TY - JOUR
T1 - PICADOR
T2 - End-to-end encrypted Publish–Subscribe information distribution with proxy re-encryption
AU - Borcea, Cristian
AU - Gupta, Arnab “Bobby” Deb
AU - Polyakov, Yuriy
AU - Rohloff, Kurt
AU - Ryan, Gerard
N1 - Publisher Copyright:
© 2016 Elsevier B.V.
PY - 2017/6/1
Y1 - 2017/6/1
N2 - This article presents PICADOR, a system for end-to-end encrypted Publish–Subscribe information distribution with proxy re-encryption. PICADOR is designed for topic-based Pub/Sub systems and provides end-to-end payload confidentiality. The main novelty of PICADOR is that it provides an information distribution service with end-to-end encryption where publishers and subscribers do not need to establish shared encryption and decryption keys. Multiple publishers post encrypted information to a Pub/Sub broker which uses Proxy Re-Encryption (PRE) to convert this information into a representation that can only be decrypted by approved subscribers. The broker is unable to decrypt the information. To support PICADOR, we design and implement a novel PRE scheme that leverages a general lattice encryption software library. We prototype our system using a scalable Java-based information substrate that supports topic-based Pub/Sub operations. We experimentally evaluate performance and scalability tradeoffs in the context of enterprise and mobile applications. We discuss design tradeoffs and application-specific customizations.
AB - This article presents PICADOR, a system for end-to-end encrypted Publish–Subscribe information distribution with proxy re-encryption. PICADOR is designed for topic-based Pub/Sub systems and provides end-to-end payload confidentiality. The main novelty of PICADOR is that it provides an information distribution service with end-to-end encryption where publishers and subscribers do not need to establish shared encryption and decryption keys. Multiple publishers post encrypted information to a Pub/Sub broker which uses Proxy Re-Encryption (PRE) to convert this information into a representation that can only be decrypted by approved subscribers. The broker is unable to decrypt the information. To support PICADOR, we design and implement a novel PRE scheme that leverages a general lattice encryption software library. We prototype our system using a scalable Java-based information substrate that supports topic-based Pub/Sub operations. We experimentally evaluate performance and scalability tradeoffs in the context of enterprise and mobile applications. We discuss design tradeoffs and application-specific customizations.
KW - Encryption
KW - Information brokering
KW - Security
UR - http://www.scopus.com/inward/record.url?scp=85005917675&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85005917675&partnerID=8YFLogxK
U2 - 10.1016/j.future.2016.10.013
DO - 10.1016/j.future.2016.10.013
M3 - Article
AN - SCOPUS:85005917675
SN - 0167-739X
VL - 71
SP - 177
EP - 191
JO - Future Generation Computer Systems
JF - Future Generation Computer Systems
ER -