Skip to main content

Thank you for visiting nature.com. You are using a browser version with limited support for CSS. To obtain the best experience, we recommend you use a more up to date browser (or turn off compatibility mode in Internet Explorer). In the meantime, to ensure continued support, we are displaying the site without styles and JavaScript.

Advertisement

Scientific Reports
  • View all journals
  • Search
  • My Account Login
  • Content Explore content
  • About the journal
  • Publish with us
  • Sign up for alerts
  • RSS feed
  1. nature
  2. scientific reports
  3. articles
  4. article
A dynamic policy-aware conditional proxy re-encryption system for fine-grained access control in IoT pub/sub systems
Download PDF
Download PDF
  • Article
  • Open access
  • Published: 02 April 2026

A dynamic policy-aware conditional proxy re-encryption system for fine-grained access control in IoT pub/sub systems

  • Shi Lin1,
  • Niu Ke1,
  • Hu Jun Ru1 &
  • …
  • Li Cui2,3 

Scientific Reports , Article number:  (2026) Cite this article

We are providing an unedited version of this manuscript to give early access to its findings. Before final publication, the manuscript will undergo further editing. Please note there may be errors present which affect the content, and all legal disclaimers apply.

Subjects

  • Engineering
  • Mathematics and computing

Abstract

The publish-subscribe paradigm has become the mainstream communication model for large-scale Internet of Things (IoT) systems. However, existing end-to-end encryption solutions based on Conditional Proxy Re-Encryption (CPRE) suffer from limitations in supporting dynamic and fine-grained access control policies. This paper proposes a dynamic policy-aware CPRE system that extends traditional CPRE with multi-dimensional condition support and policy hiding capabilities. Our system introduces a JSON-based policy language to define complex access control rules incorporating temporal, spatial, role-based, and device status conditions. We design a policy matching engine that enables fine-grained authorization while preserving policy privacy. The proposed scheme is implemented as an extension to the HiveMQ MQTT broker and evaluated comprehensively. Experimental results demonstrate that our system achieves enhanced security with acceptable performance overhead, providing only 5–15% increase in encryption time while supporting rich dynamic policies compared to the original CPRE scheme.

Data availability

The data that support the findings of this study are available from the corresponding author upon reasonable request.

References

  1. Lin, S., Cui, L. & Ke, N. End-to-end encrypted message distribution system for the internet of things based on conditional proxy re-encryption. Sensors 24(2), 438 (2024).

    Google Scholar 

  2. Li, C., Chen, R., Wang, Y., Xing, Q. & Wang, B. REEDS: an efficient revocable end-to-end encrypted message distribution system for iot. IEEE Trans. Depend. Secur. Comput. 21(5), 4526–4542. https://doi.org/10.1109/TDSC.2024.3353811 (2024).

    Google Scholar 

  3. Tang, Y., Jin, M. & Meng, C. Attribute-based verifiable conditional proxy re-encryption scheme. Entropy 25(5) (2023).

  4. Hu, H., Zhou, Y., Cao, Z. & Dong, X. Efficient and hra secure universal conditional proxy re-encryption for cloud-based data sharing. Appl. Sci. 12(19), 2076–3417 (2022).

  5. Yan, X., Zhang, J. & Cheng, P. Weighted attribute based conditional proxy re-encryption in the cloud. Comput. Mater. Contin. 83(1), (2025).

  6. Wang, Y. & Wang, M. Improved ab-cpres with revocability and hra security under lwe. Inf. Secur. IET 2024(1), 4333883 (2024).

    Google Scholar 

  7. Zhou, Y., Li, Y. & Liu, Y. A certificateless and dynamic conditional proxy re-encryption-based data sharing scheme for iot cloud. J. Internet Technol. 26(2) (2025).

  8. Zhang, L., Yang, Q., Yang, Y., Chen, S. & Gu, J. Data sharing scheme of smart grid based on identity condition proxy re-encryption. Electronics 13(1), 16 (2024).

    Google Scholar 

  9. Chen, L., Zhang, M. & Li, J. Conditional identity-based broadcast proxy re-encryption with anonymity and revocation. IEEE Trans. Reliab. 1–12 (2025).

  10. Zhang, Y., Zhang, Z., Ji, S., Wang, S. & Huang, S. Conditional proxy re-encryption-based key sharing mechanism for clustered federated learning. Electronics 13(5), 16 (2024).

