ABSTRACT
User revocation is one of the main security issues in publish and subscribe (pub/sub) systems. Indeed, to ensure data confidentiality, the system should be able to remove malicious subscribers without affecting the functionalities and decoupling of authorised subscribers and publishers. To revoke a user, there are solutions, but existing schemes inevitably introduce high computation and communication overheads, which can ultimately affect the system capabilities.
In this paper, we propose a novel revocation technique for pub/sub systems that can efficiently remove compromised subscribers without requiring regeneration and redistribution of new keys as well as re-encryption of existing data with those keys. Our proposed solution is such that a subscriber's interest is not revealed to curious brokers and published data can only be accessed by the authorised subscribers. Finally, the proposed protocol is secure against the collusion attacks between brokers and revoked subscribers.
- Muhammad Rizwan Asghar, Ashish Gehani, Bruno Crispo, and Giovanni Russello. 2014. PIDGIN: Privacy-preserving interest and content sharing in opportunistic networks. In Proceedings of the 9th ACM symposium on information, computer and communications security. ACM, 135--146. Google ScholarDigital Library
- Raphaël Barazzutti, Pascal Felber, Hugues Mercier, Emanuel Onica, and Etienne Riviere. 2017. Efficient and confidentiality-preserving content-based publish/subscribe with prefiltering. IEEE Transactions on Dependable and Secure Computing 14, 3 (2017), 308--325. Google ScholarDigital Library
- Sana Belguith, Nesrine Kaaniche, Abderrazak Jemai, Maryline Laurent, and Rabah Attia. 2016. PAbAC: A Privacy preserving Attribute based framework for fine grained Access Control in clouds. In SECRYPT 2016: 13th International Conference on Security and Cryptography, Vol. 4. Scitepress, 133--146. Google ScholarDigital Library
- John Bethencourt, Amit Sahai, and Brent Waters. 2007. Ciphertext-policy attribute-based encryption. In Security and Privacy, 2007. SP'07. IEEE Symposium on. IEEE, 321--334. Google ScholarDigital Library
- Dan Boneh and Matt Franklin. 2001. Identity-based encryption from the Weil pairing. In Advances in Cryptology - CRYPTO 2001. Springer, 213--229. Google ScholarDigital Library
- Dan Boneh and Brent Waters. 2007. Conjunctive, subset, and range queries on encrypted data. Theory of cryptography (2007), 535--554. Google ScholarDigital Library
- Cristian Borcea, Yuriy Polyakov, Kurt Rohloff, Gerard Ryan, et al. 2017. PICADOR: End-to-end encrypted Publish-Subscribe information distribution with proxy re-encryption. Future Generation Computer Systems 71 (2017), 177--191.Google ScholarCross Ref
- Zvika Brakerski and Vinod Vaikuntanathan. 2011. Fully homomorphic encryption from ring-LWE and security for key dependent messages. In Annual cryptology conference. Springer, 505--524. Google ScholarDigital Library
- Tracy Yingying Cheng, Wei Gao, Xiaohua Jia, Jianfei He, and Shucheng Liu. 2016. Privacy-preserving publish/subscribe service in untrusted third-party platform. In Communications (ICC), 2016 IEEE International Conference on. IEEE, 1--6.Google ScholarCross Ref
- Giovanni Di Crescenzo, Jim Burns, Brian Coan, John Schultz, Jonathan Stanton, Simon Tsang, and Rebecca N Wright. 2013. Efficient and private three-party publish/subscribe. In International Conference on Network and System Security. Springer, 278--292.Google ScholarCross Ref
- Abebe Abeshu Diro, Naveen Chilamkurti, and Neeraj Kumar. 2017. Lightweight Cybersecurity Schemes Using Elliptic Curve Cryptography in Publish-Subscribe fog Computing. Mobile Networks and Applications (2017), 1--11. Google ScholarDigital Library
- Christian Esposito and Mario Ciampi. 2015. On Security in Publish/Subscribe Services: A Survey. IEEE Communications Surveys and Tutorials 17, 2 (2015), 966--997.Google ScholarDigital Library
- Mihaela Ion, Giovanni Russello, and Bruno Crispo. 2010. Supporting Publication and Subscription Confidentiality in Pub/Sub Networks. In SecureComm. Springer, 272--289.Google Scholar
