Secret Sharing in Pub/Sub Using Trusted Execution Environments

An essential security concern in the publish/subscribe paradigm is that of guaranteeing the confidentiality of the data being transmitted. Existing solutions require that some initial parameters, keys or secrets be exchanged or otherwise established between communicating entities before secure end-to-end communication can occur. Most existing solutions in the literature either weaken the desirable decoupling properties of pub/sub or rely on a completely trusted out-of-band service to disseminate these values. This problem can be avoided through the use of Shamir's secret sharing scheme, at the cost of a prohibitively large number of messages, scaling exponentially with the path length between publisher and subscriber. Intel's Software Guard Extensions (SGX) offers trusted execution environments to shield application data from untrusted software running at a higher privilege level. Unfortunately, SGX requires the use of Intel's proprietary hardware and architecture. We mitigate these problems through HyShare, a hybrid broker network used for the purposes of sharing a secret between communicating publishers and subscribers. The broker network is composed of regular brokers that use Shamir's secret sharing scheme and brokers with SGX to reduce the overall number of messages needed to share a secret. By fine tuning the combination of these brokers, it is possible to strike a balance between network resource use and hardware heterogeneity.

[1]  Christof Fetzer,et al.  Secure Content-Based Routing Using Intel Software Guard Extensions , 2016, Middleware.

[2]  Yi Mu,et al.  Towards a Cryptographic Treatment of Publish/Subscribe Systems , 2010, CANS.

[3]  Michael Daum,et al.  A mediated publish-subscribe system for inter-institutional process support in healthcare , 2009, DEBS '09.

[4]  David M. Eyers,et al.  Securing Event-Based Systems , 2010, Principles and Applications of Distributed Event-Based Systems.

[5]  Hans-Arno Jacobsen,et al.  A system for semantic data fusion in sensor networks , 2007, DEBS '07.

[6]  Bruno Crispo,et al.  Design and implementation of a confidentiality and access control solution for publish/subscribe systems , 2012, Comput. Networks.

[7]  JacobsenHans-Arno,et al.  A distributed service-oriented architecture for business process execution , 2010 .

[8]  Andréa W. Richa,et al.  Minimum Maximum Degree Publish-Subscribe Overlay Network Design , 2009, IEEE INFOCOM 2009.

[9]  Nora Cuppens-Boulahia,et al.  Revised Selected Papers of the 8th International Workshop on Data Privacy Management and Autonomous Spontaneous Security - Volume 8247 , 2013 .

[10]  Toshiyuki Miyamoto,et al.  An Optimal Share Transfer Problem on Secret Sharing Storage Systems , 2007, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[11]  Pascal Felber,et al.  Efficient Key Updates through Subscription Re-encryption for Privacy-Preserving Publish/Subscribe , 2015, Middleware.

[12]  Hans-Arno Jacobsen,et al.  Adaptive location constraint processing , 2007, SIGMOD '07.

[13]  Jatinder Singh,et al.  Event-based data control in healthcare , 2008, Companion '08.

[14]  Alexander L. Wolf,et al.  Security issues and requirements for Internet-scale publish-subscribe systems , 2002, Proceedings of the 35th Annual Hawaii International Conference on System Sciences.

[15]  Marianne Winslett,et al.  Secure aggregation in a publish-subscribe system , 2008, WPES '08.

[16]  Elisa Bertino,et al.  A Privacy-Enhancing Content-Based Publish/Subscribe System Using Scalar Product Preserving Transformations , 2010, DEXA.

[17]  Andréa W. Richa,et al.  Minimum Maximum-Degree Publish-Subscribe Overlay Network Design , 2011, IEEE/ACM Trans. Netw..

[18]  Joni da Silva Fraga,et al.  Secure storage of user credentials and attributes in federation of clouds , 2017, SAC.

[19]  Giovanni Di Crescenzo,et al.  Privacy-Preserving Publish/Subscribe: Efficient Protocols in a Distributed Model , 2013, DPM/SETOP.

[20]  Santosh Krishnan,et al.  Google Cloud Pub/Sub , 2015 .

[21]  Jun Li,et al.  Wormhole: Reliable Pub-Sub to Support Geo-replicated Internet Services , 2015, NSDI.

[22]  Elisa Bertino,et al.  Privacy Preserving Context Aware Publish Subscribe Systems , 2013, NSS.

[23]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[24]  Reza Sherafat Kazemzadeh,et al.  The PADRES Publish/Subscribe System , 2010, Principles and Applications of Distributed Event-Based Systems.

[25]  Kurt Rothermel,et al.  Providing basic security mechanisms in broker-less publish/subscribe systems , 2010, DEBS '10.

[26]  Kurt Rothermel,et al.  Securing Broker-Less Publish/Subscribe Systems Using Identity-Based Encryption , 2014, IEEE Transactions on Parallel and Distributed Systems.

[27]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[28]  Mudhakar Srivatsa,et al.  EventGuard: A System Architecture for Securing Publish-Subscribe Networks , 2011, TOCS.

[29]  Hans-Arno Jacobsen,et al.  A Policy Management Framework for Content-Based Publish/Subscribe Middleware , 2007, Middleware.

[30]  Anne-Marie Kermarrec,et al.  The many faces of publish/subscribe , 2003, CSUR.

[31]  Hans-Arno Jacobsen,et al.  A distributed service-oriented architecture for business process execution , 2010, TWEB.

[32]  Jatinder Singh,et al.  Event-Based Data Dissemination Control in Healthcare , 2008, eHealth.

[33]  David M. Eyers,et al.  Access control in publish/subscribe systems , 2008, DEBS.

[34]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[35]  Maarten van Steen,et al.  The hidden pub/sub of spotify: (industry article) , 2013, DEBS '13.

[36]  Refik Molva,et al.  Privacy-Preserving Content-Based Publish/Subscribe Networks , 2009, SEC.

[37]  Giovanni Di Crescenzo,et al.  Efficient and Private Three-Party Publish/Subscribe , 2013, NSS.

[38]  Hans-Arno Jacobsen,et al.  Load Balancing Content-Based Publish/Subscribe Systems , 2010, TOCS.

[39]  Young Yoon,et al.  Secret Forwarding of Events over Distributed Publish/Subscribe Overlay Network , 2016, PloS one.

[40]  David S. Rosenblum,et al.  Design and evaluation of a wide-area event notification service , 2001, TOCS.

[41]  Pascal Felber,et al.  Confidentiality-Preserving Publish/Subscribe , 2016, ACM Comput. Surv..

[42]  Weifeng Chen,et al.  On the privacy protection in publish/subscribe systems , 2010, 2010 IEEE International Conference on Wireless Communications, Networking and Information Security.

[43]  Atul Prakash,et al.  Supporting Privacy Policies in a Publish-Subscribe Substrate for Pervasive Environments , 2007, J. Networks.

[44]  Jun Li,et al.  An Efficient Scheme for Preserving Confidentiality in Content-Based Publish-Subscribe Systems , 2004 .