Towards a Secure Rendezvous Network for Future Publish/Subscribe Architectures

  • Nikos Fotiou
  • Giannis F. Marias
  • George C. Polyzos
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6369)


Publish/Subscribe is often regarded as a promising paradigm for Future Internet architectures. Its information oriented nature and its particular security features have stimulated current research efforts which aim at applying publish/subscribe principles to a clean-slate Internet architecture. One of the core components of publish/subscribe architectures is the rendezvous network. Any security failure that a rendezvous network may face will probably jeopardize the operation of the whole (inter-)network. In this paper we highlight security requirements and potential security issues of rendezvous networks and we present security solutions that can be applied in order to shield them.


Future Internet Publish/Subscribe Security 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    PSIRP Project Website, (Last accessed April 2010)
  2. 2.
    CCNx Project Website, (Last accessed April 2010)
  3. 3.
    Eugster, P.T., Felber, P.A., Guerraoui, R., Kermarrec, A.M.: The many faces of publish/subscribe. ACM Computing Surveys (CSUR) 35(2), 131 (2003)CrossRefGoogle Scholar
  4. 4.
    Castro, M., Druschel, P., Kermarrec, A.M., Rowstron, A.I.T.: SCRIBE: A large-scale and decentralized application-level multicast infrastructure. IEEE Journal on Selected Areas in communications 20(8), 1489–1499 (2002)CrossRefGoogle Scholar
  5. 5.
    Huang, Y., Garcia-Molina, H.: Publish/subscribe in a mobile environment. Springer Wireless Networks 10(6), 643–652 (2004)CrossRefGoogle Scholar
  6. 6.
    Koponen, T., Chawla, M., Chun, B.G., Ermolinskiy, A., Kim, K.H., Shenker, S., Stoica, I.: A data-oriented (and beyond) network architecture. ACM SIGCOMM Computer Communication Review 37(4), 192 (2007)CrossRefGoogle Scholar
  7. 7.
    Stoica, I., Adkins, D., Ratnasamy, S., Shenker, S., Surana, S., Zhuang, S.: Internet indirection infrastructure. In: Springer Peer-to-Peer Systems, pp. 192–202 (2008)Google Scholar
  8. 8.
    Fotiou, N., Polyzos, G.C., Trossen, D.: Illustrating a Publish-Subscribe In- ternet Architecture. In: Future Internet Architectures: New Trends in Service Architectures (2nd Euro-NF Workshop) (2009)Google Scholar
  9. 9.
    Stoica, I., Morris, R., Karger, D., Kaashoek, M.F., Balakrishnan, H.: Chord: A scalable peer-to-peer lookup service for internet applications. In: Proceedings of the 2001 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, p. 160 (2001)Google Scholar
  10. 10.
    Rowstron, A., Druschel, P.: Pastry: Scalable, distributed object location and routing for large-scale peer-to-peer systems. In: Guerraoui, R. (ed.) Middleware 2001. LNCS, vol. 2218, pp. 329–350. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. 11.
    Ratnasamy, S., Francis, P., Handley, M., Karp, R., Schenker, S.: A scalable content-addressable network. In: Proceedings of the 2001 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, p. 172 (2001)Google Scholar
  12. 12.
    Wang, C., Carzaniga, A., Evans, D., Wolf, A.: Security issues and requirements for Internet-scale publish-subscribe systems. In: Proceedings of the 35th Annual Hawaii International Conference on System Sciences, pp. 3940–3947 (2002)Google Scholar
  13. 13.
    Lagutin, D., Visala, K., Zahemszky, A., Burbridge, T., Marias, G.F.: Roles and Security in a Publish/Subscribe Network Architecture. To appear in IEEE Symposium on Computers and Communications (2010)Google Scholar
  14. 14.
    Lioy, A., Maino, F., Marian, M., Mazzocchi, D.: DNS security. In: Proceedings of the TERENA Networking Conference (2000)Google Scholar
  15. 15.
    Ramasubramanian, V., Sirer, E.G.: Perils of transitive trust in the domain name system. In: Proceedings of the Internet Measurement Conference, IMC (2005)Google Scholar
  16. 16.
    Sit, E., Morris, R.: Security considerations for peer-to-peer distributed hash tables. In: Druschel, P., Kaashoek, M.F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 261–269. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  17. 17.
    Douceur, J.: The Sybil attack. Peer-to-Peer Systems, pp. 251–260. Springer, Heidelberg (2002)CrossRefzbMATHGoogle Scholar
  18. 18.
    Singh, A., Castro, M., Druschel, P., Rowstron, A.: Defending against eclipse attacks on overlay networks. In: Proceedings of the 11th Workshop on ACM SIGOPS European Workshop, p. 21 (2004)Google Scholar
  19. 19.
    Wun, A., Cheung, A., Jacobsen, H.A.: A taxonomy for denial of service attacks in content-based publish/subscribe systems. In: Proceedings of the 2007 Inaugural International Conference on Distributed Event-Based Systems, p. 127. ACM, New York (2007)Google Scholar
  20. 20.
    Tarkoma, S.: Preventing Spam in Publish/Subscribe. In: Proceedings of the 26th IEEE International Conference on Distributed Computing Systems Workshops, p. 21 (2006)Google Scholar
  21. 21.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, SP 2007, pp. 321–334 (2007)Google Scholar
  22. 22.
    Srivatsa, M., Liu, L.: Securing publish-subscribe overlay services with event-guard. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 298 (2005)Google Scholar
  23. 23.
    Pallickara, S., Pierce, M., Gadgil, H., Fox, G., Yan, Y., Huang, Y.: A Framework for Secure End-to-End Delivery of Messages in Publish/Subscribe Systems. In: Proceedings of the 7th IEEE/ACM International Conference on Grid Computing (GRID 2006), pp. 28–29 (2006)Google Scholar
  24. 24.
    Miklos, Z.: Towards an access control mechanism for wide-area publish/subscribe systems. In: Proceedings 22nd International Conference on Distributed Computing Systems Workshops, pp. 516–521 (2002)Google Scholar
  25. 25.
    Belokosztolszki, A., Eyers, D.M., Pietzuch, P.R., Bacon, J., Moody, K.: Role-based access control for publish/subscribe middleware architectures. In: Proceedings of the 2nd International Workshop on Distributed Event-Based Systems, p. 8 (2003)Google Scholar
  26. 26.
    Bacon, J., Moody, K., Yao, W.: A model of OASIS role-based access control and its support for active security. ACM Transactions on Information and System Security (TISSEC) 5(4), 492–540 (2002)CrossRefGoogle Scholar
  27. 27.
    Baden, R., Bender, A., Spring, N., Bhattacharjee, B., Starin, D.: Persona: An online social network with user-defined privacy. ACM SIGCOMM Computer Communication Review 39(4), 135–146 (2009)CrossRefGoogle Scholar
  28. 28.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of the 41st annual ACM symposium on Theory of Computing, pp. 169–178 (2009)Google Scholar
  29. 29.
    Ambainis, A.: Upper bound on the communication complexity of private information retrieval. In: Springer Automata, Languages and Programming, pp. 401–407 (1997)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Nikos Fotiou
    • 1
  • Giannis F. Marias
    • 1
  • George C. Polyzos
    • 1
  1. 1.Athens University of Economics and BusinessAthensGreece

Personalised recommendations