Securing Broker-Less Publish/Subscribe Systems Using Identity-Based Encryption

Securing Broker-Less Publish/Subscribe Systems Using Identity-Based Encryption

ABSTRACT:

The provisioning of basic security mechanisms such as authentication and confidentiality is highly challenging in a contentbased publish/subscribe system. Authentication of publishers and subscribers is difficult to achieve due to the loose coupling of publishers and subscribers. Likewise, confidentiality of events and subscriptions conflicts with content-based routing. This paper presents a novel approach to provide confidentiality and authentication in a broker-less content-based publish/subscribe system. The authentication of publishers and subscribers as well as confidentiality of events is ensured, by adapting the pairing-based cryptography mechanisms, to the needs of a publish/subscribe system. Furthermore, an algorithm to cluster subscribers according to their subscriptions preserves a weak notion of subscription confidentiality. In addition to our previous work [23], this paper contributes 1) use of searchable encryption to enable efficient routing of encrypted events, 2) multicredential routing a new event dissemination strategy to strengthen the weak subscription confidentiality, and 3) thorough analysis of different attacks on subscription confidentiality. The overall approach provides fine-grained key management and the cost for encryption, decryption, and routing is in the order of subscribed attributes. Moreover, the evaluations show that providing security is affordable w.r.t. 1) throughput of the proposedcryptographic primitives, and 2) delays incurred during the construction of the publish/subscribe overlay and the event dissemination.

EXISTING SYSTEM:

·        Content-based publish/subscribe is the variant which pro-vides the most expressive subscription model, where subscriptions de ne restrictions on the message content. Its expressiveness and asynchronous nature is particularly useful for large-scale distributed applications with high-volume data streams.

·        Access control in the context of publish/subscribe system means that only authenticated publishers are allowed to disseminate events in the network and only those events are delivered to authorized subscribers. Similarly, the content of events should not be exposed to the routing infrastructure and a subscriber should receive all relevant events without revealing its subscription to the system. These security issues are not trivial to solve in a content-based pubish/subscribe system and pose new challenges.

DISADVANTAGES OF EXISTING SYSTEM:

·        It is very hard to provide subscription condentiality in a broker-less publish/subscribe system, where the subscribers are arranged in an overlay network according to the containment relationship between their subscriptions. In this case, regardless of the cryptographic primitives used, the maximum level of attainable condentiality is very limited.

·        The limitation arises from the fact that a parent can decrypt every event it forwarded to its children.  Therefore, mechanisms are needed to provide a weaker notion of condentiality.

·        Do not intend to solve the digital copyright problem.

PROPOSED SYSTEM:

] In this paper, we present a new approach to provide authentication and condentiality in a broker-less publish/subscribe system.

] Our approach allows subscribers to maintain credentials according to their subscriptions. Private keys assigned to the subscribers are labelled with the credentials.

] A publisher associates each encrypted event with a set of credentials. We adapted identity based encryption mechanisms.

ADVANTAGES OF PROPOSED SYSTEM:

·        To ensure that a particular subscriber can decrypt an event only if there is match between the credentials associated with the event and the key.

·        To allow subscribers to verify the authenticity of received events. Furthermore, we address the issue of subscription condentiality in the presence of semantic clustering of subscribers. A weaker notion of subscription condentiality is dened and a secure connection protocol is designed to preserve the weak subscription condentiality. Finally, the evaluations demonstrate the viability of the proposed security mechanisms.

SYSTEM REQUIREMENTS:

HARDWARE REQUIREMENTS:

Ø System                          :         Pentium IV 2.4 GHz.

Ø Hard Disk                      :         40 GB.

Ø Floppy Drive                 :         1.44 Mb.

Ø Monitor                         :         15 VGA Colour.

Ø Mouse                            :         Logitech.

Ø Ram                               :         512 Mb.

SOFTWARE REQUIREMENTS:

Ø Operating system           :         Windows XP/7.

Ø Coding Language :         JAVA/J2EE

Ø IDE                      :         Netbeans 7.4

Ø Database              :         MYSQL

REFERENCE:

Muhammad Adnan Tariq, Boris Koldehofe, and Kurt Rothermel “Securing Broker-Less Publish/Subscribe Systems Using Identity-Based Encryption” IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS,VOL. 25, NO. 2, FEBRUARY 2014.