Flexible Access Control over Privacy-Preserving Cloud Data Processing

  • Wenxiu Ding
  • Xinren Qian
  • Rui Hu
  • Zheng YanEmail author
  • Robert H. Deng


Cloud computing provides an efficient and convenient platform for cloud users to store, process, and control their data (such as cybersecurity education-related data). Cloud overcomes the bottlenecks of resource-constrained devices and greatly releases storage and computing burdens on users. However, due to the lack of full trust in cloud service providers, cloud users generally prefer to outsource their sensitive data in an encrypted form, which seriously complicates data processing, analysis, as well as access control. Homomorphic encryption (HE) as a single key system cannot flexibly control data sharing and access after encrypted data processing. How to realize various computations over encrypted data in an efficient way and at the same time flexibly control the access to data processing results has been an important challenging issue. In this chapter, we propose a privacy-preserving data processing system to support several basic operations over outsourced encrypted data under the cooperation of a data service provider (DSP) and a computation party (CP). In addition, attribute-based encryption (ABE) is also applied to support flexible access control of processing results of encrypted data. Our schemes provide an efficient measure for secure data analytics to preserve the privacy of sensitive course data, e.g., course feedback, survey inputs, examination statistical data, exercises about security-related data for intrusion/malware detection and integrated personal data processing, etc. All of them can be applied into the education of cybersecurity.


Cloud computing Access control Privacy preservation Data security Cloud data processing Homomorphic encryption Attribute-based encryption Secure data processing Privacy-preserving data analysis Teaching performance evaluation 



The work is supported in part by the National Natural Science Foundation of China under Grants 61672410 and 61802293, the National Postdoctoral Program for Innovative Talents under grant BX20180238, the Project funded by China Postdoctoral Science Foundation under grant 2018M633461, the Academy of Finland under Grants 308087, 314203, and 335262, the Shaanxi Innovation Team project under grant 2018TD-007, and the 111 project under grant B16037.


  1. 1.
    A. Belle, R. Thiagarajan, S. Soroushmehr, F. Navidi, D.A. Beard, K. Najarian, Big data analytics in healthcare. Biomed. Res. Int. 2015, 1–16 (2015)CrossRefGoogle Scholar
  2. 2.
    G. Javidi, E. Sheybani, K-12 Cybersecurity education, research, and outreach, in 2018 IEEE Frontiers in Education Conference (FIE), (San Jose, CA, USA, 2018), pp. 1–5Google Scholar
  3. 3.
    J.J. Stephen, S. Savvides, R. Seidel, P. Eugster, Practical confidentiality preserving big data analysis, in 6th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud 14), (Philadelphia, PA, USA, 2014)Google Scholar
  4. 4.
    B. Wang, M. Li, S.S. Chow, H. Li, A tale of two clouds: Computing on data encrypted under multiple keys, in 2014 IEEE Conference on Communications and Network Security (CNS), (San Francisco, CA, USA, 2014), pp. 337–345Google Scholar
  5. 5.
    A. Peter, E. Tews, S. Katzenbeisser, Efficiently outsourcing multiparty computation under multiple keys. IEEE Transactions on Information Forensics and Security (TIFS) 8, 2046–2058 (2013)CrossRefGoogle Scholar
  6. 6.
    X. Liu, R. Choo, R. Deng, R. Lu, J. Weng, Efficient and privacy-preserving outsourced calculation of rational numbers. IEEE Transactions on Dependable and Secure Computing (TDSC) 15, 27–39 (2016)CrossRefGoogle Scholar
  7. 7.
    X. Liu, R. Deng, W. Ding, R. Lu, B. Qin, Privacy-preserving outsourced calculation on floating point numbers. IEEE Transactions on Information Forensics and Security 11, 2513–2527 (2016)CrossRefGoogle Scholar
  8. 8.
    R. Bost, R.A. Popa, S. Tu, S. Goldwasser, Machine learning classification over encrypted data, in NDSS, (San Diego, California, USA, 2015)Google Scholar
  9. 9.
