Malicious Entities are in Vain: Preserving Privacy in Publish and Subscribe Systems

IEEE Trans. Dependable and Secure Comput.

Alwis

et al. 2021

Self Cite

The Publish and Subscribe (pub/sub) system is an established paradigm to disseminate the data from publishers to subscribers in a loosely coupled manner using a network of dedicated brokers. However, sensitive data could be exposed to malicious entities if brokers get compromised or hacked; or even worse, if brokers themselves are curious to learn about the data. A viable mechanism to protect sensitive publications and subscriptions is to encrypt the data before it is disseminated through the brokers. State-of-the-art approaches allow brokers to perform encrypted matching without revealing publications and subscriptions. However, if malicious brokers collude with malicious subscribers or publishers, they can learn the interests of innocent subscribers, even when the interests are encrypted. In this article, we present a pub/sub system that ensures confidentiality of publications and subscriptions in the presence of untrusted brokers. Furthermore, our solution resists collusion attacks between untrusted brokers and malicious subscribers (or publishers). Finally, we have implemented a prototype of our solution to show its feasibility and efficiency.

Section: Introductionmentioning

confidence: 82%

Section: Introductionmentioning

confidence: 94%

“…permutations for those whose match results are 0. In other words, B I and B T brokers could successfully guess the permutations for 1 bits and 0 bits with 1 x! and 1 (m−x)!…”

Section: B Collusion Attacksmentioning

confidence: 99%

Section: A Computation and Communication Costs Of Our Solutionmentioning

confidence: 99%

See 2 more Smart Citations

Collusion Defender: Preserving Subscribers’ Privacy in Publish and Subscribe Systems

Cui

IEEE Trans. Dependable and Secure Comput.

Alwis

et al. 2021

Self Cite

“…That is, ensuring the secrecy of outsourced data is considered as a major challenge for cloud clients, due to the loss of data control [1], [2], [3]. Thus, several solutions have proposed to apply data encryption at the data owner side, such that the decrypting keys are preserved out of reach of the cloud provider [4], [5]. Although data encryption ensures the confidentiality of data against malicious entities, the use of traditional encryption mechanisms i.e., symmetric and asymmetric encryption is not sufficient to support fine-grained access control to outsourced data.…”

Section: Introductionmentioning

confidence: 99%

Accountable privacy preserving attribute based framework for authenticated encrypted access in clouds

Journal of Parallel and Distributed Computing

Kaaniche

Laurent

et al. 2020

Self Cite

In this paper, we propose an accountable privacy preserving attribute-based framework, called Ins-PAbAC, that combines attribute based encryption and attribute based signature techniques for securely sharing outsourced data contents via public cloud servers. The proposed framework presents several advantages. First, it provides an encrypted access control feature, enforced at the data owner's side, while providing the desired expressiveness of access control policies. Second, Ins-PAbAC preserves users' privacy, relying on an anonymous authentication mechanism, derived from a privacy preserving attribute based signature scheme that hides the users' identifying information. Furthermore, our proposal introduces an accountable attribute based signature that enables an inspection authority to reveal the identity of the anonymously-authenticated user if needed. Third, Ins-PAbAC is provably secure, as it is resistant to both curious cloud providers and malicious users adversaries. Finally, experimental results, built upon OpenStack Swift testbed, point out the applicability of the proposed scheme in real world scenarios.

Analysis of attribute‐based cryptographic techniques and their application to protect cloud services

Trans Emerging Tel Tech

Kaaniche

Hammoudeh

2019

Self Cite

Recent technological advances such as the Internet of Things (IoT), fog computing, cloud applications lead to exponential growth in the amount of generated data. Indeed, cloud storage services have experienced unprecedented usage demand. The loss of user control over their cloud stored data introduced several security and privacy concerns. To address these concerns, cryptographic techniques are widely adopted at the user side. Attribute based cryptography is commonly used to provide encrypted and/or authenticated access to outsourced data in remote servers. However, the use of these cryptographic mechanisms often increase the storage and computation costs; consequently, the energy consumption in the entire cloud ecosystem. In this paper, we provide a comparative analysis of different attribute based cryptographic mechanisms suitable for cloud data sharing services. we also provide a detailed discussion of different reviewed schemes, w.r.t. supported features, namely security, privacy and functional requirements. In addition, we explore the limitations of existing attribute based cryptographic mechanisms and propose future research directions to better fit the growing needs of this cloud environment in terms of energysavings, processing and storage efficiency and availability requirements.