Conference Paper

Thrifty privacy: Efficient support for privacy-preserving publish/subscribe

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

Content-based publish/subscribe is an appealing paradigm for building large-scale distributed applications. Such applications are often deployed over multiple administrative domains, some of which may not be trusted. Recent attacks in public clouds indicate that a major concern in untrusted domains is the enforcement of privacy. By routing data based on subscriptions evaluated on the content of publications, publish/subscribe systems can expose critical information to unauthorized parties. Information leakage can be avoided by the means of privacy-preserving filtering, which is supported by several mechanisms for encrypted matching. Unfortunately, all existing approaches have in common a high performance overhead and the difficulty to use classical optimization for content-based filtering such as per-attribute containment. In this paper, we propose a novel mechanism that greatly reduces the cost of supporting privacy-preserving filtering based on encrypted matching operators. It is based on a pre-filtering stage that can be combined with containment graphs, if available. Our experiments indicate that pre-filtering is able to significantly reduce the number of encrypted matching for a variety of workloads, and therefore the costs associated with the cryptographic mechanisms. Furthermore, our analysis shows that the additional data structures used for pre-filtering have very limited impact on the effectiveness of privacy preservation.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... The publication process works as follows. 4. The publisher encrypts the header of the message m using SK , which is only known to the code running inside the enclave (encryption of the payload is discussed below). ...
... pred. attributes Table 1: Workloads description (adapted from [4]). ...
... To evaluate SCBR and to facilitate comparison, we reused the workloads from previous work [4] composed of 9 datasets. They were built based on real data corresponding to randomly selected stock quotes from the Yahoo! ...
Preprint
Content-based routing (CBR) is a powerful model that supports scalable asynchronous communication among large sets of geographically distributed nodes. Yet, preserving privacy represents a major limitation for the wide adoption of CBR, notably when the routers are located in public clouds. Indeed, a CBR router must see the content of the messages sent by data producers, as well as the filters (or subscriptions) registered by data consumers. This represents a major deterrent for companies for which data is a key asset, as for instance in the case of financial markets or to conduct sensitive business-to-business transactions. While there exists some techniques for privacy-preserving computation, they are either prohibitively slow or too limited to be usable in real systems. In this paper, we follow a different strategy by taking advantage of trusted hardware extensions that have just been introduced in off-the-shelf processors and provide a trusted execution environment. We exploit Intel's new software guard extensions (SGX) to implement a CBR engine in a secure enclave. Thanks to the hardware-based trusted execution environment (TEE), the compute-intensive CBR operations can operate on decrypted data shielded by the enclave and leverage efficient matching algorithms. Extensive experimental evaluation shows that SGX adds only limited overhead to insecure plaintext matching outside secure enclaves while providing much better performance and more powerful filtering capabilities than alternative software-only solutions. To the best of our knowledge, this work is the first to demonstrate the practical benefits of SGX for privacy-preserving CBR.
... In its original design, the publish/subscribe paradigm provides complete time and space decoupling, i.e., the anonymity of publishers as well as subscribers. While this works well for many classical applications scenarios, such as a stock exchange [7] where quotes are made publicly available to a large group of anonymous subscribers, there exist certain classes of applications where publishers would like to share data, yet only with a closed group of subscribers. ...
... However, running applications in cloud environments requires additional measures to ensure privacy and confidentiality. Although several mechanisms exist to achieve privacy and confidentiality in untrusted environments, such as [7], we propose the use of Intel SGX as it simplifies the implementation by using plain text matching while providing similar guarantees. In this section, we present the architecture and design of PUBSUB-SGX. ...
... Thrifty [7] uses a pre-filtering stage and containment graphs (inspired by Bloom filters [32]) to implement encrypted matching operators. This system relies on ASPE [33], a cryptographic technique used to implement efficient subscription matching. ...
Conference Paper
Full-text available
This paper presents PUBSUB-SGX, a content-based publish-subscribe system that exploits trusted execution environments (TEEs), such as Intel SGX, to guarantee confidentiality and integrity of data as well as anonymity and privacy of publishers and subscribers. We describe the technical details of our Python implementation, as well as the required system support introduced to deploy our system in a container-based runtime. Our evaluation results show that our approach is sound, while at the same time highlighting the performance and scalability trade-offs. In particular, by supporting just-in-time compilation inside of TEEs, Python programs inside of TEEs are in general faster than when executed natively using standard CPython.
... The publication process works as follows. 4. The publisher encrypts the header of the message m using SK , which is only known to the code running inside the enclave (encryption of the payload is discussed below). ...
... To evaluate SCBR and to facilitate comparison, we reused the workloads from previous work [4] composed of 9 datasets. They were built based on real data corresponding to randomly selected stock quotes from the Yahoo! ...
... Figure 7 displays separate measurements for each workload running SCBR inside and outside an enclave (both using AES encryption). We also measured, for each workload, the performance of our implementation of ASPE [7,4] as a baseline for a software-only alternative that does not use enclaves. We measured only the matching step, and not the encryption or decryption of ASPE messages. ...
Conference Paper
Content-based routing (CBR) is a powerful model that supports scalable asynchronous communication among large sets of geographically distributed nodes. Yet, preserving privacy represents a major limitation for the wide adoption of CBR, notably when the routers are located in public clouds. Indeed, a CBR router must see the content of the messages sent by data producers, as well as the filters (or subscriptions) registered by data consumers. This represents a major deterrent for companies for which data is a key asset, as for instance in the case of financial markets or to conduct sensitive business-to-business transactions. While there exists some techniques for privacy-preserving computation, they are either prohibitively slow or too limited to be usable in real systems. In this paper, we follow a different strategy by taking advantage of trusted hardware extensions that have just been introduced in off-the-shelf processors and provide a trusted execution environment. We exploit Intel's new software guard extensions (SGX) to implement a CBR engine in a secure enclave. Thanks to the hardware-based trusted execution environment (TEE), the compute-intensive CBR operations can operate on decrypted data shielded by the enclave and leverage efficient matching algorithms. Extensive experimental evaluation shows that SGX adds only limited overhead to insecure plaintext matching outside secure enclaves while providing much better performance and more powerful filtering capabilities than alternative software-only solutions. To the best of our knowledge, this work is the first to demonstrate the practical benefits of SGX for privacy-preserving CBR.
... Containment is largely used by state-of-the art pub/sub systems [Li et al. 2005;Jacobsen et al. 2010;Carzaniga et al. 2001;Chand and Felber 2004]. It is shown in [Barazzutti et al. 2012] and other work that using containment may reduce the number of actual subscription matching evaluation by up to an order of magnitude compared to the naive one-by-one evaluation of the set of subscriptions, yielding important performance and scalability gains. ...
... As a direct consequence, the brokers' inability to perform computations over sensitive fields, precludes also the possibility to perform additional optimizations at the broker level, such as leveraging subscription containment. Although determining subscription containment can be seen as a confidentiality liability in some cases [Barazzutti et al. 2012;Barazzutti et al. 2015;Raiciu and Rosenblum 2006], depending on the level of security desired in the pub/sub application domain, it can also consist in a viable tool for improving performance. ...
