Privacy preserving data processing with flexible access control

 Abstract

Cloud computing provides an efficient and convenient platform for cloud users to store, process and control their data. Cloud overcomes the bottlenecks of resource-constrained user devices and greatly releases their storage and computing burdens. However, due to the lack of full trust in cloud service providers, the cloud users generally prefer to outsource their sensitive data in an encrypted form, which, however, seriously complicates data processing, analysis, as well as access control. Homomorphic encryption (HE) as a single key system cannot flexibly control data sharing and access after encrypted data processing. How to realize various computations over encrypted data in an efficient way and at the same time flexibly control the access to data processing results has been an important challenging issue. In this paper, we propose a privacy-preserving data processing scheme with flexible access control. With the cooperation of a data service provider (DSP) and a computation party (CP), our scheme, based on Paillier’s partial homomorphic encryption (PHE), realizes seven basic operations, i.e., Addition, Subtraction, Multiplication, Sign Acquisition, Absolute, Comparison, and Equality Test, over outsourced encrypted data. In addition, our scheme, based on the homomorphism of attribute based encryption (ABE), is also designed to support flexible access control over processing results of encrypted data. We further prove the security of our scheme and demonstrate its efficiency and advantages through simulations and comparisons with existing work.

Existing System:

Cloud overcomes the bottlenecks of resource-constrained user devices and greatly releases their storage and computing burdens. However, due to the lack of full trust in cloud service providers, the cloud users generally prefer to outsource their sensitive data in an encrypted form, which, however, seriously complicates data processing, analysis, as well as access control. Homomorphic encryption (HE) as a single key system cannot flexibly control data sharing and access after encrypted data processing. How to realize various computations over encrypted data in an efficient way and at the same time flexibly control the access to data processing results has been an important challenging issue.

Proposed System:

In this paper, we propose a novel scheme in order to overcome the challenges as described above. It supports multiple basic computations over encrypted data and realizes flexible access control over the processing results by employing PHE and ABE. Specifically, the contributions of this paper can be summarized as follows:

• We propose a generic system architecture consisting of a data service provider (DSP) and a computation party (CP) that seamlessly work together to simultaneously support secures computations over encrypted data and fine-grained access control of computation results.
• We present a family of protocols to efficiently realize seven basic computations over encrypted data: Addition, Subtraction, Multiplication, Sign Acquisition, Absolute, Comparison, and Equality Test.
• We propose to utilize ABE with homomorphism to realize fine-grained access control of the processing result of encrypted data, which is not revealed to any system entities including DSP and CP.
• We prove the security of the proposed scheme and demonstrate its efficiency through simulations and comparisons with existing schemes. We show that the proposed scheme is suitable for big data processing. It can be applied in any scenarios with either a small or a large number of data providers.