Research On Key Technology In Privacy Protection Based On Publish-subscribe System

Be benefited from the inherent features of asynchronous communications and decoupling between user interaction events,the publish-subscribe(PS)system has been widely applied to many modern large-scale mission critical systems.Due to the massive privacy information contained in the PS system,the attacks aiming at the privacy and security arise unrelentingly.The issue of privacy disclosure leads to masses of serious consequences,and thus attracts researchers putting efforts into the domain of PS system privacy protection.Moreover,with the continuous popularization of the Internet and the rapid development of various data analysis technologies,the privacy threat to the PS system is growing either.Accordingly,how to design a suitable privacy protection solution that can adapt the actual application scenarios,cover the system vulnerabilities,and resist the possible attacks has become increasingly important in the field of PS system security.The issues of privacy protection in PS system are focused on this dissertation.To prevent the malicious access in PS system,two new PS system access control and privacy protection mechanisms are proposed.To overcome the potential safety hazards for the system brokers,a novel authentication scheme based on verifying data integrity is presented.Owing to the issue of privacy disclosure in PS system,a new privacy preserving PS scheme with differential privacy is proposed.In a nutshell,the main contributions in this dissertation are summarized as follows.1)A PS system with secure attribute-based access control scheme is proposed.To prevent the issue of malicious access and takes a full consideration of complex deployment environment in PS system,an efficient and secure attribute-based access control scheme is proposed and denoted as PACS.Firstly,to achieve accurate and efficient system matching,PACS filters the system users' attributes by applying the probabilistic skylines.Secondly,PACS builds the Bayesian networks for users'(publishers' and subscribers')uncertain dataset to discovering and classifying attributes.Thirdly,PACS builds the access control scheme based on the attribute-based encryption to achieve fine-grained access control.Finally,PACS matches the appropriate system events.Security analysis shows that PACS can prevent the illegal access and privacy disclosure attacks.The experimental results show that PACS can efficiently achieve the trade-off between the system cost and the security demand while implementing the secure access control.2)An access control scheme based on full homomorphic encryption for PS system is proposed.With the full consideration of the privacy protection issue on operational behaviors,the difficulty of aggregation of encrypted data and the malicious access,an access control scheme based on full homomorphic encryption is proposed and denoted as ACHO.According to utilize the efficient full homomorphic encryption algorithm,the attribute-based authorization,the key switching and the re-encryption method,ACHO establishes a secure access control scheme for PS system.The fine-grained description of system user is achieved through the attribute-based authorization.Moreover,the full homomorphic encryption algorithm,the key switching and the re-encryption method ensure the data privacy while implementing secure access control.In addition,it also implements the aggregation of encrypted data in the PS system.Security analysis shows that ACHO can ensure the security and correctness of PS system.The experimental results show that compared with the traditional PSsystem and the PACS scheme,ACHO achieves access control and greater security privacy protection with acceptable system overheads.3)A secure broker authentication scheme based on verifying data integrity is proposed.To overcome the privacy threats of broker and the possible network congestion in the PS system,a lightweight secure broker authentication scheme based on the integrality validation method is proposed and denoted as LACS.LACS deploys the broker in the edge nodes that in the edge network with greater computing and storage capacity.By caching the transaction data in edge nodes,LACS alleviates the potential communication congestion in the PS system.Moreover,by using the integrality validation method,LACS can verify the integrity of the data that cached in the broker.So that it can achieve the purpose of authenticating brokers,thus providing security for the PS system.Security analysis shows that LACS can guarantee the security of broker and PS system.The experimental results show that LACS can achieve efficient verification and it has a good accuracy.4)A privacy preserving PS scheme based on differential privacy is proposed.In order to resist the data privacy disclosure threats in PS system,a privacy preserving PS scheme with differential privacy is proposed and denoted as PCP.Firstly,PCP utilizes the frequent itemset mining algorithm to mine the top-K frequent itemsets from uncertain datasets.Secondly,PCP applies the exponential and Laplace mechanism to ensure the differential privacy.Finally,PCP uses the mined top-K itemsets(complex attributes)to matching appropriate publisher and subscriber.Security analysis shows that PCP can guarantee differential privacy in theory.The experimental results show that according to use edge nodes to sharing the most of computing and storage burden,PCP efficiently achieves the tradeoff between the PS system cost and the privacy demand.In summary,the actual demands of privacy protection of the PS system are studied in this dissertation.Specifically,the access control,identity authentication,data privacy protection and secure PS system model are studied.Theoretical analysis and experimental results show that the four privacy protection schemes proposed in this dissertation provide effective security protection for the PS system.