International Journal of Research In Science & Engineering Volume: 1 Issue: 1 e-ISSN: 2394-8299 p-ISSN: 2394-8280 AN EFFICIENT APPROACH FOR IDENTITY BASED ENCRYPTION IN BROKER-LESS PUBLISH/SUBSCRIBE SYSTEMS Ashwini Jeevangi1, Kamalakshi Naganna 2 1 Post Graduate Student, Dept of CS&E, SCE Bangalore, India.Email-id:ashwinijeevangi09@gmail.com 2 Associate. Prof , Dept of CS&E , SCE Bangalore, India.Email-id:kamalakshinaganna@sapthagiri.edu.in ABSTRACT Authentication of publishers and subscribers is difficult using the broker. This paper provides confidentiality and authentications in a broker-less content-based publish/subscribe system(CBPS) using identitybased encryption(IBE). Multicredential are used to strengthen the weak subscription confidentiality, and also it shows the attacks on the keys generated by the key server. The broker-less content-based publish/subscribe systems reduces the cost for encryption, decryption and router, and also efficient fast transmission of the content from publisher to subscribers. Thus, security is provided using identity-based encryption in broker-less publish/subscribe systems. Keywords: Publish/Subscribe, Broker-Less, Identity-Based Encryption etc. ----------------------------------------------------------------------------------------------------------------------------1. INTRODUCTION The publisher/subscribe (pub/sub) has gained high popularity because of its natural decoupling of publishers from subscribers. Publishers will generate the events and inject into pub/sub system, and subscribers identify the events of interest by means of subscriptions. Published events are routed to their related subscribers, without the publishers knowing the related set of subscribers. Subscriber Publisher Subscriber Subscriber Fig 1: Publish/Subscribe Systems Content-based publish/subscribe system (CBPS) defines restrictions on the message content. The CBPS is useful for large-scale distributed applications. The pub/sub needs to provide supportive mechanisms to fulfill the basic security demands of these applications such as access control and confidentiality. Access control in the frame of pub/sub system means that only genuine publishers are allowed to propagate events in the system and only those events are deliver to allowed subscribers. The matter of events should not be exposed to the routing communications and a subscriber must receive all relevant events without revealing its subscription to the system. Solving these security issues in a content-based pub/sub system imposes new challenges. Most researches have focused only on providing significant and scalable pub/sub systems, but some attention has paid for the need of security. Existing approach mainly depends on traditional broker network [1], [2]. These address using only keyword matching technique [3], [6] or semi-trusted brokers [7], [9]. Further, existing approach IJRISE| www.ijrise.org|editor@ijrise.org International Journal of Research In Science & Engineering Volume: 1 Issue: 1 e-ISSN: 2394-8299 p-ISSN: 2394-8280 use coarse-grain based key management and it does not provide fine-grain access control in a scalable manner [3], [1].The security in broker-less CBPS can be done by clustering subscribers according to their subscriptions [10]. The identity-based encryption (IBE) provides an alternative to reduce the amount of keys to be managed. In IBE, any suitable string which uniquely identifies a user can be the public key of the user. A key server maintain a single pair of public and private master keys. To successfully decrypt the message, a receiver needs to obtain a private key for its identity from the key server. Thus, security may be provided using identity-based encryption in broker-less publish/subscribe systems. 2. RELATED WORK C. Raiciu et al., [1] Provides a content-based publish/subscribe (CBPS). The network of CBPS brokers provides communications whose role is to propagate notifications efficiently from the publishers to all the subscribers that have matching interests. They contributed a formal definition and a systematic analysis of confidentiality in contentbased publish/subscribe. It is first complete implementation of publish/subscribe that supports confidentiality. [1] Results show that achieving confidentiality is practical, a broker being able to match 100 notifications per second when it has 1000 subscribers. M. Ion et al., [2] The Subscriber expresses their significance by specify filters that brokers can use for routing the events. For receiving events, subscribers need to register their interest with a broker through a filter. When a new event is published, brokers forward it to all subscribers which expressed a filter that matches the event. They provided a scheme that supports confidentiality for events and filters, and finally publishers and subscribers does not require to share keys. Although events and filters are encrypted, brokers can still perform event filtering without learning any information. L.I.W. Pesonen et al., [4] they evaluate a secure multi-domain publish/subscribe communications that supports fine-grained access control over the individual attributes of event types. Key refresh allow us to make certain forward and backward security when event brokers join and leave the network. Enforce access control within the broker network by encrypting event content, and those policies state controls over the necessary encryption keys. Through the encrypted event content only authorized brokers are allowed to access the encryption key. M. Srivatsa et al., [5] proposed an Event Guard- a framework. Event-Guard proposes to decouple key management