Abstract
Modern pub/sub systems perform message routing based on the message content and allow subscribers to receive messages related to their subscriptions and the current context. Both content and context encode sensitive information which should be protected from third-party brokers that make routing decisions. In this work, we address this issue by proposing an approach that assures the confidentiality of the messages being published and subscriptions being issued while allowing the brokers to make routing decisions without decrypting individual messages and subscriptions, and without learning the context. Further, subscribers with a frequently changing context, such as location, are able to issue and update subscriptions without revealing the subscriptions in plaintext to the broker and without the need to contact a trusted third party for each subscription change resulting from a change in the context. Our approach is based on a modified version of the Paillier additive homomorphic cryptosystem and a novel group key management scheme. The former construct is used to perform privacy preserving matching, and the latter construct is used to enforce fine-grained encryption-based access control on the messages being published. We optimize our approach in order to efficiently handle frequently changing contexts. We have implemented our approach in a prototype using an industry strength JMS broker middleware. The experimental results show that our approach is highly practical.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Bertino, E., Carminati, B., Ferrari, E., Thuraisingham, B., Gupta, A.: Selective and authentic third-party distribution of XML documents. IEEE TKDE 16(10), 1263–1278 (2004)
Bertino, E., Ferrari, E.: Secure and selective dissemination of XML documents. ACM TISS 5(3), 290–331 (2002)
Boneh, D., Di Crescenzo, G., Ostrovsky, R., Persiano, G.: Public key encryption with keyword search. In: Cachin, C., Camenisch, J. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 506–522. Springer, Heidelberg (2004)
Boneh, D., Waters, B.: Conjunctive, subset, and range queries on encrypted data. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 535–554. Springer, Heidelberg (2007)
Choi, S., Ghinita, G., Bertino, E.: A privacy-enhancing content-based publish/Subscribe system using scalar product preserving transformations. In: Bringas, P.G., Hameurlain, A., Quirchmayr, G. (eds.) DEXA 2010, Part I. LNCS, vol. 6261, pp. 368–384. Springer, Heidelberg (2010)
Cugola, G., Margara, A., Migliavacca, M.: Context-aware publish-subscribe: Model, implementation, and evaluation. In: ISCC (2009)
Eugster, P., Felber, P.A., Guerraoui, R., Kermarrec, A.: The many faces of publish/subscribe. ACM Computing Surveys 35(2), 114–131 (2003)
Li, J., Li, N.: OACerts: Oblivious attribute certificates. IEEE TDSC 3(4), 340–352 (2006)
Miklau, G., Suciu, D.: Controlling access to published data using cryptography. In: VLDB (2003)
Minami, K., Lee, A.J., Winslett, M., Borisov, N.: Secure aggregation in a publish-subscribe system. In: WPES (2008)
Nabeel, M., Appel, S., Bertino, E., Buchmann, A.: Privacy preserving context aware publish subscribe systems. Technical Report 2013-1, Purdue University, CERIAS (2013)
Nabeel, M., Bertino, E.: Secure delta-publishing of XML content. In: ICDE (2008)
Nabeel, M., Bertino, E.: Towards attribute based group key management. In: CCS (2011)
Nabeel, M., Bertino, E., Kantarcioglu, M., Thuraisingham, B.M.: Towards privacy preserving access control in the cloud. In: CollaborateCom (2011)
Nabeel, M., Shang, N., Bertino, E.: Efficient privacy preserving content based publish subscribe systems. In: SACMAT (2012)
Nabeel, M., Shang, N., Bertino, E.: Privacy preserving policy based content sharing in public clouds. In: IEEE TKDE (2012)
OpenID, http://openid.net/ (last accessed: July 18, 2012)
Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)
Raiciu, C., Rosenblum, D.S.: Enabling confidentiality in content-based publish/subscribe infrastructures. In: Securecomm (2006)
Shang, N., Nabeel, M., Paci, F., Bertino, E.: A privacy-preserving approach to policy-based content dissemination. In: ICDE (2010)
Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: SP (2000)
Srivatsa, M., Liu, L.: Securing publish-subscribe overlay services with eventguard. In: CCS (2005)
Srivatsa, M., Liu, L.: Secure event dissemination in publish-subscribe networks. In: ICDCS (2007)
Zou, X., Dai, Y., Bertino, E.: A practical and flexible key management mechanism for trusted collaborative computing. In: INFOCOM (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Nabeel, M., Appel, S., Bertino, E., Buchmann, A. (2013). Privacy Preserving Context Aware Publish Subscribe Systems. In: Lopez, J., Huang, X., Sandhu, R. (eds) Network and System Security. NSS 2013. Lecture Notes in Computer Science, vol 7873. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38631-2_34
Download citation
DOI: https://doi.org/10.1007/978-3-642-38631-2_34
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38630-5
Online ISBN: 978-3-642-38631-2
eBook Packages: Computer ScienceComputer Science (R0)