ash_IJRISE_Paper_(1)

advertisement
International Journal of Research In Science & Engineering
Volume: 1 Issue: 1
e-ISSN: 2394-8299
p-ISSN: 2394-8280
AN EFFICIENT APPROACH FOR IDENTITY BASED ENCRYPTION IN
BROKER-LESS PUBLISH/SUBSCRIBE SYSTEMS
Ashwini Jeevangi1, Kamalakshi Naganna 2
1
Post Graduate Student, Dept of CS&E, SCE Bangalore, India.Email-id:ashwinijeevangi09@gmail.com
2
Associate. Prof , Dept of CS&E , SCE Bangalore, India.Email-id:kamalakshinaganna@sapthagiri.edu.in
ABSTRACT
Authentication of publishers and subscribers is difficult using the broker. This paper provides
confidentiality and authentications in a broker-less content-based publish/subscribe system(CBPS) using identitybased encryption(IBE). Multicredential are used to strengthen the weak subscription confidentiality, and also it
shows the attacks on the keys generated by the key server. The broker-less content-based publish/subscribe
systems reduces the cost for encryption, decryption and router, and also efficient fast transmission of the content
from publisher to subscribers. Thus, security is provided using identity-based encryption in broker-less
publish/subscribe systems.
Keywords: Publish/Subscribe, Broker-Less, Identity-Based Encryption etc.
----------------------------------------------------------------------------------------------------------------------------1. INTRODUCTION
The publisher/subscribe (pub/sub) has gained high popularity because of its natural decoupling of
publishers from subscribers. Publishers will generate the events and inject into pub/sub system, and subscribers
identify the events of interest by means of subscriptions. Published events are routed to their related subscribers,
without the publishers knowing the related set of subscribers.
Subscriber
Publisher
Subscriber
Subscriber
Fig 1: Publish/Subscribe Systems
Content-based publish/subscribe system (CBPS) defines restrictions on the message content. The CBPS is
useful for large-scale distributed applications. The pub/sub needs to provide supportive mechanisms to fulfill the
basic security demands of these applications such as access control and confidentiality.
Access control in the frame of pub/sub system means that only genuine publishers are allowed to propagate
events in the system and only those events are deliver to allowed subscribers. The matter of events should not be
exposed to the routing communications and a subscriber must receive all relevant events without revealing its
subscription to the system. Solving these security issues in a content-based pub/sub system imposes new challenges.
Most researches have focused only on providing significant and scalable pub/sub systems, but some attention
has paid for the need of security. Existing approach mainly depends on traditional broker network [1], [2]. These
address using only keyword matching technique [3], [6] or semi-trusted brokers [7], [9]. Further, existing approach
IJRISE| www.ijrise.org|editor@ijrise.org
International Journal of Research In Science & Engineering
Volume: 1 Issue: 1
e-ISSN: 2394-8299
p-ISSN: 2394-8280
use coarse-grain based key management and it does not provide fine-grain access control in a scalable manner [3],
[1].The security in broker-less CBPS can be done by clustering subscribers according to their subscriptions [10].
The identity-based encryption (IBE) provides an alternative to reduce the amount of keys to be managed. In
IBE, any suitable string which uniquely identifies a user can be the public key of the user. A key server maintain a
single pair of public and private master keys. To successfully decrypt the message, a receiver needs to obtain a
private key for its identity from the key server. Thus, security may be provided using identity-based encryption in
broker-less publish/subscribe systems.
2. RELATED WORK
C. Raiciu et al., [1] Provides a content-based publish/subscribe (CBPS). The network of CBPS brokers provides
communications whose role is to propagate notifications efficiently from the publishers to all the subscribers that
have matching interests. They contributed a formal definition and a systematic analysis of confidentiality in contentbased publish/subscribe. It is first complete implementation of publish/subscribe that supports confidentiality. [1]
Results show that achieving confidentiality is practical, a broker being able to match 100 notifications per second
when it has 1000 subscribers.
M. Ion et al., [2] The Subscriber expresses their significance by specify filters that brokers can use for routing
the events. For receiving events, subscribers need to register their interest with a broker through a filter. When a new
event is published, brokers forward it to all subscribers which expressed a filter that matches the event. They
provided a scheme that supports confidentiality for events and filters, and finally publishers and subscribers does not
require to share keys. Although events and filters are encrypted, brokers can still perform event filtering without
learning any information.
L.I.W. Pesonen et al., [4] they evaluate a secure multi-domain publish/subscribe communications that supports
fine-grained access control over the individual attributes of event types. Key refresh allow us to make certain
forward and backward security when event brokers join and leave the network. Enforce access control within the
broker network by encrypting event content, and those policies state controls over the necessary encryption keys.
Through the encrypted event content only authorized brokers are allowed to access the encryption key.
M. Srivatsa et al., [5] proposed an Event Guard- a framework. Event-Guard proposes to decouple key
management between publisher and subscribers as follows: associate an authorization key K (f) with a subscription
filter f and an encryption key K (e) with an event e. The publisher uses the encryption key K (e) to encrypt the secret
attributes in an event e, and the subscriber uses the authorization key K (f) to decrypt the secret attributes in a
matching event e. They used hierarchical key derivation algorithms to map the authorization keys and the encryption
keys into a common key space. The mapping ensures that a subscriber can efficiently derive an encryption key K (e)
for an event e using an authorization key K (f) for the subscription filter f if and only if the event e matches the
subscription filter f.
Shikfa et al., [6] Privacy and confidentiality are critical issues in content-based publish/subscribe (CBPS)
networks. The first requirement is for a secure forwarding mechanism that would achieve the look-up in forwarding
tables using encrypted content as the search key. They suggested a result based on a commutative multiple
encryption schemes in order to allow brokers to function in network matching and content-based routing without
having access to the content of the packets. They provided a first solution that avoids key sharing and targets an
improved CBPS model where brokers can also be subscribers at the same time.
L. Opyrchal et al., [8] A specific problem in content-based systems is the secure distribution of events to clients
subscribe to those events. In CBPS, every event can contain a different set of interest subscribers. To provide
confidentiality guarantee, encrypt messages so that only interested subscribers can read the message. In the worst
case, for n number of clients, there can be 2n subgroups, and each event can go to a potentially different subgroup. A
major problem is organization of subgroup keys so that the number of encryptions required per event can be kept
low.
H. Khurana et al., [9] Different ways of expressing subscriber interest in events have led to different pub/sub
schemes. One of the major hurdles to wide-scale deployment of CBPS is security. For example, ensuring that events
are delivered only to authorized subscribers, preventing unauthorized modification to events, and guaranteeing that
IJRISE| www.ijrise.org|editor@ijrise.org
International Journal of Research In Science & Engineering
Volume: 1 Issue: 1
e-ISSN: 2394-8299
p-ISSN: 2394-8280
delivered events are authentic .In other words, ensuring confidentiality, integrity and authentication of events as they
traverse through the pub/sub infrastructure.
M.A. Tariq et al., [10] this paper present a new approach to provide authentication and confidentiality in a
broker-less pub/sub system. The approach allows subscribers to maintain credentials according to their
subscriptions. A publisher links each encrypted event with a set of credentials. They adapted identity-based
encryption (IBE) mechanisms to ensure that a particular subscriber can decrypt an event only if there is a match
between the credentials associated with the event and the key and to allow subscribers to verify the authenticity of
received events. Further, they addressed the issue of subscription confidentiality in the presence of semantic
clustering of subscribers. Weaker notion of subscription confidentiality is defined and a secure overlay maintenance
protocol is designed to preserve the weak subscription confidentiality.
3. CHALLENGES FOR PUBLISH/SUBSCRIBE SYSTEM