between publisher and subscribers as follows: associate an authorization key K (f) with a subscription filter f and an encryption key K (e) with an event e. The publisher uses the encryption key K (e) to encrypt the secret attributes in an event e, and the subscriber uses the authorization key K (f) to decrypt the secret attributes in a matching event e. They used hierarchical key derivation algorithms to map the authorization keys and the encryption keys into a common key space. The mapping ensures that a subscriber can efficiently derive an encryption key K (e) for an event e using an authorization key K (f) for the subscription filter f if and only if the event e matches the subscription filter f. Shikfa et al., [6] Privacy and confidentiality are critical issues in content-based publish/subscribe (CBPS) networks. The first requirement is for a secure forwarding mechanism that would achieve the look-up in forwarding tables using encrypted content as the search key. They suggested a result based on a commutative multiple encryption schemes in order to allow brokers to function in network matching and content-based routing without having access to the content of the packets. They provided a first solution that avoids key sharing and targets an improved CBPS model where brokers can also be subscribers at the same time. L. Opyrchal et al., [8] A specific problem in content-based systems is the secure distribution of events to clients subscribe to those events. In CBPS, every event can contain a different set of interest subscribers. To provide confidentiality guarantee, encrypt messages so that only interested subscribers can read the message. In the worst case, for n number of clients, there can be 2n subgroups, and each event can go to a potentially different subgroup. A major problem is organization of subgroup keys so that the number of encryptions required per event can be kept low. H. Khurana et al., [9] Different ways of expressing subscriber interest in events have led to different pub/sub schemes. One of the major hurdles to wide-scale deployment of CBPS is security. For example, ensuring that events are delivered only to authorized subscribers, preventing unauthorized modification to events, and guaranteeing that IJRISE| www.ijrise.org|editor@ijrise.org International Journal of Research In Science & Engineering Volume: 1 Issue: 1 e-ISSN: 2394-8299 p-ISSN: 2394-8280 delivered events are authentic .In other words, ensuring confidentiality, integrity and authentication of events as they traverse through the pub/sub infrastructure. M.A. Tariq et al., [10] this paper present a new approach to provide authentication and confidentiality in a broker-less pub/sub system. The approach allows subscribers to maintain credentials according to their subscriptions. A publisher links each encrypted event with a set of credentials. They adapted identity-based encryption (IBE) mechanisms to ensure that a particular subscriber can decrypt an event only if there is a match between the credentials associated with the event and the key and to allow subscribers to verify the authenticity of received events. Further, they addressed the issue of subscription confidentiality in the presence of semantic clustering of subscribers. Weaker notion of subscription confidentiality is defined and a secure overlay maintenance protocol is designed to preserve the weak subscription confidentiality. 3. CHALLENGES FOR PUBLISH/SUBSCRIBE SYSTEM Many of the existing methods mainly rely on broker which is not trustworthy. The existing methods address security using the key matching technique. The existing methods use coarse grain key management and it does not provide fine grain access control in a scalable manner. 4. METHODOLOGY 4.1 Modules Publisher In this module, the Publisher provides the user name, file name and generates the key, a publisher links the key server along with the credentials for each attribute. If the publisher is permitted to distribute events according to its credentials, the key server will generate separate private key and public key for each credential. Publisher sends their data files to the Subscribers (S1, S2……S9) in a network (N1, N2, and N3). Key Server In this model, a key server maintains a single pair of public and private master keys. The master public key is used by the sender to encrypt and send the messages to a user with any identity The Master Private key is only known to the key server. The master private key is used for generating private keys for publishers and subscribers. The Key Server is Responsible for view the credentials like view attackers and View keys with their tags (User Name, File Name, Public key, Private key, Status) . The key server will perform the revocation and un revocation of the remote user. Server In this module, The Server consists of Data Centre and back-up system. This is responsible of storing the files in Data Centre and keeping a back up copy of the contents and forwards to respective subscriber in the router via network. We describe two strategies to route events (from publishers to the relevant subscribers) in the pub/sub overlay network without violating the weak subscription confidentiality. If attacker injects fake key in key server can be update the original key from backup server and Data centre. Router The Router consists of multiple Networks (N1, N2, N3) and subscribers (S1, S2, S3, S4, S5, S6, S7, S8, S9), In Router each Network consist of three Subscribers. A subscriber with more than one credentials can be handled by running multiple virtual peers on a single physical node, each virtual peer maintaining its