- Mihaela Ion, Giovanni Russello, and Bruno Crispo. 2012. Design and implementation of a confidentiality and access control solution for publish/subscribe systems. Computer networks 56, 7 (2012), 2014--2037. Google ScholarDigital Library
- Vincenzo Iovino and Giuseppe Persiano. 2008. Hidden-vector encryption with groups of prime order. In International Conference on Pairing-Based Cryptography. Springer, 75--88. Google ScholarDigital Library
- Tao Jiang, Xiaofeng Chen, and Jianfeng Ma. 2016. Public integrity auditing for shared dynamic cloud data with group user revocation. IEEE Trans. Comput. 65, 8 (2016), 2363--2373.Google ScholarDigital Library
- Mohamed Nabeel, Stefan Appel, Elisa Bertino, and Alejandro Buchmann. 2013. Privacy preserving context aware publish subscribe systems. In International Conference on Network and System Security. Springer, 465--478.Google ScholarCross Ref
- Mohamed Nabeel, Ning Shang, and Elisa Bertino. 2012. Efficient privacy preserving content based publish subscribe systems. In Proceedings of the 17th ACM symposium on Access Control Models and Technologies. ACM, 133--144. Google ScholarDigital Library
- Emanuel Onica, Pascal Felber, Hugues Mercier, and Etienne Rivière. 2015. Efficient key updates through subscription re-encryption for privacy-preserving publish/subscribe. In Proceedings of the 16th Annual Middleware Conference. ACM, 25--36. Google ScholarDigital Library
- Emanuel Onica, Pascal Felber, Hugues Mercier, and Etienne Rivière. 2016. Confidentiality-preserving publish/subscribe: A survey. ACM Computing Surveys (CSUR) 49, 2 (2016), 27. Google ScholarDigital Library
- Pascal Paillier et al. 1999. Public-key cryptosystems based on composite degree residuosity classes. In Eurocrypt, Vol. 99. Springer, 223--238. Google ScholarDigital Library
- Partha Pal, Greg Lauer, Joud Khoury, Nick Hoff, and Joe Loyall. 2012. P3S: A privacy preserving publish-subscribe middleware. In ACM/IFIP/USENIX International Conference on Distributed Systems Platforms and Open Distributed Processing. Springer, 476--495. Google ScholarDigital Library
- Yuriy Polyakov, Kurt Rohloff, Gyana Sahu, and Vinod Vaikuntanthan. 2017. Fast Proxy Re-Encryption for Publish/Subscribe Systems. IACR Cryptology ePrint Archive 2017 (2017), 410.Google Scholar
- Muhammad Adnan Tariq, Boris Koldehofe, and Kurt Rothermel. 2014. Securing broker-less publish/subscribe systems using identity-based encryption. IEEE transactions on parallel and distributed systems 25, 2 (2014), 518--528. Google ScholarDigital Library
- Yuan Tian, Biao Song, Mohammad Mehedi Hassan, and Eui-nam Huh. 2013. An efficient privacy preserving Pub-Sub system for ubiquitous computing. International Journal of Ad Hoc and Ubiquitous Computing 12, 1 (2013), 23--33. Google ScholarDigital Library
- Kan Yang, Kuan Zhang, Xiaohua Jia, M Anwar Hasan, and Xuemin Sherman Shen. 2017. Privacy-preserving attribute-keyword based data publish-subscribe service on cloud platforms. Information Sciences 387 (2017), 116--131. Google ScholarDigital Library
Recommendations
Efficient Key Updates through Subscription Re-encryption for Privacy-Preserving Publish/Subscribe
Middleware '15: Proceedings of the 16th Annual Middleware ConferenceContent-based publish/subscribe (pub/sub) is an appealing information dissemination paradigm for distributed systems. Consumers of data subscribe to a pub/sub service, typically offered through a distributed broker overlay, and indicate their interests ...
Fast Proxy Re-Encryption for Publish/Subscribe Systems
We develop two IND-CPA-secure multihop unidirectional Proxy Re-Encryption (PRE) schemes by applying the Ring-LWE (RLWE) key switching approach from the homomorphic encryption literature. Unidirectional PRE is ideal for secure publish-subscribe ...
Multi-use unidirectional identity-based proxy re-encryption from hierarchical identity-based encryption
At ACNS 2007, Ateniese and Green proposed the concept of ID-based proxy re-encryption (IBPRE), where a semi-trusted proxy with some information (a.k.a. re-encryption key), can transform a ciphertext under an identity to another ciphertext under another ...
Comments