    Z. Yan, P. Zhang, A.V. Vasilakos, A survey on trust management for internet of things. J. Netw. Comput. Appl. 42, 120–134 (2014)CrossRefGoogle Scholar
  10. 10.
    A. Khedr, G. Gulak, SecureMed: Secure medical computation using GPU-accelerated Homomorphic encryption scheme. IEEE Journal of Biomedical & Health Informatics 22, 597–606 (2017)CrossRefGoogle Scholar
  11. 11.
    Z. Brakerski, C. Gentry, V. Vaikuntanathan, (leveled) fully homomorphic encryption without bootstrapping, in Proceedings of the 3rd Innovations in Theoretical Computer Science Conference, (Cambridge, MA, USA, 2012), pp. 309–325Google Scholar
  12. 12.
    C. Gentry, Computing arbitrary functions of encrypted data. Commun. ACM 53, 97–105 (2010)CrossRefGoogle Scholar
  13. 13.
    M. Van Dijk, C. Gentry, S. Halevi, V. Vaikuntanathan, Fully homomorphic encryption over the integers, in Annual International Conference on the Theory and Applications of Cryptographic Techniques, (Riviera, French, 2010), pp. 24–43Google Scholar
  14. 14.
    V.C. Hu, T. Grance, D.F. Ferraiolo, D.R. Kuhn, An access control scheme for big data processing, in 10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, (Chicago, Illinois, USA, 2014), pp. 1–7Google Scholar
  15. 15.
    Z. Yan, W. Ding, V. Niemi, A.V. Vasilakos, Two schemes of privacy-preserving trust evaluation. Future Generation Computer Systems (FGCS) 62, 175–189 (2015)CrossRefGoogle Scholar
  16. 16.
    C. Huang, Z. Yan, N. Li, M. Wang, Secure pervasive social communications based on Trust in a Distributed way. IEEE Access 4, 9225–9238 (2016)CrossRefGoogle Scholar
  17. 17.
    Z. Yan, X. Li, M. Wang, A. Vasilakos, Flexible data access control based on trust and reputation in cloud computing. IEEE Transactions on Cloud Computing 5, 485–498 (2015)CrossRefGoogle Scholar
  18. 18.
    Z. Yan, X. Li, R. Kantola, Controlling cloud data access based on reputation. Mobile Networks and Applications 20, 828–839 (2015)CrossRefGoogle Scholar
  19. 19.
    W. Ding, Z. Yan, R.H. Deng, Encrypted data processing with Homomorphic re-encryption. Inf. Sci. 409, 35–55 (2017)CrossRefGoogle Scholar
  20. 20.
    J. Feng, L.T. Yang, Q. Zhu, K.-K.R. Choo, Privacy-preserving tensor decomposition over encrypted data in a federated cloud environment. IEEE Transactions on Dependable and Secure Computing (2018).
  21. 21.
    L. Kamm, J. Willemson, Secure floating point arithmetic and private satellite collision analysis. Int. J. Inf. Secur. 14, 531–548 (2015)CrossRefGoogle Scholar
  22. 22.
    D. Bogdanov. Sharemind: Programmable Secure Computations With Practical Applications (Tartu University, 2013), PhD ThesisGoogle Scholar
  23. 23.
    J.H. Cheon, J.-S. Coron, J. Kim, M.S. Lee, T. Lepoint, M. Tibouchi, A. Yun, Batch fully homomorphic encryption over the integers, in Annual International Conference on the Theory and Applications of Cryptographic Techniques, (Athens, 2013), pp. 315–335Google Scholar
  24. 24.
    W. Wang, Y. Hu, L. Chen, X. Huang, B. Sunar, Exploring the feasibility of fully homomorphic encryption. IEEE Trans. Comput. 64, 698–706 (2015)CrossRefGoogle Scholar
  25. 25.
    L. Morris, Analysis of partially and fully homomorphic encryption. Rochester Institute of Technology, 1–5 (2013)Google Scholar
  26. 26.
