Skip to main content
Springer Nature Link
Log in

A Privacy-Enhancing Content-Based Publish/Subscribe System Using Scalar Product Preserving Transformations

  • Conference paper
Database and Expert Systems Applications (DEXA 2010)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 6261))

Included in the following conference series:

  • 1200 Accesses

Abstract

Users of content-based publish/subscribe systems (CBPS) are interested in receiving data items with values that satisfy certain conditions. Each user submits a list of subscription specifications to a broker, which routes data items from publishers to users. When a broker receives a notification that contains a value from a publisher, it forwards it only to the subscribers whose requests match the value. However, in many applications, the data published are confidential, and their contents must not be revealed to brokers. Furthermore, a user’s subscription may contain sensitive information that must be protected from brokers. Therefore, a difficult challenge arises: how to route publisher data to the appropriate subscribers without the intermediate brokers learning the plain text values of the notifications and subscriptions. To that extent, brokers must be able to perform operations on top of the encrypted contents of subscriptions and notifications. Such operations may be as simple as equality match, but often require more complex operations such as determining inclusion of data in a value interval. Previous work attempted to solve this problem by using one-way data mappings or specialized encryption functions that allow evaluation of conditions on ciphertexts. However, such operations are computationally expensive, and the resulting CBPS lack scalability. As fast dissemination is an important requirement in many applications, we focus on a new data transformation method called Asymmetric Scalar-product Preserving Encryption (ASPE) [1]. We devise methods that build upon ASPE to support private evaluation of several types of conditions. We also suggest techniques for secure aggregation of notifications, supporting functions such as sum, minimum, maximum and count. Our experimental evaluation shows that ASPE-based CBPS incurs 65% less overhead for exact-match filtering and 50% less overhead for range filtering compared to the state-of-the-art.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Wong, W.K., Cheung, D.W., Kao, B., Mamoulis, N.: Secure kNN Computation on Encrypted Databases. In: ACM SIGMOD International Conference on Management of Data, pp. 139–152 (2009)

    Google Scholar 

  2. Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order Preserving Encryption for Numeric Data. In: ACM SIGMOD International Conference on Management of Data, pp. 563–574 (2004)

    Google Scholar 

  3. Boneh, D., Waters, B.: Conjunctive, Subset, and Range Queries on Encrypted Data. In: Theory of Cryptography Conference, pp. 535–554 (2007)

    Google Scholar 

  4. Carzaniga, A., Rosenblum, D.S., Wolf, A.L.: Design and evaluation of a wide-area event notification service. ACM Transactions on Computer Systems 19(3), 332–383 (2001)

    Article  Google Scholar 

  5. Raiciu, C., Rosenblum, D.S.: Enabling Confidentiality in Content-Based Publish/Subscribe Infrastructures. In: International Conference on Security and Privacy in Communication Networks, pp. 1–11 (2006)

    Google Scholar 

  6. Akamai, http://www.akamai.com

  7. Hacigumus, H., Iyer, B., Li, C., Mehrotra, S.: Executing sql over encrypted data in the database-service-provider model. In: ACM SIGMOD International Conference on Management of Data, pp. 216–227 (2002)

    Google Scholar 

  8. Hacigumus, H., Iyer, B., Mehrotra, S.: Providing database as a service. In: ICDE International Conference on Data Engineering, pp. 29–38 (2002)

    Google Scholar 

  9. Liu, K., Giannella, C., Kargupta, H.: An attacker’s view of distance preserving maps for privacy preserving data mining. In: Fürnkranz, J., Scheffer, T., Spiliopoulou, M. (eds.) PKDD 2006. LNCS (LNAI), vol. 4213, pp. 297–308. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  10. Minami, K., Lee, A.J., Winslett, M., Borisov, N.: Secure Aggregation in a Publish-Subscribe System. In: ACM Workshop on Privacy in the Electronic Society, pp. 95–104 (2008)

