An efficient confidentiality protection solution for pub/sub system
Tóm tắt
Publish/subscribe(pub/sub) systems are widely used in large-scale messaging systems due to their asynchronous and decoupled nature. With the population of pub/sub cloud services, the privacy protection problem of pub/sub systems has started to emerge, and events and subscriptions are exposed when executing event matching on untrustworthy cloud brokers. However, as the number of subscriptions increases, the effectiveness of the previous confidentiality protection approaches declines drastically. In this paper, we propose SBM (scalable blind matching), an effective confidentiality protection scheme for pub/sub systems. To the best of our knowledge, SBM is the first scheme that applies order-preserving encryption algorithm to protect the system’s confidentiality and ensure its scalability. In this scheme, SBM-I is highly effective in subscription matching but is unable to achieve ideal security IND-OCPA, whereas SBM-II is suggested to ensure system security and SGX is used to reduce interaction and boost ciphertext matching performance. The experiment demonstrates that this method has better matching performance compared to others: the average matching time of SBM-I is 3–4 orders of magnitude faster than the matching algorithm MP and SGX-based algorithm SCBR when the number of subscriptions is 500,000, and the average matching time of SBM-II is 40 times faster than MP and 24 times than SCBR.
Tài liệu tham khảo
Agrawal R, Kiernan J, Srikant R, Xu Y (2004) Order preserving encryption for numeric data. In: Proceedings of the 2004 ACM SIGMOD international conference on management of data, pp 563–574
Amazon (2022) Pub/Sub messaging. https://aws.amazon.com/pub-sub-messaging
Arnautov S, Brito A, Felber P, Fetzer C, Gregor F, Krahn R, Ozga W, Martin A, Schiavoni V, Silva F et al (2018) Pubsub-sgx: exploiting trusted execution environments for privacy-preserving publish/subscribe systems. In: 2018 IEEE 37th symposium on reliable distributed systems (SRDS), pp 123–132. IEEE
Barazzutti R, Felber P, Mercier H, Onica E, Riviere E (2015) Efficient and confidentiality-preserving content-based publish/subscribe with prefiltering. IEEE Trans Dependable Secure Comput 14(3):308–325
Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In: 2007 IEEE symposium on security and privacy (SP’07), pp 321–334 . IEEE
Bloom BH (1970) Space/time trade-offs in hash coding with allowable errors. Commun ACM 13(7):422–426
Boldyreva A, Chenette N, Lee Y, O’neill A (2009) Order-preserving symmetric encryption. In: Annual international conference on the theory and applications of cryptographic techniques, pp 224–241. Springer
Boldyreva A, Chenette N, O’Neill A (2011) Order-preserving encryption revisited: improved security analysis and alternative solutions. In: Annual cryptology conference, pp 578–595 (2011). Springer
Borcea C, Polyakov Y, Rohloff K, Ryan G et al (2017) Picador: end-to-end encrypted publish-subscribe information distribution with proxy re-encryption. Future Gener Comput Syst 71:177–191
Carzaniga A, Rosenblum DS, Wolf AL (2001) Design and evaluation of a wide-area event notification service. ACM Trans Comput Syst (TOCS) 19(3):332–383
Choi S, Ghinita G, Bertino E (2010) A privacy-enhancing content-based publish/subscribe system using scalar product preserving transformations. In: International conference on database and expert systems applications, pp 368–384. Springer, Berlin
Ding T, Qian S, Cao J, Xue G, Li M (2020) Scsl: optimizing matching algorithms to improve real-time for content-based pub/sub systems. In: 2020 IEEE international parallel and distributed processing symposium (IPDPS), pp 148–157. IEEE
Dong C, Russello G, Dulay N (2011) Shared and searchable encrypted data for untrusted servers. J Comput Secur 19(3):367–397
