You are on page 1of 6

© 2015 IJSRSET | Volume 1 | Issue 2 | Print ISSN : 2395-1990 | Online ISSN : 2394-4099

Themed Section: Engineering and Technology

Identity Based Encryption for Securing Publish Subscribe System

Harismita. H, Laavanya.R, Meenaa.R, Kalai Selvi
Information Technology, Dhanalakshmi College of Engineering, Chennai, Tamilnadu, India


We have reachable a new approach to provide authentication and confidentiality in a broker-less content-based
publish/subscribe system. Security is highly challenging in this system. In the project, security is provided by
adapting the Cipher text policy attribute based encryption. This over all approach provides fine-grained key
management and the efficient cost for encryption, decryption, and routing in the order of subscribed attributes, based
upon credentials.
Keywords: Publish/subscribe, P2P, Security
I. INTRODUCTION secure connection protocol is designed to preserve the
weak subscription confidentiality.
Publishers sends information into the publish/subscribe
system, and subscribers precise is the topic for II. METHODS AND MATERIAL
subscriptions. Published events are clustered to their
relevant subscribers, without the publishers knowing the A. System Model
subscriber. This decoupling is traditionally ensured by
intermediary routing over a broker network. In current Content-based publish/subscribe For the routing of
systems the publish/subscribe system uses content based events from publishers to the relevant subscribers we use
routing which does not provide authentication. Access the content-based data model. The event space, denoted
control in the context of publish/subscribe system means by , is composed of a global ordered set of distinct
that only authenticated publishers are allowed to attributes (Ai): = fA1; A2; : : : ;Adg. Each attribute Ai
disseminate events in the network and only those events are is characterized by a unique name, its data type and its
delivered to authorized subscribers. These security issues domain An event is matched against a subscription f
are not trivial to solve in a content-based publish/ subscribe (and subsequently delivered to the subscriber), if and
system and pose new challenges. For instance, end-to-end only if the value of attributes in the event stases the
authentication using a public key infrastructure (PKI) corresponding\constraints imposed by the subscription.
conflicts with the loose coupling between publishers and Let Ef1 and Ef2 denote the sets of events matching
subscription f1 and f2, respectively. Then f1 is said to be
Publishers must maintain the public keys of the interested
covered by another subscription f2 exits no dedicated
subscribers in order to encrypt events. Subscribers on the
broker infrastructure. Publishers and Subscriber
other hand, must know the public keys of all the relevant
contribute as peers to the maintenance of an self-
publishers in order to verify the authenticity of the received
events. Event message conflicts with the content-based
organizing overlay structure. Peers can join the overlay
routing therefore. In this paper, we present a new approach by contacting an arbitrary peer and thereafter subscribe
to provide authentication publish/subscribe system. Their and publish events. In order to authenticate publishers
subscriptions. Private keys assigned to the subscribers are we use the concept of advertisements in which a
labelled A publisher associates each encrypted event with a publisher announces beforehand the set of events which
set of credentials. We adapted identity based encryption it intends to publish. There are three major goals for the
mechanisms to ensure that a particular subscriber can proposed secure publish/ subscribe system, namely to
decrypt an event only if there is match between the support authentication, confidentiality and scalability:
credentials associated with the event and the key. A weaker
notion of subscription confidentiality is defined and a

IJSRSET152214 | Received: 1 March 2015 | Accepted: 5 March 2015 | March-April 2015 [(1)2: 35-40] 40
Authentication: In order to avoid non-eligible distributed applications. A sender needs to know only a
publications only authorized publishers should be able to single master public key in order to communicate with
publish events in the system. Similarly, subscribers any identity. Similarly, a receiver only obtains private
should only receive those messages to which they are keys for its own identities. Furthermore, an instance of
authorized to subscribe. central key server can be easily publisher/subscriber
Confidentiality: In a broker-less environment, two
aspects of confidentiality are of interest: i) the events are 1. Bilinearity: e(ux; vy) = e(uy; vx) = e(u; v)xy, for all u;
only visible to authorized subscribers and are protected v 2 G1 and x; y 2 Zp.
from illegal modifications; ii) the subscriptions of 2. Non-degeneracy: e(u; v) 6= 1, for all u; v 2 G1.
subscribers are condential and unforgivable. 3. Computability: e can be efficiently computed.

