Privacy-Preserving Service Composition with Enhanced Flexibility and Efficiency

Kevin Theuermann*, Felix Hörandner, Andreas Abraham, Dominik Ziegler

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review


Service compositions are implemented through the interplay
between actors of different organizations. Many composition systems use
a middleware, which coordinates the service calls according to specified
workflows. These middlewares pose a certain privacy issue, since they may
read all the exchanged data. Furthermore, service compositions may require
that only selected subsets of data that was initially supplied by the user are
disclosed to the receiving actors. Traditional public key encryption only
allows encryption for a particular party and lack of the ability to efficiently
define more expressive access controls for a one-to-many communication.
Besides privacy-preserving requirements, it may be necessary for participants
in service compositions to be able to verify which actor has modified or
added data during a process to ensure accountability of performed actions.
This paper introduces a concept for efficient, privacy-preserving service
composition using attribute-based encryption in combination with outsourced
decryption as well as collaborative key management. Our concept enables
end-to-end confidentiality and integrity in a one-to-many communication using
fine-grained access controls, while minimizing the decryption effort for devices
with low calculation capacity, which enables to use smartphones at the
client side. The feasibility of the proposed solution is demonstrated by an
implemented proof-of-concept including a performance evaluation.
Original languageEnglish
Title of host publicationTrust, Privacy and Security in Digital Business - 17th International Conference, TrustBus 2020, Proceedings
Subtitle of host publication17th International Conference, TrustBus 2020 Bratislava, Slovakia, September 14–17, 2020 Proceedings
EditorsStefanos Gritzalis, Edgar R. Weippl, Gabriele Kotsis, Ismail Khalil, A Min Tjoa
Number of pages16
ISBN (Electronic)978-3-030-58986-8
ISBN (Print)978-3-030-58985-1
Publication statusPublished - 14 Sept 2020
Event17th International Conference on Trust, Privacy and Security in Digital Business: TrustBus 2020 - Virtuell, Virtuell, Slovakia
Duration: 14 Sept 202017 Sept 2020

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12395 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference17th International Conference on Trust, Privacy and Security in Digital Business
OtherTrustBus 2020 Bratislava, Slovakia, September 14–17, 2020 Proceedings


  • Confidentiality
  • Efficiency
  • Integrity
  • Privacy

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this