Issue No. 03 - May-June (2017 vol. 14)
Raphael Barazzutti , Institute of Computer Science, Université de Neuchâtel, Switzerland
Pascal Felber , Institute of Computer Science, Université de Neuchâtel, Switzerland
Hugues Mercier , Institute of Computer Science, Université de Neuchâtel, Switzerland
Emanuel Onica , Alexandru Ioan Cuza University of Iaşi, Romania
Etienne Riviere , Institute of Computer Science, Université de Neuchâtel, Switzerland
Content-based publish/subscribe provides a loosely-coupled and expressive form of communication for large-scale distributed systems. Confidentiality is a major challenge for publish/subscribe middleware deployed over multiple administrative domains. Encrypted matching allows confidentiality-preserving content-based filtering but has high performance overheads. It may also prevent the use of classical optimizations based on subscriptions containment. We propose a support mechanism that reduces the cost of encrypted matching, in the form of a
prefiltering operator using Bloom filters and simple randomization techniques. This operator greatly reduces the amount of encrypted subscriptions that must be matched against incoming encrypted publications. It leverages subscription containment information when available, but also ensures that containment confidentiality is preserved otherwise. We propose containment obfuscation techniques and provide a rigorous security analysis of the information leaked by Bloom filters in this case. We conduct a thorough experimental evaluation of prefiltering under a large variety of workloads. Our results indicate that prefiltering is successful at reducing the space of subscriptions to be tested in all cases. We show that while there is a tradeoff between prefiltering efficiency and information leakage when using containment obfuscation, it is practically possible to obtain good prefiltering performance while securing the technique against potential leakages.
Subscriptions, Cryptography, Containers, Arrays, Cloud computing
R. Barazzutti, P. Felber, H. Mercier, E. Onica and E. Riviere, "Efficient and Confidentiality-Preserving Content-Based Publish/Subscribe with Prefiltering," in IEEE Transactions on Dependable and Secure Computing, vol. 14, no. 3, pp. 308-325, 2017.