17-09-2016, 10:21 AM
1455028526-201404mswa4format.doc (Size: 166 KB / Downloads: 4)
Abstract— Authentication and confidentiality is one of the important aspects in a content based publish/subscribe system. The authentication of a publisher and a subscriber is difficult to make an impact because of loose coupling of publishers and subscribers. The confidentiality of events and subscriptions of subscriber’s conflicts with content based routing. There is no confidentiality in a broker less environment and this paper will provide confidentiality and authentication in a broker less publish subscribe system. We use cryptographic mechanisms to provide authentication to publishers and subscribers as well as their events in a publish/subscribe system. We also use an algorithm to cluster the subscribers who need subscriptions with confidentiality. This paper also contributes the use of encryption of encrypted events. New events are multi credential routed so that they can overcome weak subscription confidentiality. The overall approach provides key management services for encryption and decryption for subscribed attributes
I. INTRODUCTION
Publish/subscribe systems have gained popularity because of inherent decoupling of publishers from that of subscribers. They differ in terms of time, synchronization and space. The publishers publish their content in a publish/subscribe system and the subscribers can specify particular events which they are interested. The published events are routed to the subscribers without knowing the set of subscribers. Decoupling is done in a traditional way by routing in an intermediate way in a broker network. These days’ publishers and subscribers organize events in a broker-less routing infrastructure so that event forwarding overlay can be formed.
Content based publish/subscribe model is expensive where subscription define restriction of message contents. Due to its high cost it can be useful for large scale applications such as traffic control, stock exchange, environment monitoring, news distribution etc. And these applications need confidentiality and access in a publish/subscribe system.
Access control means that only authenticated publishers are allowed to share the events in a network and the events are delivered only to authorized subscribers. The overall content of events should not be exposed to the routing infrastructure. The subscribers will receive the events without revealing the subscription to the system. Security issues pose a threat in a content based publish/subscribe system. Public key infrastructure will give arise conflicts between publishers and subscribers which is one the important aspect for building an efficient and scalable publish/subscribe system. The publisher should hold the public keys of all the interested subscribers so that he can encrypt the event. Similarly the subscribers should also know the public keys of all the publishers. Traditional mechanisms encrypt the entire message which gives rise to conflicts in a content based routing paradigm. Hence a new mechanism is needed so that the messages are encrypted in such a way that authentication can be done without knowing the each other.
Traditional approaches have focused on efficiency and scalability rather than security. Existing system rely mainly on a traditional broker network. They match the keywords to route the events or rely on a semi trusted broker. Key management will play an important role in a publish/subscribe system and they are clustered according to their subscriptions. Private keys are assigned to the subscribers with credentials. We use identity based encryption mechanism so that only a subscriber can decrypt the event if his credential match with that of a publisher. This also allows authenticity of subscribers to receive encrypted events.
II. EXISTING SYSTEM
SYSTEM MODEL
A. Content Based Publish/subscribe
In content based publish/subscribe model we deliver the events to the subscribers. We set the publish/subscribe model in such a way that it does not need a dedicated broker. The Publishers and subscribers together contribute as peers for the maintenance of a self-organizing overlay structure within the system. To authenticate the publishers we use concept of advertisement so that the subscribers will know the event before publishing it.
B. Attacker model
The model has two entities: publishers and subscribers. Both these entities do not trust each other computationally in the system. The peers who are part of the system do not deviate from their protocols. Authorized publishers can only send events that are to be published. Some unauthorized publishers attack the authorized publisher with fake identity and events to take control over the network.
C. Identity based encryption
A tradition public key infrastructure of publishers and subscribers requires them to maintain both public and the private key to communicate between events and to encrypt or decrypt the message. Identity based encryption reduces the amount of keys used in a publish/subscribe system. The key server holds a pair of public key and a private master key. The master public key is used by the publisher to encrypt the message to the user with credentials. To decrypt the message the subscriber needs to get a private key from the key server. The Identity based encryption is like a centralized solution and its properties are ideal for highly distributed applications.
D. Key Generation
Publisher keys:
Before publishing the events a publisher needs to contact the key server along with the respective credentials. If the publisher is allowed to publish the events, the key server will generate private keys for each credential.
Subscriber keys:
Similarly to receive the events a subscriber should contact the key server and receive the private keys with the matching credentials associated with each attribute.
III. SECURE OVERLAY MAINTENANCE
In secure overlay maintenance all the subscribers have a relationship with every entity in a tree. When a new subscriber subscribes generates a random key and encrypts the event to safeguard the credentials of the user.
A. Requirement and security goals
The publish/subscribe system has three specific goals
• Authentication
• Confidentiality
• Scalability
B. Authentication
In the publish subscribe system only the authenticated publishers are allowed to publish the events and similarly authenticated subscribers will only receive events.
C. Confidentiality:
There are two main aspects in confidentiality
• To protect the events which are viewed only by authorized subscribers.
• The subscriptions are invisible to the infrastructure.
D. Scalability:
Scalability can be achieved in three ways
• The keys should be independent of the numbers of subscribers in the system.
• Constant number of keys given to the subscribers should be maintained by the key server.
• It should not affect the access control and it should be minimized.
IV. PROPOSED SYSTEM
The system proposes fuzzy logic which uses setup, extract, encryption and decryption of messages. This will help the system to be more reliable and efficient in tasks.
A. Set up
We are going to set up a parameter as input to the key generator and run the identity based encryption which will generate the master public key with parameters which is given to subscribers and kept as secret.
V. SECURE EVENT DESSIMATION
To publish an event a publisher should forward the cipher text of the each attribute to the root of the corresponding tree. All the cipher texts are labeled with a value in a sequence.
In one hop flooding a parent assumes that the child has the same credentials as its own and forwards the decrypted event to all of subscribers. When the child has finer credentials than the parent it may result in false positives.
VI. SECURITY MECHANISMS
Interactions between the publishers/subscribers can be done through identity based encryption. In our approach, the pub/sub will interact with the key server where the server will provide the keys to the credentials. These keys can be used to encrypt and decrypt the messages related to its contents. The credentials consist of a binary string and a proof of the identity. It is used for the authentication and confidentiality of the key server where the credentials should match the identity of the peer. The keys which are assigned by the key server are labeled with credentials. The identity based encryption allows the particular key to decrypt the particular event. The public keys can be generated by the peer without contacting to the key server.
The overlay network is maintained according to the subscriptions. Each subscriber should know about the parent and the child peers. When a new subscriber arrives a connection request (CR) is sent along with its subscription to a random peer in the overlay network.
Algorithm: Secure overlay maintenance protocol at peer
1: upon event Receive(CR of snew from sp) do
2: if decrypt request SUCCESS then
3: if degree(sq) == available then //can have child peers
4: connect to the snew
5: else
6: forward CR to fchild peers and parentgsp
7: if decrypt request FAIL then
8: if sp parent then
9: Try to swap by sending its own CR to the snew.
10: else
11: forward to parent.
VIII. CONCLUSION AND FUTURE WORK
In this paper we have given a new approach so that security can be high in a broker-less publish/subscribe system. Our approach is highly scalable and efficient in terms of subscribers and publishers and the keys maintained by the system. Authentication and confidentiality is very difficult in a publish/subscribe system due to loose coupling of publishers and subscribers. In order to resolve the conflicts in a publish/subscribe system we use fuzzy logic which has setup, extract, encryption and decryption so that the events can be successfully published and can be viewed it with credentials.