publish–subscribe is a messaging pattern where senders of messages, called publishers, do not program the messages to be sent directly to specific receivers, called subscribers. provisioning of basic security mechanisms such as authentication and confidentiality is highly challenging in a content based publish/subscribe system. Authentication of publishers and subscribers is difficult to achieve due to the loose coupling of publishers and subscribers. Likewise, confidentiality of events and subscriptions conflicts with content-based routing. This paper presents a novel approach to provide confidentiality and authentication in a broker-less content-based publish/subscribe system. The authentication of publishers and subscribers as well as confidentiality of events is ensured, by adapting the pairing-based cryptography mechanisms, to the needs of a publish/subscribe system. Furthermore, an algorithm to cluster subscribers according to their subscriptions preserves a weak notion of subscription confidentiality. In addition to our previous work [20], this paper contributes 1) use of searchable encryption to enable efficient routing of encrypted events, 2) multicredential routing a new event dissemination strategy to strengthen the weak subscription confidentiality, and 3) thorough analysis of different attacks on subscription confidentiality. The overall approach provides fine-grained key management and the cost for encryption, decryption, and routing is in the order of subscribed attributes. Moreover, the evaluations show that providing security is affordable w.r.t. 1) throughput of the proposed cryptographic primitives, and 2) delays incurred during the construction of the publish/subscribe overlay and the event dissemination.

E. Anceaume, M. Gradinariu, A.K. Datta, G. Simon, and A. Virgillito, “A Semantic Overlay for Self- Peer-to-Peer Publish/ Subscribe,” Proc. 26th IEEE Int’l Conf. Distributed Computing Systems (ICDCS), 2006.

J. Bacon, D.M. Eyers, J. Singh, and P.R. Pietzuch, “Access Control in Publish/Subscribe Systems,” Proc. Second ACM Int’l Conf. Distributed Event-Based Systems (DEBS), 2008.

W.C. Barker and E.B. Barker, “SP 800-67 Rev. 1. Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher,” technical report, Nat’l Inst. of Standards & Technology, 2012.

J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-Policy Attribute-Based Encryption,” Proc. IEEE Symp. Security and Privacy, 2007.

D. Boneh, G.D. Crescenzo, R. Ostrovsky, and G. Persiano, “Public Key Encryption with Keyword Search,” Proc. Int’l Conf. Theory and Applications of Cryptographic Techniques on Advances in Cryptology (EUROCRYPT), 2004.

D. Boneh and M.K. Franklin, “Identity-Based Encryption from the Weil Pairing,” Proc. Int’l Cryptology Conf. Advances in Cryptology, 2001.

S. Choi, G. Ghinita, and E. Bertino, “A Privacy-Enhancing Content-Based Publish/Subscribe System Using Scalar Product Preserving Transformations,” Proc. 21st Int’l Conf. Database and Expert Systems Applications: Part I, 2010.

V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data,” Proc. ACM 13th Conf. Computer and Comm. Security (CCS), 2006.

M. Ion, G. Russello, and B. Crispo, “Supporting Publication and Subscription Confidentiality in Pub/Sub Networks,” Proc. Sixth Int’l ICST Conf. Security and Privacy in Comm. Networks (SecureComm), 2010.

H.-A. Jacobsen, A.K.Y. Cheung, G. Li, B. Maniymaran, V. Muthusamy, and R.S. Kazemzadeh, “The PADRES Publish/ Subscribe System,” Principles and Applications of Distributed Event-Based Systems. IGI Global, 2010.

M. Jelasity, A. Montresor, G.P. Jesi, and S. Voulgaris, “PeerSim: A Peer-to-Peer Simulator,” http://peersim.sourceforge.net/, 2013.

H. Khurana, “Scalable Security and Accounting Services for Content-Based Publish/Subscribe Systems,” Proc. ACM Symp. Applied Computing, 2005.

A. Lewko, A. Sahai, and B. Waters, “Revocation Systems with Very Small Private Keys,” Proc. IEEE Symp. Security and Privacy, 2010.

B. Lynn, “The Pairing-Based Cryptography (PBC) Library,” http://crypto.stanford.edu/pbc/, 2010.

F.P. Miller, A.F. Vandome, and J. McBrewster, Advanced Encryption Standard. Alpha Press, 2009.

M. Nabeel, N. Shang, and E. Bertino, “Efficient Privacy Preserving Content Based Publish Subscribe Systems,” Proc. 17th ACM Symp. Access Control Models and Technologies, 2012.

L. Opyrchal and A. Prakash, “Secure Distribution of Events in Content-Based Publish Subscribe Systems,” Proc. 10th Conf. USENIX Security Symp., 2001.

L.I.W. Pesonen, D.M. Eyers, and J. Bacon, “Encryption-Enforced Access Control in Dynamic Multi-Domain Publish/Subscribe Networks,” Proc. ACM Int’l Conf. Distributed Event-Based Systems (DEBS), 2007.

P. Pietzuch, “Hermes: A Scalable Event-Based Middleware,” PhD dissertation, Univ. of Cambridge, Feb. 2004.

C. Raiciu and D.S. Rosenblum, “Enabling Confidentiality in Content-Based Publish/Subscribe Infrastructures,” Proc. IEEE Second CreatNet Int’l Conf. Security and Privacy in Comm. Networks (SecureComm), 2006.