Secure decision tree classification with decentralized authorization and access control

Abstract

Outsourcing decision tree classification services to the cloud is highly beneficial, yet raises critical privacy problems. In order to preserve data privacy, data owners may choose to upload encrypted data rather than raw data to the classification services. However, these solutions adopted today for encrypted data classification not only fall short in system flexibility and scalability, but also face the single point of failure problem. In this paper, we design, implement, and evaluate a secure decision tree classification scheme that allows decentralized authorization and access control service (SDTC-DAAC). Firstly, we propose a new framework that decouples data encryption and data computation logic to achieve the separation of data storage and computation, which significantly improves upon the flexibility and effectiveness, thus achieving cross-system compatibility requirements. Secondly, we present an end-to-end encrypted access control mechanism which enables authorized users from different parties to participate in calculations together. Finally, we further devise a scheme which serves decentralized storage service of data access control policies and access authorization without trusted intermediaries. Extensive property and performance analysis shows that SDTC-DAAC is effectiveness, as well as satisfying the security requirements for data privacy in an outsourcing environment.