... Another approach is to augment encrypted subscriptions and publications with compact structures allowing to pre-filter subscriptions cheaply. The approach in [Barazzutti et al. 2012;Barazzutti et al. 2015] proposes to augment subscriptions and publications with Bloom filters [Broder et al. 2002] encoding equality constraints for subscriptions and attributes values for publications. By allowing group membership comparisons, the filters allow knowing when a publication is sure not to match a given subscription. ...
Article
Full-text available
Publish/subscribe (pub/sub) is an attractive communication paradigm for large-scale distributed applications running across multiple administrative domains. Pub/sub allows event-based information dissemination based on constraints on the nature of the data rather than on pre-established communication channels. It is a natural fit for deployment in untrusted environments such as public clouds linking applications across multiple sites. However, pub/sub in untrusted environments leads to major confidentiality concerns stemming from the content-centric nature of the communications. This survey classifies and analyzes different approaches to confidentiality preservation for pub/sub, from applications of trust and access control models to novel encryption techniques. It provides an overview of the current challenges posed by confidentiality concerns and points to future research directions in this promising field.
... We note that for all these applications, the use of a third-party infrastructure for communication may raise concerns about privacy and data security: publications and subscriptions represent sensitive data that should not be leaked to a third party. As a result, encrypted content filtering schemes have gained interest in the recent years [6,18,25,26,34] as they support filtering of encrypted publications against encrypted subscriptions without needing decryption. Such approaches su↵er, however, from a high computational cost and disallow some optimizations, in particular those based on containment relationships between subscriptions (i.e., the fact that a subscription will match a subset of the publications matching another subscription) or on the aggregation of a set of subscriptions into a single one. ...
... To minimize inter-broker tra c, these systems typically rely on the ability to determine containment relationships between subscriptions and/or to construct aggregated subscriptions. Yet, such features are not available with all content-based filtering schemes, notably with encrypted approaches [6,18,25,26,34]. As a matter of fact, there exist no fundamental reasons why content-based routing should be restricted to attribute-and predicate-based filtering: a pub/sub service should be able to integrate virtually any filtering scheme operating on the content of exchanged data using stored filters, as required by the application. ...
... We note that our contribution is not on the actual filtering scheme itself, which is supported by an independent library that can be chosen arbitrarily as long as it implements a simple and schema-oblivious API. We demonstrate the performance of StreamHub using the well-established counting algorithm of SIENA [12], and we leave the integration and comparison of other filtering libraries, and in particular those providing privacy-preserving encrypted matching [6,18,25,26,34], for future work. Similarly, while StreamHub is designed with elastic scalability in mind (i.e., the ability to dynamically adapt the number of servers associated with each operator according to the experienced workload), we leave the implementation of elastic server provisioning for future work and concentrate on the performance and scalability of the architecture with various static configurations. ...
Conference Paper
By routing messages based on their content, publish/subscribe (pub/sub) systems remove the need to establish and maintain fixed communication channels. Pub/sub is a natural candidate for designing large-scale systems, composed of applications running in different domains and communicating via middleware solutions deployed on a public cloud. Such pub/sub systems must provide high throughput, filtering thousands of publications per second matched against hundreds of thousands of registered subscriptions with low and predictable delays, and must scale horizontally and vertically. As large-scale application composition may require complex publications and subscriptions representations, pub/sub system designs should not rely on the specific characteristics of a particular filtering scheme for implementing scalability. In this paper, we depart from the use of broker overlays, where each server must support the whole range of operations of a pub/sub service, as well as overlay management and routing functionality. We propose instead a novel and pragmatic tiered approach to obtain high-throughput and scalable pub/sub for clusters and cloud deployments. We separate the three operations involved in pub/sub and leverage their natural potential for parallelization. Our design, named StreamHub, is oblivious to the semantics of subscriptions and publications. It can support any type and number of filtering operations implemented by independent libraries. Experiments on a cluster with up to 384 cores indicate that StreamHub is able to register 150 K subscriptions per second and filter next to 2 K publications against 100 K stored subscriptions, resulting in nearly 400 K notifications sent per second. Comparisons against a broker overlay solution shows an improvement of two orders of magnitude in throughput when using the same number of cores.
... ASPE is based on an exact relation preserving isomorphism and supports subscription containment, although it is vulnerable to knownplaintext attacks. Given that ASPE's matching complexity is prohibitively high when using a large number of attributes, an alternative [90] was proposed to enhance it with a pre-filtering approach that expresses equality constraints using Bloom filters [91]. This allows for quickly identifying subscriptions that do not match the publication as their equality constraints cannot be satisfied. ...
... To evaluate SCBR and facilitate comparison, we reused the workloads from previous work [90] by picking 3 out of the 9 datasets used then. They were chosen based on the diversity of performance output when applying our containment-aware matching algorithm to each dataset (Figure 3.4). ...
Thesis
Full-text available
Security and privacy concerns in computer systems have grown in importance with the ubiquity of connected devices. Additionally, cloud computing boosts such distress as private data is stored and processed in multi-tenant infrastructure providers. In recent years, trusted execution environments (TEEs) have caught the attention of scientific and industry communities as they became largely available in user- and server-class machines. TEEs provide security guarantees based on cryptographic constructs built in hardware. Since silicon chips are difficult to probe or reverse engineer, they can offer stronger protection against remote or even physical attacks when compared to their software counterparts. Intel software guard extensions (SGX), in particular, implements powerful mechanisms that can shield sensitive data even from privileged users with full control of system software. Designing secure distributed systems is a notably daunting task, since they involve many coordinated processes running in geographically-distant nodes, therefore having numerous points of attack. In this work, we essentially explore some of these challenges by using Intel SGX as a crucial tool. We do so by designing and experimentally evaluating several elementary systems ranging from communication and processing middleware to a peer-to-peer privacy-preserving solution. We start with support systems that naturally fit cloud deployment scenarios, namely content-based routing, batching and stream processing frameworks. Our communication middleware protects the most critical stage of matching subscriptions against publications inside secure enclaves and achieves substantial performance gains in comparison to traditional software-based equivalents. The processing platforms, in turn, receive encrypted data and code to be executed within the trusted environment. Our prototypes are then used to analyse the manifested memory usage issues intrinsic to SGX. Next, we aim at protecting very sensitive data: cryptographic keys. By leveraging TEEs, we design protocols for group data sharing that have lower computational complexity than legacy methods. As a bonus, our proposals allow large savings on metadata volume and processing time of cryptographic operations, all with equivalent security guarantees. Finally, we focus our attention on privacy-preserving systems. After all, users cannot modify some existing systems like web-search engines, and the providers of these services may keep individual profiles containing sensitive private information about them. We aim at achieving indistinguishability and unlinkability properties by employing techniques like sensitivity analysis, query obfuscation and leveraging relay nodes. Our evaluation shows that we propose the most robust system in comparison to existing solutions with regard to user re-identification rates and results’ accuracy in a scalable way. All in all, this thesis proposes new mechanisms that take advantage of TEEs for distributed system architectures. We show through an empirical approach on top of Intel SGX what are the trade-offs of distinct designs applied to distributed communication and processing, cryptographic protocols and private web search.
