Privacy-Preserving Filtering and Covering in Content-Based Publish Subscribe Systems

Content-Based Publish-Subscribe (CBPS) is an asynchronou s messaging paradigm that supports a highly dynamic and many-to-many communication pattern ba sed on the content of the messages themselves. In general, a CBPS system has three distinct par ties -Content Publishers, Content Brokers , andSubscribersworking in a highly decoupled fashion. The ability to seaml essly scale on demand has made CBPS systems the choice of distributing messages/documents produced byContent Publishersto many SubscribersthroughContent Brokers . Most of the current systems assume that Content Brokers are trusted for the confidentiality of the data published by Content Publishersand the privacy of the subscriptions, which specify their interests, made by Subscribers . However, with the increased use of technologies, such as service oriented architectures and c lou omputing, essentially outsourcing the broker functionality to third-party providers, one can no l onger assume the trust relationship to hold. The problem of providing privacy/confidentiality in CBPS syste ms is challenging, since the solution to the problem should allowContent Brokersto make routing decisions based on the content without revea ling the content to them. The problem may appear unsolvable since it involves conflicting goals, but in this paper, we propose a novel approach to preserve the privacy of the subscriptions made by Subscribers and confidentiality of the data published by Content Publishersusing cryptographic techniques when third-partyContent Brokersare utilized to make routing decisions based on the content. We analyze the security of our approach to show that it is indeed sound and pr ovide experimental results to show that it is practical.

[1]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[2]  Claus-Peter Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1990, EUROCRYPT.

[3]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[4]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[5]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[6]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[7]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[8]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[9]  Paul F. Syverson,et al.  Unlinkable serial transactions: protocols and applications , 1999, TSEC.

[10]  Palash Sarkar,et al.  Symmetrically Private Information Retrieval (Extended Abstract) , 2000 .

[11]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[12]  Sanjeev Kumar Mishra On Symmetrically Private Information Retrieval , 2000, IACR Cryptol. ePrint Arch..

[13]  Ivan Damgård,et al.  A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System , 2001, Public Key Cryptography.

[14]  Alexander L. Wolf,et al.  Security issues and requirements for Internet-scale publish-subscribe systems , 2002, Proceedings of the 35th Annual Hawaii International Conference on System Sciences.

[15]  Anne-Marie Kermarrec,et al.  The many faces of publish/subscribe , 2003, CSUR.

[16]  Jaswinder Pal Singh,et al.  Efficient event routing in content-based publish-subscribe service networks , 2004, IEEE INFOCOM 2004.

[17]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[18]  Alexander L. Wolf,et al.  A routing scheme for content-based networking , 2004, IEEE INFOCOM 2004.

[19]  Benny Pinkas,et al.  Efficient Private Matching and Set Intersection , 2004, EUROCRYPT.

[20]  Elisa Bertino,et al.  Selective and authentic third-party distribution of XML documents , 2004, IEEE Transactions on Knowledge and Data Engineering.

[21]  Craig Gentry,et al.  Single-Database Private Information Retrieval with Constant Communication Rate , 2005, ICALP.

[22]  Hans-Arno Jacobsen,et al.  A Unified Approach to Routing, Covering and Merging in Publish/Subscribe Systems Based on Modified Binary Decision Diagrams , 2005, 25th IEEE International Conference on Distributed Computing Systems (ICDCS'05).

[23]  Roberto Baldoni,et al.  Content-Based Publish-Subscribe over Structured Overlay Networks , 2005, 25th IEEE International Conference on Distributed Computing Systems (ICDCS'05).

[24]  Mudhakar Srivatsa,et al.  Securing publish-subscribe overlay services with EventGuard , 2005, CCS '05.

[25]  David S. Rosenblum,et al.  Enabling Confidentiality in Content-Based Publish/Subscribe Infrastructures , 2006, 2006 Securecomm and Workshops.

[26]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.

[27]  Toshihiko Matsuo,et al.  Proxy Re-encryption Systems for Identity-Based Encryption , 2007, Pairing.

[28]  Brent Waters,et al.  Conjunctive, Subset, and Range Queries on Encrypted Data , 2007, TCC.

[29]  Ivan Damgård,et al.  Homomorphic encryption and secure comparison , 2008, Int. J. Appl. Cryptogr..

[30]  Elisa Bertino,et al.  Secure Delta-Publishing of XML Content , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[31]  Marianne Winslett,et al.  Secure aggregation in a publish-subscribe system , 2008, WPES '08.

[32]  Marina Blanton,et al.  Online subscriptions with anonymous access , 2008, ASIACCS '08.

[33]  Ashwin Machanavajjhala,et al.  Scalable ranked publish/subscribe , 2008, Proc. VLDB Endow..

[34]  Susan Hohenberger,et al.  Key-Private Proxy Re-encryption , 2009, CT-RSA.

[35]  Krishna Suri Narayanam A Novel Scheme for Single Database Symmetric Private Information Retrieval , .