{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,11]],"date-time":"2026-04-11T05:49:58Z","timestamp":1775886598544,"version":"3.50.1"},"reference-count":44,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2025,1,22]],"date-time":"2025-01-22T00:00:00Z","timestamp":1737504000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2025,1,22]],"date-time":"2025-01-22T00:00:00Z","timestamp":1737504000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/100018693","name":"HORIZON EUROPE Framework Programme","doi-asserted-by":"publisher","award":["101091885"],"award-info":[{"award-number":["101091885"]}],"id":[{"id":"10.13039\/100018693","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"abstract":"<jats:title>Abstract<\/jats:title>\n          <jats:p>Authentication and access control for Cyber-Physical Systems (CPSs) are pivotal for protecting systems and their users from problems related to harmful actions and the malicious use of retrieved data. In some situations, making access decisions requires using user information, thereby challenging their privacy. Attribute-based access control (ABAC) supports dynamic and context-aware access decisions that are attractive in cyber-physical system environments. However, privacy preservation for access decisions is an open issue for authorization and is not supported by existing ABAC models. For example, if access decisions need to be made based on private attribute values such as health data, the corresponding access control policies need to be revealed. This paper reviews the ABAC, homomorphic encryption (HE), and zero-knowledge proof (ZKP) approaches, confirming the gap in privacy preservation in ABAC. Based on this observation, we further present the application of a new ZKP-based protocol in which ABAC allows for the privacy-preserving evaluation of attributes. This protocol is implemented and evaluated in terms of its performance and security. The evaluation demonstrates that there is a possibility for privacy-preserving ABAC, which may benefit the use of CPS, e.g., in underground and open-pit mines.<\/jats:p>","DOI":"10.1186\/s42400-024-00323-8","type":"journal-article","created":{"date-parts":[[2025,1,22]],"date-time":"2025-01-22T01:02:51Z","timestamp":1737507771000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":9,"title":["Privacy-preserving attribute-based access control using homomorphic encryption"],"prefix":"10.1186","volume":"8","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-9960-7489","authenticated-orcid":false,"given":"Malte","family":"Kerl","sequence":"first","affiliation":[]},{"given":"Ulf","family":"Bodin","sequence":"additional","affiliation":[]},{"given":"Olov","family":"Schel\u00e9n","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,1,22]]},"reference":[{"key":"323_CR1","doi-asserted-by":"publisher","unstructured":"Anderson R, et al. (2013) \u201cMeasuring the cost of cybercrime\u201d. In: The Economics of Information Security and Privacy. Ed. by Rainer B\u00f6hme. Berlin, Heidelberg: Springer Berlin Heidelberg, 265\u2013300. isbn: 978-3-642-39498-0. https:\/\/doi.org\/10.1007\/978-3-642-39498-0_12","DOI":"10.1007\/978-3-642-39498-0_12"},{"issue":"5","key":"323_CR2","first-page":"1333","volume":"13","author":"Yoshinori Aono","year":"2017","unstructured":"Aono Yoshinori et al (2017) Privacy-preserving deep learning via additively homomorphic encryption. IEEE Trans Inf Foren Secur 13(5):1333\u20131345","journal-title":"IEEE Trans Inf Foren Secur"},{"key":"323_CR3","unstructured":"Armknecht F, et al. (2015) A Guide to Fully Homomorphic Encryption. Cryptology ePrint Archive, Paper 2015\/1192. https:\/\/eprint.iacr.org\/2015\/1192"},{"key":"323_CR4","doi-asserted-by":"publisher","first-page":"1321","DOI":"10.1016\/j.jaci.2023.04.015","volume":"152","author":"BM