A publish-subscribe system is an information dissemination infrastructure that supports many-to-many communications among publishers and subscribers. In many publish-subscribe systems, in-network aggregation of input data is considered to be an important service that reduces the bandwidth requirements of the system significantly. In this paper, we present a scheme for securing the aggregation of inputs to such a publish-subscribe system. Our scheme, which focuses on the additive aggregate function, sum, preserves the confidentiality and integrity of aggregated data in the presence of untrusted routing nodes. Our scheme allows a group of publishers to publish aggregate data to authorized subscribers without revealing their individual private inputs to either the routing nodes or the subscribers. In addition, our scheme allows subscribers to verify that routing nodes perform the aggregation operation correctly. We use a message authentication code (MAC) scheme based on the discrete logarithm property to allow subscribers to verify the correctness of aggregated data without receiving the digitally-signed raw data used as input to the aggregation. In addition to describing our secure aggregation scheme, we provide formal proofs of its soundness and safety.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Waseem Ahmad and Ashfaq Khokhar. Secure aggregation in large scale overlay networks. Proceedings of the 49th Global Telecommunications Conference, pages 1--5, November 2006.
	2	David E. Bakken, Carl H. Hauser, Harald Gjermundrod, and Anjan Bose. Towards more exible and robust data delivery for monitoring and control of the electric power grid. Technical Report TR-GS-009, Washington State University, May 2007.
	3	Antonio Carzaniga , David S. Rosenblum , Alexander L. Wolf, Design and evaluation of a wide-area event notification service, ACM Transactions on Computer Systems (TOCS), v.19 n.3, p.332-383, Aug. 2001  [doi>10.1145/380749.380767]
	4	Claude Castelluccia , Einar Mykletun , Gene Tsudik, E.cient Aggregation of encrypted data in Wireless Sensor Networks, Proceedings of the The Second Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services, p.109-117, July 17-21, 2005  [doi>10.1109/MOBIQUITOUS.2005.25]
	5	Haowen Chan , Adrian Perrig , Dawn Song, Secure hierarchical in-network aggregation in sensor networks, Proceedings of the 13th ACM conference on Computer and communications security, October 30-November 03, 2006, Alexandria, Virginia, USA  [doi>10.1145/1180405.1180440]
	6	Francis Chin, Security problems on inference control for SUM, MAX, and MIN queries, Journal of the ACM (JACM), v.33 n.3, p.451-464, July 1986  [doi>10.1145/5925.5928]
	7	Joao Girao, Markus Schneider, and Dirk Westhoff. On concealed data aggregation in wireless sensor networks. In Proceedings of IEEE International Conference on Communication, May 2005.
	8	Stuart Haber, William Horne, Tomas Sander, and Danfeng Yao. Privacy-preserving verification of aggregate queries on outsourced databases. Technical Report HPL-2006--128, HP Labs, December 2006.
	9	Wenbo He, Lue Liu, Hoang Nguyen, Klara Nahrstedt, and Tarek Abdelzaher. Pda: Privacy-preserving data aggregation in wireless sensor networks. 26th IEEE International Conference on Computer Communications, pages 2045--2053, May 2007.
	10	Lingxuan Hu , David Evans, Secure Aggregation for Wireless Networks, Proceedings of the 2003 Symposium on Applications and the Internet Workshops (SAINT'03 Workshops), p.384, January 27-31, 2003
	11	Wolfgang Kastner, Georg Neugschwandtner, Stefan Soucek, and Michael H. Newmann. Communication systems for building automation and control. Proceedings of the IEEE, 93(6):1178--1203, June 2005.