... ASPE is based on an exact relation preserving isomorphism and supports subscription containment, although it is vulnerable to knownplaintext attacks. Given that ASPE's matching complexity is prohibitively high when using a large number of attributes, an alternative [90] was proposed to enhance it with a pre-filtering approach that expresses equality constraints using Bloom filters [91]. This allows for quickly identifying subscriptions that do not match the publication as their equality constraints cannot be satisfied. ...
... To evaluate SCBR and facilitate comparison, we reused the workloads from previous work [90] by picking 3 out of the 9 datasets used then. They were chosen based on the diversity of performance output when applying our containment-aware matching algorithm to each dataset (Figure 3.4). ...
Preprint
Full-text available
Security and privacy concerns in computer systems have grown in importance with the ubiquity of connected devices. TEEs provide security guarantees based on cryptographic constructs built in hardware. Intel software guard extensions (SGX), in particular, implements powerful mechanisms that can shield sensitive data even from privileged users with full control of system software. In this work, we essentially explore some of the challenges of designing secure distributed systems by using Intel SGX as cornerstone. We do so by designing and experimentally evaluating several elementary systems ranging from communication and processing middleware to a peer-to-peer privacy-preserving solution. We start with support systems that naturally fit cloud deployment scenarios, namely content-based routing, batching and stream processing frameworks. We implement prototypes and use them to analyse the manifested memory usage issues intrinsic to SGX. Next, we aim at protecting very sensitive data: cryptographic keys. By leveraging TEEs, we design protocols for group data sharing that have lower computational complexity than legacy methods. As a bonus, our proposals allow large savings on metadata volume and processing time of cryptographic operations, all with equivalent security guarantees. Finally, we propose privacy-preserving systems against established services like web-search engines. Our evaluation shows that we propose the most robust system in comparison to existing solutions with regard to user re-identification rates and results accuracy in a scalable way. Overall, this thesis proposes new mechanisms that take advantage of TEEs for distributed system architectures. We show through an empirical approach on top of Intel SGX what are the trade-offs of distinct designs applied to distributed communication and processing, cryptographic protocols and private web search.
... The possibility to determine coverage relations is, however, not recommended from a security point-of-view as it may allow inferring the nature of subscriptions based on the knowledge of their definition domain [28]. Recent techniques have been specifically developed for improving matching performance when the coverage support is disallowed in scenarios demanding security [3]. ...
... The KDC encrypts the distributed key with the KDM's public key. 3 In a practical scenario, the number of domains in a secure pub/sub chain is limited. This allows using individual public key encryption in the KDC to KDM distribution. ...
Preprint
Full-text available
Content-based publish/subscribe (pub/sub) is an appealing information dissemination paradigm for distributed systems. Consumers of data subscribe to a pub/sub service, typically offered through a distributed broker overlay, and indicate their interests as constraints over the information content. Publishers generate the information flow, which the brokers filter and route to the interested subscribers. Protecting the information confidentiality, and in particular the interests of subscribers, is an important concern when brokers are located in untrusted domains such as public clouds. Encrypted matching techniques allow untrusted brokers to store encrypted subscriptions and match them against encrypted publications. Updates of encryption keys regularly happen in such contexts due to changes in trust relations. These key updates cause the invalidation of stored encrypted subscriptions and force subscribers to re-encrypt and re-submit them. This long and costly operation impacts the pub/sub service continuity and performance. In this paper, we propose a novel technique that allows updating encrypted subscriptions directly at the brokers while maintaining privacy. We present an implementation of the technique for the ASPE encrypted matching scheme and prove the security of our extension. We evaluate its practical effectiveness through a prototype implementation including a dependable key distribution protocol. Our experiments show the ability to handle key updates while preserving service continuity and performance.
... The values of the publications' attributes and the subscriptions' predicates may reveal confidential information that must be protected from potential attackers [29]. Encrypted filtering techniques [7], [11] allow matching encrypted publications against encrypted subscriptions, without revealing their original content. In the context of this paper and in our evaluation, we focus on computationally intensive encrypted filtering using the ASPE algorithm [11]. ...
... We therefore use the ASPE [11] encrypted filtering scheme, and workloads of pre-encrypted subscriptions and publications. While the performance of plain-text filtering may depend on the characteristics of the workload, such as the possibility to leverage containment between subscriptions [4], [7], [9], [10], [13], [14], [22], encrypted filtering such as with ASPE requires filtering each incoming publication against all stored subscriptions. Each individual filtering operation cost is quadratic in number of attributes (O(d 2 )). ...
Conference Paper
Full-text available
Publish/subscribe (pub/sub) infrastructures running as a service on cloud environments offer simplicity and flexibility for composing distributed applications. Provisioning them appropriately is however challenging. The amount of stored subscriptions and incoming publications varies over time, and the computational cost depends on the nature of the applications and in particular on the filtering operation they require (e.g., content-based vs. topic-based, encrypted vs. non-encrypted filtering). The ability to elastically adapt the amount of resources required to sustain given throughput and delay requirements is key to achieving cost-effectiveness for a pub/sub service running in a cloud environment. In this paper, we present the design and evaluation of an elastic content-based pub/sub system: E-STREAMHUB. Specific contributions of this paper include: (1) a mechanism for dynamic scaling, both out and in, of stateful and stateless pub/sub operators, (2) a local and global elasticity policy enforcer maintaining high system utilization and stable end-to-end latencies, and (3) an evaluation using real-world tick workload from the Frankfurt Stock Exchange and encrypted content-based filtering.
... Unfortunately, existing encrypted filtering techniques, like asymmetric scalar-product preserving encryption (ASPE) [2], have a high computational cost that makes them inadequate for high-throughput contentbased routing. A promising approach to tackle both the security and performance challenges of content-based routing is to use an efficient "prefiltering" technique, described in [3], to significantly reduce the space of subscriptions that must be tested by the encrypted filtering engine during routing. In a nutshell, the principle is to embed Bloom filters [4] inside publications and subscriptions; these Bloom filters encode the values carried by the publications and the equality constraints of the subscriptions. ...
... Bloom filters are widely used in distributed systems for both performance and security purposes. The prefiltering technique for content-based publish/subscribe systems described in the introduction was introduced by Barazzutti et al. [3]. Kerschbaum [5] used Bloom filters to protect supply chains information against, for instance, malicious suppliers counterfeiting products; Bloom filters are used to encode suppliers IDs attached to items as they pass through the supply chain. ...
Conference Paper
Content-based routing is widely used in large-scale distributed systems as it provides a loosely-coupled yet expressive form of communication: consumers of information register their interests by the means of subscriptions, which are subsequently used to determine the set of recipients of every message published in the system. A major challenge of content-based routing is security. Although some techniques have been proposed to perform matching of encrypted subscriptions against encrypted messages, their computational cost is very high. To speed up that process, it was recently proposed to embed Bloom filters in both subscriptions and messages to reduce the space of subscriptions that need to be tested. In this article, we provide a comprehensive analysis of the information leaked by Bloom filters when implementing such a "prefiltering" strategy. The main result is that although there is a fundamental trade-off between prefiltering efficiency and information leakage, it is practically possible to obtain good prefiltering while securing the scheme against leakages with some simple randomization techniques.
