Back
JPJ2503-A Pairing-Free Data-Sharing

A Pairing-Free Data-Sharing Scheme Based on Certificateless Conditional Broadcast Proxy Re-Encryption Suitable for Cloud-Assisted IoT

A Pairing-Free Data-Sharing Scheme Based on Certificateless Conditional Broadcast Proxy Re-Encryption Suitable for Cloud-Assisted IoT

OUR PROPOSED PROJECT TITLE:

An Efficient Certificateless Pairing-Free Approach for Secure IoT Cloud Data Exchange

IEEE BASE PAPER ABSTRACT:

In Cloud-Assisted IoT (CAIoT), the large amounts of data generated by devices and sensors need to be shared and stored efficiently and securely. Broadcast proxy re-encryption (BPRE) technology ensures data privacy and enables efficient sharing. A significant issue with existing BPRE schemes is that the re-encryption permissions of the cloud server are uncontrolled, potentially leading to re-encryption operations without the consent of the data owner (DO), and increasing the risk of data leakage. Additionally, most conditional proxy re-encryption (CPRE) schemes rely on computationally intensive bilinear pairing operations, making them unsuitable for resource-constrained Internet of Things (IoT) devices. To address this, this article proposes a new certificateless conditional BPRE scheme, where the DO sets conversion conditions when generating the original ciphertext and re-encryption keys, ensuring that only ciphertext meeting the conditions can being converted, thus preventing the cloud platform from abusing re-encryption permissions. Security analysis shows that the proposed scheme can resist chosen-ciphertext attack and collusion attacks in the random oracle model. Performance evaluation shows that the proposed scheme avoids bilinear pairing and hash-to-point operations, reducing the computational cost for the DO. This improves computational efficiency, making it more suitable for CAIoT scenarios.

PROJECT OUTPUT VIDEO:

OUR PROPOSED PROJECT ABSTRACT:

The proliferation of cloud-assisted Internet of Things (IoT) technologies has transformed the way data is generated, transmitted, and stored across smart environments such as healthcare, industry, and intelligent infrastructure. However, the highly distributed and resource-constrained nature of IoT devices introduces significant security and privacy challenges, particularly in secure data sharing over cloud platforms. Conventional proxy re-encryption and broadcast encryption schemes often depend on bilinear pairing operations and certificate management, which increase computational overhead, key management complexity, and system cost. To address these limitations, there is a strong need for a lightweight, pairing-free, certificateless conditional broadcast proxy re-encryption scheme that ensures secure, flexible, and efficient data sharing suitable for cloud-assisted IoT ecosystems.

The necessity of this system arises from the requirement to enable fine-grained, condition-based data access while reducing the burden of certificate handling and expensive cryptographic computations. In many real-world IoT scenarios, data owners must securely share encrypted information with multiple users through an untrusted cloud server without revealing plaintext data or private keys. At the same time, access must be dynamically controlled based on predefined conditions such as user authorization and time validity. Therefore, a certificateless approach eliminates certificate verification overhead, while a pairing-free design enhances computational efficiency, making the scheme practical for large-scale IoT deployments integrated with cloud storage services.

To fulfill these requirements, the proposed system implements a secure data-sharing framework using Java as the core programming language, with JSP, CSS, and JavaScript forming the frontend interface and MySQL serving as the backend database. The architecture is built around four primary entities: Data Owner (DO), Cloud Service Provider (CSP), Data User (DU), and Key Generation Center (KGC).

The KGC is responsible for generating global system parameters and issuing partial private keys based on user identities through secure channels. The Data Owner defines secret access conditions and generates the original ciphertext along with re-encryption keys before outsourcing encrypted data to the cloud. The Cloud Service Provider stores encrypted files and performs conditional proxy re-encryption when access policies are satisfied, without learning the underlying plaintext. The Data User utilizes their private key to decrypt the re-encrypted ciphertext and securely access the shared data. Through this integrated, pairing-free certificateless proxy re-encryption framework, the system achieves secure, condition-based, and efficient data sharing tailored for cloud-assisted IoT environments.