Many of the existing methods mainly rely on broker which is not trustworthy.
The existing methods address security using the key matching technique.
The existing methods use coarse grain key management and it does not provide fine grain access control in
a scalable manner.
4. METHODOLOGY
4.1 Modules

Publisher
In this module, the Publisher provides the user name, file name and generates the key, a publisher links the
key server along with the credentials for each attribute. If the publisher is permitted to distribute events
according to its credentials, the key server will generate separate private key and public key for each credential.
Publisher sends their data files to the Subscribers (S1, S2……S9) in a network (N1, N2, and N3).

Key Server
In this model, a key server maintains a single pair of public and private master keys. The master public key
is used by the sender to encrypt and send the messages to a user with any identity The Master Private key is
only known to the key server. The master private key is used for generating private keys for publishers and
subscribers. The Key Server is Responsible for view the credentials like view attackers and View keys with
their tags (User Name, File Name, Public key, Private key, Status) . The key server will perform the revocation
and un revocation of the remote user.

Server
In this module, The Server consists of Data Centre and back-up system. This is responsible of storing the
files in Data Centre and keeping a back up copy of the contents and forwards to respective subscriber in the
router via network. We describe two strategies to route events (from publishers to the relevant subscribers) in
the pub/sub overlay network without violating the weak subscription confidentiality. If attacker injects fake key
in key server can be update the original key from backup server and Data centre.

Router
The Router consists of multiple Networks (N1, N2, N3) and subscribers (S1, S2, S3, S4, S5, S6, S7, S8,
S9), In Router each Network consist of three Subscribers. A subscriber with more than one credentials can be
handled by running multiple virtual peers on a single physical node, each virtual peer maintaining its own set of
tree links. Access control in the framework of sub system means that only genuine publishers are allowed to
propagate events in the network and only those events are delivered to authorized subscribers. The Router is
responsible to view credentials like Log Details with their tags File Name, Network, Subscriber 1, Subscriber 2,
Subscriber 3, sent time and Subscriber status with their tags Subscriber name, IP, Current status, Joined
network.