... Among the many types of communication services, publish/subscribe systems [7] received much attention recently with the objective to support privacy-preserving operations. Privacy can relate to subscriptions [8] (e.g., filters that match the subscription of customers to specific pay-per-view TV streaming channels), publisher identities [9] (e.g., services providing anonymity to whistleblowers) or the content itself [10]. ...
Preprint
The deployment of large-scale distributed systems, e.g., publish-subscribe platforms, that operate over sensitive data using the infrastructure of public cloud providers, is nowadays heavily hindered by the surging lack of trust toward the cloud operators. Although purely software-based solutions exist to protect the confidentiality of data and the processing itself, such as homomorphic encryption schemes, their performance is far from being practical under real-world workloads. The performance trade-offs of two novel hardware-assisted memory protection mechanisms, namely AMD SEV and Intel SGX - currently available on the market to tackle this problem, are described in this practical experience. Specifically, we implement and evaluate a publish/subscribe use-case and evaluate the impact of the memory protection mechanisms and the resulting performance. This paper reports on the experience gained while building this system, in particular when having to cope with the technical limitations imposed by SEV and SGX. Several trade-offs that provide valuable insights in terms of latency, throughput, processing time and energy requirements are exhibited by means of micro- and macro-benchmarks.
... Among the many types of communication services, publish/subscribe systems [7] received much attention recently with the objective to support privacy-preserving operations. Privacy can relate to subscriptions [8] (e.g., filters that match the subscription of customers to specific pay-per-view TV streaming channels), publisher identities [9] (e.g., services providing anonymity to whistleblowers) or the content itself [10]. ...
... Among the many types of communication services, publish/subscribe systems [7] received much attention recently with the objective to support privacy-preserving operations. Privacy can relate to subscriptions [8] (e.g., filters that match the subscription of customers to specific pay-per-view TV streaming channels), publisher identities [9] (e.g., services providing anonymity to whistleblowers) or the content itself [10]. ...
Conference Paper
Full-text available
The deployment of large-scale distributed systems, e.g., publish-subscribe platforms, that operate over sensitive data using the infrastructure of public cloud providers, is nowadays heavily hindered by the surging lack of trust toward the cloud operators. Although purely software-based solutions exist to protect the confidentiality of data and the processing itself, such as homomorphic encryption schemes, their performance is far from being practical under real-world workloads. The performance trade-offs of two novel hardware-assisted memory protection mechanisms, namely AMD SEV and Intel SGX - currently available on the market to tackle this problem, are described in this practical experience. Specifically, we implement and evaluate a publish/subscribe use-case and evaluate the impact of the memory protection mechanisms and the resulting performance. This paper reports on the experience gained while building this system, in particular when having to cope with the technical limitations imposed by SEV and SGX. Several trade-offs that provide valuable insights in terms of latency, throughput, processing time and energy requirements are exhibited by means of micro- and macro-benchmarks.
... The simplest form of matching is provided by using pseudonyms [22,23,24] or bloom filters [8,25,26,27]. Both can be compared efficiently, but Bloom filters additionally allow for an aggregation of attributes. ...
Article
Publish-subscribe is an increasingly popular messaging pattern for distributed systems, supporting scalable and extensible programming, and optimal spatial, temporal, and control-flow decoupling of distributed components. Publish- subscribe middleware and methods were extended towards supporting security, in particular confidentiality, and increased availability, yet few prior works addressed anonymity of participants. Anonymity of senders and receivers may however be crucial, e.g., for supporting freedom of expression in regimes where political repression and censorship prevail. In this article, we review basic security and privacy requirements and introduce a new attacker model based on statistical disclosure, used to challenge anonymity. We elaborate on design options for privacy-preserving publish-subscribe systems and present a novel system that leverages peer-to-peer networking concepts; this novel approach protects subscriber anonymity by means of Probabilistic Forwarding (PF) and through a novel so-called Shell Game (SG) algorithm. We verify our solution against the requirements and provide a simulation-based analysis of the effectiveness of our approaches in light of our attacker model. The results show that the SG algorithm efficiently protects subscriber anonymity, and that anonymity sets can be adjusted via PF.
... The main objective of this article is to reduce the prohibitive costs of encrypted filtering while preserving confidentiality. It is the extension of the work presented in [16], [17]. We provide a more comprehensive description of the security issues and motivations, complete the mathematical analysis, include all the proofs, expand numerical evaluations, discuss potential extensions, and more generally present our contributions in a cohesive fashion. ...
Article
Content-based publish/subscribe provides a loosely-coupled and expressive form of communication for large-scale distributed systems. Confidentiality is a major challenge for publish/subscribe middleware deployed over multiple administrative domains. Encrypted matching allows confidentiality-preserving content-based filtering but has high performance overheads. It may also prevent the use of classical optimizations based on subscriptions containment. We propose a support mechanism that reduces the cost of encrypted matching, in the form of a prefiltering operator using Bloom filters and simple randomization techniques. This operator greatly reduces the amount of encrypted subscriptions that must be matched against incoming encrypted publications. It leverages subscription containment information when available, but also ensures that containment confidentiality is preserved otherwise. We propose containment obfuscation techniques and provide a rigorous security analysis of the information leaked by Bloom filters in this case. We conduct a thorough experimental evaluation of prefiltering under a large variety of workloads. Our results indicate that prefiltering is successful at reducing the space of subscriptions to be tested in all cases. We show that while there is a tradeoff between prefiltering efficiency and information leakage when using containment obfuscation, it is practically possible to obtain good prefiltering performance while securing the technique against potential leakages.
... A self-protection with intelligence injected into the data to protect itself, instead of providing external data protection measures, can make data achieve level of selfdefense, self-description and self-packaged plus self-encrypted as per the policy without host or environment dependence. Privacy-preserving filtering was proposed by Barazzutti et al [29] with encrypted matching that can alleviate leakage of information especially within publish-and-subscribe model based on content. Bin Liu et al [30] stressed on collaborative learning with privacy-preserving for the mobile setting to protect personal data from being leaked. ...
Conference Paper
Full-text available
Mobile devices face restrictions due to limitation of resources like life of battery, capacity of memory, power of processor and communication bandwidth specially during mobility and handover. Mobile based cloud computing is getting greater plea amid mobile users to lessen limitations of resource in mobile devices. The extensive espousal of programmable smart mobile handsets and communicating or exchanging data to Internet remaining in public domain leads to newer privacy and security challenges across enterprises. Smartphones and Tablets are not only storing users’ private data but also the private data of the involvers – be it friends, family members, customers, vendors or any other individual. Denial of services, data leakage, account confiscation, exposure to insecure application program interface, isolation of virtual machine, mischievous attacks from insider, losing the key used in encryption give rise to several added threats related to privacy and security. We have attempted to compute a number of threats pertaining to privacy and security and commend best practices counter and prevent occurrence.
... Moreover, secret keys are shared between publishers and subscribers, which violates the decoupling between them. Similarly, Barazzutti el al. [42] present a method to reduce the cost of matching encrypted events against encrypted subscriptions. They propose a bloom filter based pre-matching stage that saves computationally expensive cryptographic (matching) operations on events and subscriptions which are not likely to match. ...