    X. Liu, R.H. Deng, Y. Yang, H.N. Tran, S. Zhong, Hybrid privacy-preserving clinical decision support system in fog–cloud computing. Futur. Gener. Comput. Syst. 78, 825–837 (2017)CrossRefGoogle Scholar
  27. 27.
    Z. Yan, W. Ding, H. Zhu, A scheme to manage encrypted data storage with deduplication in cloud, in International Conference on Algorithms and Architectures for Parallel Processing, (Zhangjiajie, China, 2015), pp. 547–561Google Scholar
  28. 28.
    C. Dong, G. Russello, N. Dulay, Shared and searchable encrypted data for untrusted servers, in IFIP Annual Conference on Data and Applications Security and Privacy, (London, 2008), pp. 127–143Google Scholar
  29. 29.
    W.C. Garrison III, A. Shull, S. Myers, A.J. Lee, On the practicality of cryptographically enforcing dynamic access control policies in the cloud, in 2016 IEEE Symposium on Security and Privacy, (San Jose, 2016), pp. 819–838Google Scholar
  30. 30.
    Z. Tianyi, L. Weidong, S. Jiaxing, An efficient role based access control system for cloud computing, in IEEE 11th International Conference on Computer and Information Technology (CIT), (Paphos, Cyprus, 2011), pp. 97–102Google Scholar
  31. 31.
    J. Bethencourt, A. Sahai, B. Waters, Ciphertext-policy attribute-based encryption, in 2007 IEEE Symposium on Security and Privacy (SP'07), (Oakland, 2007), pp. 321–334Google Scholar
  32. 32.
    V. Goyal, O. Pandey, A. Sahai, B. Waters, Attribute-based encryption for fine-grained access control of encrypted data, in 13th ACM Conference on Computer and Communications Security, (Alexandria, 2006), pp. 89–98Google Scholar
  33. 33.
    S. Yu, C. Wang, K. Ren, W. Lou, Achieving secure, scalable, and fine-grained data access control in cloud computing, in 2010 Proceedings IEEE INFOCOM, (San Diego, 2010), pp. 1–9Google Scholar
  34. 34.
    M. Li, S. Yu, Y. Zheng, K. Ren, W. Lou, Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Transactions on Parallel and Distributed Systems 24, 131–143 (2013)CrossRefGoogle Scholar
  35. 35.
    Z. Wan, J.E. Liu, R.H. Deng, HASBE: A hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE Transactions on Information Forensics and Security (TIFS) 7, 743–754 (2012)CrossRefGoogle Scholar
  36. 36.
    M. Franz, B. Deiseroth, K. Hamacher, S. Jha, S. Katzenbeisser, H. Schröder, Secure computations on non-integer values, in 2010 IEEE International Workshop on Information Forensics and Security, (Seattle, Washington, USA, 2010), pp. 1–6Google Scholar
  37. 37.
    M. Dahl, C. Ning, T. Toft, On secure two-party integer division, in International Conference on Financial Cryptography and Data Security, (Bonaire, 2012), pp. 164–178Google Scholar
  38. 38.
    T. Veugen, Encrypted integer division and secure comparison. International Journal of Applied Cryptography 3, 166–180 (2014)CrossRefGoogle Scholar
  39. 39.
    O. Catrina, A. Saxena, Secure computation with fixed-point numbers, in International Conference on Financial Cryptography and Data Security, (Canary Islands, Spain, 2010), pp. 35–50Google Scholar
  40. 40.
    R. Bhoyar, P. Palsodkar, S. Kakde, Design and implementation of goldschmidts algorithm for floating point division and square root, in International Conference on Communications, (London, 2015), pp. 1588–1592Google Scholar
  41. 41.
    C. Ugwuoke, Z. Erkin, R.L. Lagendijk, Secure fixed-point division for Homomorphically encrypted operands, in Proceedings of the 13th International Conference on Availability, Reliability and Security, (Hamburg, Germany, 2018), pp. 1–10Google Scholar
  42. 42.
    B.K. Samanthula, H. Chun, W. Jiang, An efficient and probabilistic secure bit-decomposition, in Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, (Hangzhou, 2013), pp. 541–546Google Scholar
  43. 43.
    R. Gurnani, K. Pandey, S.K. Rai, A scalable model for implementing cyber security exercises, in 2014 International Conference on Computing for Sustainable Global Development (INDIACom), (New Delhi, 2014), pp. 680–684Google Scholar
  44. 44.
    E. Amankwa, M. Loock, E. Kritzinger, Enhancing information security education and awareness: Proposed characteristics for a model, in 2015 Second International Conference on Information Security and Cyber Forensics (InfoSec), (Cape Town, 2015), pp. 72–77Google Scholar
  45. 45.
    R. Weiss, F. Turbak, J. Mache, M.E. Locasto, Cybersecurity education and assessment in EDURange. IEEE Security & Privacy 15(3), 90–95 (2017)CrossRefGoogle Scholar
  46. 46.
    J. LeClair, K.M. Hollis, D.M. Pheils, Cybersecurity education and training and its reliance on STEAM, in 2014 IEEE Integrated STEM Education Conference, (Princeton, NJ, 2014), pp. 1–5Google Scholar
  47. 47.
    M. Frank, M. Leitner, T. Pahi, Design considerations for cyber security Testbeds: A case study on a cyber security Testbed for education, in 2017 IEEE 15th Intl Conf on Dependable, Autonomic and Secure Computing, 15th Intl Conf on Pervasive Intelligence and Computing, 3rd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech), (Orlando, FL, 2017), pp. 38–46Google Scholar
  48. 48.
    A. M'Baya, J. Laval, N. Moalla, Y. Ouzrout, A. Bouras, Ontology based system to guide internship assignment process, in 2016 12th International Conference on Signal-Image Technology & Internet-Based Systems (SITIS), (Naples, 2016), pp. 589–596Google Scholar
  49. 49.
    F. Ghemri, A. Bouras, Innovative education in cyber security field through collaborative education, in 2018 3rd Technology Innovation Management and Engineering Science International Conference (TIMES-iCON), (Bangkok, Thailand, 2018), pp. 1–5Google Scholar
  50. 50.
    R. Verma, M. Kantarcioglu, D. Marchette, E. Leiss, T. Solorio, Security analytics: Essential data analytics knowledge for Cybersecurity professionals and students. IEEE Security & Privacy 13(6), 60–65 (2015)CrossRefGoogle Scholar
  51. 51.
    W.X. Ding, R. Hu, Z. Yan, X.R. Qian, R.H. Deng, L.T. Yang, M.X. Dong, An extended framework of privacy-preserving computation with flexible access control. IEEE Trans. Netw. Serv. Manag., 1 (2019).
  52. 52.
    W. Ding, Z. Yan, R. Deng, Privacy-preserving data processing with flexible access control. IEEE Transactions on Dependable & Secure Computing 17, 363–376 (2017)CrossRefGoogle Scholar
  53. 53.
    W.X. Ding, Z. Yan, X.R. Qian, R.H. Deng, Computing maximum and minimum with privacy preservation and flexible access control, in IEEE GLOBECOM 2019, (Hawaii, USA, 2019), pp. 1–7Google Scholar
  54. 54.
    P. Paillier, Public-key cryptosystems based on composite degree residuosity classes, in International Conference on the Theory and Applications of Cryptographic Techniques, (Berlin, Germany, 1999), pp. 223–238Google Scholar
  55. 55.
    E. Bresson, D. Catalano, D. Pointcheval, A simple public-key cryptosystem with a double trapdoor decryption mechanism and its applications, in International Conference on the Theory and Application of Cryptology and Information Security, (Berlin, Germany, 2003), pp. 37–54Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Wenxiu Ding
    • 1
  • Xinren Qian
    • 1
  • Rui Hu
    • 1
  • Zheng Yan
    • 1
    • 2
    Email author
  • Robert H. Deng
    • 3
  1. 1.School of Cyber EngineeringXidian UniversityXi’anChina
  2. 2.Department of Communications and NetworkingAalto UniversityEspooFinland
  3. 3.School of Information SystemsSingapore Management UniversitySingaporeSingapore

Personalised recommendations