Research And Implementation Of Privacy Protection Scheme For Publish/subscribe System

Content-based publish/subscribe systems are widely used in large-scale information delivery systems because of their asynchronous and decoupling characteristics.However,with the popularity and development of cloud services,more and more broker nodes are deployed in the cloud,the execution of event matching on untrustworthy broker nodes is prone to event and subscription leakage,the privacy protection problem of publish-subscribe systems begins to emerge.Therefore,designing an efficient confidentiality protection scheme to enable brokers in publish/subscribe systems to provide event matching and routing without decrypting events and subscriptions after obtaining event ciphertexts and subscription ciphertexts has become a pressing problem.Although many confidentiality protection schemes have been proposed in recent years.In these schemes,the system performance deteriorates with the increase of the number of subscriptions,which affects their use in practice.In this paper,we propose a confidentiality protection scheme SBM(Scalable Blind Matching)for publish/subscribe cloud services,which uses the order preserving encryption algorithm to index subscription ciphertexts for efficient matching of large-scale subscriptions,and SGX(Software Guard Extensions)to improve the performance of ciphertext matching.The main innovations and results of this paper are summarized as follows.(1)To address the problem that the existing ciphertext matching scheme makes the system not support scalability because the events need to be compared with the subscription ciphertexts in the subscription sets one by one when performing matching,SBM-I is constructed based on the Order Preserving Encryption(OPE)algorithm.SBM-I reduces the number of subscriptions for matching by constructing indexes for ordered subscriptions,which makes the system scalable when performing matching and solves the matching problem for large-scale subscriptions.In addition,we also propose a key update protocol in SBM-I to solve the problem that the old subscription cannot match the new event in time when the key is updated.(2)SBM-? is proposed to address the problem of applying the more secure OPE scheme to the publish/subscribe system,which solves the problem of frequent interaction between the client and the server when inserting data in the original OPE scheme by using SGX,thus improving the matching performance.And since the event matching is transferred to be executed outside the Enclave,our SBM-? eliminates the problem of memory limitation compared to the scheme that performs mass subscription matching directly inside the Enclave.