B. Identity Based Encryption C. Approach Overview

While a traditional PKI infrastructure requires to For providing security mechanisms in publish/subscribe we
maintain for each identity a private/public key pair rely on the methods of identity-based encryption and adapt
which has to be known between communicating entities it in order to support many-to-many interactions between
to encrypt and decrypt messages, Identity-based subscribers and publishers. Publishers and subscribers
encryption it provides a promising alternative to reduce interact with a key server by providing credentials to the
the amount of keys to be managed. In identity-based key server. In this case we say the credential is authorized
encryption (IBE), any valid string which uniquely by the key server. Consequently, a credential consists of
identifies a user can be the public key of the user. A key two parts: first a binary string which describes the
server maintains a single pair of public and private capability of a peer in publishing and receiving events, and
master keys. The master public key can be used by the second a proof of its identify While this can happen in a
sender to encrypt and send the messages to a user with variety of ways, e.g. relying on challenge response,
any identity, e.g. an email address. To successfully hardware support, etc., we pay attention mainly at
decrypt the message, a receiver needs to obtain a private expressing the capabilities of a credential, i.e. how
key for its identity from the key server. subscribers and publishers can create a credential. This
process needs to account the many possibilities to partition
the set of events expressed by an advertisement or
subscription and exploit overlaps in subscriptions and
publications. Subsequently, we use the term credential only
for referring to the capability string of a credential. The
keys assigned to publishers and subscribers, and the cipher
texts are labelled with credentials.

Figure 2: Identity-based encryption

Figure 1: Approach overview publisher has credentials with two attribute A
and B. Subscriber s6 has a credential to receive events with attribute A.
D. Creation of Credentials
We want to stress here that although identity-based
First of all we have to find a systematic way of
encryption at the first glance, appears like a highly
decomposing the event space for a content-based
centralized solution, its properties are ideal for highly

International Journal of Scientific Research in Science, Engineering and Technology (

subscription model. Later we show how subscriptions used for this purpose. In a content-based
and advertisements are mapped to the subspaces of the publish/subscribe system. A subscription defines a
event space and credentials are created. Further conjunction on predicates. An event matches a
extensions like considering string attributes and complex subscription if and only if all of the predicates in the
subscriptions are discussed subsequently. subscription are satisfied. To ensure event
confidentiality, a subscriber must not be able to
a) Event Space Numeric Attributes successfully decrypt any event which matches only parts
of its subscriptions. However, assigning keys for
individual attributes and XOR based decryption does not
Decomposition of the event space by focusing on prevent this behaviour. For example, consider a
numeric attributes takes place. Later we will discuss also subscriber with two subscriptions
how other types of attribute supported. The event space,
composed of d distinct numeric attributes can be d) Methods For Security
geometrically modelled as a d-dimensional space such
that each attribute represents a dimension in the space. In this section we will describe the construction of
Subscriptions and advertisements are represented by security mechanisms to achieve authentication of
hyper rectangles in the space, whereas published events publishers and subscribers as well as confidentiality of
represent points. With the spatial indexing approach, the events. One naive solution would be to directly use the
event space is hierarchically decomposed into regular techniques from PKI by assigning public/private key
subspaces, which serve as enclosing approximation for pair to each credential. Publishers and subscribers can
the subscriptions and advertisements. Each tree level contact key server to obtain the public/private key pairs
represents one step of the recursive process, starting that corresponds to their credentials. However, PKI does
with the root where the event space is still undivided. not provide a mechanism to bound together the
public/private key pairs associated with the same
b) Mapping To Credentials subscription and therefore, cannot be used. The security
mechanisms described in this section are adapted from
attribute-based encryption schemes.
Subscription or advertisement of a peer can be
composed of several subspaces. A credential is assigned In particular, our modifications,
for each of The mapped subscriptions. An event can be i) Allow publishers to sign and encrypt events at the
approximated by the smallest subspace that encloses the same time by using the idea of identity-based
point represented by it. To deliver the encrypted event a signcryption.
cipher text must be generated for each subspace that ii) Include some additional cipher texts that increase the
encloses the event so that the peer whose subscription efficiency of the system and,
mapped to any of these subspaces should be able to iii) Allow subscribers to verify the signatures associated
successfully decrypt the event. An event dze matches (is with all the attributes simultaneously. Our modifications
enclosed in) a subspace dzs if dze is covered by dzs. In do not change the basic structure of the schemes and
general, the number of subspaces matched by an event therefore preserves the same security strength.
dze is in the order of log2 (Qdi=1 Ti) and is equal to
jdzej+1 e) Publishing Event

