| With the large-scale increase of Internet users,people have higher demands for the delivery of message content in the network.Researchers are beginning to rethink how information is stored and delivered between Internet devices.In the traditional Internet architecture,two fixed nodes communicate with each other,and the trend of the network is that a content contains multiple recipients of information.Therefore,people propose a content-based system with low delay,high efficiency and low load.The publish-subscribe system conforms to the feature that it decouples both sides of the information interaction and no longer depends on each other.This thesis conducts research on some security technology points in the publish and subscribe system,and realizes the efficient and secure transmission of information.This article addresses security in a publish-subscribe system for three areas.Firstly,for the problem that the possible users and agents in the publishing subscription system are not trusted,a simple and easy to implement user authentication scheme is proposed.The scheme uses digital certificates to verify the legitimacy of the agent,and based on this,establishes a trusted channel for information transmission through a symmetric encryption algorithm.The user is set with an identification scheme according to different scenarios,such as comparing the user password with the locally stored user password.In this scheme,both parties have simple and effective authentication schemes for communication,which increases the security of the system.Secondly,considering that the illegal users release false information to disturb the correctness of the system,it is necessary to perform reasonable access control on the system,and the user needs to control the operation of the resources.The user-based access control scheme is designed to establish the relationship between the user and the authority.When the user accesses the system,the user in the permission table can find the permission to intercept the user behavior.The solution is simple and easy to implement,and it can ensure that different users have strict control over event subscriptions for different topics.This solution will only add a small amount of performance overhead to the system agent,but it can guarantee the normal operation of the system and increase the security of the system.Finally,assuming that the information is transmitted over an untrusted network,the information needs to be encrypted.A user-based publish-subscribe system encryption scheme is designed.The idea of this scheme is to construct a key using each user's unique attribute and apply the access policy to event encryption.After the event matches the illegal user,the access policy in the ciphertext rejects the decryption request of the illegal user because the user does not have the attribute of the legitimate user,which helps to increase the security of the system.This solution adds a small amount of machine performance to handle the encryption and decryption of information,but in the environment where the agent is not trusted,it helps to ensure the security of the system. |
PDF Full Text Request