    Google Scholar 

  11. Ahmed, W., Khokhar, A.: Secure aggregation in large scale overlay networks. In: Global Telecommunications Conference, pp. 1–5 (2006)

    Google Scholar 

  12. Srivatsa, M., Liu, L.: Securing Publish-Subscribe Overlay Services with EventGuard. In: ACM Conference on Computer and Communications Security, pp. 289–298 (2005)

    Google Scholar 

  13. Oliveira, S.R.M., Zaiane, O.R.: Privacy preserving clustering by data transformation. In: 18th Brazillian Symposium on Databases, pp. 304–318 (2003)

    Google Scholar 

  14. Nabeel, M., Shang, N., Bertino, E.: Privacy-Preserving Filtering and Covering in Content-Based Publish Subscribe Systems. CERIAS Tech. Report 2009-15, Purdue University, West Lafayette, IN

    Google Scholar 

  15. Wang, C., Carzaniga, A., Evans, D., Wolf, A.L.: Security Issues and Requirements for Internet-Scale Publish-Subsribe Systems. In: Hawaii International Conference on System Sciences, pp. 303–310 (2002)

    Google Scholar 

  16. Khurana, H.: Scalable Security and Accounting Services for Content-based Publish/Subscribe Systems. In: ACM Symposium on Applied Computing, pp. 801–807 (2005)

    Google Scholar 

  17. Shi, E., Bethenourt, J., Hubert Chan, T.-H., Song, D., Perrig, A.: Multi-Dimensional Range Query over Encrypted Data. In: IEEE Symposium on Security and Privacy, pp. 350–364 (2007)

    Google Scholar 

  18. Pesonen, L.I.W., Eyers, D.M., Bacon, J.: Encryption-Enforced Access Control in Dynamic Multi-Domain Publish/Subscribe Networks. In: International Conference on Distributed Event-Based Systems, pp. 104–115 (2007)

    Google Scholar 

  19. Hore, B., Mehrotra, S., Tsudik, G.: A Privacy-Preserving Index for Range Queries. In: International Conference on Very Large Data Bases, pp. 720–731 (2004)

    Google Scholar 

  20. Papadopoulos, et al.: Continuous Authentication on Data Streams. In: International Conference on Very Large Data Bases, pp. 135–146 (2007)

    Google Scholar 

  21. Paillier, P.: Public-key cryptosystem based on composite degree residuosity classes. In: Advances in Cryptology, pp. 223–238 (1999)

    Google Scholar 

  22. Song, D., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: IEEE Symposium on Security and Privacy, pp. 44–55 (2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Electrical and Computer Engineering, Purdue University, USA

    Sunoh Choi

  2. Department of Computer Science, Purdue University, USA

    Gabriel Ghinita & Elisa Bertino

Authors
  1. Sunoh Choi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gabriel Ghinita
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Elisa Bertino
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. DeustoTech Computing, University of Deusto, Avda. Universidades, 24, 48007, Bilbao, Spain

    Pablo García Bringas

  2. Institut de Recherche en Informatique de Toulouse (IRIT), Paul Sabatier University, 118, route de Narbonne, 31062, Toulouse Cedex, France

    Abdelkader Hameurlain

  3. Faculty of Computer Science, Department of Distributed Systems and Multimedia Systems, University of Vienna, Liebiggasse 4/3-4, 1010, Vienna, Austria

    Gerald Quirchmayr

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Choi, S., Ghinita, G., Bertino, E. (2010). A Privacy-Enhancing Content-Based Publish/Subscribe System Using Scalar Product Preserving Transformations. In: Bringas, P.G., Hameurlain, A., Quirchmayr, G. (eds) Database and Expert Systems Applications. DEXA 2010. Lecture Notes in Computer Science, vol 6261. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15364-8_32

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-15364-8_32

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-15363-1

  • Online ISBN: 978-3-642-15364-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics