Wei, “Hidden-token searchable public-key
encryption,” in Proc. of 2017 IEEE Trustcom/BigDataSE/ICESS, 2017, pp. 248–254.
[10] P. Xu, S. Liang, W. Wang, W. Susilo, Q. Wu, and H. Jin, “Dynamic searchable symmetric
encryption with physical deletion and small leakage,” in Proc. of 22nd Aus. Conf. Inf. Secur.
and Privacy, 2017, pp. 207–226.
[11] X. Yuan, X. Wang, C. Wang, C. Yu, and S. Nutanong, “Privacy preserving similarity joins

50
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

over encrypted data,” IEEE Trans. Inf. Forensics Secur., vol. 12, no. 11, pp. 2763–2775, 2017.
[12] Z. Deng, K. Li, K. Li, and J. Zhou, “A multi-user searchable encryption scheme with
keyword authorization in a cloud storage,” Future Generation Comput. Syst., vol. 72, pp. 208–
218, 2017.
[13] S. K. Kermanshahi, J. K. Liu, and R. Steinfeld, “Multi-user cloudbased secure keyword
search,” in Proc. of 22nd Aus. Conf. on Inf. Secur. and Privacy, 2017, pp. 227–247.
[14] R. Bost, “Po'o&: Forward secure searchable encryption,” in Proc.of the 2016 ACM
SIGSAC Conf. on Comput. and Commun. Secur.,2016, pp. 1143–1154.
[15] S. Sun, J. K. Liu, A. Sakzad, R. Steinfeld, and T. H. Yuen, “An efficient non-interactive
multi-client searchable encryption with support for boolean queries,” in Proc. of 21st Eur. Symp.
on Research in Comput. Secur., 2016, pp. 154–172.
[16] X. Yang, T. Lee, J. K. Liu, and X. Huang, “Trust enhancement over range search for
encrypted data,” in Proc. of 2016 IEEE Trustcom/BigDataSE/ISPA, 2016, pp. 66–73.
[17] X. Yuan, X. Wang, C. Wang, C. Qian, and J. Lin, “Building an encrypted, distributed, and
searchable key-value store,” in Proc. Of the 11th ACM on Asia Conf. on Comput. and Commun.
Security, 2016, pp. 547–558.
[18] Y. Zhang, J. Katz, and C. Papamanthou, “All your queries are belonged to us: The power
of file-injection attacks on searchable encryption,” in Proc. of 25th USENIX Secur. Symp.,
2016, pp. 707–720.
[19] X. Yuan, H. Cui, X. Wang, and C. Wang, “Enabling privacy-assured similarity retrieval
over millions of encrypted records,” in Proc. Of 20th Eur. Symp. on Research in Comput. Secur.,
2015, pp. 40–60.
[20] J. Liu, X. Huang, and J. K. Liu, “Secure sharing of personal health records in cloud
computing: Ciphertext-policy attribute based sign encryption,” Future Generation Compute.
Syst., vol. 52, pp.67–76, 2015.
[21] L. Zhou, V. Varadharajan, and M. Hitchens, “Achieving secure role-based access control
on encrypted data in cloud storage,” IEEE Trans. Inf. Forensics Security, vol. 8, no. 12, pp.
1947–1960, 2013.
[22] L. Fang W. Susilo, C. Ge, and J.Wang, “Public key encryption with keyword search secure
against keyword guessing attacks without random oracle,” Inf. Sci., vol. 238, pp. 221–241,
2013.

51
MRITS – Computer Science and Engineering
 Enabling Authorized Encrypted Search for Multi-Authority Medical Databases

[23] S. Jarecki, C. S. Jutla, H. Krawczyk, M. Rosu, and M. Steiner, “Outsourced symmetric

private information retrieval,” in Proc. of 2013 ACM SIGSAC Conf. on Comput. and Commun.
Secur., 2013, pp. 875–888.
[24] D. Cash, S. Jarecki, C. S. Jutla, H. Krawczyk, M. Rosu, and M. Steiner, “Highly-scalable
searchable symmetric encryption with support for Boolean queries,” in Proc. of 33rd Annu.
Cryptology Conf., 2013, pp. 353–373.
[25] M. Li, S. Yu, Y. Zheng, K. Ren, and W. Lou, “Scalable and secure sharing of personal
health records in cloud computing using attribute-based encryption,” IEEE Trans. Parallel
Distributed System, vol. 24, no. 1, pp. 131–143, 2013.
[26] J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-policy attribute-based encryption,” in
Proc. of 2007 IEEE Symp. on Security and Privacy, 2007, pp. 321–334.
[27] D. Boneh, G. D. Crescenzo, R. Ostrovsky, and G. Persiano, “Public key encryption with
keyword search,” in Proc. of Int. Conf. on the Theory and Appl. of Cryptographic Tech., 2004,
pp. 506–522.
[28] B. Chor, O. Goldreich, E. Kushilevitz, and M. Sudan, “Private information retrieval,” in
Proc. of 36th Annu. Symp. on Foundations of Comput. Sci., 1995, pp. 41–50.

52
MRITS – Computer Science and Engineering