Research Summary
Content-based publish-subscribe (pub-sub) networks enable a group of publishers to efficiently provide content to a large number of subscribers while allowing the subscribers to remain anonymous to the publishers. To be commercially viable, we need mechanisms for collecting payments from subscribers and distributing them fairly to publishers. Existing payment systems are not appropriate for pub-sub networks. We propose a probabilistic payment mechanism through an untrusted intermediary that allows publishers to trade-off efficiency for audit precision.
Introduction
A pub-sub system is a routing network that delivers datagrams from publishers to interested subscribers. Information routing in a content-based pub-sub system is performed dynamically by evaluating the content against the end subscriber's subscription predicate p. Communication with content-based addressing is inherently a multi-party, many-to-many interaction. The pub-sub system communication model can be illustrated as Figure 1.
In the pub-sub systems, publishers generate revenue by selling content and subscribers are charged for the content they receive. In addition, subscribers wish to keep their subscriptions secret from the publishers. When the pub-sub network is trustworthy, we can rely on the network to perform accounting and billing. Otherwise, the publishers need audit mechanisms to assure the fairness of the payments. We need payment mechanisms to solve these problems.
We propose a payment mechanisms that allows probabilistic auditing by the publisher without sacrificing subscriber anonymity. This is a fair payment mechanism that works even when both payments and content delivery are done by an untrusted intermediary.
Approach
In our scheme, each document has an associated document header as shown in Figure 2. Prior to publication, the publisher encrypts the document with a key K, and encrypts K with network's public key KN. The header includes n different public keys k1,
..., kn of which m keys are supplied by the network and the rest are chosen by the publisher P. These keys are put into a key header in random order along with identifier tags.
When a subscriber S receives the document, she randomly chooses an entry <IDi , Kj> from the key header and asks the network to reveal the key K corresponding to the document by sending a message that includes a random symmetric key encrypted with Kj . If the identifier matches one of the network keys, the network decrypts the symmetric key and responds to the request. Otherwise, the network forwards the request to the publisher.
The network accounts for the documents delivered to the subscribers and pay the publishers. Publishers can verify the payments are fair based on the number of document key requests they receive. For example, if a publisher receives q key requests for a document, it expects approximately qn / (n - m) requests for the document were delivered. By adjusting the rations of publisher keys to network keys in the document header, we can trade off transmission cost and auditing precision.
Future Research Topics
Lots of research topics on the payment mechanisms and other security issues in the content-based pub-sub systems, just to name a few:- We do not address pub-sub networks in which subscribers wish to keep their
People
Jon Erdman (UVa Student)David Evans (UVa Professor)
Chenxi Wang (Carnegie Mellon University, Research Faculty)
Jun Xie (UVa Graduate Student)
Weilin Zhong (UVa Graduate Student)
Papers
A Payment Mechanism for Publish-Subscribe SystemsDavid Evans, Chenxi Wang and Jun Xie. In submission.
Security Issues and Requirements for Internet-Scale Publish-Subscribe Systems.
Chenxi Wang, Antonio Carzaniga, David Evans, Alexander L. Wolf. To appear in Hawaii International Conference on System Sciences, January 7-10, 2002. (PDF, 8 pages)