Article
The provisioning of basic security mechanisms such as authentication and confidentiality is highly challenging in a content-based publish/subscribe system. Authentication of publishers and subscribers is difficult to achieve due to the loose coupling of publishers and subscribers. Likewise, confidentiality of events and subscriptions conflicts with content-based routing. This paper presents a novel approach to provide confidentiality and authentication in a broker-less content-based publish/subscribe system. The authentication of publishers and subscribers as well as confidentiality of events is ensured, by adapting the pairing-based cryptography mechanisms, to the needs of a publish/subscribe system. Furthermore, an algorithm to cluster subscribers according to their subscriptions preserves a weak notion of subscription confidentiality. In addition to our previous work , this paper contributes 1) use of searchable encryption to enable efficient routing of encrypted events, 2) multicredential routing a new event dissemination strategy to strengthen the weak subscription confidentiality, and 3) thorough analysis of different attacks on subscription confidentiality. The overall approach provides fine-grained key management and the cost for encryption, decryption, and routing is in the order of subscribed attributes. Moreover, the evaluations show that providing security is affordable w.r.t. 1) throughput of the proposed cryptographic primitives, and 2) delays incurred during the construction of the publish/subscribe overlay and the event dissemination.
Chapter
The publish/subscribe model offers a loose-couple communication paradigm for large-scale distribute applications. Content-based publish/subscribe system allows publishers send events with attributes to admin sever, which are called broker, and subscribers can send subscriptions with attributes’ constraints to broker. The brokers can match the events with subscriptions and then forward the events to the matched subscriptions’ sender depends on the results of matching. However, subscriptions reveal subscriber’s privacy information and subscribe strategy, the events also include valuable information. And to reduce the cost, the broker might be deployed on third party’s servers where server owners or malicious entities may access the subscriptions and events, and then may lead to the leakage of privacy information. In this paper, we propose an event matching approach based on order-preserving encryption. The experiments show that our approach privacy-preserving event matching performance significantly.
Conference Paper
The tremendous amount of context information that can be generated by the Internet of Things (IoT) calls for new solutions able to dig for the relevant information fitting applications’ needs. This paper proposes to leverage multiscale-, Quality of Context (QoC)- and privacy-awareness for the efficient filtering of context information disseminated between the decoupled producers and consumers of the IoT. We first discuss some specific challenges that must be addressed by next generation context managers, including multiscalability, distributed push and pull communications, and the consideration of both QoC and privacy constraints. We then answer these challenges with a new context dissemination framework involving visibility and forwarding filters and illustrate it through the implementation of a collaborative social welfare scenario.
Article
Full-text available
This article presents PICADOR, a system for end-to-end encrypted Publish-Subscribe information distribution with proxy re-encryption. The main novelty of PICADOR is that it provides an information distribution service with end-to-end encryption where publishers and subscribers do not need to establish shared encryption and decryption keys. Multiple publishers post encrypted information to a Pub/Sub broker which uses Proxy Re-Encryption (PRE) to convert this information into a representation that can only be decrypted by approved subscribers. The broker is unable to decrypt the information. Thus PICADOR ensures end-to-end information confidentiality. To support PICADOR, we design and implement a novel Proxy Re-Encryption (PRE) scheme that leverages a general lattice encryption software library. We prototype our system using a scalable Java-based information substrate that supports the Pub/Sub client and server operations. We experimentally evaluate performance and scalability tradeoffs in the context of enterprise and mobile applications. Our approach is highly configurable. We discuss design tradeoffs and application-specific cus-tomizations.
Article
The Internet of Things (IoT) enables producers of context data like sensors to interact with remote consumers of context data like smart pervasive applications in an entirely decoupled way. However, two important issues are faced by context data distribution, namely providing context information with a sufficient level of quality—i.e. quality of context (QoC)—while preserving the privacy of context owners. This article presents the solutions provided by the INCOME middleware framework for addressing these two potentially contradictory issues while hiding the complexity of context data distribution in heterogeneous and large-scale environments. Context producers and consumers not only express their needs in context contracts but also the guarantees they are ready to fulfil. These contracts are then translated into advertisement and subscription filters to determine how to distribute context data. Our experiments on a first open source prototype show that QoC-based filtering and privacy protection using attributed-based access control can be performed at a reasonable cost.
Conference Paper
The widespread adoption of programmable smart mobile devices like smart phones or Tablet and connecting to public domain of Internet as well as cloud service providers provide newer privacy as well as security challenges across enterprises. Mobile cloud computing has become extremely popular among mobile users and developers who can see a direct benefit albeit resource limitations in mobile devices including battery life, memory space or processing power. Data loss from stolen or decommissioned mobile devices, unsecured information exchange through rouge access points and access of vulnerable network fetch privacy as well as security threats of mobile cloud computing. Data breaches, account hijacking, insecure API exposure, denial of services, malicious insider attacks, loss of encryption key, virtual machine isolation bring forth some of the additional security and privacy threats. In this paper, we have attempted to enumerate several privacy plus security threats and put forth best practices and recommendations as preventive as well counter measures on incidence. We have evaluated the secure coding practices and code offloading frameworks. We have also analyzed the occurrence of software flaws in applications which were developed for payment application domain for last two years and effort put on tokenization to achieve higher level of security using cloud computing.
Conference Paper
Mobile application developers and users can feel a direct advantage of mobile cloud computing to prevail over the inherent constraints of mobile devices - be it battery life, memory space or processing power. However, ubiquitous adoption of programmable smart mobile devices and connecting them to unsecured public domain of Internet raises newer privacy and security challenges across enterprises. Both mobile and cloud environment where sensitive personal data can be stored, are susceptible to security attacks that can compromise users’ data privacy. Smartphones and Tablets are not only storing users’ private data but also the private data of the collaborators including friends, family members, customers, vendors or any other individual. The private data of other involvers are primarily communicated, received and stored in address book, SMS, WhatsApp, emails of the users’ Smartphone. We have identified several privacy plus security threats. In the backdrop of services and support of open source platform, we have enumerated existing best practices and our recommendations as preventive as well as measures on occurrence.
Conference Paper
Mobile cloud computing is becoming more and more popular among mobile users and developers who can see a direct benefit to overcome the resource limitations in mobile devices - be it battery life, memory space or processing power. The widespread adoption of programmable smart mobile devices and connecting to public domain of internet as well as cloud service providers provide newer privacy as well as security challenges across enterprises. Data loss from stolen or decommissioned mobile devices, unsecured information exchange through rouge access points and access of vulnerable network fetch privacy as well as security threats of mobile cloud computing. Data breaches, account hijacking, insecure API exposure, denial of services, malicious insider attacks, loss of encryption key, virtual machine isolation bring forth some of the additional security and privacy threats. In this paper, we have attempted to enumerate several privacy plus security threats and put forth best practices and recommendations as preventive as well counter measures on incidence. We have evaluated the provisioning of services such as Security as a Service (SecaaS) in different scenarios and practices based on the requirement of individual applications.
