Performance/Security Tradeoffs for Content-Based Routing Supported by Bloom Filters
Content-based routing is widely used in large-scale distribu-ted systems as it provides a loosely-coupled yet expressive form of communication: consumers of information register their interests by the means of subscriptions, which are subsequently used to determine the set of recipients of every message published in the system. A major challenge of content-based routing is security. Although some techniques have been proposed to perform matching of encrypted subscriptions against encrypted messages, their computational cost is very high. To speed up that process, it was recently proposed to embed Bloom filters in both subscriptions and messages to reduce the space of subscriptions that need to be tested. In this article, we provide a comprehensive analysis of the information leaked by Bloom filters when implementing such a “prefiltering” strategy. The main result is that although there is a fundamental trade-off between prefiltering efficiency and information leakage, it is practically possible to obtain good prefiltering while securing the scheme against leakages with some simple randomization techniques.
KeywordsEquality Constraint Hash Function Bloom Filter Homomorphic Encryption Domain Uniformity
Unable to display preview. Download preview PDF.
- 3.Barazzutti, R., Felber, P., Mercier, H., Onica, E., Rivière, E.: Thrifty privacy: efficient support for privacy-preserving publish/subscribe. In: Proceedings of the 6th ACM International Conference on Distributed Event-Based Systems, DEBS 2012, pp. 225–236. ACM (2012)Google Scholar
- 7.Jerzak, Z., Fetzer, C.: Bloom filter based routing for content-based publish/subscribe. In: Proceedings of the Second International Conference on Distributed Event-Based Systems, DEBS 2008, pp. 71–81. ACM, New York (2008)Google Scholar
- 8.Perl, H., Mohammed, Y., Brenner, M., Smith, M.: Fast confidential search for bio-medical data using Bloom filters and homomorphic cryptography. In: 2012 IEEE 8th International Conference on E-Science (e-Science), pp. 1–8 (2012)Google Scholar
- 9.Goh, E.J.: Secure indexes. Cryptology ePrint Archive, Report 2003/216 (2003)Google Scholar
- 10.Bellovin, S.M., Cheswick, W.R.: Privacy-enhanced searches using encrypted Bloom filters. Cryptology ePrint Archive, Report 2004/022 (2004)Google Scholar
- 12.Andrews, G.E.: The Theory of Partitions. Cambridge Mathematical Library (1998)Google Scholar
- 13.Graham, R.L., Knuth, D.E., Patashnik, O.: Concrete Mathematics: A Foundation for Computer Science, 2nd edn. Addison-Wesley Longman Publishing (1994)Google Scholar
- 15.Popa, R.A., Redfield, C.M.S., Zeldovich, N., Balakrishnan, H.: CryptDB: protecting confidentiality with encrypted query processing. In: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, SOSP 2011, pp. 85–100. ACM, New York (2011)Google Scholar