c) 5.3 Complex Subscriptions When a publisher wants to publish an event M, it

chooses at random for each attribute Ai of the Event,
For a complex subscription with predicates on different such that q = Pdi=1 qi. These random values ensure that
attributes, a subscriber receives separate credentials and only the subscribers who have matching credentials for
thus keys for each attribute. Using these keys, a each of the attributes should be able to decrypt the event.
subscriber should be able to successfully decrypt any Furthermore, it generates a length random key SK. To
event with the corresponding Attributes, if he is encrypt an event, a publisher uses master public key and
authorized to read the values associated with the performs the following steps:
attributes. Any cryptographic primitive can be easily

International Journal of Scientific Research in Science, Engineering and Technology (

Step1: Compute The cost of asymmetric encryption event. For example, an event with a single Numeric
generally increases with the size of the plaintext. attribute and a value mapped to 0000 can be published
Therefore, only a fixed length random key SK is by the publisher with credentials 0000, 000,00 or 0. In
encrypted using the private keys of publisher. The actual this case our approach is as follows: a subscriber checks
event message M is encrypted with a symmetric the authenticity of the event for each attribute Ai
encryption algorithm such as AES, using the key SK. separately2, by verifying that for one of the possible
The cipher text C2 also includes the public keys of the credentials Credi;j the following identity holds: In this
credentials which authorizes the publisher to send the case the total verification cost is Pd i=1 log2(Ti)..
event. The inclusion of these public keys increases the
efficiency of signature verification process at the E. Subscription Confidentiality
expense of a small increase in the cipher text size (one
public key per attribute). In this section, we address subscription confidential in
Step2: For each attribute, a cipher text should be send broker-less publish/subscribe system, where publishers
for each credential that matches its value. For example, and subscribers are responsible for maintaining the
in case of a numeric attribute with value mapped to 0000, overlay network and forwarding events to relevant
a cipher text should be disseminated for the credentials subscribers. First, we describe the maintenance of the
0000,000,00 and 0. For each credential Cred i;j that publish/subscribe overlay network. Later we done a
matches the value of the attribute Ai, compute Ci;j = weaker notion of subscription confidentiality and detail
(u0Q k2�i;j uk)qi , where �i;j is calculated as described the mechanisms behind.
above. The cipher texts are ordered according to the
containment relationship (in descending order) between The publish/subscribe overlay is a virtual forest of
their associated credentials. logical trees, where each tree is associated with an
attribute A subscriber joins the trees corresponding to
f) Receiving Event the attributes of its subscription. Similarly, a publisher
sends an event on all the trees associated with the
On receiving the cipher texts, a subscriber trie to decrypt attributes in the event. Within each attribute tree,
them using its private keys. The cipher texts for each subscribers are connected according to the containment
attribute are strictly ordered according to the relationship between their credentials associated with the
containment relation between their associated attribute. The subscribers with coarser credentials (e.g.
credentials, therefore a subscriber only tries to decrypt the ones mapped to coarser subspaces in case of numeric
the cipher text whose position coincides with the attributes) are placed near the Tree of Attribute A1 Tree
position of its credential in the containment hierarchy of of Attribute A2 Figure 6: Publish/Subscriber system
corresponding attribute. The position of a credential can with two numeric attributes of the tree and forward
be easily determined by calculating its length. For events to subscribers with credentials. A subscriber with
example, for a numeric attribute, credential 0000 more than one credentials can be handled by running
occupies 4th position in the containment hierarchy i.e. multiple virtual peers on a single physical node, each
after 0,00 and 000. Subscribers decrypt the cipher text in virtual peer maintaining its own set of tree links. For
the following manner. and event dissemination example in Figure 6, the subscriber s3 has two
mechanisms (Section 6) ensure that subscriber knows credentials f000; 010g and is connect to two places in
the exact credential needed to decrypt the event. the tree.
Verification. A subscriber will only accepts the message
if it is from an authorized publisher. The received event In order to connect to an attribute tree, a newly arriving
is authentic if the following identity holds: VL = VR1 _ subscriber sn sends the connection request along with its
VR2 _ VR3 Remember the cipher text C2 contains the credential to a random peer sr in the tree. The peer sr
public keys of the credentials which authorize the compares the request credential with its own; if the
publisher to send the event. If no such public keys are peer's credential covers the request credential and the
included in C2, then the subscriber should try to peer can accommodate more children, it accepts the
authenticate the event by checking for all possible connection. Otherwise, the connection request is
credentials which a publisher might hold to publish the forwarded to all the children with covering credentials

