Secure aggregation in a publish-subscribe system

A publish-subscribe system is an information dissemination infrastructure that supports many-to-many communications among publishers and subscribers. In many publish-subscribe systems, in-network aggregation of input data is considered to be an important service that reduces the bandwidth requirements of the system significantly. In this paper, we present a scheme for securing the aggregation of inputs to such a publish-subscribe system. Our scheme, which focuses on the additive aggregate function, sum, preserves the confidentiality and integrity of aggregated data in the presence of untrusted routing nodes. Our scheme allows a group of publishers to publish aggregate data to authorized subscribers without revealing their individual private inputs to either the routing nodes or the subscribers. In addition, our scheme allows subscribers to verify that routing nodes perform the aggregation operation correctly. We use a message authentication code (MAC) scheme based on the discrete logarithm property to allow subscribers to verify the correctness of aggregated data without receiving the digitally-signed raw data used as input to the aggregation. In addition to describing our secure aggregation scheme, we provide formal proofs of its soundness and safety.

[1]  Francis Y. L. Chin,et al.  Security problems on inference control for SUM, MAX, and MIN queries , 1986, JACM.

[2]  R.O. Burnett,et al.  Power system applications for phasor measurement units , 1994, IEEE Computer Applications in Power.

[3]  Guruduth Banavar,et al.  Gryphon: An Information Flow Based Approach to Message Brokering , 1998, ArXiv.

[4]  Ran Canetti,et al.  Efficient authentication and signing of multicast streams over lossy channels , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[5]  Atul Prakash,et al.  Secure Distribution of Events in Content-Based Publish Subscribe Systems , 2001, USENIX Security Symposium.

[6]  David S. Rosenblum,et al.  Design and evaluation of a wide-area event notification service , 2001, TOCS.

[7]  Alexander L. Wolf,et al.  Security issues and requirements for Internet-scale publish-subscribe systems , 2002, Proceedings of the 35th Annual Hawaii International Conference on System Sciences.

[8]  Zoltán Miklós Towards an access control mechanism for wide-area publish/subscribe systems , 2002, Proceedings 22nd International Conference on Distributed Computing Systems Workshops.

[9]  Robbert van Renesse,et al.  Astrolabe: A robust and scalable technology for distributed system monitoring, management, and data mining , 2003, TOCS.

[10]  Francesco M. Malvestuto,et al.  Auditing Sum Queries , 2003, ICDT.

[11]  Lingxuan Hu,et al.  Secure aggregation for wireless networks , 2003, 2003 Symposium on Applications and the Internet Workshops, 2003. Proceedings..

[12]  David A. Wagner,et al.  Resilient aggregation in sensor networks , 2004, SASN '04.

[13]  Kevin Tomsovic,et al.  Designing the Next Generation of Real-Time Control, Communication, and Computations for Large Power Systems , 2005, Proceedings of the IEEE.

[14]  Dirk Westhoff,et al.  CDA: concealed data aggregation for reverse multicast traffic in wireless sensor networks , 2005, IEEE International Conference on Communications, 2005. ICC 2005. 2005.

[15]  Wolfgang Kastner,et al.  Communication systems for building automation and control , 2005, Proceedings of the IEEE.

[16]  C. Castelluccia,et al.  Efficient aggregation of encrypted data in wireless sensor networks , 2005, The Second Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services.

[17]  Himanshu Khurana,et al.  Scalable security and accounting services for content-based publish/subscribe systems , 2005, SAC '05.

[18]  Mudhakar Srivatsa,et al.  Securing publish-subscribe overlay services with EventGuard , 2005, CCS '05.

[19]  Waseem Ahmad,et al.  NISp1-08: Secure Aggregation in Large Scale Overlay Networks , 2006, IEEE Globecom 2006.

[20]  Marina Moscarini,et al.  Auditing sum-queries to make a statistical database secure , 2006, TSEC.

[21]  S. Peter,et al.  On Concealed Data Aggregation for Wireless Sensor Networks , 2006 .

[22]  David S. Rosenblum,et al.  Enabling Confidentiality in Content-Based Publish/Subscribe Infrastructures , 2006, 2006 Securecomm and Workshops.

[23]  Emin Gün Sirer,et al.  Corona: A High Performance Publish-Subscribe System for the World Wide Web , 2006, NSDI.

[24]  David Eyers,et al.  A capability-based access control architecture for multi-domain publish/subscribe systems , 2006, International Symposium on Applications and the Internet (SAINT'06).

[25]  Yuanyuan Zhao,et al.  Dynamic Access Control in a Content-based Publish/Subscribe System with Delivery Guarantees , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[26]  Stuart Haber,et al.  Privacy-Preserving Verification of Aggregate Queries on Outsourced Databases , 2006 .

[27]  Dawn Xiaodong Song,et al.  Secure hierarchical in-network aggregation in sensor networks , 2006, CCS '06.

[28]  Lauri I. W. Pesonen,et al.  Encryption-enforced access control in dynamic multi-domain publish/subscribe networks , 2007, DEBS '07.

[29]  Xue Liu,et al.  PDA: Privacy-Preserving Data Aggregation in Wireless Sensor Networks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[30]  Mudhakar Srivatsa,et al.  Secure Event Dissemination in Publish-Subscribe Networks , 2007, 27th International Conference on Distributed Computing Systems (ICDCS '07).

[31]  Anjan Bose,et al.  Towards More Flexible and Robust Data Delivery for Monitoring and Control of the Electric Power Grid , 2007 .

[32]  Patrick D. McDaniel,et al.  Security and Privacy Challenges in the Smart Grid , 2009, IEEE Security & Privacy.