Efficient and Confidentiality Confidentiality-Preserving Content-Based Based PublishSubscribe with Prefiltering
Abstract: Content-based based publish/subscribe provides a loosely loosely-coupled coupled and expressive form of communication for large large-scale scale distributed systems. Confidentiality is a major challenge for publish/subscribe middleware deployed over multiple administrative domains. Encryp Encrypted ted matching allows confidentiality-preserving confidentiality content-based based filtering but has high performance overheads. It may also prevent the use of classical optimizations based on subscriptions containment. We propose a support mechanism that reduces the cost of en encrypted crypted matching, in the form of a prefiltering operator using Bloom filters and simple randomization techniques. This operator greatly reduces the amount of encrypted subscriptions that must be matched against incoming encrypted publications. It leverages subscription containment information when available, but also ensures that containment confidentiality is preserved otherwise. We propose containment obfuscation techniques and provide a rigorous security analysis of the information leaked by Bloom filterss in this case. We conduct a thorough experimental evaluation of prefiltering under a large variety of workloads. Our results indicate that prefiltering is successful at reducing the space of subscriptions to be tested in all cases. We show that while ther there e is a tradeoff between prefiltering efficiency and information leakage when using containment obfuscation, it is practically