International Journal of Scientific Research in Science, Engineering and Technology (

and the parent peer with exception of the peer, from For simplicity and without loss of generality, here we
which it was received. In this way the connection discuss the secure connection protocol with respect to a
request is forwarded by many peers in the tree before it single tree associated with a numeric attribute Ai and
each of the subscribers owns a single credential. The
reaches the suitable peer with covering credential and
secure protocol is based on the idea that in the tree
available connection. subscribers are always connected according to the
containment relationship between their credentials, e.g. a
subscriber with credential 00 can only connect to the
subscribers with credentials 0 or 00. A new subscriber s
encrypts secret words3 with the public keys Pus i;j for
all credentials that cover its own credential e.g. a
subscriber with credential 00 will generate cipher texts
by applying the public keys Pus i;0 and Pus i;00. The
generated cipher texts are added to a connection request
(CR) and the request is forwarded to a random peer in
the tree. A connection is established if the peer can
decrypt any of the cipher texts using its private keys.

Filling the security gaps: By looking at the number of

cipher texts in the connection request the peer could
detect the credential of the requesting subscribers. For
Figure 3: Pub/Sub System with two attributes example, a subscriber with credential 00 can only
connect to 0 or 00 and therefore, a connection request
Figure 3 shows the path followed by a request from a will have two cipher texts, whereas the connection
subscriber until it reaches the desired parent subscriber. request for 000 will have three cipher texts. In the worst
The drawback of maintaining separate trees for each case, a subscriber has a credential of the _nest
attribute is that the subscribers also receive events that granularity. This can be covered by log2(Ti) other
match only a part of their subscription (false positives). credentials and therefore a connection request contains
However, it cannot receive event confidentially because in the worst case that many cipher texts. To avoid any
false positives cannot be decrypted without having information leak, cipher texts in the connection request
required credentials for each attribute. are always kept in O(log2 Ti) (O(L) for pre_x matching)
by adding random cipher texts if needed. Furthermore,
a) Weak Subscription Confidentiality the cipher texts are to avoid any information leak from
their order.
It is infeasible to provide strong subscription
confidentiality in a broker-less publish/subscribe system Algorithm: Secure overlay Maintainer Protocol
because the maintenance of the overlay topology
requires each peer to know the subscription of its parent 1: upon event Receive(CR of snew from sp) do
as well as its children. 2: if decrypt request(CR) == SUCCESS then
To address this issue, a weaker notion of subscription 3: if degree(sq) == available then // can have child peers
confidentiality is required. 4: connect to the snew
5: else
Definition 6.1. Let s1 and s2 denote two subscribers in a 6: forward CR to fchild peers and parentg � sp
publish/subscribe system which both possess credentials 7: if decrypt request(CR) == FAIL then
for an attribute Ai. Weak subscription confidentiality 8: if sp == parent then
ensures that at most the following information can be 9: Try to swap by sending its own CR to the snew
inferred about the credentials of the subscribers: 10: else
1. The credential of s1 is either coarser or equal to the 11: forward to parent
credentials of s2.
2. The credential of s1 is either _ner or equal to the A child peer sq receives CR (of subscriber snew) from the
credentials of s2. parent only if the parent cannot accommodate more
children. If sq cannot be the parent of snew, i.e., snews
b) Secure Connection Protocol credentialis coarser than that of sq, then it tries to swap
its position with snew by sending its own connection
In the following, we propose a secure connection
request (cf. Algorithm 1, lines 7-9 ). However, if none of
protocol, which maintains the desired overlay topology
the children of parent sp can connect or swap with snew
without violating the weak subscription confidentiality.

