Enabling Confidentiality in Content-Based Publish/Subscribe Infrastructures

Abstract

Content-based publish/subscribe (CBPS) is an interaction model where the interests of subscribers are stored in a content-based forwarding infrastructure to guide routing of notifications to interested parties. In this paper, we focus on answering the following question: can we implement content-based publish/subscribe while keeping subscriptions and notifications confidential from the forwarding brokers? Our contributions include a systematic analysis of the problem, providing a formal security model and showing that the maximum level of attainable security in this setting is restricted. We focus on enabling provable confidentiality for commonly used applications and subscription languages in CBPS and present a series of practical provably secure protocols, some of which are novel and others adapted from existing work. We have implemented these protocols in Siena, a popular CBPS system. Evaluation results show that confidential content-based publish/subscribe is practical: a single broker serving 1000 subscribers is able to route more than 100 notifications per second with our solutions