Secure aggregation in a publish-subscribe system

Authors:
Kazuhiro Minami;Adam J. Lee;Marianne Winslett;Nikita Borisov
Affiliations:
University of Illinois at Urbana-Champaign, Urbana, IL, USA;University of Pittsburgh, Pittsburgh, PA, USA;University of Illinois at Urbana-Champaign, Urbana, IL, USA;University of Illinois at Urbana-Champaign, Urbana, IL, USA
Venue:
Proceedings of the 7th ACM workshop on Privacy in the electronic society
Year:
2008

Citing 19
Cited 3

Security problems on inference control for SUM, MAX, and MIN queries

Journal of the ACM (JACM)
Design and evaluation of a wide-area event notification service

ACM Transactions on Computer Systems (TOCS)
Auditing Sum Queries

ICDT '03 Proceedings of the 9th International Conference on Database Theory
Towards an Access Control Mechanism for Wide-Area Publish/Subscribe Systems

ICDCSW '02 Proceedings of the 22nd International Conference on Distributed Computing Systems
Security Issues and Requirements for Internet-Scale Publish-Subscribe Systems

HICSS '02 Proceedings of the 35th Annual Hawaii International Conference on System Sciences (HICSS'02)-Volume 9 - Volume 9
Secure Aggregation for Wireless Networks

SAINT-W '03 Proceedings of the 2003 Symposium on Applications and the Internet Workshops (SAINT'03 Workshops)
Efficient Authentication and Signing of Multicast Streams over Lossy Channels

SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Resilient aggregation in sensor networks

Proceedings of the 2nd ACM workshop on Security of ad hoc and sensor networks
Scalable security and accounting services for content-based publish/subscribe systems

Proceedings of the 2005 ACM symposium on Applied computing
E.cient Aggregation of encrypted data in Wireless Sensor Networks

MOBIQUITOUS '05 Proceedings of the The Second Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services
Securing publish-subscribe overlay services with EventGuard

Proceedings of the 12th ACM conference on Computer and communications security
A Capability-Based Access Control Architecture for Multi-Domain Publish/Subscribe Systems

SAINT '06 Proceedings of the International Symposium on Applications on Internet
Auditing sum-queries to make a statistical database secure

ACM Transactions on Information and System Security (TISSEC)
Dynamic Access Control in a Content-based Publish/Subscribe System with Delivery Guarantees

ICDCS '06 Proceedings of the 26th IEEE International Conference on Distributed Computing Systems
Secure hierarchical in-network aggregation in sensor networks

Proceedings of the 13th ACM conference on Computer and communications security
Secure distribution of events in content-based publish subscribe systems

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Encryption-enforced access control in dynamic multi-domain publish/subscribe networks

Proceedings of the 2007 inaugural international conference on Distributed event-based systems
Corona: a high performance publish-subscribe system for the world wide web

NSDI'06 Proceedings of the 3rd conference on Networked Systems Design & Implementation - Volume 3
Secure Event Dissemination in Publish-Subscribe Networks

ICDCS '07 Proceedings of the 27th International Conference on Distributed Computing Systems

A privacy-enhancing content-based publish/subscribe system using scalar product preserving transformations

DEXA'10 Proceedings of the 21st international conference on Database and expert systems applications: Part I
Research challenges towards the Future Internet

Computer Communications
Efficient privacy preserving content based publish subscribe systems

Proceedings of the 17th ACM symposium on Access Control Models and Technologies

Quantified Score

Hi-index	0.00

Visualization

Abstract

A publish-subscribe system is an information dissemination infrastructure that supports many-to-many communications among publishers and subscribers. In many publish-subscribe systems, in-network aggregation of input data is considered to be an important service that reduces the bandwidth requirements of the system significantly. In this paper, we present a scheme for securing the aggregation of inputs to such a publish-subscribe system. Our scheme, which focuses on the additive aggregate function, sum, preserves the confidentiality and integrity of aggregated data in the presence of untrusted routing nodes. Our scheme allows a group of publishers to publish aggregate data to authorized subscribers without revealing their individual private inputs to either the routing nodes or the subscribers. In addition, our scheme allows subscribers to verify that routing nodes perform the aggregation operation correctly. We use a message authentication code (MAC) scheme based on the discrete logarithm property to allow subscribers to verify the correctness of aggregated data without receiving the digitally-signed raw data used as input to the aggregation. In addition to describing our secure aggregation scheme, we provide formal proofs of its soundness and safety.