Diploma Thesis DIP-3307

BibliographyBischof, Manuel: Confidential subscription clustering in a publish/subscribe system.
University of Stuttgart, Faculty of Computer Science, Electrical Engineering, and Information Technology, Diploma Thesis No. 3307 (2012).
43 pages, english.
CR-SchemaC.2.1 (Network Architecture and Design)
C.2.4 (Distributed Systems)
K.6.5 (Security and Protection)
D.4.6 (Operating Systems Security and Protection)

Broker-less content-based publish/subscribe systems offer the chance for flexible and loosely coupled many-to-many communication. Initially, no centralized component is needed. Routing is done by the peers themselves by looking at the content of the messages. This works fine, as long as no sensitive data is published. In this case, users may want to encrypt their data and even keep their subscriptions confidential.

At first glance, this contradicts the content-based routing paradigm. The work of Tariq et al. presented the first system, that supports both by introducing a weaker notion of subscription confidentiality. Identity-based encryption is adapted to suite the requirements in such a system.

This thesis will analyze the approach, point out some still existing problems and try to improve them. The current system uses one-hop flooding during event dissemination, which yields a high number of false positives. Simulations will show, that confidentiality can be kept nearly as high with much less false positives. Another issue is private key management as the number of keys to maintain is in order of O(sum (1, 2, log_2(T_i)) with d attributes in total and T_i = (UpperValueLimit_i - LowerValueLimit_i)/Granularity(i), where Granularity(i) determines the finest step value of attribute A_i. As the number of total attributes in a real system may be much greater then the attributes needed by an event, there are two problems: 1) how to specify the attributes that are not required by the event and 2) the cost of cryptographic operations is dependent on the total number of attributes.

In the second part of the thesis we will provide another approach that decouples events and subscriptions from the total number of attributes. Timings, based on an implementation using the Pairing-Based Cryptography library (PBC) will be given.

Full text and
other links
PDF (1205705 Bytes)
Department(s)University of Stuttgart, Institute of Parallel and Distributed Systems, Distributed Systems
Superviser(s)Tariq, Muhammad Adnan
Entry dateNovember 9, 2012
   Publ. Computer Science