Privacy-preserving Content-based Publish/Subscribe with Encrypted Matching and Data Splitting

Nathanaël Denis, Pierre Chaffardon, Denis Conan, Maryline Laurent, Sophie Chabridon, Jean Leneutre


The content-based publish/subscribe paradigm enables a loosely-coupled and expressive form of communication. However, privacy preservation remains a challenge for distributed event-based middleware especially since encrypted matching incurs significant computing overhead. This paper adapts an existing attribute-based encryption scheme and combines it with data splitting, a non-cryptographic method called for alleviating the cost of encrypted matching. Data splitting enables to form groups of attributes that are sent apart over several independent broker networks so that it prevents the identification of an end-user; and, only identifying attributes are encrypted to prevent data leakage. The goal is to achieve an acceptable privacy level at an affordable computing price by encrypting only the necessary attributes, whose selection is determined through a Privacy Impact Assessment.


Paper Citation