Efficient Private Publish-Subscribe Systems

We address the problem of privacy in publish-subscribe (pub-sub) systems that typically expose some form of published content and subscriber interest, at least to the infrastructure responsible for subscription matching and content delivery. In our recent work, we proposed P3S, a pub-sub middleware designed to protect the privacy of subscriber interest and confidentiality of published content. P3S combined Ciphertext Policy Attribute Based Encryption (CP-ABE) with Predicate Based Encryption (PBE) in its novel system architecture to achieve the desired level of content (payload and metadata) confidentiality, and subscription privacy. In this work, we build upon P3S to achieve the strongest possible subscription privacy where cleartext subscription is visible only to the subscriber. Furthermore, we add support for subscription policy enforcement, improve the expressiveness of predicates by allowing disjunctions of conjunction, and improve the efficiency of the underlying cryptography through enhanced cryptographic construction and optimized implementation of cryptographic primitives. To the best of our knowledge, this paper presents the first comprehensive and practical implementation of a real-time privacy preserving pub-sub system, demonstrated on a large-scale testbed featuring up to 90 subscribers with robust, scalable and efficient performance. Our code and testbed specifications are freely available for research and experimentation purposes.