research-article

Secure aggregation in a publish-subscribe system

Authors:

Kazuhiro Minami,

Marianne Winslett,

Nikita BorisovAuthors Info & Claims

WPES '08: Proceedings of the 7th ACM workshop on Privacy in the electronic society

Pages 95 - 104

https://doi.org/10.1145/1456403.1456419

Published: 27 October 2008 Publication History

Abstract

A publish-subscribe system is an information dissemination infrastructure that supports many-to-many communications among publishers and subscribers. In many publish-subscribe systems, in-network aggregation of input data is considered to be an important service that reduces the bandwidth requirements of the system significantly. In this paper, we present a scheme for securing the aggregation of inputs to such a publish-subscribe system. Our scheme, which focuses on the additive aggregate function, sum, preserves the confidentiality and integrity of aggregated data in the presence of untrusted routing nodes. Our scheme allows a group of publishers to publish aggregate data to authorized subscribers without revealing their individual private inputs to either the routing nodes or the subscribers. In addition, our scheme allows subscribers to verify that routing nodes perform the aggregation operation correctly. We use a message authentication code (MAC) scheme based on the discrete logarithm property to allow subscribers to verify the correctness of aggregated data without receiving the digitally-signed raw data used as input to the aggregation. In addition to describing our secure aggregation scheme, we provide formal proofs of its soundness and safety.

References

[1]

Waseem Ahmad and Ashfaq Khokhar. Secure aggregation in large scale overlay networks. Proceedings of the 49th Global Telecommunications Conference, pages 1--5, November 2006.

[2]

David E. Bakken, Carl H. Hauser, Harald Gjermundrod, and Anjan Bose. Towards more exible and robust data delivery for monitoring and control of the electric power grid. Technical Report TR-GS-009, Washington State University, May 2007.

[3]

Antonio Carzaniga, David S. Rosenblum, and Alexander L. Wolf. Design and evaluation of a wide-area event notification service. ACM Transactions on Computer Systems, 19(3):332--383, August 2001.

Digital Library

[4]

Claude Castelluccia, Einar Mykletun, and Gene Tsudik. Efficient aggregation of encrypted data in wireless sensor networks. In The Second Annual Conference on Mobile and Ubiquitous Systems: Networking and Services, pages 109--117, July 2005.

Digital Library

[5]

Haowen Chan, Adrian Perrig, and Dawn Song. Secure hierarchical in-network aggregation in sensor networks. In Proceedings of the 13th ACM conference on Computer and communications security, pages 278--287, New York, NY, USA, 2006. ACM.

Digital Library

[6]

Francis Chin. Security problems on inference control for sum, max, and min queries. J. ACM, 33(3):451--464, 1986.

Digital Library

[7]

Joao Girao, Markus Schneider, and Dirk Westhoff. On concealed data aggregation in wireless sensor networks. In Proceedings of IEEE International Conference on Communication, May 2005.

[8]

Stuart Haber, William Horne, Tomas Sander, and Danfeng Yao. Privacy-preserving verification of aggregate queries on outsourced databases. Technical Report HPL-2006--128, HP Labs, December 2006.

[9]

Wenbo He, Lue Liu, Hoang Nguyen, Klara Nahrstedt, and Tarek Abdelzaher. Pda: Privacy-preserving data aggregation in wireless sensor networks. 26th IEEE International Conference on Computer Communications, pages 2045--2053, May 2007.

Digital Library

[10]

Lingxuan Hu and David Evans. Secure aggregation for wireless networks. In Proceedings of the 2003 Symposium on Applications and the Internet Workshops, page 384, Washington, DC, USA, 2003. IEEE Computer Society.

Digital Library

[11]

Wolfgang Kastner, Georg Neugschwandtner, Stefan Soucek, and Michael H. Newmann. Communication systems for building automation and control. Proceedings of the IEEE, 93(6):1178--1203, June 2005.

[12]

Himanshu Khurana. Scalable security and accounting services for content-based publish/subscribe systems. In Proceedings of the 2005 ACM symposium on Applied computing, pages 801--807, New York, NY, USA, 2005. ACM Press.

Digital Library

[13]

Francesco M. Malvestuto and Mauro Mezzini. Auditing sum queries. In Proceedings of the 9th International Conference on Database Theory, pages 126--142, London, UK, 2002. Springer-Verlag.

Digital Library

[14]

Francesco M. Malvestuto, Mauro Mezzini, and Marina Moscarini. Auditing sum-queries to make a statistical database secure. ACM Transactions on Information System Security, 9(1):31--60, 2006.

Digital Library

[15]

Zoltan Miklos. Towards an access control mechanism for wide-area publish/subscribe systems. In Proceedings of the 22nd International Conference on Distributed Computing Systems, pages 516--524, Washington, DC, USA, 2002. IEEE Computer Society.

