An Implementation of Event and Filter Confidentiality in Pub/Sub Systems and its Application to e-Health

The publish/subscribe model offers a loosely-coupled communication paradigm where applications interact indirectly and asynchronously. Publisher applications generate events that are forwarded to subscriber applications by a network of brokers. Subscribers register by specifying filters that brokers match against events as part of the routing process. Brokers might be deployed on untrusted servers where malicious entities can get access to events and filters. Supporting confidentiality of events and filters in this setting is still an open challenge. First of all, it is desirable that publishers and subscribers do not share secret keys, such a requirement being against the loose-coupling of the model. Second, brokers need to route events by matching encrypted events against encrypted filters. This should be possible even with very complex filters. Existing solutions do not fully address these issues. This work describes the implementation of a novel schema that supports (i) confidentiality for events and filters; (ii) filters that express very complex constraints on events even if brokers are not able to access any information on both events and filters; (iii) and finally, does not require publishers and subscribers to share keys. We then describe an e-Health application scenario for monitoring patients with chronic diseases and show how our encryption schema can be used to provide confidentiality of the patients' personal and medical data, and control who can receive the patients' data and under which conditions.