Menu utilisateur

Accès à distance ? S'identifier sur le proxy UCLouvain | Saint-Louis

Efficient Key Updates through Subscription Re-encryption for Privacy-Preserving Publish/Subscribe

Onglets principaux

Télécharger
  • Open access
  • PDF
  • 490.42 K
Onica, Emanuel [Alexandru Ioan Cuza University of Iaşi, Romania] Felber, Pascal [University of Neuchâtel, Switzerland] Mercier, Hugues [University of Neuchâtel, Switzerland] Riviere, Etienne [UCL]

Content-based publish/subscribe (pub/sub) is an appealing information dissemination paradigm for distributed systems. Consumers of data subscribe to a pub/sub service, typically offered through a distributed broker overlay, and indicate their interests as constraints over the information content. Publishers generate the information flow, which the brokers filter and route to the interested subscribers. Protecting the information confidentiality, and in particular the interests of subscribers, is an important concern when brokers are located in untrusted domains such as public clouds. Encrypted matching techniques allow untrusted brokers to store encrypted subscriptions and match them against encrypted publications. Updates of encryption keys regularly happen in such contexts due to changes in trust relations. These key updates cause the invalidation of stored encrypted subscriptions and force subscribers to re-encrypt and re-submit them. This long and costly operation impacts the pub/sub service continuity and performance. In this paper, we propose a novel technique that allows updating encrypted subscriptions directly at the brokers while maintaining privacy. We present an implementation of the technique for the ASPE encrypted matching scheme and prove the security of our extension. We evaluate its practical effectiveness through a prototype implementation including a dependable key distribution protocol. Our experiments show the ability to handle key updates while preserving service continuity and performance.

