Collusion Defender: Preserving Subscribers' Privacy in Publish and Subscribe Systems

The Publish and Subscribe (pub/sub) system is an established paradigm to disseminate the data from publishers to subscribers in a loosely coupled manner using a network of dedicated brokers. However, sensitive data could be exposed to malicious entities if brokers get compromised or hacked; or even worse, if brokers themselves are curious to learn about the data. A viable mechanism to protect sensitive publications and subscriptions is to encrypt the data before it is disseminated through the brokers. State-of-the-art approaches allow brokers to perform encrypted matching without revealing publications and subscriptions. However, if malicious brokers collude with malicious subscribers or publishers, they can learn the interests of innocent subscribers, even when the interests are encrypted. In this article, we present a pub/sub system that ensures confidentiality of publications and subscriptions in the presence of untrusted brokers. Furthermore, our solution resists collusion attacks between untrusted brokers and malicious subscribers (or publishers). Finally, we have implemented a prototype of our solution to show its feasibility and efficiency.

[1]  Bruno Crispo,et al.  PIDGIN: privacy-preserving interest and content sharing in opportunistic networks , 2014, AsiaCCS.

[2]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[3]  Nikos Mamoulis,et al.  Secure kNN computation on encrypted databases , 2009, SIGMOD Conference.

[4]  Avinash Yalla Securing Brokerless Publish/Subscribe Systems Using Identity Based Encryption , 2015 .

[5]  Elisa Bertino,et al.  Efficient privacy preserving content based publish subscribe systems , 2012, SACMAT '12.

[6]  Christof Fetzer,et al.  Secure Content-Based Routing Using Intel Software Guard Extensions , 2016, Middleware.

[7]  Rafail Ostrovsky,et al.  Attribute-based encryption with non-monotonic access structures , 2007, CCS '07.

[8]  Alfredo De Santis,et al.  Key Indistinguishability versus Strong Key Indistinguishability for Hierarchical Key Assignment Schemes , 2016, IEEE Transactions on Dependable and Secure Computing.

[9]  Naranker Dulay,et al.  Shared and Searchable Encrypted Data for Untrusted Servers , 2008 .

[10]  Giovanni Di Crescenzo,et al.  Privacy-Preserving Publish/Subscribe: Efficient Protocols in a Distributed Model , 2013, DPM/SETOP.

[11]  Bruno Crispo,et al.  Supporting complex queries and access policies for multi-user encrypted databases , 2013, CCSW.

[12]  Charalampos Papamanthou,et al.  Dynamic searchable symmetric encryption , 2012, IACR Cryptol. ePrint Arch..

[13]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[14]  Sasu Tarkoma,et al.  Toward Efficient Filter Privacy-Aware Content-Based Pub/Sub Systems , 2013, IEEE Transactions on Knowledge and Data Engineering.

[15]  David S. Rosenblum,et al.  Enabling Confidentiality in Content-Based Publish/Subscribe Infrastructures , 2006, 2006 Securecomm and Workshops.

[16]  Giovanni Russello,et al.  P-McDb: Privacy-Preserving Search Using Multi-Cloud Encrypted Databases , 2017, 2017 IEEE 10th International Conference on Cloud Computing (CLOUD).

[17]  Giuseppe De Pietro,et al.  An event-based notification approach for the delivery of patient medical information , 2014, Inf. Syst..

[18]  Giovanni Russello,et al.  Malicious Entities are in Vain: Preserving Privacy in Publish and Subscribe Systems , 2018, 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE).

[19]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[20]  Rajeev Anand Sahu,et al.  Practical and secure integrated PKE+PEKS with keyword privacy , 2015, 2015 12th International Joint Conference on e-Business and Telecommunications (ICETE).

[21]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[22]  Sasu Tarkoma,et al.  Subscription Privacy Protection in Topic-Based Pub/Sub , 2013, DASFAA.

[23]  Jean Bacon,et al.  Security Policy and Information Sharing in Distributed Event-Based Systems , 2011 .

[24]  José L. Martínez Lastra,et al.  Service-Oriented Architecture for Distributed Publish/Subscribe Middleware in Electronics Production , 2006, IEEE Transactions on Industrial Informatics.

[25]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[26]  Bruno Crispo,et al.  Design and implementation of a confidentiality and access control solution for publish/subscribe systems , 2012, Comput. Networks.

[27]  Christian Esposito,et al.  On Security in Publish/Subscribe Services: A Survey , 2015, IEEE Communications Surveys & Tutorials.

[28]  Zhi Chen,et al.  A lightweight attribute-based encryption scheme for the Internet of Things , 2015, Future Gener. Comput. Syst..

[29]  Jason Crampton,et al.  Tree-Based Cryptographic Access Control , 2017, ESORICS.

[30]  Pascal Felber,et al.  Confidentiality-Preserving Publish/Subscribe , 2016, ACM Comput. Surv..

[31]  Elisa Bertino,et al.  A Privacy-Enhancing Content-Based Publish/Subscribe System Using Scalar Product Preserving Transformations , 2010, DEXA.

[32]  Giovanni Di Crescenzo,et al.  Efficient and Private Three-Party Publish/Subscribe , 2013, NSS.

[33]  Florian Kerschbaum,et al.  Searchable Encryption with Secure and Efficient Updates , 2014, CCS.

[34]  Carl H. Hauser,et al.  Smart Generation and Transmission With Coherent, Real-Time Data , 2011, Proceedings of the IEEE.

[35]  Elisa Bertino,et al.  Attribute Based Group Key Management , 2014, Trans. Data Priv..

[36]  Pascal Felber,et al.  Efficient Key Updates through Subscription Re-encryption for Privacy-Preserving Publish/Subscribe , 2015, Middleware.

[37]  Elisa Bertino,et al.  Privacy Preserving Context Aware Publish Subscribe Systems , 2013, NSS.

[38]  Xiaohua Jia,et al.  Improving the proof of “Privacy-preserving attribute-keyword based data publish-subscribe service on cloud platforms” , 2019, PloS one.

[39]  Marcello Cinque,et al.  On data dissemination for large-scale complex critical infrastructures , 2012, Comput. Networks.