	12	Himanshu Khurana, Scalable security and accounting services for content-based publish/subscribe systems, Proceedings of the 2005 ACM symposium on Applied computing, March 13-17, 2005, Santa Fe, New Mexico  [doi>10.1145/1066677.1066862]
	13	Francesco M. Malvestuto , Mauro Mezzini, Auditing Sum Queries, Proceedings of the 9th International Conference on Database Theory, p.126-142, January 08-10, 2003
	14	Francesco M. Malvestuto , Mauro Mezzini , Marina Moscarini, Auditing sum-queries to make a statistical database secure, ACM Transactions on Information and System Security (TISSEC), v.9 n.1, p.31-60, February 2006  [doi>10.1145/1127345.1127347]
	15	Zoltán Miklós, Towards an Access Control Mechanism for Wide-Area Publish/Subscribe Systems, Proceedings of the 22nd International Conference on Distributed Computing Systems, p.516-524, July 02-05, 2002
	16	Lukasz Opyrchal , Atul Prakash, Secure distribution of events in content-based publish subscribe systems, Proceedings of the 10th conference on USENIX Security Symposium, p.21-21, August 13-17, 2001, Washington, D.C.
	17	Adrian Perrig , J. D. Tygar , Dawn Song , Ran Canetti, Efficient Authentication and Signing of Multicast Streams over Lossy Channels, Proceedings of the 2000 IEEE Symposium on Security and Privacy, p.56, May 14-17, 2000
	18	Lauri I. W. Pesonen , David M. Eyers , Jean Bacon, A Capability-Based Access Control Architecture for Multi-Domain Publish/Subscribe Systems, Proceedings of the International Symposium on Applications on Internet, p.222-228, January 23-27, 2006  [doi>10.1109/SAINT.2006.1]
	19	Lauri I. W. Pesonen , David M. Eyers , Jean Bacon, Encryption-enforced access control in dynamic multi-domain publish/subscribe networks, Proceedings of the 2007 inaugural international conference on Distributed event-based systems, June 20-22, 2007, Toronto, Ontario, Canada  [doi>10.1145/1266894.1266916]
	20	Costin Raiciu and David S. Rosenblum. Enabling confidentiality in content-based publish/subscribe infrastructures. Securecomm and Workshops, pages 1--11, 2006.
	21	Venugopalan Ramasubramanian , Ryan Peterson , Emin Gün Sirer, Corona: a high performance publish-subscribe system for the world wide web, Proceedings of the 3rd conference on Networked Systems Design & Implementation, p.2-2, May 08-10, 2006, San Jose, CA
	22	Jr. Robert O. Burnett, Marc M. Butts, and Patrick S. Sterlina. Power system applications for phasor measurement units. Computer Applications in Power, IEEE, 7(1):8--13, 1994.
	23	Mudhakar Srivatsa , Ling Liu, Securing publish-subscribe overlay services with EventGuard, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA  [doi>10.1145/1102120.1102158]
	24	Mudhakar Srivatsa , Ling Liu, Secure Event Dissemination in Publish-Subscribe Networks, Proceedings of the 27th International Conference on Distributed Computing Systems, p.22, June 25-27, 2007  [doi>10.1109/ICDCS.2007.136]
	25	Robert Strom, Guruduth Banavar, Tushar Chandra, Marc Kaplan, Kevan Miller, Bodhi Mukherjee, Daniel Sturman, and Michael Ward. Gryphon: An information ow based approach to message brokering. In International Symposium on Software Reliability Engineering (ISSRE '98), November 1998.
	26	Kevin Tomsovic, David E. Bakken, Vaithianathan Venkatasubramanian, and Anjan Bose. Designing the next generation of real-time control, communication, and computations for large power systems. Proceedings OF THE IEEE, 93(5):965--979, 2005.
	27	David Wagner, Resilient aggregation in sensor networks, Proceedings of the 2nd ACM workshop on Security of ad hoc and sensor networks, October 25-25, 2004, Washington DC, USA  [doi>10.1145/1029102.1029116]
	28	C. Wang , A. Carzaniga , D. Evans , A. Wolf, Security Issues and Requirements for Internet-Scale Publish-Subscribe Systems, Proceedings of the 35th Annual Hawaii International Conference on System Sciences (HICSS'02)-Volume 9, p.303, January 07-10, 2002
	29	Yuanyuan Zhao , Daniel C. Sturman, Dynamic Access Control in a Content-based Publish/Subscribe System with Delivery Guarantees, Proceedings of the 26th IEEE International Conference on Distributed Computing Systems, p.60, July 04-07, 2006  [doi>10.1109/ICDCS.2006.32]