Efficient Privacy-Friendly and Flexible IoT Data Aggregation with User-Centric Access Control

This paper proposes a novel efficient and privacy-preserving scheme, named SAMA, designed to support secure aggregation and sharing of data intended for users and multiple data recipients and fine-grain access control based on a user-centric approach. It achieves this by deploying two key ideas. First, it uses a multi-key homomorphic cryptosystem to allow flexibility in accommodating both single and multi-user data processing as well as preserving the privacy of users while processing their IoT health data. Second, it uses ciphertext-policy attribute-based encryption to support flexible access control, which ensures users are able to grant data access securely and selectively. Formal security and privacy analyses show that SAMA supports data confidentiality and authorisation. The scheme has also been analysed in terms of computational and communication overheads to demonstrate that it is more efficient than the relevant state-of-the-art solutions.