Publish/subscribe networks provide an interface for publishers to perform many-to-many communication to subscribers without the inefficiencies of broadcasting. Each subscriber submits a description of the sort of content they are interested in, then the publish/subscribe system delivers any appropriate messages as they are published. Although publish/ subscribe networks offer advantages over traditional web-based content delivery, they also introduce security issues. The two security problems that we solve are: ensuring that subscribers can authenticate the messages they receive from publishers, and ensuring that publishers can control who receives their content. We propose QUIP, a protocol which adds efficient authentication and encryption mechanisms to existing publish/subscribe overlay networks. The idea is to combine an efficient traitor-tracing scheme (by Tzeng and Tzeng (2001)) with a secure key management protocol. This allows publishers to restrict their messages to authorised subscribers and to add and remove subscribers without affecting the keys held by the other subscribers.
|Cite as: Corman, A., Schachte, P. and Teague, V. (2007). QUIP: A Protocol For Securing Content in Peer-To-Peer Publish/Subscribe Overlay Networks. In Proc. Thirtieth Australasian Computer Science Conference (ACSC2007), Ballarat Australia. CRPIT, 62. Dobbie, G., Ed. ACS. 35-40. |
(local if available)