Attacker
IJRISE| www.ijrise.org|editor@ijrise.org
International Journal of Research In Science & Engineering
Volume: 1 Issue: 1
e-ISSN: 2394-8299
p-ISSN: 2394-8280
In this module, the Attacker injects the fake key to the particular file in the Key server. The key server will
capture the attacker details like file name, injected fake key, attacker name, time and date.
4.2 System Architecture
Fig 2 System Architecture
Publisher will publish the events and then sends to the subscribers. In publisher the user should browse and
upload the file to particular networks. Also, need to generate keys and request those keys from key server then
upload the file to networks, checks whether the keys are safe or attacked.
Router checks network status, multi-cast data if the subscribers are on, show the log status, view all
subscribers’ details, view all files transaction. The router will route the files from publisher to subscribers and also it
consists of the information of the subscriber.
Key server will provide the master public and private key for the pub/sub systems. The master public key is
used by publisher to encrypt the message and then send to subscribers. The master private key is used by subscribers
to decrypt the message received from publisher.
Data centre and back-up server are used when attackers are attack to the pub/sub systems. Data center
consists of all the keys generated by the systems. The back-up server consists of private and public key for retrieving
the information of the message status when attackers attack the system.
IJRISE| www.ijrise.org|editor@ijrise.org
International Journal of Research In Science & Engineering
Volume: 1 Issue: 1
e-ISSN: 2394-8299
p-ISSN: 2394-8280
A subscriber decrypts all related data sets by using the master private key. Whenever the file is sent to subscribers,
the subscribers will be in on and off mode. If it’s on mode message will be delivered. If it’s in off mode then
message will be saved in back-up server, it will be delivered when subscriber will be on.
5. RESULTS
Fig 3: Publisher Module
Fig 4: Key Server Module
Fig 5: Router Module
IJRISE| www.ijrise.org|editor@ijrise.org
International Journal of Research In Science & Engineering
Volume: 1 Issue: 1
e-ISSN: 2394-8299
p-ISSN: 2394-8280
6. CONCLUSION
Authentication and confidentiality is ensured. Efficient transmission of data between subscriber and publisher is
achieved without using broker. Security will be provided using identity-based encryption in broker-less
publish/subscribe systems which is efficient in achieving authenticity and confidentiality. The cost and time is
reduced without using the broker in publish/subscribe system.
ACKNOWLEDGEMENT
I am thankful to ‘Mrs. Kamalakshi Naganna’, Associate Professor, Dept of CSE for her valuable advice and
support extended without which I could not have been able to complete the paper. I express deep thanks to ‘Dr.
Prashanth C M’, Head of Department (CS&E) for warm hospitality and affection towards me. I thank the
anonymous referees for their reviews that significantly improved the presentation of this paper. Words cannot
express our gratitude for all those people who helped directly or indirectly in my endeavor. I take this opportunity to
express my sincere thanks to all staff members of CS&E department of SCE for the valuable suggestion.
REFERENCES
[1] C. Raiciu and D.S. Rosenblum, “Enabling Confidentiality in Content-Based Publish/Subscribe Infrastructures,”
Proc. IEEE Second CreatNet Int’l Conf. Security and Privacy in Comm. Networks (SecureComm), 2006.
[2] M. Ion, G. Russello, and B. Crispo, “Supporting Publication and Subscription Confidentiality in Pub/Sub
Networks,” Proc. Sixth Int’l ICST Conf. Security and Privacy in Comm. Networks (SecureComm), 2010.
[3] S. Choi, G. Ghinita, and E. Bertino, “A Privacy-Enhancing Content-Based Publish/Subscribe System Using
Scalar Product Preserving Transformations,” Proc. 21st Int’l Conf. Database and Expert Systems Applications: Part
I, 2010.
[4] L.I.W. Pesonen, D.M. Eyers, and J. Bacon, “Encryption-Enforced Access Control in Dynamic Multi-Domain
Publish/Subscribe Networks,” Proc. ACM Int’l Conf. Distributed Event-Based Systems (DEBS), 2007.
[5] M. Srivatsa, L. Liu, and A. Iyengar, “Event-Guard: A System Architecture for Securing Publish-Subscribe
Networks,” ACM Trans. Computer Systems, vol. 29, article 10, 2011.
[6] A. Shikfa, M. Onen, and R. Molva, “Privacy-Preserving Content-Based Publish/Subscribe Networks,” Proc.
Emerging Challenges forSecurity, Privacy and Trust, 2009.
[7] P. Pietzuch, “Hermes: A Scalable Event-Based Middleware,” PhD dissertation, Univ. of Cambridge, Feb. 2004.
[8] L. Opyrchal and A. Prakash, “Secure Distribution of Events in Content-Based Publish Subscribe Systems,” Proc.
10th Conf. USENIX Security Symp. 2001.
[9]H. Khurana, “Scalable Security and Accounting Services for Content-Based Publish/Subscribe Systems,” Proc.
ACM Symp. Applied Computing, 2005.
[10] M.A. Tariq, B. Koldehofe, A. Altaweel, and K. Rothermel, “Providing Basic Security Mechanisms in BrokerLess Publish/Subscribe Systems,” Proc. ACM Fourth Int’l Conf. Distributed Event-Based Systems (DEBS), 2010.
IJRISE| www.ijrise.org|editor@ijrise.org
Download