Byrwa-Hill","year":"2023","unstructured":"Byrwa-Hill BM et al (2023) Living in environmental justice areas worsens asthma severity and control: Differential interactions with disease duration, age at onset, and pollution. Journal of Allergy and Clinical Immunology 152:1321\u20131329. https:\/\/doi.org\/10.1016\/j.jaci.2023.04.015","journal-title":"Journal of Allergy and Clinical Immunology"},{"key":"323_CR5","unstructured":"CSIRO\u2019s Data61. (2013) Python Paillier Library. https:\/\/github.com\/data61\/python-paillier"},{"key":"323_CR6","unstructured":"Chiquito A (2022) \u201cAttribute-based approaches for secure data sharing in industry\u201d. Licentiate Thesis. Lule\u00e5 University of Technology, Embedded Internet Systems Lab. isbn: 978-91-8048-093-2"},{"key":"323_CR7","doi-asserted-by":"publisher","unstructured":"Chiquito A, Bodin U, Schel\u00e9n O (2020) \u201cAccess control model for time series databases using NGAC\u201d. 2020 25th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA). 1, 1001\u20131004. https:\/\/doi.org\/10.1109\/ETFA46521.2020.9211947","DOI":"10.1109\/ETFA46521.2020.9211947"},{"key":"323_CR8","doi-asserted-by":"publisher","first-page":"3004","DOI":"10.1109\/IECON.2019.8927590","volume":"1","author":"Matthias Eckhart","year":"2019","unstructured":"Eckhart Matthias et al (2019) Security development lifecycle for cyber physical production systems. IECON 2019 45th Annual Conf IEEE Indust Electron Soc 1:3004\u20133011. https:\/\/doi.org\/10.1109\/IECON.2019.8927590","journal-title":"IECON 2019 45th Annual Conf IEEE Indust Electron Soc"},{"key":"323_CR9","doi-asserted-by":"crossref","unstructured":"Esmaeeli A, Shahriari HR (2010) \u201cPrivacy protection of grid service requesters through distributed attribute based access control model\u201d. Advances in Grid and Pervasive Computing: 5th International Conference, GPC 2010, Hualien, Taiwan, May 10-13, 2010. Proceedings 5. Springer. 573\u2013582","DOI":"10.1007\/978-3-642-13067-0_59"},{"key":"323_CR10","unstructured":"Ferraiolo D, Feldman L, Witte G (2016) Exploring the next generation of access control methodologies. en. https:\/\/tsapps.nist.gov\/publication\/get_pdf.cfm?pub_id=922332"},{"key":"323_CR11","unstructured":"Ferraiolo D, Kuhn R (1992) \u201cRole-based access controls\u201d. In: 15th National computer security conference (NCSC). Baltimore, Maryland, United States: publisher, 1992, 554\u2013563. https:\/\/csrc.nist.gov\/publications\/detail\/conference-paper\/1992\/10\/13\/role-based-access-controls"},{"key":"323_CR12","doi-asserted-by":"publisher","unstructured":"Ferraiolo D et al. (2016) \u201cExtensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC)\u201d. In: Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control. ABAC \u201916. New Orleans, Louisiana, USA: Association for Computing Machinery, 13\u201324. isbn: 9781450340793. https:\/\/doi.org\/10.1145\/2875491.2875496","DOI":"10.1145\/2875491.2875496"},{"key":"323_CR13","doi-asserted-by":"crossref","unstructured":"Fugkeaw S, Sato H (2016)\u201cUpdating policies in cp-abe-based access control: an optimized and secure service\u201d. In: Service-Oriented and Cloud Computing: 5th IFIP WG 2.14 European Conference, ESOCC 2016, Vienna, Austria, September 5-7, 2016, Proceedings 5. Springer. 