EventGuard: A System Architecture for Securing Publish-Subscribe Networks

Publish-subscribe (pub-sub) is an emerging paradigm for building a large number of distributed systems. A wide area pub-sub system is usually implemented on an overlay network infrastructure to enable information dissemination from publishers to subscribers. Using an open overlay network raises several security concerns such as: confidentiality and integrity, authentication, authorization and Denial-of-Service (DoS) attacks. In this article we present EventGuard, a framework for building secure wide-area pub-sub systems. The EventGuard architecture is comprised of three key components: (1) a suite of security guards that can be seamlessly plugged-into a content-based pub-sub system, (2) a scalable key management algorithm to enforce access control on subscribers, and (3) a resilient pub-sub network design that is capable of scalable routing, handling message dropping-based DoS attacks, and node failures. The design of EventGuard mechanisms aims at providing security guarantees while maintaining the system’s overall simplicity, scalability, and performance metrics. We describe an implementation of the EventGuard pub-sub system to show that EventGuard is easily stackable on any content-based pub-sub core. We present detailed experimental results that quantify the overhead of the EventGuard pub-sub system and demonstrate its resilience against various attacks.

[1]  Mudhakar Srivatsa,et al.  Large Scaling Unstructured Peer-to-Peer Networks with Heterogeneity-Aware Topology and Routing , 2006, IEEE Transactions on Parallel and Distributed Systems.

[2]  David S. Rosenblum,et al.  Design and evaluation of a wide-area event notification service , 2001, TOCS.

[3]  Marcos K. Aguilera,et al.  Efficient atomic broadcast using deterministic merge , 2000, PODC '00.

[4]  Yang Richard Yang,et al.  Reliable group rekeying: a performance analysis , 2001, SIGCOMM 2001.

[5]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[6]  Mikhail J. Atallah,et al.  Incorporating Temporal Capabilities in Existing Key Management Schemes , 2007, ESORICS.

[7]  Scott Shenker,et al.  Can Heterogeneity Make Gnutella Scalable? , 2002, IPTPS.

[8]  Alexander L. Wolf,et al.  Security issues and requirements for Internet-scale publish-subscribe systems , 2002, Proceedings of the 35th Annual Hawaii International Conference on System Sciences.

[9]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[10]  Mudhakar Srivatsa,et al.  Vulnerabilities and security threats in structured overlay networks: a quantitative analysis , 2004, 20th Annual Computer Security Applications Conference.

[11]  David Hutchison,et al.  A survey of key management for secure group communication , 2003, CSUR.

[12]  Marina Blanton,et al.  Dynamic and Efficient Key Management for Access Hierarchies , 2009, TSEC.

[13]  Ozalp Babaoglu,et al.  ACM Transactions on Computer Systems , 2007 .

[14]  Ajoy Kumar Datta,et al.  Anonymous publish/subscribe in P2P networks , 2003, Proceedings International Parallel and Distributed Processing Symposium.

[15]  Mudhakar Srivatsa,et al.  Secure Event Dissemination in Publish-Subscribe Networks , 2007, 27th International Conference on Distributed Computing Systems (ICDCS '07).

[16]  Mikhail J. Atallah,et al.  Efficient techniques for realizing geo-spatial access control , 2007, ASIACCS '07.

[17]  Mudhakar Srivatsa,et al.  TrustGuard: countering vulnerabilities in reputation management for decentralized overlay networks , 2005, WWW '05.

[18]  Xiaozhou Li,et al.  Reliable group rekeying: a performance analysis , 2001, SIGCOMM '01.

[19]  David S. Rosenblum,et al.  Enabling Confidentiality in Content-Based Publish/Subscribe Infrastructures , 2006, 2006 Securecomm and Workshops.

[20]  Guruduth Banavar,et al.  An efficient multicast protocol for content-based publish-subscribe systems , 1999, Proceedings. 19th IEEE International Conference on Distributed Computing Systems (Cat. No.99CB37003).

[21]  Alex Biryukov,et al.  Data Encryption Standard (DES) , 2005, Encyclopedia of Cryptography and Security.

[22]  Ling Liu,et al.  PeerTrust: supporting reputation-based trust for peer-to-peer electronic communities , 2004, IEEE Transactions on Knowledge and Data Engineering.

[23]  Ellen W. Zegura,et al.  How to model an internetwork , 1996, Proceedings of IEEE INFOCOM '96. Conference on Computer Communications.

[24]  Mikhail J. Atallah,et al.  Dynamic and efficient key management for access hierarchies , 2005, CCS '05.

[25]  Marcos K. Aguilera,et al.  Matching events in a content-based subscription system , 1999, PODC '99.

[26]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[27]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[28]  Atul Prakash,et al.  Secure Distribution of Events in Content-Based Publish Subscribe Systems , 2001, USENIX Security Symposium.

[29]  Ralph Howard,et al.  Data encryption standard , 1987 .

[30]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 2000, TNET.

[31]  Michael K. Reiter,et al.  M2: Multicasting Mixes for Efficient and Anonymous Communication , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[32]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 1998, SIGCOMM '98.

[33]  Michael K. Reiter,et al.  Efficient update diffusion in byzantine environments , 2001, Proceedings 20th IEEE Symposium on Reliable Distributed Systems.