own set of tree links. Access control in the framework of sub system means that only genuine publishers are allowed to propagate events in the network and only those events are delivered to authorized subscribers. The Router is responsible to view credentials like Log Details with their tags File Name, Network, Subscriber 1, Subscriber 2, Subscriber 3, sent time and Subscriber status with their tags Subscriber name, IP, Current status, Joined network. Attacker IJRISE| www.ijrise.org|editor@ijrise.org International Journal of Research In Science & Engineering Volume: 1 Issue: 1 e-ISSN: 2394-8299 p-ISSN: 2394-8280 In this module, the Attacker injects the fake key to the particular file in the Key server. The key server will capture the attacker details like file name, injected fake key, attacker name, time and date. 4.2 System Architecture Fig 2 System Architecture Publisher will publish the events and then sends to the subscribers. In publisher the user should browse and upload the file to particular networks. Also, need to generate keys and request those keys from key server then upload the file to networks, checks whether the keys are safe or attacked. Router checks network status, multi-cast data if the subscribers are on, show the log status, view all subscribers’ details, view all files transaction. The router will route the files from publisher to subscribers and also it consists of the information of the subscriber. Key server will provide the master public and private key for the pub/sub systems. The master public key is used by publisher to encrypt the message and then send to subscribers. The master private key is used by subscribers to decrypt the message received from publisher. Data centre and back-up server are used when attackers are attack to the pub/sub systems. Data center consists of all the keys generated by the systems. The back-up server consists of private and public key for retrieving the information of the message status when attackers attack the system. IJRISE| www.ijrise.org|editor@ijrise.org International Journal of Research In Science & Engineering Volume: 1 Issue: 1 e-ISSN: 2394-8299 p-ISSN: 2394-8280 A subscriber decrypts all related data sets by using the master private key. Whenever the file is sent to subscribers, the subscribers will be in on and off mode. If it’s on mode message will be delivered. If it’s in off mode then message will be saved in back-up server, it will be delivered when subscriber will be on. 5. RESULTS Fig 3: Publisher Module Fig 4: Key Server Module Fig 5: Router Module IJRISE| www.ijrise.org|editor@ijrise.org International Journal of Research In Science & Engineering Volume: 1 Issue: 1 e-ISSN: 2394-8299 p-ISSN: 2394-8280 6. CONCLUSION Authentication and confidentiality is ensured. Efficient transmission of data between subscriber and publisher is achieved without using broker. Security will be provided using identity-based encryption in broker-less publish/subscribe systems which is efficient in achieving authenticity and confidentiality. The cost and time is reduced without using the broker in publish/subscribe system. ACKNOWLEDGEMENT I am thankful to ‘Mrs. Kamalakshi Naganna’, Associate Professor, Dept of CSE for her valuable advice and support extended without which I could not have been able to complete the paper. I express deep thanks to ‘Dr. Prashanth C M’, Head of Department (CS&E) for warm hospitality and affection towards me. I thank the anonymous referees for their reviews that significantly improved the presentation of this paper. Words cannot express our gratitude for all those people who helped directly or indirectly in my endeavor. I take this opportunity to express my sincere thanks to all staff members of CS&E department of SCE for the valuable suggestion. REFERENCES [1] C. Raiciu and D.S. Rosenblum, “Enabling Confidentiality in Content-Based Publish/Subscribe Infrastructures,” Proc. IEEE Second CreatNet Int’l Conf. Security and Privacy in Comm. Networks (SecureComm), 2006. [2] M. Ion, G. Russello, and B. Crispo, “Supporting Publication and Subscription Confidentiality in Pub/Sub Networks,” Proc. Sixth Int’l ICST Conf. Security and Privacy in Comm. Networks (SecureComm), 2010. [3] S. Choi, G. Ghinita, and E. Bertino, “A Privacy-Enhancing Content-Based Publish/Subscribe System Using Scalar Product Preserving Transformations,” Proc. 21st Int’l Conf. Database and Expert Systems Applications: Part I, 2010. [4] L.I.W. Pesonen, D.M. Eyers, and J. Bacon, “Encryption-Enforced Access Control in Dynamic Multi-Domain Publish/Subscribe Networks,” Proc. ACM Int’l Conf. Distributed Event-Based Systems (DEBS), 2007. [5] M. Srivatsa, L. Liu, and A. Iyengar, “Event-Guard: A System Architecture for Securing Publish-Subscribe Networks,” ACM Trans. Computer Systems, vol. 29, article 10, 2011. [6] A. Shikfa, M. Onen, and R. Molva, “Privacy-Preserving Content-Based Publish/Subscribe Networks,” Proc. Emerging Challenges forSecurity, Privacy and Trust, 2009. [7] P. Pietzuch, “Hermes: A Scalable Event-Based Middleware,” PhD dissertation, Univ. of Cambridge, Feb. 2004. [8] L. Opyrchal and A. Prakash, “Secure Distribution of Events in Content-Based Publish Subscribe Systems,” Proc. 10th Conf. USENIX Security Symp. 2001. [9]H. Khurana, “Scalable Security and Accounting Services for Content-Based Publish/Subscribe Systems,” Proc. ACM Symp. Applied Computing, 2005. [10] M.A. Tariq, B. Koldehofe, A. Altaweel, and K. Rothermel, “Providing Basic Security Mechanisms in BrokerLess Publish/Subscribe Systems,” Proc. ACM Fourth Int’l Conf. Distributed Event-Based Systems (DEBS), 2010. IJRISE| www.ijrise.org|editor@ijrise.org