Subscriber System using Identity-Based Encryption

Secure Message Transmission to the Publisher

• Vivek Sharma

INTRODUCTION

The major mechanism regarding to the Publish-Subscribe based system are security, confidentiality, scalability and authentication. Publish-Subscribe system can be classified into two groups like as Type based and Content based message transmission. The publish-subscribe system is facing difficulties regarding Authentication just because of their Loose coupling nature. Content based routing face the difficulties in term of event confidentiality and their subscription. Hence, A new way is needed to the transmission of encrypted events to publishers-subscribers without knowing subscriptions between them and authenticate to each-other during transmission of an event. Security is the major facor in the broker less publisher-subscriber systems. To successful subscription, the subscribers should be in clustered form according to their subscription. The proposed approach gives permission to subscribers to manage the credentials in respect of their subscriptions. Credentials are labelled with private keys to the subscriber and Publisher connected with each-every encrypted event and related credentials. By using identity-based encryption, we must ensure that a particular event will decrypt only if a common credential between both publisher-subscriber associated with the particular event and their private key which is generated by the key generator are matched correctly in system and subscribers can check the authenticity of events to the publisher-subscriber system.

SCOPE OF PROJECT :

The project will provide the high authentication, reliability and scalability to the publish-subscribe system. An authentication and confidentiality will be achieved by the publishers and subscribers system to the particular occurring event by applying the pairing based cryptography and Symmetric encryption. Both publisher-subscriber are assigned with a same private key mechanism differentiate with the other mechanism like as public key infrastructure. So it provides more secure and reliable way to the communication between publisher and subscriber.

LITERATURE SURVEY :

Title: Cipher text Encryption based on attribute

Author Bethencurt , Sahali A.

Year: 2007

Description: According to the attribute based encryption based on the cipher text policy, the publisher or encryptor fix the policy to the subscriber, who will decrypt the message. With the help of attribute, the policy can be formed. In previous Cipher text encryption based on attribute, policy is embedded with the cipher text to the transmission. In this proposed method, the access policy is not sent with the cipher text, so it would provide better privacy environment to the encryptor.

Title: Public-Key Encryption related Search of particular keyword

Author: D. Boneh, P Crcenzo, R Ostrvky

Year: 2004

Description: We study the problem of searching on data that is encrypted using a public key system. Consider user Bob who sends email to user Alice encrypted under Alice’s public key. An email gateway wants to test whether the email contains the keyword urgent” so that it could route the email accordingly. Alice, on the other hand does not wish to give the gateway the ability to decrypt all her messages. We define and construct a mechanism that enables Alice to provide a key to the gateway that enables the gateway to test whether the word urgent” is a keyword in the email without learning anything else about the email. We refer to this mechanism as Public Key Encryption with keyword Search. As another example, consider a mail server that stores various messages publicly encrypted for Alice by others. Using our mechanism Alice can send the mail server a key that will enable the server to identify all messages containing some specific keyword, but learn nothing else. We define the concept of public key encryption with keyword search and give several constructions.

Title: Identity-Based Encryption from the Weil Pairing.e Scheduling Independent Tasks

Author: D. Boneh and M.K. Franklin

Year: 2001

Description: We propose a fully functional identity-based encryption scheme (IBE). The scheme has chosen cipher text security in the random oracle model assuming a variant of the computational Die- Hellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic curves is an example of such a map. We give precise dentitions for secure identity based encryption schemes and give several applications for such systems.

Title: “Supporting Publication and Subscription Confidentiality in Pub/Sub Networks

Author: M. Ion, G. Russello

Year: 2010.

Description: The publish/subscribe model over’s a loosely-coupled communication paradigm where applications interact indirectly and asynchronously. Publisher applications generate events that are sent to interested applications through a network of brokers. Subscriber applications express their interest by specifying filters that brokers can use for routing the events. Supporting condentiality of messages being exchanged is still challenging. First of all, it is desirable that any scheme used for protecting the condentiality of both the events and filters should not require the publishers and subscribers to share secret keys. In fact, such a restriction is against the loose-coupling of the model. Moreover, such a scheme should not restrict the expressiveness of filters and should allow the broker to perform event filtering to route the events to the interested parties. Existing solutions do not fully address these issues. In this paper, we provide a novel scheme that supports (i) condentiality for events and filters; (ii) filters can express very complex constraints on events even if brokers are not able to access any information on both events and filters; (iii) and finally it does not require publishers and subscribers to share keys.

