Providing confidentiality in content-based publish/subscribe systems

Publish/subscribe is a loosely-coupled communication paradigm which allows applications to interact indirectly and asynchronously. Publisher applications generate events that are sent to interested applications through a network of brokers. Subscriber applications express their interests by specifying filters that brokers can use for routing the events. In many cases it is desirable to protect the confidentiality of events and filters from any unauthorised parties, including the brokers themselves. Supporting confidentiality of messages being exchanged is challenging mainly because of the decoupling of publishers and subscribers who should not have to share keys, and because brokers forward messages based on the actual content of the messages that we desire to keep confidential. This paper argues that a complete solution for confidentiality in pub/sub systems should provide: (i) confidentiality of events and filters; (ii) filters that can express very complex constraints on events even if brokers are not able to access any information on both events and filters; (iii) and finally it does not require publishers and subscribers to share keys. We show that current solutions are not able to provide all these properties at the same time and suggest a possible solution based on attribute-based encryption and encrypted search.