Privacy Preserving Context Aware Publish Subscribe Systems

  • Mohamed Nabeel
  • Stefan Appel
  • Elisa Bertino
  • Alejandro Buchmann
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7873)


Modern pub/sub systems perform message routing based on the message content and allow subscribers to receive messages related to their subscriptions and the current context. Both content and context encode sensitive information which should be protected from third-party brokers that make routing decisions. In this work, we address this issue by proposing an approach that assures the confidentiality of the messages being published and subscriptions being issued while allowing the brokers to make routing decisions without decrypting individual messages and subscriptions, and without learning the context. Further, subscribers with a frequently changing context, such as location, are able to issue and update subscriptions without revealing the subscriptions in plaintext to the broker and without the need to contact a trusted third party for each subscription change resulting from a change in the context. Our approach is based on a modified version of the Paillier additive homomorphic cryptosystem and a novel group key management scheme. The former construct is used to perform privacy preserving matching, and the latter construct is used to enforce fine-grained encryption-based access control on the messages being published. We optimize our approach in order to efficiently handle frequently changing contexts. We have implemented our approach in a prototype using an industry strength JMS broker middleware. The experimental results show that our approach is highly practical.


Range Query Access Control Policy Encrypt Data Privacy Preserve Context Manager 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bertino, E., Carminati, B., Ferrari, E., Thuraisingham, B., Gupta, A.: Selective and authentic third-party distribution of XML documents. IEEE TKDE 16(10), 1263–1278 (2004)Google Scholar
  2. 2.
    Bertino, E., Ferrari, E.: Secure and selective dissemination of XML documents. ACM TISS 5(3), 290–331 (2002)CrossRefGoogle Scholar
  3. 3.
    Boneh, D., Di Crescenzo, G., Ostrovsky, R., Persiano, G.: Public key encryption with keyword search. In: Cachin, C., Camenisch, J. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 506–522. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  4. 4.
    Boneh, D., Waters, B.: Conjunctive, subset, and range queries on encrypted data. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 535–554. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  5. 5.
    Choi, S., Ghinita, G., Bertino, E.: A privacy-enhancing content-based publish/Subscribe system using scalar product preserving transformations. In: Bringas, P.G., Hameurlain, A., Quirchmayr, G. (eds.) DEXA 2010, Part I. LNCS, vol. 6261, pp. 368–384. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  6. 6.
    Cugola, G., Margara, A., Migliavacca, M.: Context-aware publish-subscribe: Model, implementation, and evaluation. In: ISCC (2009)Google Scholar
  7. 7.
    Eugster, P., Felber, P.A., Guerraoui, R., Kermarrec, A.: The many faces of publish/subscribe. ACM Computing Surveys 35(2), 114–131 (2003)CrossRefGoogle Scholar
  8. 8.
    Li, J., Li, N.: OACerts: Oblivious attribute certificates. IEEE TDSC 3(4), 340–352 (2006)Google Scholar
  9. 9.
    Miklau, G., Suciu, D.: Controlling access to published data using cryptography. In: VLDB (2003)Google Scholar
  10. 10.
    Minami, K., Lee, A.J., Winslett, M., Borisov, N.: Secure aggregation in a publish-subscribe system. In: WPES (2008)Google Scholar
  11. 11.
    Nabeel, M., Appel, S., Bertino, E., Buchmann, A.: Privacy preserving context aware publish subscribe systems. Technical Report 2013-1, Purdue University, CERIAS (2013)Google Scholar
  12. 12.
    Nabeel, M., Bertino, E.: Secure delta-publishing of XML content. In: ICDE (2008)Google Scholar
  13. 13.
    Nabeel, M., Bertino, E.: Towards attribute based group key management. In: CCS (2011)Google Scholar
  14. 14.
    Nabeel, M., Bertino, E., Kantarcioglu, M., Thuraisingham, B.M.: Towards privacy preserving access control in the cloud. In: CollaborateCom (2011)Google Scholar
  15. 15.
    Nabeel, M., Shang, N., Bertino, E.: Efficient privacy preserving content based publish subscribe systems. In: SACMAT (2012)Google Scholar
  16. 16.
    Nabeel, M., Shang, N., Bertino, E.: Privacy preserving policy based content sharing in public clouds. In: IEEE TKDE (2012)Google Scholar
  17. 17.
    OpenID, (last accessed: July 18, 2012)
  18. 18.
    Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)Google Scholar
  19. 19.
    Raiciu, C., Rosenblum, D.S.: Enabling confidentiality in content-based publish/subscribe infrastructures. In: Securecomm (2006)Google Scholar
  20. 20.
    Shang, N., Nabeel, M., Paci, F., Bertino, E.: A privacy-preserving approach to policy-based content dissemination. In: ICDE (2010)Google Scholar
  21. 21.
    Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: SP (2000)Google Scholar
  22. 22.
    Srivatsa, M., Liu, L.: Securing publish-subscribe overlay services with eventguard. In: CCS (2005)Google Scholar
  23. 23.
    Srivatsa, M., Liu, L.: Secure event dissemination in publish-subscribe networks. In: ICDCS (2007)Google Scholar
  24. 24.
    Zou, X., Dai, Y., Bertino, E.: A practical and flexible key management mechanism for trusted collaborative computing. In: INFOCOM (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Mohamed Nabeel
    • 1
  • Stefan Appel
    • 2
  • Elisa Bertino
    • 1
  • Alejandro Buchmann
    • 2
  1. 1.Purdue UniversityWest LafayetteUSA
  2. 2.TU DarmstadtDarmstadtGermany

Personalised recommendations