Type de document Communication à un colloque (Conference Paper) – Présentation orale avec comité de sélection
Type d'accès Accès libre
Année de publication 2015
Langue Anglais
Conférence "the 16th Annual Middleware Conference", Vancouver, BC, Canada (du 7/12/2015 au 11/12/2015)
Peer reviewed oui
Document hôte "Proceedings of the 16th Annual Middleware Conference on Middleware" (ISBN : 9781450336185)
Editeur ACM Press
Statut de la publication Publié
Affiliations UCL - SST/ICTM/INGI - Pôle en ingénierie informatique
Liens
  1. Wong Wai Kit, Cheung David Wai-lok, Kao Ben, Mamoulis Nikos, Secure kNN computation on encrypted databases, 10.1145/1559845.1559862
  2. Chenxi Wang, Carzaniga A., Evans D., Wolf A.L., Security issues and requirements for Internet-scale publish-subscribe systems, 10.1109/hicss.2002.994531
  3. M. A. Tariq, B. Koldehofe, A. Altaweel, and K. Rothermel. Providing basic security mechanisms in broker-less publish/subscribe systems. In DEBS 2010: 4th ACM Int. Conf. on Distributed Event-Based Systems.
  4. G. Strang. Introduction to Linear Algebra, 4th edition. Wellesley-Cambridge Press and SIAM, 2009.
  5. Srivatsa Mudhakar, Liu Ling, Secure Event Dissemination in Publish-Subscribe Networks, 10.1109/icdcs.2007.136
  6. Somorovsky Juraj, Heiderich Mario, Jensen Meiko, Schwenk Jörg, Gruschka Nils, Lo Iacono Luigi, All your clouds are belong to us : security analysis of cloud management interfaces, 10.1145/2046660.2046664
  7. V. Shoup. A proposal for an iso standard for public key encryption. Technical report, IBM Zurich, 2001.
  8. Shikfa Abdullatif, Önen Melek, Molva Refik, Broker-Based Private Matching, Privacy Enhancing Technologies (2011) ISBN:9783642222627 p.264-284, 10.1007/978-3-642-22263-4_15
  9. Sherman A.T., McGrew D.A., Key establishment in large dynamic groups using one-way function trees, 10.1109/tse.2003.1199073
  10. V. Schiavoni, E. Rivière, and P. Felber. Whisper: Middleware for confidential communication in large-scale networks. In ICDCS 2011: IEEE International Conference on Distributed Computing Systems.
  11. Ristenpart Thomas, Tromer Eran, Shacham Hovav, Savage Stefan, Hey, you, get off of my cloud : exploring information leakage in third-party compute clouds, 10.1145/1653662.1653687
  12. C. Raiciu and D. S. Rosenblum. Enabling confidentiality in content-based publish/subscribe infrastructures. In Securecomm 2006: 2nd Int. Conf. on Security and Privacy in Comm. Networks.
  13. Pietzuch P.R., Bacon J.M., Hermes: a distributed event-based middleware architecture, 10.1109/icdcsw.2002.1030837
  14. A. Perrig, D. Song, and J. D. Tygar. ELK, a new protocol for efficient large-group key distribution. In SP 2001: IEEE Symposium on Security and Privacy.
  15. Paillier Pascal, Public-Key Cryptosystems Based on Composite Degree Residuosity Classes, Advances in Cryptology — EUROCRYPT ’99 ISBN:9783540658894 p.223-238, 10.1007/3-540-48910-x_16
  16. Nabeel Mohamed, Shang Ning, Bertino Elisa, Efficient privacy preserving content based publish subscribe systems, 10.1145/2295136.2295164
  17. Machanavajjhala Ashwin, Vee Erik, Garofalakis Minos, Shanmugasundaram Jayavel, Scalable ranked publish/subscribe, 10.14778/1453856.1453906
  18. Liu Fangfei, Yarom Yuval, Ge Qian, Heiser Gernot, Lee Ruby B., Last-Level Cache Side-Channel Attacks are Practical, 10.1109/sp.2015.43
  19. S. Liston. The Cloud: data protection and privacy -- Whose cloud is it anyway? In GSR 2012: 12th Global Symposium for Regulators.
  20. J. Li, C. Lu, and W. Shi. An efficient scheme for preserving confidentiality in content-based publish/subscribe systems. Technical Report GIT-CC-04-01, Georgia Institute of Technology, 2004.
  21. H.-A. Jacobsen, A. Cheung, G. Lia, B. Maniymaran, V. Muthusamy, and R. S. Kazemzadeh. The PADRES publish/subscribe system. In Handbook of Research on Adv. Dist. Event-Based Sys., Pub./Sub. and Message Filtering Tech., 2009.
  22. Ion Mihaela, Russello Giovanni, Crispo Bruno, Design and implementation of a confidentiality and access control solution for publish/subscribe systems, 10.1016/j.comnet.2012.02.013
  23. M. Ion, G. Russello, and B. Crispo. An implementation of event and filter confidentiality in pub/sub systems and its application to e-health. In CCS 2010: 17th ACM conf. on Computer and comm. security.
  24. P. Hunt, M. Konar, F. P. Junqueira, and B. Reed. ZooKeeper: Wait-free coordination for internet-scale systems. In ATC 2010: USENIX Annual Technical Conference.
  25. Goyal Vipul, Pandey Omkant, Sahai Amit, Waters Brent, Attribute-based encryption for fine-grained access control of encrypted data, 10.1145/1180405.1180418
  26. Eze Benjamin, Kuziemsky Craig, Peyton Liam, Middleton Grant, Mouttham Alain, Policy-based Data Integration for e-Health Monitoring Processes in a B2B Environment: Experiences from Canada, 10.4067/s0718-18762010000100006
  27. Eugster Patrick Th., Felber Pascal A., Guerraoui Rachid, Kermarrec Anne-Marie, The many faces of publish/subscribe, 10.1145/857076.857078
  28. Dong Changyu, Russello Giovanni, Dulay Naranker, Shared and Searchable Encrypted Data for Untrusted Servers, Lecture Notes in Computer Science (2008) ISBN:9783540705666 p.127-143, 10.1007/978-3-540-70567-3_10
  29. Di Crescenzo Giovanni, Coan Brian, Schultz John, Tsang Simon, Wright Rebecca N., Privacy-Preserving Publish/Subscribe: Efficient Protocols in a Distributed Model, Data Privacy Management and Autonomous Spontaneous Security (2014) ISBN:9783642545672 p.114-132, 10.1007/978-3-642-54568-9_8
  30. R. Curtmola, J. Garay, S. Kamara, and R. Ostrovsky. Searchable symmetric encryption: Improved definitions and efficient constructions. In CCS 2006: 13th ACM conference on Computer and comm. security.
  31. Choi Sunoh, Ghinita Gabriel, Bertino Elisa, A Privacy-Enhancing Content-Based Publish/Subscribe System Using Scalar Product Preserving Transformations, Lecture Notes in Computer Science (2010) ISBN:9783642153631 p.368-384, 10.1007/978-3-642-15364-8_32
  32. Cheung Alex King Yeung, Jacobsen Hans-Arno, Load Balancing Content-Based Publish/Subscribe Systems, 10.1145/1880018.1880020
  33. Chand R., Felber P., XNET: a reliable content-based publish/subscribe system, 10.1109/reldis.2004.1353027
  34. Carzaniga Antonio, Rosenblum David S., Wolf Alexander L., Design and evaluation of a wide-area event notification service, 10.1145/380749.380767
  35. Bethencourt John, Sahai Amit, Waters Brent, Ciphertext-Policy Attribute-Based Encryption, 10.1109/sp.2007.11
  36. R. P. Barazzutti, T. Heinze, A. Martin, E. Onica, P. Felber, C. Fetzer, Z. Jerzak, M. Pasin, and E. Rivière. Elastic scaling of a high-throughput content-based publish/subscribe engine. In ICDCS 2014: IEEE International Conference on Distributed Computing Systems.
  37. R. P. Barazzutti, P. Felber, H. Mercier, E. Onica, and E. Riviére. Thrifty privacy: efficient support for privacy-preserving publish/subscribe. In DEBS 2012: 6th ACM Int. Conf. on Distributed Event-Based Systems.
  38. R. P. Barazzutti, P. Felber, C. Fetzer, E. Onica, M. Pasin, J.-F. Pineau, E. Riviére, and S. Weigert. StreamHub: A massively parallel architecture for high-performance content-based publish/subscribe. In DEBS 2013: 7th ACM Int. Conf. on Distributed Event-Based Systems.
  39. J. Bacon, D. M. Eyers, J. Singh, and P. R. Pietzuch. Access control in publish/subscribe systems. In DEBS 2002: 2nd ACM Int. Conf. on Distributed Event-Based Systems.
Référence bibliographique Onica, Emanuel ; Felber, Pascal ; Mercier, Hugues ; Riviere, Etienne. Efficient Key Updates through Subscription Re-encryption for Privacy-Preserving Publish/Subscribe.the 16th Annual Middleware Conference (Vancouver, BC, Canada, du 7/12/2015 au 11/12/2015). In: Proceedings of the 16th Annual Middleware Conference on Middleware, ACM Press2015
Permalien http://hdl.handle.net/2078.1/213818