Confidential subscription clustering in a publish/subscribe system

Abstract

Broker-less content-based publish/subscribe systems offer the chance for flexible and loosely coupled many-to-many communication. Initially, no centralized component is needed. Routing is done by the peers themselves by looking at the content of the messages. This works fine, as long as no sensitive data is published. In this case, users may want to encrypt their data and even keep their subscriptions confidential. At first glance, this contradicts the content-based routing paradigm. The work of Tariq et al. presented the first system, that supports both by introducing a weaker notion of subscription confidentiality. Identity-based encryption is adapted to suite the requirements in such a system. This thesis will analyze the approach, point out some still existing problems and try to improve them. The current system uses one-hop flooding during event dissemination, which yields a high number of false positives. Simulations will show, that confidentiality can be kept nearly as high with much less false positives. Another issue is private key management as the number of keys to maintain is in order of O(sum (1, 2, log_2(T_i)) with d attributes in total and T_i = (UpperValueLimit_i - LowerValueLimit_i)/Granularity(i), where Granularity(i) determines the finest step value of attribute A_i. As the number of total attributes in a real system may be much greater then the attributes needed by an event, there are two problems: 1) how to specify the attributes that are not required by the event and 2) the cost of cryptographic operations is dependent on the total number of attributes. In the second part of the thesis we will provide another approach that decouples events and subscriptions from the total number of attributes. Timings, based on an implementation using the Pairing-Based Cryptography library (PBC) will be given.