Providing basic security mechanisms in broker-less publish/subscribe systems

Tariq, Muhammad; Koldehofe, Boris; Altaweel, Ala; Rothermel, Kurt

doi:10.1145/1827418.1827425

Cited by 25 publications

(10 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, computations are fast for networks with a small number of attributes, as they are common in many CEP applications. Since security-related event systems have, depending on the network and event parameters, a processing time in the range of one millisecond and more per event [19], [20], [9], we consider a latency of up to 1ms as acceptable for our approach. In our second evaluation, we leave the number of event sources fixed at two but varied the domain size (cf.…”

Section: Discussion and Evaluationmentioning

confidence: 99%

“…that are registered in its domain). Current work in providing security for event-based systems covers already confidentiality of individual event streams and the authorization of network participants [9], [10], [11]. In CEP systems, however, the provider of an event looses control on the distribution of dependent event streams.…”

Section: Manufacturermentioning

confidence: 99%

“…[10], [11], [9], [12], [13]. For our approach it is only important to understand that each consumer ω c needs to request required event attributes.…”

Section: Policy Consolidation and Event Obfuscationmentioning

confidence: 99%

“…These are used to provide access to their events [21]. Tariq et al propose a solution to provide authentication and confidentiality in broker-less content-based publish/subscribe systems [9]. Our work is based on the previous work which make event communication secure among different entities in the system.…”

Section: Related Workmentioning

confidence: 99%

See 3 more Smart Citations

Access Policy Consolidation for Event Processing Systems

Schilling

Koldehofe

Rotherme³

et al. 2013

2013 Conference on Networked Systems

View full text Add to dashboard Cite

Current event processing systems lack methods to preserve privacy constraints of incoming event streams in a chain of subsequently applied stream operations. This is a problem in large-scale distributed applications like a logistic chain where event processing operators may be spread over multiple security domains. An adversary can infer from legally received outgoing event streams confidential input streams of the event processing system. This paper presents a finegrained access management for complex event processing. Each incoming event stream can be protected by the specification of an access policy and is enforced by algorithms for access consolidation. The utility of the event processing system is increased by providing and computing in a scalable manner a measure for the obfuscation of event streams. An obfuscation threshold as part of the access policy allows to ignore access requirements and deliver events which have achieved a sufficient high obfuscation level.

show abstract

Section: Discussion and Evaluationmentioning

confidence: 99%

Section: Manufacturermentioning

confidence: 99%

“…[10], [11], [9], [12], [13]. For our approach it is only important to understand that each consumer ω c needs to request required event attributes.…”

Section: Policy Consolidation and Event Obfuscationmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Access Policy Consolidation for Event Processing Systems

Schilling

Koldehofe

Rotherme³

et al. 2013

2013 Conference on Networked Systems

View full text Add to dashboard Cite

show abstract

“…This nicely corresponds to attribute-based access control (ABAC) [27] which allows access based on attributes of subject, object or environment. A clever adaptation to publish-subscribe networks has already been made in [24].…”

Section: Introductionmentioning

confidence: 99%

Securely disseminating RFID events

Kerschbaum¹

2011

Proceedings of the 5th ACM International Conference on Distributed Event-Based System

View full text Add to dashboard Cite

More and more companies are collecting data about each item of their supply chain using RFID tags in order to increase visibility across the supply chain and improve its performance. The data generated by reading an RFID tag is (also) called an event. These events are frequently distributed using event-based networks following the publishsubscribe pattern. This method of dissemination immediately raises security concerns, since supply chain operations' data is considered sensitive by companies.Attribute-based encryption has proven successful in enforcing access control in publish-subscribe networks. Nevertheless, existing schemes do not support access control for RFID events. In this paper we present an encryption scheme that enables disseminating events that can only be decrypted by a selected set of parties that have been in possession of the RFID tag. Our scheme enables broadcasting event messages of constant ciphertext size to an entire network while enforcing access control policies via encryption. We prove our scheme secure under the Modified Bilinear Decisional Diffie-Hellman Assumption.

show abstract

Efficient and Private Three-Party Publish/Subscribe

Crescenzo¹,

Burns²,

Coan³

et al. 2013

Network and System Security

View full text Add to dashboard Cite

Abstract. We consider the problem of modeling and designing publish/subscribe protocols that safeguard the privacy of clients' subscriptions and of servers' publications while guaranteeing efficient latency in challenging scenarios (i.e., realtime publication, high data arrival rate, etc.). As general solutions from the theory of secure function evaluation protocols would not achieve satisfactory performance in these scenarios, we enrich the model with a third party (e.g., a cloud server). Our main result is a three-party publish/subscribe protocol suitable for practical applications in such scenarios because the publication phase uses only symmetric cryptography operations (a result believed not possible without the third party). At the cost of only a very small amount of privacy loss to the third party, and with no privacy loss to the publishing server or the clients, our protocol has very small publication latency, which we measured for large parameter ranges to be just a small constant factor worse than a publish/subscribe protocol guaranteeing no privacy.

show abstract

Providing basic security mechanisms in broker-less publish/subscribe systems

Cited by 25 publications

References 15 publications

Access Policy Consolidation for Event Processing Systems

Access Policy Consolidation for Event Processing Systems

Securely disseminating RFID events

Efficient and Private Three-Party Publish/Subscribe

Contact Info

Product

Resources

About