دانلود رایگان مقاله AnonPubSub: پوشش آبونه انتشار ناشناس

Abstract

Publish-subscribe is an increasingly popular messaging pattern for distributed systems, supporting scalable and extensible programming, and optimal spatial, temporal, and control-flow decoupling of distributed components. Publish-subscribe middleware and methods were extended towards supporting security, in particular confidentiality, and increased availability, yet a few prior works addressed anonymity of participants. Anonymity of senders and receivers may however be crucial, e.g., for supporting freedom of expression in regimes where political repression and censorship prevail. In this article, we review basic security and privacy requirements and introduce a new attacker model based on statistical disclosure, used to challenge anonymity. We elaborate on design options for privacy-preserving publish-subscribe systems and present a novel system that leverages peer-to-peer networking concepts; this novel approach protects subscriber anonymity by means of Probabilistic Forwarding (PF) and through a novel so-called Shell Game (SG) algorithm. We verify our solution against the requirements and provide a simulation-based analysis of the effectiveness of our approaches in light of our attacker model. The results show that the SG algorithm efficiently protects subscriber anonymity, and that anonymity sets can be adjusted via PF.

6. Conclusion

We present requirements for secure and anonymous pub-sub and complement the anonymity requirement with a strong and realis- tic attacker definition. We discuss building blocks to construct dis- tributed and privacy-preserving pub-sub systems and analyze the re- lated work. In particular, we identify that privacy-preserving pub-sub systems provide confidentiality but lack anonymity. We present AnonPubSub for distributed and anonymous pub-sub. AnonPubSub establishes attribute overlays in a privacy-preserving manner. For that, participants obtain key material from a TTP de- pending on their role upon joining the system. Publishers then advertise their attributes by flooding information through the membership management. Subscribers establish the attribute over- lay spanning subscribers, publishers, and forwarders based upon the advertisement, and thus form the attribute overlay. These overlays distribute notifications to subscribers with low latency and moder- ate overhead. Moreover, this construction protects publisher and sub- scriber anonymity against an internal attacker: publishers and sub- scribers remain concealed by forwarding messages via neighbors, and by omitting global identifiers.