Article
Publish/Subscribe (PUB/SUB) systems have attracted much academic and industrial interest in the last years, with several successful experiences of development and deployment. Notwithstanding this high interest and the relevant research activities accomplished in the field, there are still many open technical challenges calling for additional research efforts. In this paper, we focus on the ability of PUB/SUB infrastructures to offer cost-effective, scalable, and quality-aware data distribution in emerging wide-scale and highly dynamic communication environments, such as those related to the continuous exchange of information between static and mobile nodes in smart-city scenarios. To this purpose, we survey state-of-the-art industrial and academic PUB/SUB solutions, with a strong focus on their support to scalability and quality requirements. We offer a detailed technical analysis of existing mechanisms and techniques for scalable QoS provisioning in PUB/SUB middleware, and we show how different design/implementation details impact the scalability and quality achievable at runtime. At the end of this surveying work, we identify promising guidelines for future research and for PUB/SUB systems extensions to effectively address the technical challenges of scalability and quality.
Conference Paper
Publish-subscribe is a scheme for distributing information based on interests. While security mechanisms have been added to publish-subscribe, privacy, in particular anonymous communication is hardly considered. We summarize security and privacy requirements for such systems, including an adversary model for privacy. We introduce a construction for publish-subscribe overlays that fulfills the requirements. Contrary to previous approaches, it does neither presume an online trusted third party, nor expensive cryptographic operations performed by brokers. Further, we informally discuss how our requirements are met.
Article
Full-text available
Content-Based Publish-Subscribe (CBPS) is an asynchronous messaging paradigm that supports a highly dynamic and many-to-many communication pattern based on the content of the messages themselves. In general, a CBPS system has three distinct parties -Content Publishers , Content Brokers, and Subscribers -working in a highly decoupled fashion. The ability to seamlessly scale on demand has made CBPS systems the choice of distributing messages/documents produced by Content Publishers to many Subscribers through Content Brokers. Most of the current systems assume that Content Brokers are trusted for the confidentiality of the data published by Content Publishers and the privacy of the subscriptions, which specify their interests, made by Subscribers. However, with the increased use of technologies, such as service oriented architectures and cloud computing, essentially outsourcing the broker functionality to third-party providers, one can no longer assume the trust relationship to hold. The problem of providing privacy/confidentiality in CBPS systems is challenging, since the solution to the problem should allow Content Brokers to make routing decisions based on the content without revealing the content to them. The problem may appear unsolvable since it involves conflicting goals, but in this paper, we propose a novel approach to preserve the privacy of the subscriptions made by Subscribers and confidentiality of the data published by Content Publishers using cryptographic techniques when third-party Content Brokers are utilized to make routing decisions based on the content. We analyze the security of our approach to show that it is indeed sound and provide experimental results to show that it is practical.
Conference Paper
Full-text available
The publish/subscribe model offers a loosely-coupled communication paradigm where applications interact indirectly and asynchronously. Publisher applications generate events that are sent to interested applications through a network of brokers. Subscriber applications express their interest by specifying filters that brokers can use for routing the events. Supporting confidentiality of messages being exchanged is still challenging. First of all, it is desirable that any scheme used for protecting the confidentiality of both the events and filters should not require the publishers and subscribers to share secret keys. In fact, such a restriction is against the loose-coupling of the model. Moreover, such a scheme should not restrict the expressiveness of filters and should allow the broker to perform event filtering to route the events to the interested parties. Existing solutions do not fully address those issues. In this paper, we provide a novel scheme that supports (i) confidentiality for events and filters; (ii) filters can express very complex constraints on events even if brokers are not able to access any information on both events and filters; (iii) and finally it does not require publishers and subscribers to share keys.
Conference Paper
Full-text available
Cloud Computing resources are handled through control interfaces. It is through these interfaces that the new machine images can be added, existing ones can be modified, and instances can be started or ceased. Effectively, a successful attack on a Cloud control interface grants the attacker a complete power over the victim's account, with all the stored data included. In this paper, we provide a security analysis pertaining to the control interfaces of a large Public Cloud (Amazon) and a widely used Private Cloud software (Eucalyptus). Our research results are alarming: in regards to the Amazon EC2 and S3 services, the control interfaces could be compromised via the novel signature wrapping and advanced XSS techniques. Similarly, the Eucalyptus control interfaces were vulnerable to classical signature wrapping attacks, and had nearly no protection against XSS. As a follow up to those discoveries, we additionally describe the countermeasures against these attacks, as well as introduce a novel "black box" analysis methodology for public Cloud interfaces.
Conference Paper
Full-text available
The challenge faced by content-based publish/subscribe systems is the ability to handle a vast amount of dynamic information with limited system resources. In current p/s systems, each subscription is processed in isolation. Neither relationships among individual subscriptions are exploited, nor historic information about subscriptions and publications is taken into account. We believe that this neglect limits overall system efficiency. In this paper, we represent subscriptions using modified binary decision diagrams (MBDs), and design an index data structure to maintain distinct predicates and manage associated Boolean variables. Our MBD-based approach can address, in a unified way, publication routing and subscription/advertisement covering and merging. We propose a novel covering algorithm based on MBDs. The algorithm can take historic information about subscription and publication populations into account and exploits relations between subscriptions. We explore merging, especially imperfect merging, and discuss an advertisement-based optimization applicable to subscription merging
Conference Paper
Full-text available
A popular trend in large enterprises today is the adoption of green IT strategies that use resources as efficiently as possible to reduce IT operational costs. With the publish/subscribe middleware playing a vital role in seamlessly integrating applications at large enterprises including Google and Yahoo, our goal is to search for resource allocation algorithms that enable publish/subscribe systems to use system resources as efficiently as possible. To meet this goal, we develop methodologies that minimize system-wide message rates, broker load, hop count, and the number of allocated brokers, while maximizing the resource utilization of allocated brokers to achieve maximum efficiency. Our contributions consist of developing a bit vector supported resource allocation framework, designing and comparing four different classes with a total of ten variations of subscription allocation algorithms, and developing a recursive overlay construction algorithm. A compelling feature of our work is that it works under any arbitrary workload distribution and is independent of the publish/subscribe language, which makes it easily applicable to any topic and content-based publish/subscribe system. Experiments on a cluster testbed and a high performance computing platform show that our approach reduces the average broker message rate by up to 92% and the number of allocated brokers by up to 91%.
Conference Paper
Full-text available
Service providers like Google and Amazon are moving into the SaaS (Software as a Service) business. They turn their huge infrastructure into a cloud-computing environment and aggressively recruit businesses to run applications on their platforms. To enforce security and privacy on such a service model, we need to protect the data running on the platform. Unfortunately, traditional encryption methods that aim at providing "unbreakable" protection are often not adequate because they do not support the execution of applications such as database queries on the encrypted data. In this paper we discuss the general problem of secure computation on an encrypted database and propose a SCONEDB Secure Computation ON an Encrypted DataBase) model, which captures the execution and security requirements. As a case study, we focus on the problem of k-nearest neighbor (kNN) computation on an encrypted database. We develop a new asymmetric scalar-product-preserving encryption (ASPE) that preserves a special type of scalar product. We use APSE to construct two secure schemes that support kNN computation on encrypted data; each of these schemes is shown to resist practical attacks of a different background knowledge level, at a different overhead cost. Extensive performance studies are carried out to evaluate the overhead and the efficiency of the schemes.
Conference Paper
Full-text available
One of the main challenges faced by content-based pub- lish/subscribe systems is handling large amount of dynamic subscriptions and publications in a multidimensional con- tent space. To reduce subscription forwarding load and speed up content matching, subscription covering, subsump- tion and merging techniques have been proposed. In this pa- per we propose MICS, Multidimensional Indexing for Con- tent Space that provides an efficient representation and pro- cessing model for large number of subscriptions and pub- lications. MICS creates a one dimensional representation for publications and subscriptions using Hilbert space filling curve. Based on this representation, we propose novel con- tent matching and subscription management (covering, sub- sumption and merging) algorithms. Our experimental eval- uation indicates that the proposed approach significantly speeds up subscription management operations compared to the naive linear approach.
Conference Paper
Full-text available
Achieving expressive and efficient content-based routing in publish/subscribe systems is a difficult problem. Traditional approaches prove to be either inefficient or severely limited in their expressiveness and flexibility. We present a novel routing method, based on Bloom filters, which shows high efficiency while simultaneously preserving the flexibility of content-based schemes. The resulting implementation is a fast, flexible and fully decoupled content-based publish/subscribe system.
Article
Full-text available
Well adapted to the loosely coupled nature of distributed interaction in large-scale applications, the publish/subscribe communication paradigm has recently received increasing attention. With systems based on the publish/subscribe interaction scheme, subscribers register their interest in an event, or a pattern of events, and are subsequently asynchronously notified of events generated by publishers. Many variants of the paradigm have recently been proposed, each variant being specifically adapted to some given application or network model. This paper factors out the common denominator underlying these variants: full decoupling of the communicating entities in time, space, and synchronization. We use these three decoupling dimensions to better identify commonalities and divergences with traditional interaction paradigms. The many variations on the theme of publish/subscribe are classified and synthesized. In particular, their respective benefits and shortcomings are discussed both in terms of interfaces and implementations.
Article
Full-text available
The publish/subscribe model offers a loosely-coupled communication paradigm where applications interact indirectly and asyn-chronously. Publisher applications generate events that are sent to interested applications through a network of brokers. Subscriber applications express their interest by specifying filters that brokers can use for routing the events. Supporting confidentiality of messages being exchanged is still challenging. First of all, it is desirable that any scheme used for protecting the confidentiality of both the events and filters should not require the publishers and subscribers to share secret keys. In fact, such a restriction is against the loose-coupling of the model. Moreover, such a scheme should not restrict the expressiveness of filters and should allow the broker to perform event filtering to route the events to the interested parties. Existing solutions do not fully address these issues. In this paper, we provide a novel scheme that supports (i) confidentiality for events and filters; (ii) filters can express very complex constraints on events even if brokers are not able to access any information on both events and filters; (iii) and finally it does not require publishers and subscribers to share keys.
Conference Paper
Full-text available
Users of content-based publish/subscribe systems (CBPS) are interested in receiving data items with values that satisfy certain conditions. Each user submits a list of subscription specifications to a broker, which routes data items from publishers to users. When a broker receives a notification that contains a value from a publisher, it forwards it only to the subscribers whose requests match the value. However, in many applications, the data published are confidential, and their contents must not be revealed to brokers. Furthermore, a user’s subscription may contain sensitive information that must be protected from brokers. Therefore, a difficult challenge arises: how to route publisher data to the appropriate subscribers without the intermediate brokers learning the plain text values of the notifications and subscriptions. To that extent, brokers must be able to perform operations on top of the encrypted contents of subscriptions and notifications. Such operations may be as simple as equality match, but often require more complex operations such as determining inclusion of data in a value interval. Previous work attempted to solve this problem by using one-way data mappings or specialized encryption functions that allow evaluation of conditions on ciphertexts. However, such operations are computationally expensive, and the resulting CBPS lack scalability. As fast dissemination is an important requirement in many applications, we focus on a new data transformation method called Asymmetric Scalar-product Preserving Encryption (ASPE) [1]. We devise methods that build upon ASPE to support private evaluation of several types of conditions. We also suggest techniques for secure aggregation of notifications, supporting functions such as sum, minimum, maximum and count. Our experimental evaluation shows that ASPE-based CBPS incurs 65% less overhead for exact-match filtering and 50% less overhead for range filtering compared to the state-of-the-art.
Article
Full-text available
Content-based publish-subscribe is an efficient communication paradigm that supports dynamic, many-to-many data dissemination in a distributed environment. A publish-subscribe system deployed over a wide-area net- work must handle information dissemination across distinct authoritative domains and heterogeneous platforms. Such an environment raises serious security concerns. This paper describes a practical scheme that preserves confidentiality against eavesdroppers for private content-based publish-subscribe systems over public networks. In this scheme, publications and subscriptions are encrypted, while the publish-subscribe infrastructure is able to make correct routing decisions based on encrypted publications and subscriptions. Plaintexts are not revealed in the infrastructure for the purpose of security and efficiency. This scheme efficiently supports interval-matching as a predicate function for subscriptions. The security of this scheme is analyzed, and further improved by several techniques.
Chapter
This chapter introduces PADRES, the publish/subscribe model with the capability to correlate events, uniformly access data produced in the past and future, balance the traffic load among brokers, and handle network failures. The new model can filter, aggregate, correlate and project any combination of historic and future data. A flexible architecture is proposed consisting of distributed and replicated data repositories that can be provisioned in ways to tradeoff availability, storage overhead, query overhead, query delay, load distribution, parallelism, redundancy and locality. This chapter gives a detailed overview of the PADRES content-based publish/subscribe system. Several applications are presented in detail that can benefit from the content-based nature of the publish/subscribe paradigm and take advantage of its scalability and robustness features. A list of example applications are discussed that can benefit from the content-based nature of publish/subscribe paradigm and take advantage of its scalability and robustness features.
Conference Paper
Encryption secures our stored data but seems to make it inert. Can we process encrypted data without having to decrypt it first? Answers to this fundamental question give rise to a wide variety of applications. Here, we explore this question in a number of settings, focusing on how interaction and secure hardware can help us compute on encrypted data, and what can be done if we have neither interaction nor secure hardware at our disposal.
Article
This chapter introduces PADRES, the publish/subscribe model with the capability to correlate events, uniformly access data produced in the past and future, balance the traffic load among brokers, and handle network failures. The new model can filter, aggregate, correlate and project any combination of historic and future data. A flexible architecture is proposed consisting of dis- tributed and replicated data repositories that can be provisioned in ways to tradeoff availability, storage overhead, query overhead, query delay, load distribution, parallelism, redundancy and locality. This chapter gives a detailed overview of the PADRES content-based publish/subscribe system. Several applications are presented in detail that can benefit from the content-based nature of the publish/subscribe paradigm and take advantage of its scalability and robustness features. A list of example applications are discussed that can benefit from the content-based nature of pub- lish/subscribe paradigm and take advantage of its scalability and robustness features.
Conference Paper
Content-based publish/subscribe (CBPS) is an interaction model where the interests of subscribers are stored in a content-based forwarding infrastructure to guide routing of notifications to interested parties. In this paper, we focus on answering the following question: can we implement content-based publish/subscribe while keeping subscriptions and notifications confidential from the forwarding brokers? Our contributions include a systematic analysis of the problem, providing a formal security model and showing that the maximum level of attainable security in this setting is restricted. We focus on enabling provable confidentiality for commonly used applications and subscription languages in CBPS and present a series of practical provably secure protocols, some of which are novel and others adapted from existing work. We have implemented these protocols in Siena, a popular CBPS system. Evaluation results show that confidential content-based publish/subscribe is practical: a single broker serving 1000 subscribers is able to route more than 100 notifications per second with our solutions
Conference Paper
Private matching solutions allow two parties to find common data elements over their own datasets without revealing any additional private information. We propose a new concept involving an intermediate entity in the private matching process: we consider the problem of broker-based private matching where end-entities do not interact with each other but communicate through a third entity, namely the Broker, which only discovers the number of matching elements. Although introducing this third entity enables a complete decoupling between end-entities (which may even not know each other), this advantage comes at the cost of higher exposure in terms of privacy and security. After defining the security requirements dedicated to this new concept, we propose a complete solution which combines searchable encryption techniques together with counting Bloom filters to preserve the privacy of end-entities and provide the proof of the matching correctness, respectively.
Conference Paper
The publish/subscribe model offers a loosely-coupled communication paradigm where applications interact indirectly and asynchronously. Publisher applications generate events that are forwarded to subscriber applications by a network of brokers. Subscribers register by specifying filters that brokers match against events as part of the routing process. Brokers might be deployed on untrusted servers where malicious entities can get access to events and filters. Supporting confidentiality of events and filters in this setting is still an open challenge. First of all, it is desirable that publishers and subscribers do not share secret keys, such a requirement being against the loose-coupling of the model. Second, brokers need to route events by matching encrypted events against encrypted filters. This should be possible even with very complex filters. Existing solutions do not fully address these issues. This work describes the implementation of a novel schema that supports (i) confidentiality for events and filters; (ii) filters that express very complex constraints on events even if brokers are not able to access any information on both events and filters; (iii) and finally, does not require publishers and subscribers to share keys. We then describe an e-Health application scenario for monitoring patients with chronic diseases and show how our encryption schema can be used to provide confidentiality of the patients' personal and medical data, and control who can receive the patients' data and under which conditions.
Conference Paper
Publish/Subscribe systems have become a prevalent model for delivering data from producers (publishers) to consumers (subscribers) distributed across wide-area networks while decoupling the publishers and the subscribers from each other. In this paper we present Meghdoot, which adapts content-based publish/subscribe systems to Distributed Hash Table based P2P networks in order to provide scalable content delivery mechanisms while maintaining the decoupling between the publishers and the subscribers. Meghdoot is designed to adapt to highly skewed data sets, which is typical of real applications. The experimental results demonstrate that Meghdoot balances the load among the peers and the design scales well with increasing number of peers, subscriptions and events.
Conference Paper
We consider a problem that arises during the propagation of subscriptions in a content- based publish-subscribe system. Subscription covering is a promising optimization that reduces the number of subscriptions propagated, and hence the size of routing tables in a content- based publish-subscribe system. However, detecting covering relationships among subscriptions can be an expensive computational task that potentially reduces the utility of covering as an optimization. We introduce an alternate approach approximate subscription covering, which provide much of the beneflts of subscription covering at a fraction of its cost. By forgoing an exhaustive search for covering subscriptions in favor of an approximate search, it is shown that the time complexity of covering detection can be dramatically reduced. The trade ofi between e-ciency of covering detection and the approximation error is demonstrated through the analysis of indexes for multi-attribute subscriptions based on space fllling curves.
Conference Paper
Privacy and confidentiality are crucial issues in content-based publish/subscribe (CBPS) networks. We tackle the problem of end-user privacy in CBPS. This problem raises a challenging requirement for handling encrypted data for the purpose of routing based on protected content and encrypted subscription information. We suggest a solution based on a commutative multiple encryption scheme in order to allow brokers to operate in-network matching and content based routing without having access to the content of the packets. This is the first solution that avoids key sharing among end-users and targets an enhanced CBPS model where brokers can also be subscribers at the same time.
Article
In this paper trade-offs among certain computational factors in hash coding are analyzed. The paradigm problem considered is that of testing a series of messages one-by-one for membership in a given set of messages. Two new hash-coding methods are examined and compared with a particular conventional hash-coding method. The computational factors considered are the size of the hash area (space), the time required to identify a message as a nonmember of the given set (reject time), and an allowable error frequency. The new methods are intended to reduce the amount of space required to contain the hash-coded information from that associated with conventional methods. The reduction in space is accomplished by exploiting the possibility that a small fraction of errors of commission may be tolerable in some applications, in particular, applications in which a large amount of data is involved and a core resident hash area is consequently not feasible using conventional methods. In such applications, it is envisaged that overall performance could be improved by using a smaller core resident hash area in conjunction with the new methods and, when necessary, by using some secondary and perhaps time-consuming test to “catch” the small fraction of errors associated with the new methods. An example is discussed which illustrates possible areas of application for the new methods. Analysis of the paradigm problem demonstrates that allowing a small number of test messages to be falsely identified as members of the given set will permit a much smaller hash area to be used without increasing reject time.
Conference Paper
Third-party cloud computing represents the promise of out- sourcing as applied to computation. Services, such as Mi- crosoft's Azure and Amazon's EC2, allow users to instanti- ate virtual machines (VMs) on demand and thus purchase precisely the capacity they require when they require it. In turn, the use of virtualization allows third-party cloud providers to maximize the utilization of their sunk capital costs by multiplexing many customer VMs across a shared physical infrastructure. However, in this paper, we show that this approach can also introduce new vulnerabilities. Using the Amazon EC2 service as a case study, we show that it is possible to map the internal cloud infrastructure, iden- tify where a particular target VM is likely to reside, and then instantiate new VMs until one is placed co-resident with the target. We explore how such placement can then be used to mount cross-VM side-channel attacks to extract information from a target VM on the same machine.
Article
This paper presents SIENA, an event notification service that we have designed and implemented to exhibit both expressiveness and scalability. We describe the service's interface to applications, the algorithms used by networks of servers to select and deliver event notifications, and the strategies used Effort sponsored by the Defense Advanced Research Projects Agency, and Air Force Research Laboratory, Air Force Materiel Command,USAF, under agreement numbers F30602-94-C-0253, F3060297 -2-0021, F30602-98-2-0163, F30602-99-C-0174, F30602-00-2-0608, and N66001-00-8945; by the Air Force Office of Scientific Research, Air Force Materiel Command, USAF, under grant number F49620-98-1-0061; and by the National Science Foundation under Grant Number CCR-9701973. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright annotation thereon. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the Defense Advanced Research Projects Agency, Air Force Research Laboratory, or the U.S. Government
Conference Paper
The use of cryptographic hash functions like MD5 or SHA-1 for message authentication has become a standard approach in many applications, particularly Internet security protocols. Though very easy to implement, these mechanisms are usually based on ad hoc techniques that lack a sound security analysis. We present new, simple, and practical constructions of message authentication schemes based on a cryptographic hash function. Our schemes, NMAC and HMAC, are proven to be secure as long as the underlying hash function has some reasonable cryptographic strengths. Moreover we show, in a quantitative way, that the schemes retain almost all the security of the underlying hash function. The performance of our schemes is essentially that of the underlying hash function. Moreover they use the hash function (or its compression function) as a black box, so that widely available library code or hardware can be used to implement them in a simple way, and replaceability of the underlying hash function is easily supported.