Digital Library

[16]

Lukasz Opyrchal and Atul Prakash. Secure distribution of events in content-based publish subscribe systems. In Proceedings of the 10th conference on USENIX Security Symposium, pages 21--21, Berkeley, CA, USA, 2001. USENIX Association.

Digital Library

[17]

Adrian Perrig, Ran Canetti, Doug Tygar, and Dawn Song. Efficient authentication and signing of multicast streams over lossy channels. In Proceedings of the 2000 IEEE Symposium on Security and Privacy, pages 56--73, Washington, DC, USA, May 2000. IEEE Computer Society.

Digital Library

[18]

Lauri I. W. Pesonen, David M. Eyers, and Jean Bacon. A capability-based access control architecture for multi-domain publish/subscribe systems. In Proceedings of the International Symposium on Applications on Internet, pages 222--228, Washington, DC, USA, 2006. IEEE Computer Society.

Digital Library

[19]

Lauri I. W. Pesonen, David M. Eyers, and Jean Bacon. Encryption-enforced access control in dynamic multi-domain publish/subscribe networks. In Proceedings of the 2007 inaugural international conference on Distributed event-based systems, pages 104--115, New York, NY, USA, 2007. ACM.

Digital Library

[20]

Costin Raiciu and David S. Rosenblum. Enabling confidentiality in content-based publish/subscribe infrastructures. Securecomm and Workshops, pages 1--11, 2006.

[21]

Venugopalan Ramasubramanian, Ryan Peterson, and Emin Gun Sirer. Corona: A high performance publish-subscribe system for the world wide web. In Proceedings of the 3rd Symposium on Networked Systems Design and Implementation, May 2006.

Digital Library

[22]

Jr. Robert O. Burnett, Marc M. Butts, and Patrick S. Sterlina. Power system applications for phasor measurement units. Computer Applications in Power, IEEE, 7(1):8--13, 1994.

[23]

Mudhakar Srivatsa and Ling Liu. Securing publish-subscribe overlay services with eventguard. In Proceedings of the 12th ACM conference on Computer and communications security, pages 289--298, New York, NY, USA, 2005. ACM Press.

Digital Library

[24]

Mudhakar Srivatsa and Ling Liu. Secure event dissemination in publish-subscribe networks. In Proceedings of the 27th International Conference on Distributed Computing Systems, page 22, Washington, DC, USA, 2007. IEEE Computer Society.

Digital Library

[25]

Robert Strom, Guruduth Banavar, Tushar Chandra, Marc Kaplan, Kevan Miller, Bodhi Mukherjee, Daniel Sturman, and Michael Ward. Gryphon: An information ow based approach to message brokering. In International Symposium on Software Reliability Engineering (ISSRE '98), November 1998.

[26]

Kevin Tomsovic, David E. Bakken, Vaithianathan Venkatasubramanian, and Anjan Bose. Designing the next generation of real-time control, communication, and computations for large power systems. Proceedings OF THE IEEE, 93(5):965--979, 2005.

[27]

David Wagner. Resilient aggregation in sensor networks. In Proceedings of the 2nd ACM workshop on Security of ad hoc and sensor networks, pages 78--87, New York, NY, USA, 2004. ACM.

Digital Library

[28]

Chenxi Wang, Antonio Carzaniga, David Evans, and Alexander L. Wolf. Security issues and requirements for Internet-scale publish-subscribe systems. In Proceedings of the 35th Annual Hawaii International Conference on System Sciences, Big Island, Hawaii, January 2002.

Digital Library

[29]

Yuanyuan Zhao and Daniel C. Sturman. Dynamic access control in a content-based publish/subscribe system with delivery guarantees. In Proceedings of the 26th IEEE International Conference on Distributed Computing Systems, page 60, Washington, DC, USA, 2006. IEEE Computer Society.

Digital Library

Cited By

Jansi K(2022)Secure Data Aggregation Model for People Centric Sensing NetworksApplied Computational Technologies10.1007/978-981-19-2719-5_61(643-654)Online publication date: 15-May-2022
https://doi.org/10.1007/978-981-19-2719-5_61
Munster JJacobsen H(2018)Secret Sharing in Pub/Sub Using Trusted Execution EnvironmentsProceedings of the 12th ACM International Conference on Distributed and Event-based Systems10.1145/3210284.3210290(28-39)Online publication date: 25-Jun-2018
https://dl.acm.org/doi/10.1145/3210284.3210290
Yoon YKim W(2018)Bluff Forwarding: A Practical Protocol for Delivering Refreshed Symmetric Keys on a Multi-Path Big Data Ingestion SystemIEEE Access10.1109/ACCESS.2018.28288406(24299-24310)Online publication date: 2018
https://doi.org/10.1109/ACCESS.2018.2828840
Show More Cited By

Index Terms

Secure aggregation in a publish-subscribe system

Recommendations

Privacy-preserving attribute-keyword based data publish-subscribe service on cloud platforms

