Securing Broker-Less Publish/Subscribe Systems Using Identity-Based Encryption

The provisioning of basic security mechanisms such as authentication and confidentiality is highly challenging in a content-based publish/subscribe system. Authentication of publishers and subscribers is difficult to achieve due to the loose coupling of publishers and subscribers. Likewise, confidentiality of events and subscriptions conflicts with content-based routing. This paper presents a novel approach to provide confidentiality and authentication in a broker-less content-based publish/subscribe system. The authentication of publishers and subscribers as well as confidentiality of events is ensured, by adapting the pairing-based cryptography mechanisms, to the needs of a publish/subscribe system. Furthermore, an algorithm to cluster subscribers according to their subscriptions preserves a weak notion of subscription confidentiality. In addition to our previous work , this paper contributes 1) use of searchable encryption to enable efficient routing of encrypted events, 2) multicredential routing a new event dissemination strategy to strengthen the weak subscription confidentiality, and 3) thorough analysis of different attacks on subscription confidentiality. The overall approach provides fine-grained key management and the cost for encryption, decryption, and routing is in the order of subscribed attributes. Moreover, the evaluations show that providing security is affordable w.r.t. 1) throughput of the proposed cryptographic primitives, and 2) delays incurred during the construction of the publish/subscribe overlay and the event dissemination.

[1]  Kurt Rothermel,et al.  Meeting subscriber‐defined QoS constraints in publish/subscribe systems , 2011, Concurr. Comput. Pract. Exp..

[2]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[3]  Srinath T. V. Setty,et al.  Depot: Cloud Storage with Minimal Trust , 2010, TOCS.

[4]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[5]  Elisa Bertino,et al.  Efficient privacy preserving content based publish subscribe systems , 2012, SACMAT '12.

[6]  David M. Eyers,et al.  Access control in publish/subscribe systems , 2008, DEBS.

[7]  Lauri I. W. Pesonen,et al.  Encryption-enforced access control in dynamic multi-domain publish/subscribe networks , 2007, DEBS '07.

[8]  Himanshu Khurana,et al.  Scalable security and accounting services for content-based publish/subscribe systems , 2005, SAC '05.

[9]  Elisa Bertino,et al.  A Privacy-Enhancing Content-Based Publish/Subscribe System Using Scalar Product Preserving Transformations , 2010, DEXA.

[10]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[11]  Ajoy Kumar Datta,et al.  A Semantic Overlay for Self- Peer-to-Peer Publish/Subscribe , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[12]  Refik Molva,et al.  Privacy-Preserving Content-Based Publish/Subscribe Networks , 2009, SEC.

[13]  Peter Pietzuch Hermes: A scalable event-based middleware , 2004 .

[14]  Reza Sherafat Kazemzadeh,et al.  The PADRES Publish/Subscribe System , 2010, Principles and Applications of Distributed Event-Based Systems.

[15]  Yong Yu,et al.  Identity based signcryption scheme without random oracles , 2009, Comput. Stand. Interfaces.

[16]  Atul Prakash,et al.  Secure Distribution of Events in Content-Based Publish Subscribe Systems , 2001, USENIX Security Symposium.

[17]  Kurt Rothermel,et al.  Providing basic security mechanisms in broker-less publish/subscribe systems , 2010, DEBS '10.

[18]  Mudhakar Srivatsa,et al.  EventGuard: A System Architecture for Securing Publish-Subscribe Networks , 2011, TOCS.

[19]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[20]  David S. Rosenblum,et al.  Enabling Confidentiality in Content-Based Publish/Subscribe Infrastructures , 2006, 2006 Securecomm and Workshops.

[21]  Bruno Crispo,et al.  Supporting Publication and Subscription Confidentiality in Pub/Sub Networks , 2010, SecureComm.

[22]  Elaine B. Barker,et al.  SP 800-67 Rev. 1. Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher , 2004 .

[23]  Allison Bishop,et al.  Revocation Systems with Very Small Private Keys , 2010, 2010 IEEE Symposium on Security and Privacy.