With the advent of cloud computing and the vast amount of data produced by wearable devices, outsourcing computation has become a widespread practice in delivering health services for both individuals and society. For individuals, this may offer personalised treatment and remote health monitoring based on data collected from a specific individual. For the public, it can contribute to testing new algorithms and tracking disease prevalence by analysing data from multiple individuals. In addition, having access to the outsourced users’ wearable data and the analytic results is crucial for data owners and data requesters such as healthcare providers, researchers, family members and friends.

However, wearable data stored and processed by the cloud may pose a risk to data owners’ privacy and may also result in loss of access control to their data. To reduce these risks and yet support full functionality, healthcare systems demand solutions for privacy-friendly data processing and user-centric data sharing that can support three use cases: (i) data owners (DO) requesting access to their processed data (DO-DO), (ii) data requesters (DRs) requesting data processing of a single data owner (DRs-DO), and (iii) data requesters requesting data processing of multiple data owners (DRs-DOs). According to our literature review, existing works based on single-key homomorphic encryption (HE) and attribute-based encryption (ABE) lack user access control and address the three use cases separately. It is challenging to handle them in a single scheme using single-key HE schemes, as the user’s data should be encrypted with a common key (cloud key) to allow computation over multiple users’ data, which supports only the DRs-DOs case. Furthermore, it may cause privacy issues, and users may lose control of their outsourced sensitive data since they do not have access to the private key. This eliminates DRs-DO and DO-DO use cases support.

This thesis proposes a novel scheme for efficient, flexible, and privacy-friendly wearable data processing with user-centric data sharing that supports three use cases (DO-DO, DRs-DO, DRs-DOs), and yet it is suitable for resource-constrained devices. In particular, our scheme includes three protocol suites (SAMA, SAMM, and SAMD), and each protocol supports a fundamental operation: aggregation, multiplication, and division operations over encrypted data, respectively. Each protocol suite accommodates the three use cases efficiently with user-centric access control capabilities. To achieve this, a multi-key homomorphic cryptosystem is utilised to enable efficient computation of data originating from a single or multiple data owners, while preserving privacy during processing. Second, it uses ciphertext-policy attribute-based encryption to provide fine-grain sharing with multiple data requesters based on user-centric access control.

Through formal security and privacy analyses, we demonstrate that the proposed scheme is secure and achieves data confidentiality and authorisation. Additionally, we analyse the computational cost and communication overhead, and our experimental results indicate that these protocol suites outperform existing state-of-the-art solutions in terms of efficiency, making them well-suited for use in modern healthcare systems.