EXISTING SYSTEM:

  • In the existing system numerous cryptographic schemes have been proposed to address the challenges of secure data sharing in cloud-assisted environments. Early approaches to cloud data security relied heavily on traditional Public Key Infrastructure (PKI) based encryption mechanisms, where digital certificates were used to bind public keys to user identities. These certificate-based systems provided a foundational framework for establishing trust between communicating parties and enabled secure data transmission across untrusted networks. Researchers explored various PKI-based proxy re-encryption schemes that allowed a semi-trusted proxy to delegate decryption rights from one user to another, forming the conceptual basis for modern data sharing architectures in cloud environments.
  • In the existing system, Identity-Based Cryptography (IBC) was introduced as an alternative paradigm where a user’s public key is directly derived from their identity information such as an email address or unique identifier. Identity-Based Encryption (IBE) schemes significantly simplified key management by eliminating the need for certificate authorities and the complex infrastructure associated with them. Several identity-based proxy re-encryption schemes were subsequently developed, allowing encrypted data to be re-encrypted and shared among users without exposing the plaintext to the proxy. These schemes demonstrated strong theoretical security properties and were widely studied in the context of cloud storage and IoT data sharing applications.
  • In the existing system, Certificateless Public Key Cryptography (CL-PKC) was introduced as a hybrid paradigm that retains the certificate-free nature of identity-based systems while addressing the key escrow problem. In certificateless schemes, the Key Generation Center generates only a partial private key for each user, and the user independently combines it with a self-chosen secret value to produce their full private key. This design ensures that no single authority possesses the complete private key of any user, thereby distributing trust and enhancing the overall security of the system. Certificateless proxy re-encryption schemes built upon this foundation were proposed for various application scenarios including cloud computing, e-health systems, and IoT data management, offering a more practical and secure alternative to both certificate-based and identity-based designs.
  • Several pairing-based broadcast proxy re-encryption schemes incorporating certificateless and conditional properties were proposed in the existing, demonstrating strong security under standard cryptographic assumptions and offering practical efficiency improvements over their non-broadcast counterparts. These existing works collectively established a rich theoretical and practical foundation upon which more advanced and computationally efficient pairing-free schemes could be developed.

DISADVANTAGES OF EXISTING SYSTEM:

  • High Computational Overhead Due to Bilinear Pairing Operations: In the existing system, one of the most significant drawbacks of the majority of existing proxy re-encryption schemes, including certificateless and identity-based variants, is their heavy reliance on bilinear pairing operations to achieve the desired security properties. Bilinear pairing computations are among the most computationally expensive operations in elliptic curve cryptography, requiring substantially more processing time and energy compared to standard modular exponentiation or elliptic curve scalar multiplication. In cloud-assisted IoT environments, where a large number of devices are inherently resource-constrained in terms of processing power, memory, and battery capacity, the overhead introduced by pairing operations becomes a critical bottleneck. The cumulative cost of performing pairing-based encryption, re-encryption, and decryption across multiple IoT nodes renders these schemes impractical for real-world deployment, particularly in latency-sensitive or energy-critical applications.
  • Key Escrow Vulnerability in Identity-Based Schemes: Existing Identity-Based Encryption and Identity-Based Proxy Re-Encryption schemes inherently suffer from the key escrow problem, wherein the Key Generation Center possesses full knowledge of every user’s private key. Since the KGC is solely responsible for generating and distributing complete private keys derived from user identities, it theoretically has the ability to decrypt any ciphertext in the system without the knowledge or consent of the data owner or data user. This places an unconditional and unrealistic level of trust in the KGC, which may itself be compromised, corrupted, or subject to insider attacks. In practical cloud-assisted IoT deployments involving sensitive personal, industrial, or financial data, the existence of such a trusted third party with full key knowledge poses a fundamental security risk that undermines the integrity and confidentiality guarantees of the entire system.
  • Complex Certificate Management in PKI-Based Systems: The existing certificate-based proxy re-encryption schemes rely on a Public Key Infrastructure that requires the issuance, renewal, revocation, and verification of digital certificates for every participating entity in the system. Managing this certificate lifecycle across a large and dynamically growing network of IoT devices and users introduces substantial administrative complexity and operational overhead. Each device or user must maintain a valid certificate, and the system must implement mechanisms to handle certificate expiry and revocation efficiently. In large-scale IoT deployments where thousands of devices may be added, removed, or replaced frequently, maintaining a consistent and up-to-date certificate management infrastructure becomes increasingly difficult, error-prone, and resource-intensive, limiting the scalability and practical deployability of certificate-based schemes.
  • Lack of Fine-Grained and Time-Based Conditional Access Control: In the existing proxy re-encryption schemes, including several certificateless variants, do not incorporate conditional access control mechanisms that allow data owners to enforce specific, fine-grained policies governing when and under what circumstances re-encryption should be permitted. Without conditional re-encryption capabilities, the cloud service provider may perform re-encryption operations indiscriminately, granting unauthorized or untimely access to encrypted data. Furthermore, existing systems generally lack support for time-based access expiration, meaning that once access is granted to a data user, it remains valid indefinitely unless manually revoked. This absence of temporal access control is particularly problematic in scenarios where data sensitivity changes over time or where access rights are intended to be temporary, creating unnecessary exposure risks in dynamic data sharing environments.
  • Dependence on Complex Cryptographic Operations: In the existing systems often integrate multiple layered cryptographic primitives such as attribute-based encryption, identity-based encryption, accumulators, and homomorphic verification mechanisms. While these enhance functionality, they significantly increase algorithmic complexity, key management overhead, and implementation difficulty. This complexity affects deployment feasibility, especially in lightweight IoT infrastructures.
  • Inefficient Revocation and Authorization Updates: Although some schemes introduce revocation and ciphertext evolution features, managing dynamic authorization changes still involves substantial re-encryption effort, key updates, and ciphertext redistribution. In large IoT networks with frequent user additions or removals, maintaining up-to-date access control becomes operationally demanding and time-consuming.
  • Reliance on Additional Trust or Verification Mechanisms: Some earlier schemes depend on trusted third parties, smart contracts, or external verification entities to ensure fairness, integrity, or authorization enforcement. This introduces extra infrastructure requirements and increases system management complexity in distributed cloud environments.