Data publish-subscribe service is an effective approach to selectively share and selectively receive data. Towards the huge amount of data generated in our daily life, cloud systems, with economical but powerful storage and computing resources, are ...
Secure publish and subscribe systems with efficient revocation
SAC '18: Proceedings of the 33rd Annual ACM Symposium on Applied Computing

User revocation is one of the main security issues in publish and subscribe (pub/sub) systems. Indeed, to ensure data confidentiality, the system should be able to remove malicious subscribers without affecting the functionalities and decoupling of ...
Language expressiveness and quality of service for publish/subscribe systems
MIDDLEWARE '12: Proceedings of the 9th Middleware Doctoral Symposium of the 13th ACM/IFIP/USENIX International Middleware Conference

The publish/subscribe paradigm is known for its loosely coupled interactions and event filtering capabilities. Traditional applications using pub/sub systems require large-scale deployment and high event throughput. Thus, pub/sub has always put the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WPES '08: Proceedings of the 7th ACM workshop on Privacy in the electronic society

October 2008

128 pages

ISBN:9781605582894

DOI:10.1145/1456403

General Chair:
Vijay Atluri
Rutgers University, USA
,
Program Chair:
Marianne Winslett
University of Illinois at Urbana-Champaign, USA

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 October 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS08

Sponsor:

CCS08: 15th ACM Conference on Computer and Communications Security 2008

October 27, 2008

Virginia, Alexandria, USA

Acceptance Rates

Overall Acceptance Rate 106 of 355 submissions, 30%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

15
Total Citations
View Citations
445
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)2

Reflects downloads up to 16 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Jansi K(2022)Secure Data Aggregation Model for People Centric Sensing NetworksApplied Computational Technologies10.1007/978-981-19-2719-5_61(643-654)Online publication date: 15-May-2022
https://doi.org/10.1007/978-981-19-2719-5_61
Munster JJacobsen H(2018)Secret Sharing in Pub/Sub Using Trusted Execution EnvironmentsProceedings of the 12th ACM International Conference on Distributed and Event-based Systems10.1145/3210284.3210290(28-39)Online publication date: 25-Jun-2018
https://dl.acm.org/doi/10.1145/3210284.3210290
Yoon YKim W(2018)Bluff Forwarding: A Practical Protocol for Delivering Refreshed Symmetric Keys on a Multi-Path Big Data Ingestion SystemIEEE Access10.1109/ACCESS.2018.28288406(24299-24310)Online publication date: 2018
https://doi.org/10.1109/ACCESS.2018.2828840
Wohlgemuth S(2014)Is Privacy Supportive for Adaptive ICT Systems?Proceedings of the 16th International Conference on Information Integration and Web-based Applications & Services10.1145/2684200.2684363(559-570)Online publication date: 4-Dec-2014
https://dl.acm.org/doi/10.1145/2684200.2684363
Guo ZDing X(2014)Low Energy-Consuming Cluster-Based Algorithm to Enforce Integrity and Preserve Privacy in Data Aggregation2014 13th International Symposium on Distributed Computing and Applications to Business, Engineering and Science10.1109/DCABES.2014.32(152-156)Online publication date: Nov-2014
https://doi.org/10.1109/DCABES.2014.32
Gómez Mármol FSorge CPetrlic RUgus OWesthoff DMartínez Pérez G(2013)Privacy-enhanced architecture for smart meteringInternational Journal of Information Security10.1007/s10207-012-0181-612:2(67-82)Online publication date: 1-Apr-2013
https://dl.acm.org/doi/10.1007/s10207-012-0181-6
Crescenzo GCoan BSchultz JTsang SWright R(2013)Privacy-Preserving Publish/SubscribeRevised Selected Papers of the 8th International Workshop on Data Privacy Management and Autonomous Spontaneous Security - Volume 824710.1007/978-3-642-54568-9_8(114-132)Online publication date: 12-Sep-2013
https://dl.acm.org/doi/10.1007/978-3-642-54568-9_8
Nabeel MAppel SBertino EBuchmann A(2013)Privacy Preserving Context Aware Publish Subscribe SystemsNetwork and System Security10.1007/978-3-642-38631-2_34(465-478)Online publication date: 2013
https://doi.org/10.1007/978-3-642-38631-2_34
Di Crescenzo GBurns JCoan BSchultz JStanton JTsang SWright R(2013)Efficient and Private Three-Party Publish/SubscribeNetwork and System Security10.1007/978-3-642-38631-2_21(278-292)Online publication date: 2013
https://doi.org/10.1007/978-3-642-38631-2_21
Nabeel MShang NBertino EAtluri VVaidya JKern AKantarcioglu M(2012)Efficient privacy preserving content based publish subscribe systemsProceedings of the 17th ACM symposium on Access Control Models and Technologies10.1145/2295136.2295164(133-144)Online publication date: 20-Jun-2012
https://dl.acm.org/doi/10.1145/2295136.2295164
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten