Back
JPJ2501-A CCA-Secure Puncturable

A CCA-Secure Puncturable Attribute-Based Proxy Re-Encryption Scheme

A CCA-Secure Puncturable Attribute-Based Proxy Re-Encryption Scheme

OUR PROPOSED PROJECT TITLE:

Puncturable AB-PRE: A Lightweight and Secure Framework for Dynamic Privilege Management in Cloud-Assisted IoT

IEEE BASE PAPER ABSTRACT:

With the rapid development of the Internet of Things (IoT) and the increase in the number of various sensor devices, there is an increasingly urgent need for cross-domain sharing of massive data in scenarios, such as industrial control and smart healthcare, while the limitations of traditional encryption mechanisms in terms of interdomain segregation and dynamic privilege management have made proxy re-encryption (PRE) technology the core solution to address the secure flow of cross-domain data. Among them, attribute-based PRE is a promising approach. However, the existing schemes suffer from the inefficiency of interdomain transformation and the lack of dynamic privilege revocation mechanism which is crucial for data sharing systems. Therefore, in this article, we propose an efficient PRE scheme that supports dynamic privilege management and realizes secure cross-domain conversion from identity-based encryption (IBE) to attribute-based encryption (ABE). In this scheme, data is first encrypted by IBE mechanism and uploaded to a semi-trusted proxy server for storage, and the data owner can authorize the proxy server to convert the ciphertext to ABE ciphertext. Notably, our scheme achieves real-time updating of keys through an attribute revocation algorithm, which ensures that historical data cannot be decrypted after authorization changes and satisfies forward security. Meanwhile, the solution builds anti-collusion mechanism by jointly generating re-encryption key by the data owner and proxy server, which effectively protects against the joint attack of malicious users and proxy server, and prevents unauthorized users from decrypting the ciphertext. In addition, the computational burden is out-sourced to the proxy server, and the user only needs to perform lightweight operations, which significantly reduces the computational overhead of the data owner in data sharing. Formal security proofs show that the scheme is indistinguishable under the chosen ciphertext attack (CCA) model (indistinguishability under CCA). Theoretical analysis and experimental results show that the structure is more efficient than previous schemes.

PROJECT OUTPUT VIDEO:

OUR PROPOSED PROJECT ABSTRACT:

The rapid growth of cloud computing and distributed data sharing platforms has created significant challenges in ensuring secure, fine-grained, and flexible access control over outsourced data. Traditional encryption mechanisms provide confidentiality but lack dynamic access management and efficient delegation capabilities. To address these limitations, advanced cryptographic frameworks such as Attribute-Based Encryption (ABE) and Proxy Re-Encryption (PRE) have emerged. However, ensuring strong security against adaptive attacks particularly Chosen Ciphertext Attacks (CCA) while supporting dynamic user revocation remains a complex research problem. The project titled “A CCA-Secure Puncturable Attribute-Based Proxy Re-Encryption Scheme” focuses on designing and implementing a secure data sharing model that combines attribute-based access control, proxy-based delegation, and puncturable revocation under a CCA-secure cryptographic setting.

The need for this system arises from real-world scenarios where sensitive data is stored in semi-trusted cloud environments and must be shared selectively among multiple users. Organizations require mechanisms that allow data owners to define access policies based on user attributes (such as role, department, or designation) while also enabling secure re-sharing without exposing original encryption keys. Additionally, when a user’s privileges change or are revoked, the system must prevent both future and past data access. Conventional encryption systems fail to provide efficient revocation and re-encryption without significant overhead. Hence, integrating puncturable cryptography with proxy re-encryption becomes essential to achieve scalable, secure, and policy-driven data sharing.

The developed system is implemented using Java as the core programming language, with JSP, CSS, and JavaScript forming the frontend interface and MySQL managing secure data and attribute storage. The system supports dual-role registration where users enroll either as Data Owners or Data Users. During the upload phase, the Data Owner encrypts files using the AES algorithm to ensure high-performance symmetric encryption for file contents. The generated AES key is then further protected through the project’s identity-based attribute encryption mechanism implemented in the Java backend, ensuring that only policy-authorized users can retrieve the decryption key.

In the sharing workflow, when a Data User requests access to a file, the Proxy module developed in Java performs attribute verification by matching the user’s stored attributes in the MySQL database against the access policy defined by the Data Owner. If the attributes satisfy the policy, the proxy executes the re-encryption logic without revealing the original secret keys, thereby enabling secure delegation. The system also incorporates a robust revocation mechanism. When an administrator removes or modifies a user attribute, the puncture algorithm is triggered, updating the stored cryptographic keys in the database. This process ensures that revoked users lose the ability to decrypt previously accessible files, thereby enforcing both forward and backward access security.

Overall, the proposed system delivers a CCA-secure, fine-grained, and dynamically revocable data sharing framework that integrates AES-based file encryption with puncturable attribute-based proxy re-encryption. The implementation demonstrates how advanced cryptographic research concepts can be transformed into a practical, scalable, and secure enterprise-ready data protection solution using Java web technologies.

EXISTING SYSTEM:

  • The ABE has become a promising solution for encrypted data access control in clouds due to the ability to achieve one-to-many encrypted data sharing. ABE is divided into two types: key-policy ABE (KP-ABE) and ciphertext-policy (CP-ABE), depending on whether the access structure belongs to the private key or ciphertext. However, CP-ABE depends on a central trusted authority to generate and distribute decryption keys, resulting in the key escrow issue.
  • Hohenberger et al. introduced registered ABE scheme at Eurocrypt. In this scheme, the key escrow problem is completely solved by having users generate their own keys, with the key manager containing no keys and only responsible for centrally managing all users. However, similar to CP-ABE, this approach incurs significant computational overhead during encryption and decryption. Subsequently, many improved registration-based encryption schemes were proposed which improved the scheme in terms of computational overhead, efficiency, specific application scenarios, and other aspects.
  • In the existing public key encryption systems, if data owner Alice wants to share the encrypted data with Bob, she usually needs to download the ciphertext first, decrypt it using her private key, and then re-encrypt it with Bob’s public key before sending it. This approach is not only inefficient, but also faces serious security risks in cloud environments-Alice’s private key may be exposed to untrusted cloud servers during the decryption process.

DISADVANTAGES OF EXISTING SYSTEM:

  • Inefficient Dynamic Privilege Management: The most significant drawback of existing Proxy Re-Encryption (PRE) schemes is their inability to handle real-time privilege changes. Traditional systems often rely on periodic full-key updates, which are slow and cannot respond immediately to events like user attribute failures or personnel changes. This delay creates a window of vulnerability where a user whose access should have been revoked can still decrypt historical data, thereby undermining the forward security of the system.
  • High Computational Overhead for IoT Devices: Many existing Attribute-Based Encryption (ABE) schemes rely heavily on bilinear pairing operations, which are computationally expensive. For resource-constrained IoT devices—such as wearable sensors or edge nodes—performing these complex operations during the initial encryption phase creates a significant bottleneck. Even when a proxy is used, many existing re-encryption processes still impose a heavy burden on the data owner’s side, making them unsuitable for low-power hardware.
  • Vulnerability to Practical Security Threats: A major portion of existing cryptographic constructs for data sharing are only proven secure under the Chosen Plaintext Attack (CPA) model. While CPA security is a baseline, it is often insufficient for real-world scenarios involving complex security threats. These systems are frequently unable to withstand the more rigorous and practical Chosen Ciphertext Attack (CCA), where an adversary might try to gain information by observing how a system responds to modified ciphertexts.
  • Lack of Robust Revocation and Collusion Resistance: Existing Attribute-Based Proxy Re-Encryption (ABPRE) works frequently fail to consider the specific revocation issues of sharing users, which is a critical requirement for cross-domain data flow. Furthermore, many traditional systems lack effective anti-collusion mechanisms. This means that if a malicious proxy server colludes with an unauthorized user, they might be able to combine their information to bypass access controls and decrypt sensitive data.

PROPOSED SYSTEM:

  • The proposed system presents a secure and efficient implementation of a CCA-Secure Puncturable Attribute-Based Proxy Re-Encryption Scheme designed to enable controlled data sharing in cloud and distributed environments. The system is developed using Java as the core programming language, with JSP, CSS, and JavaScript for the frontend interface and MySQL as the backend database. It integrates symmetric encryption with advanced attribute-based cryptographic techniques to ensure confidentiality, policy-based access control, and secure delegation of encrypted data. The architecture is designed to support multiple user roles, structured workflows, and dynamic key management while maintaining strong ciphertext security.
  • The proposed system begins with a structured user registration module where participants enroll either as Data Owners or Data Users. During registration, user credentials and attribute details are securely stored in the MySQL database. These attributes play a vital role in defining access permissions and are later used in policy verification during secure data sharing. The administrative authority manages user roles, monitors activities, and maintains attribute assignments required for controlled access operations.
  • In the data upload module, the Data Owner encrypts files locally using the AES algorithm, ensuring fast and secure symmetric encryption for file contents. AES is selected for its computational efficiency and suitability for encrypting large data files. After file encryption, the generated AES secret key is further secured through the identity-based encryption mechanism implemented in the Java backend. This dual-layer encryption approach ensures that even if encrypted files are accessed, the protected AES key remains secure unless proper authorization is granted.
  • The secure sharing module is governed by proxy re-encryption logic implemented at the server side. When a Data User requests access to a file, the Proxy component evaluates the request by verifying whether the user’s stored attributes match the access policy defined by the Data Owner. If the attribute conditions are satisfied, the proxy performs ciphertext transformation without exposing the original encryption key or plaintext data. This enables secure delegation and controlled data dissemination while preserving end-to-end encryption.
  • The proposed system also incorporates a puncturable revocation mechanism for dynamic access control. When an administrator modifies or removes a user attribute, the revocation process is triggered automatically. The puncture algorithm updates the relevant cryptographic keys stored in the MySQL database, ensuring that the affected user can no longer decrypt previously accessible files. This mechanism enforces strict policy compliance and maintains secure data boundaries even after privilege changes.
  • From an implementation perspective, the system follows a layered workflow integrating encryption, proxy transformation, attribute verification, and revocation handling. The Java backend manages cryptographic processing, proxy operations, and key updates, while the JSP-based frontend provides user interaction interfaces for registration, upload, request, and administration. Through this structured design, the proposed system operationalizes advanced cryptographic concepts into a practical web-based secure data sharing platform without compromising security enforcement or workflow control.

