2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Securing brokerless publish subscribesystemsusing identity based encryption
- 1. GLOBALSOFT TECHNOLOGIES IEEE PROJECTS & SOFTWARE DEVELOPMENTS IEEE FINAL YEAR PROJECTS|IEEE ENGINEERING PROJECTS|IEEE STUDENTS PROJECTS|IEEE BULK PROJECTS|BE/BTECH/ME/MTECH/MS/MCA PROJECTS|CSE/IT/ECE/EEE PROJECTS CELL: +91 98495 39085, +91 99662 35788, +91 98495 57908, +91 97014 40401 Visit: www.finalyearprojects.org Mail to:ieeefinalsemprojects@gmail.com Securing Brokerless Publish/SubscribeSystems Using Identity Based Encryption ABSTRACT The provisioning of basic security mechanisms such as authentication and confidentiality is highly challenging in a contentbasedpublish/subscribe system. Authentication of publishers and subscribers is difficult to achieve due to the loose coupling ofpublishers and subscribers. Likewise, confidentiality of events and subscriptions conflicts with content-based routing. This paperpresents a novel approach to provide confidentiality and authentication in a broker-less content-based publish/subscribe system. Theauthentication of publishers and subscribers as well as confidentiality of events is ensured, by adapting the pairing-based cryptographymechanisms, to the needs of a publish/subscribe system. Furthermore, an algorithm to cluster subscribers according to theirsubscriptions preserves a weak notion of subscription confidentiality. In addition to our previous work this paper contributes 1) useof searchable encryption to enable efficient routing of encrypted events, 2) multicredential routing a new event dissemination strategy to strengthen the weak subscription confidentiality, and 3) thorough analysis of different attacks on subscription confidentiality. Theoverall approach provides fine-grained key management and
- 2. the cost for encryption, decryption, and routing is in the order ofsubscribed attributes. Moreover, the evaluations show that providing security is affordable w.r.t. 1) throughput of the proposedcryptographic primitives, and 2) delays incurred during the construction of the publish/subscribe overlay and the event dissemination. EXISTING SYSTEM: In the past, most research has focused only on providingexpressive and scalable pub/sub systems, but little attentionhas been paid for the need of security. Existingapproaches toward secure pub/sub systems mostly relyon the presence of a traditional broker network. These either address security underrestricted expressiveness, for example, by using onlykeyword matching for routing events or rely ona network of (semi-)trusted brokers.Furthermore, existing approaches use coarse-grain epochbasedkey management and cannot provide fine-grainaccess control in a scalable manner. Nevertheless, security in broker-less pub/sub systems, where the subscribersare clustered according to their subscriptions, hasnot been discussed yet in the literature. PROPOSED SYSTEM: Proposed System presents a newapproach to provide authentication and confidentiality in abroker-less pub/sub system. Our approach allow subscribers to maintain credentials according to their subscriptions.Private keys assigned to the subscribers are labeledwith the credentials. A publisher associates each encryptedevent with a set of credentials. We adapted identity-basedencryption (IBE) mechanisms 1) to ensure that aparticular subscriber can decrypt an event only if there is amatch between the credentials associated with the eventand the key; and 2) to allow subscribers to verify theauthenticity of received events. Furthermore, we addressthe issue of subscription confidentiality in the presence ofsemantic clustering of subscribers. A weaker notion ofsubscription
- 3. confidentiality is defined and a secure overlaymaintenance protocol is designed to preserve the weaksubscription confidentiality. PROBLEM STATEMENT: It include two entities in thesystem: publishers and subscribers. Both the entities are computationally bounded and do not trust each other.Moreover, all the peers (publishers or subscribers) participatingin the pub/sub overlay network are honest and donot deviate from the designed protocol. Likewise, authorizedpublishers only disseminate valid events in the system.However, malicious publishers may masquerade theauthorized publishers and spam the overlay network withfake and duplicate events. We do not intend to solve thedigital copyright problem; therefore, authorized subscribersdo not reveal the content of successfully decrypted events toother subscribers. SCOPE: The pub/sub overlay proposed is similar to DPS system with modifications to ensure subscriptionconfidentiality. In this paper, we, therefore, evaluateperformance and scalability of the proposed pub/subsystem only with respect to the security mechanisms andomit other aspects. In particular, we evaluate the performance of our system the overlay construction timeand the event dissemination delays. We measure the average delay experienced byeach subscriber to connect to a suitable position in anattribute tree. Delay is measured from the time a subscribersends connection request message to a random peer in thetree till the time the connection is actually established. Theevaluations are performed only for a single attribute tree. It shows that the average connection time (delay)increases with the number of peers in the system because ofthe increase in the height of the attribute tree (each new hopincreases the network delay as well as time to applysecurity methods). MODULE DESCRIPTION:
- 4. Number of Modules After careful analysis the system has been identified to have the following modules: 1. Content-Based Publish/Subcriber Module. 2. Identity Based Encryption Module. 3. Key Generation for Publisher/Subscriber Module. 4. Secure Overlay MaintenanceModule. 1.Content-Based Publish/SubscriberModule: The routing of events from publishers to the relevantsubscribers, we use the content-based data model. We consider pub/sub in a setting where there exists no dedicated broker infrastructure. Publishers and subscribers contribute as peers to the maintenance of a self-organizing overlay structure. To authenticate publishers, we use the concept of advertisements in which a publisher announces beforehand the set of events which it intends to publish. 2.Identity Based Encryption Module: In our approach, publishers and subscribers interact with a key server. They provide credentials to the key server and in turn receive keys which fit the expressed capabilities in the credentials. Subsequently, those keys can be used to encrypt, decrypt, and sign relevant messages in the content based pub/sub system, i.e., the credential becomes authorized by the key server. The keys assigned to publishers and subscribers, and theciphertexts, are labeled with credentials. In particular, theidentity-based encryption ensures that a particular key candecrypt a particular ciphertext only if there is a matchbetween the
- 5. credentials of the ciphertext and the key.Publishers and subscribers maintain separate private keysfor each authorized credential. 3.Key Generation For Publisher/SubscriberModule: Publisher keys: Before starting to publish events, a publishercontacts the key server along with the credentials for eachattribute in its advertisement. If the publisher is allowed topublish events according to its credentials, the key serverwill generate separate private keys for each credential. The public key of a publisher p for credentialis generated. Subscriber keys:Similarly, to receive events matching itssubscription, a subscriber should contact the key server andreceive the private keys for the credentials associated witheach attribute A. 4.Secure Overlay MaintenanceModule: The secure overlay maintenance protocol is based on theidea that in the tree, subscribers are always connectedaccording to the containment relationship between theircredential. A new subscriber s generates a random key SW andencrypts it with the public keysfor all credentials thatcover its own credential, for example, a subscriber with credential will generate ciphertexts by applying thepublic keys. The generated cipher texts areadded to a connection request (CR) and the request isforwarded to a random peer in the tree. A connection isestablished if the peer can decrypt any of the cipher text using its private keys. SOFTWARE REQUIREMENTS: Operating System : Windows Technology : Java and J2EE
- 6. Web Technologies : Html, JavaScript, CSS IDE : My Eclipse Web Server : Tomcat Tool kit: Android Phone Database : My SQL Java Version : J2SDK1.5 HARDWARE REQUIREMENTS: Hardware : Pentium Speed : 1.1 GHz RAM : 1GB Hard Disk : 20 GB Floppy Drive : 1.44 MB Key Board : Standard Windows Keyboard Mouse : Two or Three Button Mouse Monitor : SVGA