Towards a cryptographic treatment of publish/subscribe systems

Publish/subscribe mechanism is a typical many-to-many messaging paradigm when multiple applications want to receive the same message or when a group of applications would like to notify each other. Nonetheless, there exist only a few works that address the security issues for content-based publish/s...

Full description

Saved in:
Bibliographic Details
Published inJournal of computer security Vol. 22; no. 1; pp. 33 - 67
Main Authors TSZ HON YUEN, SUSILO, Willy, YI MU
Format Journal Article
LanguageEnglish
Published Amsterdam IOS Press 2014
Subjects
Applied sciences
Computer information security
Computer science; control theory; systems
Computer simulation
Computer systems and distributed systems. User interface
Concrete construction
Cryptography
Exact sciences and technology
Information, signal and communications theory
Mathematical models
Memory and file management (including protection and security)
Memory organisation. Data processing
Messages
Proving
Signal and communications theory
Software
Telecommunications and information theory
Publish/subscribe
Formal specification
Publish subscribe middleware
Provable security
Content-based retrieval
ANotices
cryptographic security model
security proofs
Cryptography
Modeling
Computer security
Online AccessGet full text

Cover

More Information
Summary:Publish/subscribe mechanism is a typical many-to-many messaging paradigm when multiple applications want to receive the same message or when a group of applications would like to notify each other. Nonetheless, there exist only a few works that address the security issues for content-based publish/subscribe systems formally. Although the security requirements have been partially addressed by Wang et al., there is no formal definition for all of these security requirements in the literature. As a result, most of the existing schemes do not have any security proof and it is difficult to justify whether those schemes are really secure in practice. Furthermore, there is no comprehensive scheme that satisfies the most essential security requirements at the same time. In this paper, we introduce the first security model for important security requirements of content-based publish/subscribe systems. We also give a new security requirement for publisher authenticity, which means that the publisher is authenticated to publish certain types of notification only, and cannot publish other types of notification. We then exhibit a new scheme which fulfills most of the security requirements. Furthermore, we also provide a comprehensive proof for our concrete construction according to the new model.
Bibliography:ObjectType-Article-2
SourceType-Scholarly Journals-1
ObjectType-Feature-1
content type line 23
ISSN:0926-227X
1875-8924
DOI:10.3233/JCS-130486