PROPOSED SYSTEM:

  • The proposed system introduces a Pairing-Free Data-Sharing Scheme Based on Certificateless Conditional Broadcast Proxy Re-Encryption designed specifically for secure and efficient data sharing in cloud-assisted IoT environments. The system is implemented using Java as the core development platform, with JSP, CSS, and JavaScript used for designing the interactive frontend interface, and MySQL serving as the backend database for managing user credentials, cryptographic parameters, file metadata, and system logs. The architecture is structured to support secure outsourced data storage, conditional access control, and controlled ciphertext transformation without exposing plaintext information to the cloud.
  • The proposed system framework is built upon four core entities: Key Generation Center (KGC), Data Owner (DO), Cloud Service Provider (CSP), and Data User (DU). The Key Generation Center is responsible for initializing the cryptographic environment by generating global system parameters. It also produces partial private keys derived from user identities and transmits them securely to registered participants. This certificateless mechanism removes the need for digital certificate management while maintaining identity-linked key generation.
  • System operation begins with user registration, where both Data Owners and Data Users create accounts by providing details such as name, email address, role selection, and password. After registration, the administrator initializes the KGC parameters within the system. Through the admin dashboard, partial private keys are issued to newly registered users under the user management module. Once users log in, they complete the key generation process by selecting the “Generate Full Key” option, which combines their partial key with a user-held secret value to produce the final private key used for cryptographic operations.
  • Within the Data Owner module, owners upload files intended for secure sharing. During the upload process, files are encrypted using the implemented certificateless proxy re-encryption mechanism before being outsourced to the Cloud Service Provider. The system integrates the DriveHQ cloud platform as the storage service, where encrypted files are maintained without revealing original content. While uploading, the Data Owner defines a secret access condition and generates the corresponding re-encryption key. Additionally, the owner can configure a time-bound validity period by specifying the number of access days. Once this duration expires, the file automatically becomes unavailable for further access.
  • The “My Files” interface allows Data Owners to view all uploaded encrypted files stored in the cloud. From this module, owners can selectively share files and grant access permissions to specific Data Users based on their requirements. Access authorization triggers the conditional broadcast proxy re-encryption process, enabling the cloud server to transform ciphertexts only when defined conditions are satisfied.
  • In the Data User module, authorized users log into the system to view shared resources. Each Data User is assigned a unique private key generated during the key finalization stage. This private key is required to decrypt re-encrypted ciphertexts received from the cloud. Users can only access files explicitly shared with them, ensuring role-based and identity-bound data confidentiality.
  • The administrator module provides centralized monitoring and management capabilities. It includes functionality to issue partial keys, manage registered participants, and supervise system activities. An audit log feature records detailed access events such as log identifiers, user information, file access actions, timestamps, and authorization outcomes. Furthermore, the analytics dashboard presents graphical insights, including user role distribution and cloud storage utilization metrics, offering visibility into system usage patterns.
  • Through this structured certificateless, pairing-free conditional broadcast proxy re-encryption framework, the proposed system establishes a secure operational environment for encrypted data storage, controlled sharing, conditional access enforcement, and monitored cloud-assisted IoT data exchange.

