Abstract
Content-based Publish-Subscribe (CBPS) is a widely used communication paradigm where publishers “publish” messages and a set of subscribers receive these messages based on their interests through filtering and routing by an intermediate set of brokers. CBPS has proven to be suitable for many-to-many communication offering flexibility and efficiency in communications between a dynamic set of publishers and subscribers. We are interested in using CBPS in healthcare settings to disseminate health-related information (drug interactions, diagnostic information on diseases) to large numbers of subscribers in a confidentiality-preserving manner. Confidentiality in CBPS requires that the message be hidden from brokers whereas the brokers need the message to compute routing decisions. Previous approaches to achieve these conflicting goals suffer from significant shortcomings—misrouting, lesser expressivity of subscriber interests, high execution time, and high message overhead. Our solution, titled v-CAPS, achieves the competing goals while avoiding the previous problems. In v-CAPS, the trusted publishers extract the routing information based on the message and the brokers keep minimal information needed to perform local routing. The routing information is cryptographically secured so that curious brokers or other subscribers cannot learn about the recipients. Our experiments show that v-CAPS has comparable end-to-end message latency to a baseline insecure CBPS system with unencrypted routing vectors. However, the cost of hiding the routing vectors from the brokers is significantly higher.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Barnett, D.: Publish-subscribe model connects tokyo highways. Web article, http://www.industrial-embedded.com/articles/barnett/
Bhola, S., Strom, R.E., Bagchi, S., Zhao, Y., Auerbach, J.S.: Exactly-once delivery in a content-based publish-subscribe system. In: DSN 2002: Proceedings of the 2002 International Conference on Dependable Systems and Networks, pp. 7–16 (2002)
Carzaniga, A.: Siena download. Web article, http://www.inf.usi.ch/carzaniga/siena/forwarding/index.html
Carzaniga, A., Rosenblum, D.S., Wolf, A.L.: Design and evaluation of a wide-area event notification service. ACM Transactions on Computer Systems 19(3), 332–383 (2001)
Carzaniga, A., Wolf, A.L.: Forwarding in a content-based network. In: Proceedings of ACM SIGCOMM 2003, Karlsruhe, Germany, pp. 163–174 (August 2003)
Chandramouli, B., Yang, J., Agarwal, P.K., Yu, A., Zheng, Y.: Prosem: scalable wide-area publish/subscribe. In: SIGMOD 2008: Proceedings of the 2008 ACM SIGMOD International Conference on Management of Data, pp. 1315–1318 (2008)
Crypto++ library - a free c++ class library of cryptographic schemes. Web article, http://www.cryptopp.com/
Dalal, Y.K., Metcalfe, R.M.: Reverse path forwarding of broadcast packets. Communications of the ACM 21(12), 1040–1048 (1978)
Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. In: Proceedings of the 13th Conference on USENIX Security Symposium, SSYM 2004, vol. 13, p. 21 (2004)
Eugster, P.T., Felber, P.A., Guerraoui, R., Kermarrec, A.M.: The many faces of publish/subscribe. ACM Computing Surveys 35(2), 114–131 (2003)
Ion, M., Russello, G., Crispo, B.: Supporting Publication and Subscription Confidentiality in Pub/Sub Networks. In: Jajodia, S., Zhou, J. (eds.) SecureComm 2010. LNICST, vol. 50, pp. 272–289. Springer, Heidelberg (2010)
Nabeel, M., Ning Shang, E.B.: Privacy-preserving filtering and covering in content-based publish subscribe systems. Tech. rep., Purdue University (June 2009)
Opyrchal, L., Prakash, A.: Secure distribution of events in content-based publish subscribe systems. In: SSYM 2001: Proceedings of the 10th Conference on USENIX Security Symposium, p. 21 (2001)
Planetlab: An open platform for developing, deploying, and accessing planetary-scale services. Web article, http://www.planet-lab.org/
Raiciu, C., Rosenblum, D.S.: Enabling confidentiality in content-based publish/subscribe infrastructures. In: Securecomm and Workshops 2006, August 28-September 1, pp. 1–11 (2006)
Shikfa, A., Önen, M., Molva, R.: Privacy-Preserving Content-Based Publish/Subscribe Networks. In: Gritzalis, D., Lopez, J. (eds.) SEC 2009. IFIP AICT, vol. 297, pp. 270–282. Springer, Heidelberg (2009)
C++ sockets library: A class library wrapping the berkeley sockets c api. Web article, http://www.alhem.net/Sockets/index.html
Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 44–55 (2000)
Wang, C., Carzaniga, A., Evans, D., Wolf, A.: Security issues and requirements for internet-scale publish-subscribe systems. In: HICSS 2002: Proceedings of the 35th Annual Hawaii International Conference on System Sciences, pp. 3940–3947 (January 2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Maji, A.K., Bagchi, S. (2012). v-CAPS: A Confidentiality and Anonymity Preserving Routing Protocol for Content-Based Publish-Subscribe Networks. In: Rajarajan, M., Piper, F., Wang, H., Kesidis, G. (eds) Security and Privacy in Communication Networks. SecureComm 2011. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 96. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31909-9_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-31909-9_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31908-2
Online ISBN: 978-3-642-31909-9
eBook Packages: Computer ScienceComputer Science (R0)