Title: Efficient Privacy Preserving Content Based Publish Subscribe Systems

Author: M. Nabeel, N. Shang, and E. Bertino

Year: 2012.

Description: Privacy and confidentiality are crucial issues in content-based publish/subscribe (CBPS) networks. We tackle the problem of end-user privacy in CBPS. This problem raises a challenging requirement for handling encrypted data for the purpose of routing based on protected content and encrypted subscription information. We suggest a solution based on a commutative multiple encryption schemes in order to allow brokers to operate in-network matching and content based routing without having access to the content of the packets. This is the first solution that avoids key sharing among end-users and targets an enhanced CBPS model where brokers can also be subscribers at the same time.

Title: Encryption-Enforced Access Control in Dynamic Multi-Domain Publish/Subscribe Networks

Author: L.I.W. Pesonen, D.M. Eyers, and J. Bacon

Year: 2007

Description: This paper extends previous work to present and evaluate a secure multi-domain publish/subscribe infrastructure that supports and enforces engrained access control over the individual attributes of event types. Key refresh allows us to ensure forward and backward security when event brokers join and leave the network. We demonstrate that the time and space overheads can be minimized by careful consideration of encryption techniques, and by the use of caching to decrease unnecessary decryptions. We show that our approach has a smaller overall communication overhead than existing approaches for achieving the same degree of control over security in publish/subscribe networks.

Title: Hermes: A Scalable Event-Based Middleware

Author: P. Pietzuch

Year: 2004

Description: The core functionality of an event-based middleware is extended with three higher-level middleware services that address different requirements in a distributed computing environment. We introduce a novel congestion control service that avoids congestion in the overlay broker network during normal operation and recovery after failure, and therefore enables a resource-efficient deployment of the middleware. The expressiveness of subscriptions in the event-based middleware is enhanced with a composite event service that performs the distributed detection of complex event patterns, thus taking the burden away from clients. Finally, a security service adds access control to Hermes according to a secure publish/subscribe model. This model supports fine-grained access control decisions so that separate trust domains can share the same overlay broker network.

Title: Enabling Confidentiality in Content-Based Publish/Subscribe Infrastructures

Author: C. Raiciu and D.S. Rosenblum

Year: 2006.

Description: we focus on answering the following question: Can we implement content-based publish/subscribe while keeping subscriptions and notifications confidential from the forwarding brokers? Our contributions include a systematic analysis of the problem, providing a formal security model and showing that the maximum level of attainable security in this setting is restricted. We focus on enabling provable confidentiality for commonly used applications and subscription languages in CBPS and present a series of practical provably secure protocols, some of which are novel and others adapted from existing work. We have implemented these protocols in SIENA, a popular CBPS system. Evaluation results show that confidential content-based publish/subscribe is practical: A single broker serving 1000 subscribers is able to route more than 100 notifications per second with our solutions.

Title: EventGuard: A System Architecture for Securing Publish-Subscribe Networks

Author: M. Srivatsa, L. Liu, and A. Iyengar

Year: 2011.

Description: a framework for building secure wide area pub-sub systems. The EventGuard architecture is comprised of three key components: (1) a suite of security guards that can be seamlessly plugged-into a contentbased pub-sub system, (2) a scalable key management algorithm to enforce access control on subscribers, and (3) a resilient pub-sub network design that is capable of scalable routing, handling message dropping-based DoS attacks and node failures. The design of EventGuard mechanisms aims at providing security guarantees while maintaining the system’s overall simplicity, scalability and performance metrics. We describe an implementation of the EventGuard pub-sub system to show that EventGuard is easily stackable on any content-based pub-sub core. We present detailed experimental results that quantify the overhead of the EventGuard pub-sub system and demonstrate its resilience against various attacks.