International Journal of Scientific Research in Science, Engineering and Technology (

then there is no containment relationship between the 3 shows the overhead from the perspective of publishers
credentials of the children and . In this case a parent and subscribers in our system. In 4In our system pairing
should disconnect one of its children in order to ensure based encryption is used to encrypt a random key SK,
the new subscriber is connected to the tree.
which is later used to decrypt actual event using
6.4 Discussion for an attribute Ai, let S_ be the set of symmetric encryption with a uniform event distribution.
peers in the system whose credentials covers the Publish/subscribe overlay construction. We measured
credential of the subscriber s1. Let S_ denote the set of the average latency experienced by each subscriber to
subscribers whose credentials. connect to a suitable position in an attribute tree.
Latency is measured from the time subscriber sends
III. RESULTS AND DISCUSSION connection request message to a random peer in the tree
till the time the connection is actually established.
Secure Event Dissemination
The secure connection protocol ensures that the
credential of a parent peer covers the credentials of its
In this paper, we have presented a new approach to
children. Therefore, a parent peer can decrypt every
event, which it forwards to the children. Regardless of provide authentication and confidentiality in a broker-
the cryptographic primitives, a parent can eventually less content-based publish/subscribe system. The
discover the credentials of its child peers e.g. by approach is highly scalable in terms of number of
maintaining histories. In our approach we used one hop subscribers and publishers in the system and the number
flooding to avoid this problem. In one hop flooding, a of keys maintained by them. In particular, we have
parent assumes that the children have the same developed mechanisms to assign credentials to
credentials as its own and forwards each successfully
publishers and subscribers according to their
decrypted event to all of them. In turn the children
forward each event which was successfully decrypted to subscriptions and advertisements. Private keys assigned
all of their children and so on. In this strategy, a child to publishers and subscribers, and the cipher texts are
may have credentials then its parent and may receive labelled with credentials events. Furthermore, we
false positives. The detailed mechanism works as developed a protocol to preserve the weak subscription
follows: To publish an event, a publisher forwards the confidentiality in the presence of semantic clustering of
cipher texts of each attribute to a randomly selected subscribers.
subscriber on the corresponding attribute tree. All the
cipher texts of an event are labelled with a unique value Example: application includes news distribution, stock
such as sequence number of the event. This helps exchange, environmental monitoring, traffic control, and
subscribers to identify all the cipher texts of an event( as public sensing.
cipher text for each attribute are received on the separate

Evaluations [1]. Muhammad Adnan Tariq, Boris Koldehofe, and Kurt Rothermel
Similar to Event Guard we evaluated our solution in two DISTRIBUTED SYSTEMS, VOL. 25, NO. 2, FEBRUARY
aspects: i) quantifying the overhead of our cryptographic 2014.
primitives, and ii) evaluating the performance of our [2]. W.C. Barker and E.B. Barker, “SP 800-67 Rev. 1.
Recommendation for the Triple Data Encryption Algorithm
secure publish/subscribe system by benchmarking it
(TDEA) Block Cipher,” technical report, Nat’l Inst. of
with an Unsecured system. 8.1 Performance of Standards & Technology, 2012.
Cryptographic primitives In this section, we measure the [3]. S. Choi, G. Ghinita, and E. Bertino, “A Privacy-Enhancing
computational overhead of our security mechanisms. Content-Based Publish/Subscribe System Using Scalar Product
The security mechanisms are implemented by Pairing- Preserving Transformations,” Proc. 21st Int’l Conf. Database
and Expert Systems Applications: Part I, 2010.
Based Cryptography (PBC) library [12]. The [4]. J. Bacon, D.M. Eyers, J. Singh, and P.R. Pietzuch, “Access
implementation uses a 160-bit elliptic curve group based Control in Publish/Subscribe Systems,” Proc. Second ACM Int’l
on the super singular curve y2 all reporting values are Conf. Distributed Event-Based Systems (DEBS), 2008.
averaged over 1000 measurements. The message size is
kept 128 bytes as this good enough for most symmetric
encryption algorithms4. One-hop flooding (OHF) Table

International Journal of Scientific Research in Science, Engineering and Technology (