Abstract

In recent years, with the rapid development of smart city, prevalent pub/sub (publish/subscribe) streaming systems have been increasingly employed as upstream middleware layer in multi-tenant edge clouds, and feed large volume of data gathered from IoT devices of different tenants into downstream systems (e.g., data analytics and warehouse). A shared tenancy model where multiple untrusted applications or tenants utilize the same pub/sub system is generally exploited in edge cloud, which poses crucial challenges including privacy-sensitive data/metadata access threat and critical metadata modification by unauthorized tenants. A centralized monitoring node is invariably adopted in existing security strategies (such as ACL, TLS), which causes the pub/sub streaming model vulnerable to external malicious attacks and single point failure.In this paper, inspired by outstanding features of blockchain including tamper-resistance, decentralization, strong consistency, and traceability, we propose BPS, a general and decentralized Blockchain-enhanced Pub/Sub communication model for multi-tenant edge cloud, to redesign pub/sub system internal security mechanisms. Specifically, by exploiting blockchain technology, BPS can detect the illegal operations and behaviors from both malicious tenants and untrusted publishers or subscribers. BPS directly leverages Merkel Hash Tree (MHT) of blockchain to verify the integrity of critical and confidential metadata. Regarding authorization, BPS introduces smart-contract-enabled fine-grained control over partition topic-classified messages by storing access control list (ACL) into an append-only blockchain ledger. Additionally, an incentive mechanism is employed in BPS to reward honest publishers and subscribers. We implement BPS prototype based on Kafka and EoS blockchain. Our security analysis and extensive experiments demonstrate that BPS outperforms the state-of-the-art pub/sub streaming system Kafka in security with minimal performance overhead.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.