3 17","DOI":"10.1007\/978-3-319-44482-6_1"},{"issue":"6","key":"323_CR14","doi-asserted-by":"publisher","first-page":"5784","DOI":"10.1109\/TVT.2020.2967099","volume":"69","author":"S Gao","year":"2020","unstructured":"Gao Sheng et al (2020) TrustAccess: A Trustworthy Secure Ciphertext-Policy and Attribute Hiding Access Control Scheme Based on Blockchain. IEEE Transactions on Vehicular Technology 69(6):5784\u20135798. https:\/\/doi.org\/10.1109\/TVT.2020.2967099","journal-title":"IEEE Transactions on Vehicular Technology"},{"key":"323_CR15","unstructured":"Gentry Craig (2009) \u201cA fully homomorphic encryption scheme\u201d. URL: crypto.stanford.edu\/craig. PhD thesis. Stanford University"},{"issue":"4","key":"323_CR16","doi-asserted-by":"publisher","first-page":"205","DOI":"10.1016\/S0020-0190(98)00116-1","volume":"67","author":"O Goldreich","year":"1998","unstructured":"Goldreich O, H\u00e5stad Johan (1998) On the Complexity of Interactive Proofs with Bounded Communication. Inf Process Lett 67(4):205\u2013214","journal-title":"Inf Process Lett"},{"key":"323_CR17","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-81089-4","volume-title":"Access control models and architectures for IoT and cyber physical systems","author":"M Gupta","year":"2022","unstructured":"Gupta M et al (2022) Access control models and architectures for IoT and cyber physical systems. Springer, Chem"},{"issue":"3","key":"323_CR18","doi-asserted-by":"publisher","first-page":"686","DOI":"10.1183\/09031936.98.11030686","volume":"11","author":"TJ Hiltermann","year":"1998","unstructured":"Hiltermann TJ et al (1998) Asthma severity and susceptibility to air pollution. Europ Res J 11(3):686\u2013693","journal-title":"Europ Res J"},{"issue":"162","key":"323_CR19","first-page":"1","volume":"800","author":"VC Hu","year":"2013","unstructured":"Hu VC et al (2013) Guide to attribute based access control (ABAC) definition and considerations (draft). NIST Special Publication 800(162):1\u201354","journal-title":"NIST Special Publication"},{"key":"323_CR20","unstructured":"INCITTIS Standrad (2020) \u201cNext Generation Access Control\u201d. https:\/\/standards.incits.org\/apps\/group_public\/project\/details.php?project_id=2328"},{"key":"323_CR21","doi-asserted-by":"publisher","unstructured":"Irwin K, Yu T (2005) \u201cPreventing attribute information leakage in automated trust negotiation\u201d. In: Proceedings of the 12th ACM Conference on Computer and Communications Security. CCS \u201905. Alexandria, VA, USA: Association for Computing Machinery, 36\u201345. isbn: 1595932267. https:\/\/doi.org\/10.1145\/1102120.1102128","DOI":"10.1145\/1102120.1102128"},{"key":"323_CR22","volume-title":"Decentralizing attribute-based encryption Annual international conference on the theory and applications of cryptographic techniques","author":"A Lewko","year":"2011","unstructured":"Lewko A, Waters B (2011) Decentralizing attribute-based encryption Annual international conference on the theory and applications of cryptographic techniques. Springer, Berlin Heidelberg"},{"issue":"2","key":"323_CR23","doi-asserted-by":"publisher","first-page":"1767","DOI":"10.1109\/JSYST.2017.2667679","volume":"12","author":"Jiguo Li","year":"2018","unstructured":"Li Jiguo et al (2018) User collusion avoidance CP-ABE with efficient attribute revocation for cloud storage. IEEE Syst J 12(2):1767\u20131777. https:\/\/doi.org\/10.1109\/JSYST.2017.2667679","journal-title":"IEEE Syst J"},{"key":"323_CR24","doi-asserted-by":"crossref","unstructured":"Li X et al. (2024) \u201cMake Revocation Cheaper: hardware-based revocable attribute-based encryption\u201d. In: 2024 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society. 100\u2013100","DOI":"10.1109\/SP54263.2024.00100"},{"key":"323_CR25","doi-asserted-by":"publisher","unstructured":"Li Y, Liu Q (2021) \u201cA comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments\u201d. In: Energy Reports 7, 8176\u20138186. issn: 2352-4847. https:\/\/doi.org\/10.1016\/j.egyr.2021.08.126. https:\/\/www.sciencedirect.com\/science\/article\/pii\/S2352484721007289","DOI":"10.1016\/j.egyr.2021.08.126"},{"issue":"2","key":"323_CR26","doi-asserted-by":"publisher","first-page":"100","DOI":"10.1016\/j.cdtm.2021.04.003","volume":"7","author":"L Madaniyazi","year":"2021","unstructured":"Madaniyazi L, Xerxes S (2021) Outdoor air pollution and the onset and exacerbation of asthma. Chronic Diseases Trans Med 7(2):100\u2013106. https:\/\/doi.org\/10.1016\/j.cdtm.2021.04.003","journal-title":"Chronic Diseases Trans Med"},{"key":"323_CR27","doi-asserted-by":"publisher","unstructured":"Munilla GG, Sedlmeir J, Babel M (2022) \u201cTowards verifiable differentially-private polling\u201d. In: Proceedings of the 17th International Conference on Availability, Reliability and Security. ARES \u201922. Vienna, Austria: Association for Computing Machinery. isbn: 9781450396707. https:\/\/doi.org\/10.1145\/3538969.3538992","DOI":"10.1145\/3538969.3538992"},{"key":"323_CR28","unstructured":"OASIS Standard (2013) \u201cextensible access control markup language (xacml) version 3.0\u201d. In: A:(22 January 2013). http:\/\/docs.oasis-open.org\/xacml\/3.0\/xacml-3.0-core-spec-os-en.html"},{"key":"323_CR29","volume-title":"Public-key cryptosystems based on composite degree residuosity classes International conference on the theory and","author":"P Paillier","year":"1999","unstructured":"Paillier P (1999) Public-key cryptosystems based on composite degree residuosity classes International conference on the theory and. Springer, Berlin Heidelberg"},{"issue":"4","key":"323_CR30","doi-asserted-by":"publisher","first-page":"286","DOI":"10.1504\/IJGUC.2014.065372","volume":"5","author":"SM Park","year":"2014","unstructured":"Park SM, Chung SM (2014) Privacy-preserving attribute-based access control for grid computing. Int J Grid Utilit Comput 5(4):286\u2013296","journal-title":"Int J Grid Utilit Comput"},{"key":"323_CR31","doi-asserted-by":"crossref","unstructured":"Put A, De DB (2017) \u201cAttribute-based privacy-friendly access control with context\u201d. In: E-Business and Telecommunications: 13th International Joint Conference, ICETE 2016, Lisbon, Portugal, July 26-28, 2016, Revised Selected Papers 13. Springer. 291\u2013315","DOI":"10.1007\/978-3-319-67876-4_14"},{"key":"323_CR32","doi-asserted-by":"crossref","unstructured":"Put A , De DB(2016) \u201cPACCo: Privacy-friendly Access Control with Context.\u201d In: SECRYPT. 159\u2013170","DOI":"10.5220\/0005969501590170"},{"key":"323_CR33","doi-asserted-by":"crossref","unstructured":"Quisquater JJ t al. (1990) \u201cHow to Explain zero-knowledge protocols to your children\u201d. In: Advances in Cryptology \u2014 CRYPTO\u2019 89 Proceedings. Ed. by Gilles Brassard. New York, NY: Springer New York, 628\u2013631. isbn: 978-0-387-34805-6","DOI":"10.1007\/0-387-34805-0_60"},{"issue":"2","key":"323_CR34","doi-asserted-by":"publisher","first-page":"120","DOI":"10.1145\/359340.359342","volume":"21","author":"RL Rivest","year":"1978","unstructured":"Rivest RL, Shamir A, Adleman L (1978) A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2):120\u2013126. https:\/\/doi.org\/10.1145\/359340.359342","journal-title":"Commun. ACM"},{"key":"323_CR35","volume-title":"Advances in Cryptology - EUROCRYPT 2005","author":"A Sahai","year":"2005","unstructured":"Sahai A, Waters B (2005) Fuzzy Identity-Based Encryption. In: Cramer Ronald (ed) Advances in Cryptology - EUROCRYPT 2005. Springer, Heidelberg"},{"key":"323_CR36","doi-asserted-by":"crossref","unstructured":"Sahai A, Seyalioglu H, Waters B 2012)\u201cDynamic credentials and ciphertext delegation for attribute-based encryption\u201d. In: Advances in Cryptology\u2013CRYPTO 2012: 32nd Annual Cryptology Conference, Santa Barbara, CA, USA, August 19-23. Proceedings. Springer. 