ADVANTAGES OF PROPOSED SYSTEM:

  • Strong Data Confidentiality: The proposed system ensures high levels of data confidentiality through a dual-layer encryption approach. Files are encrypted using the AES symmetric algorithm, while the AES secret key is further protected using identity-based cryptographic techniques. This layered protection prevents unauthorized disclosure of both file content and encryption keys, even if storage servers are compromised.
  • CCA-Level Security Protection: The system is designed to be secure against Chosen Ciphertext Attacks (CCA), one of the strongest practical attack models in cryptography. This ensures that attackers cannot manipulate ciphertexts or exploit decryption queries to infer plaintext information, thereby strengthening the overall resilience of the data sharing framework.
  • Fine-Grained Access Control: Access to encrypted files is governed through attribute-based policies. Data Owners can define specific attribute conditions (such as role, designation, or group membership) that must be satisfied before data access is granted. This enables precise, policy-driven authorization rather than simple identity-based sharing.
  • Secure Proxy-Based Delegation: The proxy re-encryption mechanism enables secure data sharing without exposing original encryption keys. The proxy transforms ciphertexts for authorized users without learning the plaintext. This allows safe delegation of sharing responsibilities while maintaining end-to-end encryption.
  • Efficient File Encryption Using AES: The use of AES for file encryption provides high performance and faster processing, especially for large files. Compared to applying complex public-key encryption directly on files, AES reduces computational overhead while maintaining strong security.
  • Dynamic Attribute Revocation: The proposed system supports real-time revocation through the puncturable encryption mechanism. When user attributes are removed or modified, cryptographic keys are updated automatically. This prevents revoked users from decrypting both current and previously shared data, ensuring continuous enforcement of access policies.
  • Forward Security Enforcement: Through puncturing and key update processes, the system maintains forward security. Users whose permissions are revoked cannot access future ciphertexts, even if they retain older keys, thereby preserving long-term data confidentiality.
  • Reduced Burden on Data Owners: Complex re-encryption and transformation computations are delegated to the proxy server. This minimizes the cryptographic workload on Data Owners, allowing them to upload and share encrypted data without performing repeated heavy computations.
  • Secure Key Management Structure: The integration of identity-based encryption with attribute-based controls simplifies secure key distribution while maintaining policy enforcement. Keys are generated, stored, and updated systematically within the backend, ensuring controlled cryptographic governance.
  • Scalable for Multi-User Environments: The architecture supports multiple Data Owners and Data Users simultaneously. Attribute policies and proxy-based sharing enable scalable data dissemination across departments, organizations, or cloud tenants without compromising security controls.
  • Protection Against Collusion Attacks: The cryptographic design prevents unauthorized access even if malicious users attempt to combine their attributes or collude with the proxy server. Ciphertext transformation and decryption remain bound to legitimate attribute satisfaction.
  • Structured Web-Based Implementation: The integration of Java, JSP, CSS, JavaScript, and MySQL provide a practical and deployable web platform. Users can securely register, upload, request, and manage encrypted data through an interactive interface backed by strong cryptographic enforcement.

SYSTEM REQUIREMENTS:

HARDWARE REQUIREMENTS: 

  • System : Pentium i3 Processor.
  • Hard Disk : 20 GB.
  • Monitor : 15’’ LED.
  • Input Devices : Keyboard, Mouse.
  • Ram : 8 GB.

SOFTWARE REQUIREMENTS: 

  • Operating system : Windows 10/11.
  • Coding Language : JAVA.
  • Frontend : JSP, CSS, JavaScript.
  • JDK Version : JDK 23.0.1.
  • IDE Tool : Apache Netbeans IDE 24.
  • Tomcat Server Version : Apache Tomcat 9.0.84
  • Database : MYSQL.

REFERENCE:

Zechen Li and Guozhen Shi, “A CCA-Secure Puncturable Attribute-Based Proxy Re-Encryption Scheme”, IEEE INTERNET OF THINGS JOURNAL, VOL. 12, NO. 22, 15 NOVEMBER 2025.

👉CLICK HERE TO BUY THIS PROJECT “A CCA-Secure Puncturable Attribute-Based Proxy Re-Encryption Scheme” SOURCE CODE👈

Tag:, ,

author avatar
jpinfotechprojects

You may also like

JPJ2503-A Pairing-Free Data-Sharing
A Pairing-Free Data-Sharing Scheme Based on Certificateless Conditional Broadcast Proxy Re-Encryption Suitable for Cloud-Assisted IoT
February 20, 2026
JPJ2504-A Regionally Adaptable Nutrition
A Regionally Adaptable Nutrition Centric Food Recommendation System (FR-RANC)
February 18, 2026
JPJ2502-A Lightweight and Robust Access
A Lightweight and Robust Access Control Protocol for IoT-Based e-Healthcare Network
February 18, 2026