ADVANTAGES OF PROPOSED SYSTEM:

  • Pairing-Free Cryptographic Design: The proposed scheme eliminates bilinear pairing and hash-to-point operations, which are computationally intensive in many traditional CPRE systems. By adopting a pairing-free construction, the system significantly reduces cryptographic computation time, making it more suitable for cloud-assisted IoT environments where efficiency and faster processing are essential.
  • Certificateless Key Management: In the proposed system, the certificateless framework removes the need for digital certificate generation, verification, and maintenance. Users obtain partial private keys from the Key Generation Center (KGC) and independently generate their full private keys. This approach simplifies key management, reduces administrative overhead, and streamlines identity-based authentication within the system.
  • Conditional Access Control: The proposed system scheme enables the Data Owner to define secret access conditions before sharing encrypted files. The Cloud Service Provider performs re-encryption only when these conditions are satisfied. This ensures controlled data dissemination and enforces fine-grained authorization policies without exposing plaintext information to the cloud.
  • Broadcast Capability for Multiple Users: The proposed system supports conditional broadcast proxy re-encryption, allowing a single encrypted file to be securely shared with multiple authorized Data Users. This eliminates the need to encrypt the same data separately for each user and enhances scalability in multi-user IoT scenarios.
  • Time-Bound Data Sharing: The proposed system incorporates a configurable time-limit mechanism during file upload. Data Owners can specify the number of days for which a file remains accessible. After the defined period expires, access is automatically restricted. This strengthens dynamic access control and prevents indefinite data exposure.
  • Secure Cloud Storage Integration: In the proposed system, by encrypting files before uploading them to the DriveHQ cloud platform, the system ensures that sensitive data remains confidential even if the cloud server is untrusted. The Cloud Service Provider only performs ciphertext transformation and storage operations without gaining access to original data.
  • Individualized Private Keys for Users: In the proposed system, each Data User generates a unique full private key after receiving a partial key from the KGC. This ensures identity-bound decryption capability, meaning only the intended user can decrypt and access shared data. It enhances confidentiality and prevents unauthorized access among users.
  • Audit Logging and Monitoring: In the proposed system, the administrator module maintains comprehensive audit logs that record file access activities, timestamps, user roles, and access outcomes. This feature supports accountability, traceability, and monitoring of system behavior, which is critical in IoT-based data-sharing environments.
  • Scalable and Structured System Architecture: In the proposed system, the separation of entities: KGC, Data Owner, Cloud Service Provider, and Data User ensures organized role-based operations. Combined with Java-based backend processing, JSP-driven interfaces, and MySQL database management, the system provides a scalable and maintainable framework for secure cloud-assisted IoT data sharing.
  • Improved Security Strength: The proposed system scheme is designed to provide strong cryptographic protection while supporting conditional and broadcast-based access control. By combining certificateless design with proxy re-encryption mechanisms, the system achieves secure delegation of decryption rights without revealing private keys or plaintext data.
  • Overall, the proposed system delivers an efficient, scalable, and secure data-sharing solution tailored for cloud-assisted IoT environments, integrating cryptographic robustness with practical implementation

SYSTEM REQUIREMENTS:

HARDWARE REQUIREMENTS: 

  • System : Pentium i3 Processor.
  • Hard Disk : 20 GB.
  • Monitor : 15’’ LED.
  • Input Devices : Keyboard, Mouse.
  • Ram : 8 GB.

SOFTWARE REQUIREMENTS: 

  • Operating system : Windows 10/11.
  • Coding Language : Java.
  • Frontend : JSP, CSS, JavaScript.
  • JDK Version : JDK 23.0.1.
  • IDE Tool : Apache Netbeans IDE 24.
  • Tomcat Server Version : Apache Tomcat 9.0.84
  • Database : MYSQL 8.0.

REFERENCE:

Binhan Li, Lunzhi Deng, Yiming Mou, Na Wang, Yanli Chen, and Siwei Li, “A Pairing-Free Data-Sharing Scheme Based on Certificateless Conditional Broadcast Proxy Re-Encryption Suitable for Cloud-Assisted IoT”, IEEE INTERNET OF THINGS JOURNAL, VOL. 12, NO. 20, 15 OCTOBER 2025.

👉CLICK HERE TO BUY THIS PROJECT “A Pairing-Free Data-Sharing Scheme Based on Certificateless Conditional Broadcast Proxy Re-Encryption Suitable for Cloud-Assisted IoT” SOURCE CODE👈

Tag:, ,

author avatar
jpinfotechprojects

You may also like

JPJ2504-A Regionally Adaptable Nutrition
A Regionally Adaptable Nutrition Centric Food Recommendation System (FR-RANC)
February 18, 2026
JPJ2502-A Lightweight and Robust Access
A Lightweight and Robust Access Control Protocol for IoT-Based e-Healthcare Network
February 18, 2026
JPJ2501-A CCA-Secure Puncturable
A CCA-Secure Puncturable Attribute-Based Proxy Re-Encryption Scheme
February 18, 2026