Article in Journal ART-2014-01

BibliographyTariq, Muhammad Adnan; Koldehofe, Boris; Rothermel, Kurt: Securing Broker-Less Publish/Subscribe Systems using Identity-Based Encryption.
In: IEEE Transactions on Parallel and Distributed Systems. Vol. 25(2).
University of Stuttgart, Faculty of Computer Science, Electrical Engineering, and Information Technology.
pp. 518-528, english.
Los Alamitos, CA, USA: IEEE Computer Society, February 2014.
DOI: 10.1109/TPDS.2013.256; ISSN: 1045-9219.
Article in Journal.
CR-SchemaC.2.4 (Distributed Systems)
KeywordsIdentity-based encryption; Routing; Servers; Subscriptions; Distributed Systems; Security and Privacy Protection
Abstract

The provisioning of basic security mechanisms such as authentication and confidentiality is highly challenging in a content-based publish/subscribe system. Authentication of publishers and subscribers is difficult to achieve due to the loose coupling of publishers and subscribers. Likewise, confidentiality of events and subscriptions conflicts with content-based routing. This article presents a novel approach to provide confidentiality and authentication in a broker-less content-based publish-subscribe system. The authentication of publishers and subscribers as well as confidentiality of events is ensured, by adapting the pairing-based cryptography mechanisms, to the needs of a publish/subscribe system. Furthermore, an algorithm to cluster subscribers according to their subscriptions preserves a weak notion of subscription confidentiality. In addition to our previous work, this article contributes i) use of searchable encryption to enable efficient routing of encrypted events, ii) Multi-credential routing a new event dissemination strategy to strengthen the weak subscription confidentiality, and iii) thorough analysis of different attacks on subscription confidentiality. The overall approach provides fine grained key management and the cost for encryption, decryption and routing is in the order of subscribed attributes. Moreover, the evaluations show that providing security is affordable w.r.t. i) throughput of the proposed cryptographic primitives, and ii) delays incurred during the construction of the publish/subscribe overlay and the event dissemination.

Full text and
other links
The original publication is available at IEEE Xplore
The original publication is available at the IEEE CS Digital Library
Supplemental material is available at the IEEE CS Digital Library
Copyright© 2014 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Department(s)University of Stuttgart, Institute of Parallel and Distributed Systems, Distributed Systems
Project(s)aks
spovnet
Entry dateJanuary 21, 2014
   Publ. Computer Science