1 / 14

Hui Zhang Haifeng Chen Guofei Jiang Xiaoqiao Meng Kenji Yoshihira NEC Labs America

Enabling Information Confidentiality in Publish/Subscribe Overlay Services. Hui Zhang Haifeng Chen Guofei Jiang Xiaoqiao Meng Kenji Yoshihira NEC Labs America Abhishek Sharma University of Southern California. Outline. Problem statement

Download Presentation

Hui Zhang Haifeng Chen Guofei Jiang Xiaoqiao Meng Kenji Yoshihira NEC Labs America

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Enabling Information Confidentiality inPublish/Subscribe Overlay Services Hui Zhang Haifeng Chen Guofei Jiang Xiaoqiao Meng Kenji Yoshihira NEC Labs America Abhishek Sharma University of Southern California

  2. Outline • Problem statement • Information confidentiality in pub/sub overlay services • Information foiling • Mechanism description • Performance metrics • Fake message generation schemes • Evaluation • Conclusions & future work

  3. Publish/Subscribe overlay services Subscription Publisher X Event Subscriber A Broker network Subscriber B Publisher Y

  4. Information confidentiality in pub/sub services • Publish/subscribe decouples publishers and subscribes. • Events are characterized into classes, without knowledge of what (if any) subscribers there may be. • Subscribers express interest in one or more classes, and only receive messages that are of interest, without knowledge of what (if any) publishers there are. • New confidentiality problems in this content-based routing process • Can the broker network perform content-based routing without the publishers trusting the broker network with the event content? • Information confidentiality • Can subscribers obtain dynamic data without revealing their subscription functions (content) to the publishers or broker network? • Subscription confidentiality • Can publishers control which subscribers may receive particular events? • Publication confidentiality

  5. Problem definition • Formulation of pub/sub confidentiality as a communication problem. • Upon an event e, the broker determines if each subscription s in the active subscription set matches the event based on a function f(e; s), but without learning the information contained in e and s. • Threat model: a broker is assumed to be computationally bounded and exhibits a semi-honest behavior.

  6. Information foiling – the mechanism

  7. Information foiling – the mechanism • Subscriber: for each active subscription, generates ks foiling subscriptions, and send them in a random order to the broker which store them all as active subscriptions. • Publisher: for each event, generates kp foiling events, and send them in a random order to the broker. • Broker: upon each arriving event e, decides the subset of the active subscription set and send one notification for each matched subscription. • (optional) Subscriber: upon a notification associated with one authentic subscription, sends a confirmation request to the publisher. • (optional) Publisher: upon a confirmation request, sends a reply to the subscriber upon the authenticity of the related event.

  8. Information foiling – performance metrics • Assume the attacker has a function F : f{e, Ee} -> G, that takes the composite message set {e, Ee} as input and outputs a message set G  {e, Ee} consisting of messages that the attacker perceives as useful. • Metric 1: indistinguishability • defined as , where I(e, G) = 1 if e 2 G; 0 otherwise. • Metric 2: truth deviation • dened as , where D(e, g) is the difference between the values of messages e and g. • Metric 3: communication overhead • it depends not only on the information foiling mechanism but also on the actual data distributions of the authentic events and subscriptions.

  9. Fake message generation – a probabilistic model • Consider an event message m with L attributes. • Let the value Vi for attribute Ai in m be a random variable taking values in V according to a probability mass function pVi . • Let Vm = (V1, V2, …, VL), represent m, i.e., a vector of random variables associated with message taking values in VL. • Each of the K foiling messages generated by the information foiling scheme for m can be thought of as a random variable vector taking values in VL. • We discussed three scenarios where different fake message generation schemes are designed with the performance requirements defined on the 3 metrics. • The scenarios are differentiated based on the foiler/attacker’s knowledge on the pmf for Vm:

  10. Evaluation - methodology • Pub/sub service: stock quoting • Stock price volatility is a random walk with variance a normal distribution [Black-Scholes model] • Fake message generation: • Sit = St + ni , where Sit is the i-th fake message for the authentic stock price information St, and ni is white Gaussian noise. • Attacker’s strategy: • Uniform Sampling: The attacker picks each of the K+1 messages as the correct message with the same probability. • Extended Kalman Filter : Use an extended Kalman filter to generate estimates , and then picks the observed message j which is • data trace: • finance.yahoo.com

  11. Evaluation results - 1 • The curve labeled “Sig. Events” shows the probability of correct guess by the attacker when the stock price changes by a large amount.

  12. Evaluation results - 2 • A value of “Factor-10” means the variance of the noise was 10 times the variance of stock price. • higher variance for the added noise achieves a higher truth deviation.

  13. Conclusion and Future Work • We propose a security mechanism called “information foiling” to address new confidentiality problems arising in pub/sub overlay services. • Information foiling extends Rivest’s ”Chaffing and Winnowing” idea. • Our scheme is complementary to the traditional cryptography-based security schemes and offers probabilistic guarantees on information confidentiality. • Many interesting open problems for future work. • The need for a stronger guiding theory to better understand • An analytic study on the fundamental trade-off between the fake message number, indistinguishability, and truth deviation is important. • Investigating the interaction between a foiler and an attacker in game theory. • The designs of optimal FMG schemes for other interesting and important application scenarios are needed.

  14. Thank you! Questions?

More Related