Project description

The goal of this research project is to provide security mechanisms for content-based publish/subscribe systems. Publish/subscribe is an asynchronous communication paradigm where senders, known as publishers, and receivers, known as subscribers, are loosely coupled. The messages that publishers generate are called events. Events are forwarded from publishers to interested subscribers by a network of brokers. In order to receive events, subscribers must register a filter with a broker. Brokers perform content-based routing by checking if events match registered filters. In many scenarios such as a stock quote dissemination services and e-health applications it is necessary to control who can access the content of events and filters. Security mechanisms are needed to ensure that only authorized subscribers can read events and that the subscribers’ interests remain private. An attacker (A in the figure) that is able to corrupt a broker and read the messages that come in and out, should not be able to learn any useful information from them.
There are still many open issues in designing security mechanisms for publish/subscribe systems because of the particularities of the communication model. Publishers and subscribers are loosely coupled, so they cannot share secret keys because that would limit the scalability and flexibility of the model. Moreover, brokers should be able to perform complex filtering operations efficiently, even if they do not have access to the content of events or filters. By combining attribute-based encryption techniques and encrypted search, we were able to design a novel encryption scheme for pub/subs systems that provides both event and filter confidentiality while not require publishers and subscribers to share secret keys. Moreover, although events and filters are encrypted, brokers can still perform event filtering without learning any information. Finally, our scheme allows subscribers to express filters that can define any monotonic and non-monotonic constraints on events. More details about the encryption scheme can be found in our publications.

People Mihaela Ion, Giovanni Russello, Bruno Crispo

Publications

  • M. Ion, G. Russello, and B. Crispo, "An Implementation of Event and Filter Confidentiality in Pub/Sub Systems and its Application to e-Health". Poster presented at the 17th ACM Conference on Computer and Communications Security (CCS 2010), Chicago, October 2010. pdf
  • M. Ion, G. Russello, and B. Crispo, "Supporting Publication and Subscription Condentiality in Pub/Sub Networks". In Proceedings of the 6th International ICST Conference on Security and Privacy in Communication Networks (SecureComm 2010), Singapore, September 2010. pdf
  • M. Ion, G. Russello, and B. Crispo, "Providing Confidentiality in Content-based Publish/Subscribe Systems". In Proceedings of the International Conference on Security and Cryptography (Secrypt 2010), Athens, July 2010. pdf

Contacts security@disi.unitn.it