TY - JOUR
T1 - PICADOR
T2 - End-to-end encrypted Publish–Subscribe information distribution with proxy re-encryption
AU - Borcea, Cristian
AU - Gupta, Arnab “Bobby” Deb
AU - Polyakov, Yuriy
AU - Rohloff, Kurt
AU - Ryan, Gerard
N1 - Funding Information:
This research was supported by the National Security Agency (NSA) under Grant H98230-15-1-0274 and the National Science Foundation (NSF) under Grants No. CNS 1409523 and DGE 1565478. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of NSA and NSF. The United States Government is authorized to reproduce and distribute reprints notwithstanding any copyright notice herein.
Publisher Copyright:
© 2016 Elsevier B.V.
PY - 2017/6/1
Y1 - 2017/6/1
N2 - This article presents PICADOR, a system for end-to-end encrypted Publish–Subscribe information distribution with proxy re-encryption. PICADOR is designed for topic-based Pub/Sub systems and provides end-to-end payload confidentiality. The main novelty of PICADOR is that it provides an information distribution service with end-to-end encryption where publishers and subscribers do not need to establish shared encryption and decryption keys. Multiple publishers post encrypted information to a Pub/Sub broker which uses Proxy Re-Encryption (PRE) to convert this information into a representation that can only be decrypted by approved subscribers. The broker is unable to decrypt the information. To support PICADOR, we design and implement a novel PRE scheme that leverages a general lattice encryption software library. We prototype our system using a scalable Java-based information substrate that supports topic-based Pub/Sub operations. We experimentally evaluate performance and scalability tradeoffs in the context of enterprise and mobile applications. We discuss design tradeoffs and application-specific customizations.
AB - This article presents PICADOR, a system for end-to-end encrypted Publish–Subscribe information distribution with proxy re-encryption. PICADOR is designed for topic-based Pub/Sub systems and provides end-to-end payload confidentiality. The main novelty of PICADOR is that it provides an information distribution service with end-to-end encryption where publishers and subscribers do not need to establish shared encryption and decryption keys. Multiple publishers post encrypted information to a Pub/Sub broker which uses Proxy Re-Encryption (PRE) to convert this information into a representation that can only be decrypted by approved subscribers. The broker is unable to decrypt the information. To support PICADOR, we design and implement a novel PRE scheme that leverages a general lattice encryption software library. We prototype our system using a scalable Java-based information substrate that supports topic-based Pub/Sub operations. We experimentally evaluate performance and scalability tradeoffs in the context of enterprise and mobile applications. We discuss design tradeoffs and application-specific customizations.
KW - Encryption
KW - Information brokering
KW - Security
UR - http://www.scopus.com/inward/record.url?scp=85005917675&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85005917675&partnerID=8YFLogxK
U2 - 10.1016/j.future.2016.10.013
DO - 10.1016/j.future.2016.10.013
M3 - Article
AN - SCOPUS:85005917675
SN - 0167-739X
VL - 71
SP - 177
EP - 191
JO - Future Generation Computer Systems
JF - Future Generation Computer Systems
ER -