Supporting Publication and Subscription Confidentiality in Pub/Sub Networks

  • Mihaela Ion
  • Giovanni Russello
  • Bruno Crispo
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 50)


The publish/subscribe model offers a loosely-coupled communication paradigm where applications interact indirectly and asynchronously. Publisher applications generate events that are sent to interested applications through a network of brokers. Subscriber applications express their interest by specifying filters that brokers can use for routing the events. Supporting confidentiality of messages being exchanged is still challenging. First of all, it is desirable that any scheme used for protecting the confidentiality of both the events and filters should not require the publishers and subscribers to share secret keys. In fact, such a restriction is against the loose-coupling of the model. Moreover, such a scheme should not restrict the expressiveness of filters and should allow the broker to perform event filtering to route the events to the interested parties. Existing solutions do not fully address those issues. In this paper, we provide a novel scheme that supports (i) confidentiality for events and filters; (ii) filters can express very complex constraints on events even if brokers are not able to access any information on both events and filters; (iii) and finally it does not require publishers and subscribers to share keys.


Leaf Node Encryption Scheme Access Structure Encrypt Data Access Tree 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bacon, J., Moody, K., Bates, J., Hayton, R., Ma, C., McNeil, A., Seidel, O., Spiteri, M.: Generic support for distributed applications. IEEE Computer 33(3), 68–76 (2000)CrossRefGoogle Scholar
  2. 2.
    Banavar, G., Chandra, T., Mukherjee, B., Nagarajarao, J., Strom, R., Sturman, D.: An efficient multicast protocol for content-based publish-subscribe systems. In: International Conference on Distributed Computing Systems, vol. 19, pp. 262–272. IEEE Computer Society Press, Los Alamitos (1999)Google Scholar
  3. 3.
    Bellare, M., Boldyreva, A., Staddon, J.: Multi-recipient encryption schemes: Security notions and randomness re-use. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567. Springer, Heidelberg (2002)Google Scholar
  4. 4.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based en- cryption. In: IEEE Symposium on Security and Privacy, pp. 321–334 (2007) (Citeseer)Google Scholar
  5. 5.
    Carzaniga, A., Rosenblum, D.S., Wolf, A.L.: Design and evaluation of a wide- area event notification service. ACM Transactions on Computer Systems (TOCS) 19(3), 332–383 (2001)CrossRefGoogle Scholar
  6. 6.
    Cheung, L., Newport, C.: Provably secure ciphertext policy abe. In: CCS 2007: Proceedings of the 14th ACM conference on Computer and communications security, pp. 456–465. ACM, New York (2007)Google Scholar
  7. 7.
    Dong, C., Russello, G., Dulay, N.: Shared and searchable encrypted data for untrusted servers. In: Atluri, V. (ed.) DAS 2008. LNCS, vol. 5094, pp. 127–143. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  8. 8.
    Eugster, P.T., Felber, P.A., Guerraoui, R., Kermarrec, A.M.: The many faces of publish/subscribe. ACM Computing Surveys (CSUR) 35(2), 131 (2003)CrossRefGoogle Scholar
  9. 9.
    Golle, P., Staddon, J., Waters, B.: Secure conjunctive keyword search over encrypted data. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 31–45. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  10. 10.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM conference on Computer and communications security, p. 98. ACM, New York (2006)Google Scholar
  11. 11.
    Burridge, R., Sharma, R., Fialli, J., Hapner, M., Stout, K.: Java message service. Sun Microsystems Inc., Santa Clara (2002)Google Scholar
  12. 12.
    Khurana, H.: Scalable security and accounting services for content-based publish/subscribe systems. In: Proceedings of the 2005 ACM symposium on Applied computing, p. 807. ACM, New York (2005)Google Scholar
  13. 13.
    Ostrovsky, R., Sahai, A., Waters, B.: Attribute-based encryption with non- monotonic access structures. In: Proceedings of the 14th ACM conference on Computer and communications security, p. 203. ACM, New York (2007)Google Scholar
  14. 14.
    Raiciu, C., Rosenblum, D.S.: Enabling confidentiality in content-based publish/subscribe infrastructures. In: Securecomm and Workshops. vol. 28, pp. 1–11 (2006)Google Scholar
  15. 15.
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  16. 16.
    Shikfa, A., Onen, M., Molva, R.: Privacy-Preserving Content-Based Publish/Subscribe Networks. In: Proceedings of Emerging Challenges for Security, Privacy and Trust: 24th Ifip Tc 11 International Information Security Conference, SEC 2009, Pafos, Cyprus, May 18-20, p. 270. Springer, Heidelberg (2009)Google Scholar
  17. 17.
    Singhera, Z.U.: A workload model for topic-based publish/subscribe systems (2008)Google Scholar
  18. 18.
    Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: Proceedings of 2000 IEEE Symposium on Security and Privacy, SP 2000, pp. 44–55 (2000)Google Scholar
  19. 19.
    Srivatsa, M., Liu, L.: Secure event dissemination in publish-subscribe networks. In: Proceedings of the 27th International Conference on Distributed Computing Systems, p. 22 (2007) (Citeseer)Google Scholar
  20. 20.
    Zhuang, S.Q., Zhao, B.Y., Joseph, A.D., Katz, R.H., Kubiatowicz, J.D.: Bayeux: An architecture for scalable and fault-tolerant wide-area data dissemination. In: Proceedings of the 11th international workshop on Network and operating systems support for digital audio and video, p. 20. ACM, New York (2001)Google Scholar

Copyright information

© ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering 2010

Authors and Affiliations

  • Mihaela Ion
    • 1
  • Giovanni Russello
    • 1
  • Bruno Crispo
    • 2
  1. 1.CREATE-NET International Research CenterTrentoItaly
  2. 2.Department of Information Engineering and Computer ScienceUniversity of TrentoTrentoItaly

Personalised recommendations