Scalable Security and Accounting Services for Content-based Publish/Subscribe Systems

1. Scalable Security and Accounting Services for Content-based Publish/Subscribe Systems Himanshu Khurana NCSA, University of Illinois

2. Introduction Pub/Sub Infrastructure (e.g., Gryphon, Siena) B Border Broker PB Publisher B Broker SB Subscriber B B PB B B SB PB B B B B B B SB B PB B SB SB PB PB • Applications: software updates, location-based services for wireless networks, • supply chain management, traffic control, and stock quote dissemination • Three types: Topic-based, type-based, and content-based • Content-based considered to be the most general

3. Security Challenges Addressed for Content-Based Pub/Sub Systems (CBPS) • Confidentiality, integrity, and authentication of events • Usage-based accounting E.g., for stock quote dissemination • Solution Highlights • Strong adversarial model: PBs & SBs don’t trust broker network • Adversary has access to CBPS network traffic and will attempt to • Violate confidentiality of events by observing them • Violate integrity and authentication by inserting/modifying fake events and subscriptions • No security associations (e.g. keys) needed between PBs and SBs • No modifications needed to existing matching & routing algorithms • Scales to support an Internet-scale pub/sub infrastructure

4. Confidentiality • Adversary has access to network traffic  contents cannot be disclosed to brokers • One approach: perform computations on encrypted data • Difficult to implement in practice • Require modifications to matching and routing techniques • Observation • Only selected parts of an event’s content need to be confidential • Matching and routing can be accomplished without these parts • Our Approach • Encode events in XML documents • Use Bertino and Ferrari’s XML document dissemination techniques to selectively encrypt sensitive parts of events • Distribute keys to authorized subscribers using Jakobsson’s proxy encryption techniques

5. Message: id 100 <?xml?><stock> <symbol>YHOO</symbol> <price> Ek(70.2) </price> <open>50</open> <volume>10000</volume> </stock> Message: id 100 <?xml?><stock> <symbol>YHOO</symbol> <price> 70.2 </price> <open>50</open> <volume>10000</volume> </stock> Encrypt EncPK(k) Message: id 200 <?xml?><gamescore> <date>8/5/04</date> <teams>NY-CA</teams> <score>Ek(10-3)</score> </gamescore> Message: id 200 <?xml?><gamescore> <date>8/5/04</date> <teams>NY-CA</teams> <score>10-3</score> </gamescore> Encrypt EncPK(k) Confidentiality Examples Cleartext Event Contents Encrypted Packages Ek()  symmetric key encryption (e.g., AES) using key k EncPK()  El Gamal public key encryption using key PK

6. Distributing Keys to Authorized Subscribers Proxy Security and Accounting Service (PSAS) Coordinators n servers with t of n threshold key sharing … c1 c2 cl … 1 2 3 n t RSA Signature Key (Kps, PKps): Kps =  Kpsi where Kpsi is a key share held by any server i=1 t For each PB, an EG decryption key (x, y): x =  xi where xi is a key share held by any server, y = gx i=1 Register Transform Border Broker B1 … Border Broker B2 Register/ Publish Register/ Receive broker network PB SB

7. Integrity and Authentication • Event integrity and authentication • Needed to ensure that event contents come from an authentic source and have not been modified • We use XML signatures for event integrity and authentication • Assume subscribers can verify publisher’s certificates • Should signatures be applied on cleartext or encrypted contents? • Signing only encrypted contents is considered insecure • Signing cleartext contents  intermediate components (e.g. PSAS) can’t verify signature • Therefore, use two signatures • First one over cleartext, second one over encrypted contents • Transformation request integrity and authentication • Needed to prevent unauthorized transformations • We use XML signatures request integrity and authentication

8. Initialization Co-sign Request B1 PSAS (n servers, signature key shared in t-of-n manner) Register PB Signed Public Key (generate t-of-n decryption key for PB) B2 SB Register public key, interests Protocol Overview Publisher and Subscriber Registration Get Public Key

9. Protocol Overview Event publication, routing, and delivery B1 PSAS (transforms event for subscriber) Publish (pac) PB Match & Route ... Transform(pac, PKsb) B2 Deliver (pac’) SB • Transformation process produces a verifiable certificate • Used to provide usage-based accounting

10. B1 Publish (pac) PB Match & Route ... Transform( pac, PKps2) PSAS1 Bi pac’ Forward Bj Match & Route ... PSAS2 Bt Transform( pac’, PKsb) pac’’ Deliver (pac’’) SB Scalability via multiple PSASs

11. Security Analysis • Confidentiality provided by encrypting sensitive contents of events • Remain encrypted from publication to delivery • Transformation process at PSAS maintains confidentiality • Integrity and Authentication provided via digital signatures • Subscribers can verify signatures over cleartext contents • Brokers and PSAS can verify signatures over encrypted contents • Usage- based accounting • Publicly verifiable transformation certificates generated by PSAS

12. Conclusions and Future Work • Proposed novel approach for security in CBPS • Confidentiality, integrity, and authentication of events • Usage-based accounting • Future Work • Detailed scalability and cost analysis • Prototype implementation using • Siena (supports XML events) • Available threshold cryptographic libraries