Design and implementation of a confidentiality and access control solution for publish/subscribe systems

The publish/subscribe model offers a loosely-coupled communication paradigm where applications interact indirectly and asynchronously. Publishers generate events that are sent to interested applications through a network of brokers. Subscribers express their interest by specifying filters that brokers can use for routing the events. Supporting confidentiality of messages being exchanged is still challenging. First of all, it is desirable that any scheme used for protecting the confidentiality of both the events and filters should not require publishers and subscribers to share secret keys. In fact, such a restriction is against the loose-coupling of the model. Moreover, such a scheme should not restrict the expressiveness of filters and should allow the broker to perform event filtering to route the events to the interested parties. Existing solutions do not fully address these issues. In this paper, we provide a novel scheme that supports (i) confidentiality for events and filters; (ii) allows publishers to express further constraints about who can access their events; (iii) filters that can express very complex constraints on events even if brokers are not able to access any information in clear on both events and filters; (iv) and, finally, it does not require publishers and subscribers to share keys. Furthermore, we show how we applied our scheme to a real-world e-health scenario, developed together with a hospital. We also describe the implementation of our solution in Java and the integration with an existing publish/subscribe system.

[1]  David M. Eyers,et al.  Access control in publish/subscribe systems , 2008, DEBS.

[2]  Dennis Heimbigner,et al.  Adapting publish/subscribe middleware to achieve Gnutella-like functionality , 2001, SAC.

[3]  Mihir Bellare,et al.  Randomness Re-use in Multi-recipient Encryption Schemeas , 2003, Public Key Cryptography.

[4]  Zafar U. Singhera A workload model for topic-based publish/subscribe systems , 2008, OOPSLA Companion.

[5]  Jean Bacon,et al.  Generic Support for Distributed Applications , 2000, Computer.

[6]  M. Bellare,et al.  Multi-Recipient Encryption Schemes: Security Notions and Randomness Re-Use , 2003 .

[7]  David S. Rosenblum,et al.  Design and evaluation of a wide-area event notification service , 2001, TOCS.

[8]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[9]  Christof Fetzer,et al.  Bloom filter based routing for content-based publish/subscribe , 2008, DEBS.

[10]  Jonathan Katz,et al.  Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products , 2008, Journal of Cryptology.

[11]  E. Bertino,et al.  Privacy-Preserving Filtering and Covering in Content-Based Publish Subscribe Systems , 2009 .

[12]  Himanshu Khurana,et al.  Scalable security and accounting services for content-based publish/subscribe systems , 2005, SAC '05.

[13]  K. Ondo,et al.  Outside IT: the case for full IT outsourcing. , 2006, Healthcare financial management : journal of the Healthcare Financial Management Association.

[14]  Charles L. Forgy,et al.  Rete: A Fast Algorithm for the Many Patterns/Many Objects Match Problem , 1982, Artif. Intell..

[15]  Elisa Bertino,et al.  A Privacy-Enhancing Content-Based Publish/Subscribe System Using Scalar Product Preserving Transformations , 2010, DEXA.

[16]  Robert H. Deng,et al.  Private Query on Encrypted Data in Multi-user Settings , 2008, ISPEC.

[17]  Mudhakar Srivatsa,et al.  Secure Event Dissemination in Publish-Subscribe Networks , 2007, 27th International Conference on Distributed Computing Systems (ICDCS '07).

[18]  Ling Cheung,et al.  Provably secure ciphertext policy ABE , 2007, CCS '07.

[19]  Ran Canetti,et al.  Chosen-ciphertext secure proxy re-encryption , 2007, CCS '07.

[20]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[21]  Anne-Marie Kermarrec,et al.  The many faces of publish/subscribe , 2003, CSUR.

[22]  David S. Rosenblum,et al.  Enabling Confidentiality in Content-Based Publish/Subscribe Infrastructures , 2006, 2006 Securecomm and Workshops.

[23]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[24]  Bruno Crispo,et al.  Providing confidentiality in content-based publish/subscribe systems , 2010, 2010 International Conference on Security and Cryptography (SECRYPT).

[25]  Weifeng Chen,et al.  On the privacy protection in publish/subscribe systems , 2010, 2010 IEEE International Conference on Wireless Communications, Networking and Information Security.

[26]  Rafail Ostrovsky,et al.  Searchable symmetric encryption: improved definitions and efficient constructions , 2006, CCS '06.

[27]  Marc Langheinrich,et al.  First Steps Towards an Event-Based Infrastructure for Smart Things , 2000 .

[28]  Alfonso Fuggetta,et al.  The JEDI Event-Based Infrastructure and Its Application to the Development of the OPSS WFMS , 2001, IEEE Trans. Software Eng..

[29]  Refik Molva,et al.  Privacy-Preserving Content-Based Publish/Subscribe Networks , 2009, SEC.

[30]  Hans-Arno Jacobsen,et al.  The PADRES Distributed Publish/Subscribe System , 2005, FIW.

[31]  Christof Bornhövd,et al.  An infrastructure for meta-auctions , 2000, Proceedings Second International Workshop on Advanced Issues of E-Commerce and Web-Based Information Systems. WECWIS 2000.

[32]  Zoltán Miklós Towards an access control mechanism for wide-area publish/subscribe systems , 2002, Proceedings 22nd International Conference on Distributed Computing Systems Workshops.

[33]  Brent Waters,et al.  Secure Conjunctive Keyword Search over Encrypted Data , 2004, ACNS.

[34]  Rafail Ostrovsky,et al.  Attribute-based encryption with non-monotonic access structures , 2007, CCS '07.

[35]  Ben Y. Zhao,et al.  Bayeux: an architecture for scalable and fault-tolerant wide-area data dissemination , 2001, NOSSDAV '01.

[36]  Hans-Arno Jacobsen,et al.  Using publish/subscribe middleware for mobile systems , 2002, MOCO.

[37]  Naranker Dulay,et al.  Shared and Searchable Encrypted Data for Untrusted Servers , 2008, DBSec.

[38]  Richard Monson-Haefel,et al.  Java message service , 2000 .

[39]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[40]  Charles L. Forgy,et al.  Rete: a fast algorithm for the many pattern/many object pattern match problem , 1991 .

[41]  Guruduth Banavar,et al.  An efficient multicast protocol for content-based publish-subscribe systems , 1999, Proceedings. 19th IEEE International Conference on Distributed Computing Systems (Cat. No.99CB37003).