Abstract
In response to the security threats faced by distributed real-time applications based on DDS, a fine-grained data access control scheme is proposed, which is based on attribute-based encryption theory and suitable for topic-based publish/subscribe communication model. The scheme takes the topic as the unit of data access control and integrates the access control process with the DDS communication process, In the discovery phase of DDS, the digital signature is used to verify the publication permission for a topic, and in the publish/subscribe phase of DDS, the CP-ABE is used to verify the subscription permission for a topic. The scheme ensures not only the privacy of users but also the confidentiality and authenticity of data. Theoretical analysis shows that this scheme can resist security threats such as unauthorized publication and unauthorized subscription. Moreover, the performance test of the prototype system shows that it matches the loose coupling and one to many characteristics of the publish/subscribe communication model and has good scalability in multi-subscriber scenarios while adjusting key parameters.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Zou, G., Liu, Y.F.: Automatic discovery technology of real-time data. Comput. Technol. Dev. 27(1), 25–29 (2017)
David, L., Vasconcelos, R., Alves, L., André, R., Endler, M.: A DDS-based middleware for scalable tracking, communication and collaboration of mobile nodes. J. Internet Serv. Appl. 4, 16 (2013). https://doi.org/10.1186/1869-0238-4-16
Leigh, B., Duwe, R.: Designing autonomous vehicles for a future of unknowns. ATZelectron. Worldwide 16(3), 44–47 (2021)
Object Management Group. Data Distribution Service (DDS) [EB/OL]. https://www.omg.org/spec/DDS
He, Z.Y., Liang, Y.: Study on the DDS network information security technology. Appl. Mech. Mater. 738–739, 1213–1216 (2015). https://doi.org/10.4028/www.scientific.net/AMM.738-739.1213
White, T., Johnstone, M.N., Peacock, M.: An investigation into some security issues in the DDS messaging protocol. In: 15th Australian Information Security Management Conference, vol. 132, pp. 132–139. Edith Cowan University, Perth, Western Australia (2017). https://doi.org/10.4225/75/5a84fcff95b52
Sahai, A., Waters, B.: Fuzzy Identity-Based Encryption. In: Cramer, R., (eds.) Advances in Cryptology – Eurocrypt 2005. Eurocrypt 2005. Lecture Notes in Computer Science, vol. 3494, pp. 457–473. Springer, Berlin, Heidelberg (2005)https://doi.org/10.1007/11426639_27
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security & Privacy, vol. 321, pp. 321–334. IEEE Computer Society, Washington, USA (2007). https://doi.org/10.1109/SP.2007.11
Han, J.: Message encryption methods for dds security performance improvement. J. Korea Inst. Inf. Commun. Eng. 22(11), 1554–1561 (2018). https://doi.org/10.6109/JKIICE.2018.22.11.1554
Shen, Z.W., Gao, P., Xu, X.Y.: Design of DDS secure communication middleware based on security negotiation. Netinfo Secur. 21(6), 19–25 (2021). https://doi.org/10.3969/j.issn.1671-1122.2021.06.003
Tariq, M.A., Koldehofe, B., Rothermel, K.: Securing broker-less publish/subscribe systems using identity-based encryption. IEEE Trans. Parallel Distrib. Syst. 25(2), 518–528 (2014). https://doi.org/10.1109/TPDS.2013.256
Li, M.J., Ye, H., Wang, L., et al.: Design of authentication protocol for high-security data distribution service. Aeronaut. Comput. Tech. 45(1), 103–107 (2015)
Zhen, C., Di, H.T., Guo, Q.L.: Research on identity authenticationmethod for data distribution service. Electron Technol. 44(6), 44–48 (2015). https://doi.org/10.3969/j.issn.1000-0755.2015.06.013
Object Management Group. DDS Security [EB/OL]. https://www.omg.org/spec/DDS-SECURITY/1.0
Kim, H., Kim, D.-K., Alaerjan, A.: ABAC-based security model for DDS. IEEE Trans. Depend. Secure Comput. 1, 1 (2021). https://doi.org/10.1109/TDSC.2021.3085475
Zhen, C., DI, H.T., Guo, Q.L., et al.: Research on access control method of data distribution service. Inform. Commun. 2019(5), 96–98 (2019)
Object Management Group. The Real-time Publish-subscribe Protocol DDS Interoperability Wire Protocol [EB/OL]. https://www.omg.org/spec/DDSI-RTPS
Bellare, M., Namprempre, C., Neven, G.: Security proofs for identity-based identification and signature schemes. J. Cryptol. 22, 1–61 (2009). https://doi.org/10.1007/s00145-008-9028-8
Emura, K., Miyaji, A., Nomura, A., Omote, K., Soshi, M.: A ciphertext-policy attribute-based encryption scheme with constant ciphertext length. In: Bao, F., Li, H., Wang, G. (eds.) Information Security Practice and Experience. ISPEC 2009. Lecture Notes in Computer Science, vol. 5451, pp. 13–23. Springer, Berlin, Heidelberg (2009)https://doi.org/10.1007/978-3-642-00843-6_2
Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984). https://doi.org/10.1016/0022-0000(84)90070-9Â
uDDS Homepage. https://udds.cn/. Accessed 21 July 2021
OpenABE Homepage. https://github.com/zeutro/openabe. Accessed 21 July 2021
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Gao, P., Shen, Z. (2022). ABE-AC4DDS: An Access Control Scheme Based on Attribute-Based Encryption for Data Distribution Service. In: Lai, Y., Wang, T., Jiang, M., Xu, G., Liang, W., Castiglione, A. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2021. Lecture Notes in Computer Science(), vol 13157. Springer, Cham. https://doi.org/10.1007/978-3-030-95391-1_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-95391-1_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-95390-4
Online ISBN: 978-3-030-95391-1
eBook Packages: Computer ScienceComputer Science (R0)