2012, 199\u2013217","DOI":"10.1007\/978-3-642-32009-5_13"},{"issue":"9","key":"323_CR37","doi-asserted-by":"publisher","first-page":"1278","DOI":"10.1109\/PROC.1975.9939","volume":"63","author":"JH Saltzer","year":"1975","unstructured":"Saltzer JH, Schroeder MD (1975) The protection of information in computer systems. Procee IEEE 63(9):1278\u20131308. https:\/\/doi.org\/10.1109\/PROC.1975.9939","journal-title":"Procee IEEE"},{"key":"323_CR38","doi-asserted-by":"publisher","unstructured":"Sanders MW, Yue C (2019) \u201cMining Least Privilege Attribute Based Access Control Policies\u201d. In: Proceedings of the 35th Annual Computer Security Applications Conference. ACSAC \u201919. San Juan, Puerto Rico, USA: Association for Computing Machinery, 404\u2013416. isbn: 9781450376280. https:\/\/doi.org\/10.1145\/3359789.3359805","DOI":"10.1145\/3359789.3359805"},{"issue":"17","key":"323_CR39","doi-asserted-by":"publisher","first-page":"6212","DOI":"10.3390\/ijerph17176212","volume":"17","author":"I Tiotiu","year":"2020","unstructured":"Tiotiu I et al (2020) Impact of air pollution on asthma outcomes. International journal of environmental research and public health 17(17):6212","journal-title":"International journal of environmental research and public health"},{"issue":"3","key":"323_CR40","doi-asserted-by":"publisher","first-page":"992","DOI":"10.3390\/ijerph18030992","volume":"18","author":"A Tiotiu","year":"2021","unstructured":"Tiotiu A et al (2021) The impact of tobacco smoking on adult asthma outcomes. Int Jo Environ Res Public Health 18(3):992","journal-title":"Int Jo Environ Res Public Health"},{"key":"323_CR41","doi-asserted-by":"publisher","unstructured":"Torres MR, et al. (2019) \u201cOLYMPUS: towards Oblivious identitY Management for Private and User-friendly Services\u201d. In: 2019 Global IoT Summit (GIoTS). 1\u20136. https:\/\/doi.org\/10.1109\/GIOTS.2019.8766357","DOI":"10.1109\/GIOTS.2019.8766357"},{"key":"323_CR42","doi-asserted-by":"publisher","first-page":"98169","DOI":"10.1109\/ACCESS.2021.3093327","volume":"9","author":"S VattaparambilSudarsan","year":"2021","unstructured":"VattaparambilSudarsan S, Schel\u00e9n O, Bodin U (2021) Survey on delegated and self-contained authorization techniques in CPS and IoT. IEEE Access 9:98169\u201398184. https:\/\/doi.org\/10.1109\/ACCESS.2021.3093327","journal-title":"IEEE Access"},{"key":"323_CR43","doi-asserted-by":"publisher","unstructured":"Xu Y et al. (2020) \u201cAn efficient privacy-enhanced attribute-based access control mechanism\u201d. Concurrency and Computation: Practice and Experience 32(5), e5556 cpe.5556, e5556. https:\/\/doi.org\/10.1002\/cpe.5556","DOI":"10.1002\/cpe.5556"},{"key":"323_CR44","doi-asserted-by":"crossref","unstructured":"Zhang G, Liu J, Liu J (2013) \u201cProtecting sensitive attributes in attribute based access control\u201d. In: Service-Oriented Computing-ICSOC 2012 Workshops: ICSOC 2012, International Workshops ASC, DISA, PAASC, SCEB, SeMaPS, WESOA, and Satellite Events, Shanghai, China, November 12-15, 2012, Revised Selected Papers 10. Springer. 294\u2013305","DOI":"10.1007\/978-3-642-37804-1_30"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-024-00323-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-024-00323-8\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-024-00323-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,22]],"date-time":"2025-01-22T01:03:14Z","timestamp":1737507794000},"score":1,"resource":{"primary":{"URL":"https:\/\/cybersecurity.springeropen.com\/articles\/10.1186\/s42400-024-00323-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,1,22]]},"references-count":44,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2025,12]]}},"alternative-id":["323"],"URL":"https:\/\/doi.org\/10.1186\/s42400-024-00323-8","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,1,22]]},"assertion":[{"value":"2 January 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"12 June 2024","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"22 January 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no Competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"5"}}