The Community for Technology Leaders
Green Image
Issue No. 03 - May-June (2017 vol. 14)
ISSN: 1545-5971
pp: 308-325
Raphael Barazzutti , Institute of Computer Science, Université de Neuchâtel, Switzerland
Pascal Felber , Institute of Computer Science, Université de Neuchâtel, Switzerland
Hugues Mercier , Institute of Computer Science, Université de Neuchâtel, Switzerland
Emanuel Onica , Alexandru Ioan Cuza University of Iaşi, Romania
Etienne Riviere , Institute of Computer Science, Université de Neuchâtel, Switzerland
ABSTRACT
Content-based publish/subscribe provides a loosely-coupled and expressive form of communication for large-scale distributed systems. Confidentiality is a major challenge for publish/subscribe middleware deployed over multiple administrative domains. Encrypted matching allows confidentiality-preserving content-based filtering but has high performance overheads. It may also prevent the use of classical optimizations based on subscriptions containment. We propose a support mechanism that reduces the cost of encrypted matching, in the form of a prefiltering operator using Bloom filters and simple randomization techniques. This operator greatly reduces the amount of encrypted subscriptions that must be matched against incoming encrypted publications. It leverages subscription containment information when available, but also ensures that containment confidentiality is preserved otherwise. We propose containment obfuscation techniques and provide a rigorous security analysis of the information leaked by Bloom filters in this case. We conduct a thorough experimental evaluation of prefiltering under a large variety of workloads. Our results indicate that prefiltering is successful at reducing the space of subscriptions to be tested in all cases. We show that while there is a tradeoff between prefiltering efficiency and information leakage when using containment obfuscation, it is practically possible to obtain good prefiltering performance while securing the technique against potential leakages.
INDEX TERMS
Subscriptions, Cryptography, Containers, Arrays, Cloud computing
CITATION

R. Barazzutti, P. Felber, H. Mercier, E. Onica and E. Riviere, "Efficient and Confidentiality-Preserving Content-Based Publish/Subscribe with Prefiltering," in IEEE Transactions on Dependable and Secure Computing, vol. 14, no. 3, pp. 308-325, 2017.
doi:10.1109/TDSC.2015.2449831
209 ms
(Ver 3.3 (11022016))