Design and evaluation of a wide-area event notification service
ACM Transactions on Computer Systems (TOCS)
Executing SQL over encrypted data in the database-service-provider model
Proceedings of the 2002 ACM SIGMOD international conference on Management of data
Security Issues and Requirements for Internet-Scale Publish-Subscribe Systems
HICSS '02 Proceedings of the 35th Annual Hawaii International Conference on System Sciences (HICSS'02)-Volume 9 - Volume 9
Providing Database as a Service
ICDE '02 Proceedings of the 18th International Conference on Data Engineering
Practical Techniques for Searches on Encrypted Data
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Order preserving encryption for numeric data
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Scalable security and accounting services for content-based publish/subscribe systems
Proceedings of the 2005 ACM symposium on Applied computing
Securing publish-subscribe overlay services with EventGuard
Proceedings of the 12th ACM conference on Computer and communications security
Multi-Dimensional Range Query over Encrypted Data
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Encryption-enforced access control in dynamic multi-domain publish/subscribe networks
Proceedings of the 2007 inaugural international conference on Distributed event-based systems
A privacy-preserving index for range queries
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
CADS: continuous authentication on data streams
VLDB '07 Proceedings of the 33rd international conference on Very large data bases
Secure aggregation in a publish-subscribe system
Proceedings of the 7th ACM workshop on Privacy in the electronic society
Secure kNN computation on encrypted databases
Proceedings of the 2009 ACM SIGMOD International Conference on Management of data
Public-key cryptosystems based on composite degree residuosity classes
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Conjunctive, subset, and range queries on encrypted data
TCC'07 Proceedings of the 4th conference on Theory of cryptography
An attacker's view of distance preserving maps for privacy preserving data mining
PKDD'06 Proceedings of the 10th European conference on Principle and Practice of Knowledge Discovery in Databases
Computer Networks: The International Journal of Computer and Telecommunications Networking
Efficient privacy preserving content based publish subscribe systems
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Thrifty privacy: efficient support for privacy-preserving publish/subscribe
Proceedings of the 6th ACM International Conference on Distributed Event-Based Systems
StreamHub: a massively parallel architecture for high-performance content-based publish/subscribe
Proceedings of the 7th ACM international conference on Distributed event-based systems
Hi-index | 0.00 |
Users of content-based publish/subscribe systems (CBPS) are interested in receiving data items with values that satisfy certain conditions. Each user submits a list of subscription specifications to a broker, which routes data items from publishers to users. When a broker receives a notification that contains a value from a publisher, it forwards it only to the subscribers whose requests match the value. However, in many applications, the data published are confidential, and their contents must not be revealed to brokers. Furthermore, a user's subscription may contain sensitive information that must be protected from brokers. Therefore, a difficult challenge arises: how to route publisher data to the appropriate subscribers without the intermediate brokers learning the plain text values of the notifications and subscriptions. To that extent, brokers must be able to perform operations on top of the encrypted contents of subscriptions and notifications. Such operations may be as simple as equality match, but often require more complex operations such as determining inclusion of data in a value interval. Previous work attempted to solve this problem by using one-way data mappings or specialized encryption functions that allow evaluation of conditions on ciphertexts. However, such operations are computationally expensive, and the resulting CBPS lack scalability. As fast dissemination is an important requirement in many applications, we focus on a new data transformation method called Asymmetric Scalar-product Preserving Encryption (ASPE) [1]. We devise methods that build upon ASPE to support private evaluation of several types of conditions. We also suggest techniques for secure aggregation of notifications, supporting functions such as sum, minimum, maximum and count. Our experimental evaluation shows that ASPE-based CBPS incurs 65% less overhead for exact-match filtering and 50% less overhead for range filtering compared to the state-of-the-art.