Eugster PT, Felber PA, Guerraoui R, Kermarrec A-M (2003) The many faces of publish/subscribe. ACM Comput Surv (CSUR) 35(2):114–131
Gaballah SA, Coijanovic C, Strufe T, Mühlhäuser M (2021) 2PPS—publish/subscribe with provable privacy. In: 2021 40th international symposium on reliable distributed systems (SRDS), pp 198–209. IEEE
Google (2022) Pubsub. https://cloud.google.com/pubsub/docs/overview
Guo J, Miao M, Wang J (2018) Research and progress of order preserving encryption. J Cryptol Res 5:182–195
Ion M, Russello G, Crispo B (2012) Design and implementation of a confidentiality and access control solution for publish/subscribe systems. Comput Netw 56(7):2014–2037
Ji S, Jacobsen H-A (2018) Ps-tree-based efficient Boolean expression matching for high-dimensional and dense workloads. Proc VLDB Endow 12(3):251–264
Kumar S, Hu Y, Andersen MP, Popa RA, Culler DE (2019) {JEDI}: {Many-to-Many} {End-to-End} encryption and key delegation for {IoT}. In: 28th USENIX security symposium (USENIX Security 19), pp 1519–1536
Liang J, Qin Z, Xiao S, Zhang J, Yin H, Li K (2020) Privacy-preserving range query over multi-source electronic health records in public clouds. J Parallel Distrib Comput 135:127–139
Microsoft (2022) Publisher-subscriber pattern. https://learn.microsoft.com/zh-cn/azure/architecture/patterns/publisher-subscriber
Nabeel M, Appel S, Bertino E, Buchmann A (2013) Privacy preserving context aware publish subscribe systems. In: International conference on network and system security, pp 465–478. Springer, Berlin
Paillier P (1999) Public-key cryptosystems based on composite degree residuosity classes. In: International conference on the theory and applications of cryptographic techniques, pp 223–238. Springer
Pal P, Lauer G, Khoury J, Hoff N, Loyall J (2012) P3s: a privacy preserving publish-subscribe middleware. In: ACM/IFIP/USENIX international conference on distributed systems platforms and open distributed processing, pp 476–495. Springer, Berlin
Pires R, Pasin M, Felber P, Fetzer C (2016) Secure content-based routing using intel software guard extensions. In: Proceedings of the 17th international middleware conference, pp 1–10
Popa RA, Li FH, Zeldovich N (2013) An ideal-security protocol for order-preserving encoding. In: 2013 IEEE symposium on security and privacy, pp 463–477. IEEE
Qian S, Cao J, Zhu Y, Li M, Wang J (2014) H-tree: an efficient index structure for event matching in content-based publish/subscribe systems. IEEE Trans Parallel Distrib Syst 26(6):1622–1632
Qian S, Cao J, Zhu Y, Li M (2014) Rein: a fast event matching approach for content-based publish/subscribe systems. In: IEEE INFOCOM 2014-IEEE conference on computer communications, pp 2058–2066. IEEE
Raiciu C, Rosenblum DS (2006) Enabling confidentiality in content-based publish/subscribe infrastructures. In: 2006 securecomm and workshops, pp 1–11. IEEE
Shikfa A, Önen M, Molva R (2009) Privacy-preserving content-based publish/subscribe networks. In: IFIP international information security conference, pp 270–282. Springer, Berlin
Tariq MA, Koldehofe B, Rothermel K (2013) Securing broker-less publish/subscribe systems using identity-based encryption. IEEE Trans Parallel Distrib Syst 25(2):518–528
Wang C, Carzaniga A, Evans D, Wolf AL (2002) Security issues and requirements for internet-scale publish-subscribe systems. In: Proceedings of the 35th annual hawaii international conference on system sciences, pp 3940–3947. IEEE
Wang S, Pan D, Feng R, Zhang Y (2021) Magikcube: securing cross-domain publish/subscribe systems with enclave. In: 2021 IEEE 20th international conference on trust, security and privacy in computing and communications (TrustCom), pp 147–154. IEEE
Wong WK, Cheung DW-l, Kao B, Mamoulis N (2009) Secure kNN computation on encrypted databases. In: Proceedings of the 2009 ACM SIGMOD international conference on management of data, pp 139–152