    Google Scholar 

  11. Blaze, M., Bleumer, G. & Strauss, M. Divertible protocols and atomic proxy cryptography. In International Conference on the Theory and Applications of Cryptographic Techniques, pp. 127–144 (1998). Springer.

  12. Weng, J., Deng, R. H., Ding, X., Chu, C.-K. & Lai, J. Conditional proxy re-encryption secure against chosen-ciphertext attack. In Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pp. 322–332 (2009).

  13. Weng, J., Yang, Y., Tang, Q., Deng, R. H., & Bao, F. Efficient conditional proxy re-encryption with chosen-ciphertext security. In International Conference on Information Security, pp. 181–194 (2009). Springer.

  14. Shao, J., Wei, G., Ling, Y., & Xie, M. Identity-based conditional proxy re-encryption. In 2011 IEEE International Conference on Communications (ICC), pp. 1–5 (2011). IEEE.

  15. Liang, K., Liu, Z., Tan, X., Wong, D. S. & Tang, C. A cca-secure identity-based conditional proxy re-encryption without random oracles. In International Conference on Information Security and Cryptology, pp. 1–14 (2012). Springer.

  16. Fang, L., Susilo, W., Ge, C. & Wang, J. Chosen-ciphertext secure anonymous conditional proxy re-encryption with keyword search. Theoret. Comput. Sci. 462, 39–58 (2012).

    Google Scholar 

  17. Seo, J. W., Yum, D. H. & Lee, P. J. Proxy-invisible cca-secure type-based proxy re-encryption without random oracles. Theoret. Comput. Sci. 491, 83–93 (2013).

    Google Scholar 

  18. Son, J., Kim, D., Hussain, R. & Oh, H. Conditional proxy re-encryption for secure big data group sharing in cloud environment. In 2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 541–546 (2014). IEEE.

  19. Qiu, J., Hwang, G., & Lee, H. Efficient conditional proxy re-encryption with chosen-ciphertext security. In Ninth Asia Joint Conference on Information Security, pp. 104–110 (2014). IEEE.

  20. Paul, A., Selvi, S. S. D. & Rangan, C. P. A provably secure conditional proxy re-encryption scheme without pairing. J. Internet Serv. Inf. Secur. 11(1), 1–21 (2019).

    Google Scholar 

  21. Tang, Y., Jin, M., Meng, H., Yang, L. & Zheng, C. Attribute-based verifiable conditional proxy re-encryption scheme. Polymers 13(4), 17 (2021).

    Google Scholar 

  22. Jia, Y., Xing, L., Mao, Y., Zhao, D., Wang, X., Zhao, S. & Zhang, Y. Burglars’ iot paradise: Understanding and mitigating security risks of general messaging protocols on iot clouds. In 2020 IEEE Symposium on Security and Privacy (SP), pp. 465–481 (2020). IEEE.

  23. Dahlmanns, M., Pennekamp, J., Fink, I. B., Schoolmann, B., Wehrle, K. & Henze, M. Transparent end-to-end security for publish/subscribe communication in cyber-physical systems. In Proceedings of the 2021 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems, pp. 78–87 (2021). ACM.

  24. Kumar, S., Hu, Y., Andersen, M. P., Popa, R. A. & Culler, D. E. Jedi: Many-to-many end-to-end encryption and key delegation for iot. In 28th USENIX Security Symposium, pp. 1519–1536 (2019). USENIX Association.

  25. Belguith, S., Cu, S., Asghar, M. R. & Russello, G. Secure publish and subscribe systems with efficient revocation. 388–394 (2018). ACM.

  26. Segarra, C., Delgado-Gonzalo, R. & Schiavoni, V. Mqt-tz: Secure mqtt broker for biomedical signal processing on the edge. In Digital Personalized Health and Medicine, pp. 332–336 (2020). IOS Press.

  27. Borcea, C., Gupta, A., Polyakov, Y., Rohloff, K. & Ryan, G. Picador: End-to-end encrypted publish-subscribe information distribution with proxy re-encryption. Futur. Gener. Comput. Syst. 71, 177–191 (2017).

    Google Scholar 

  28. Li, P., Zhu, L., Gupta, B. B. & Jha, S. K. A multi-conditional proxy broadcast re-encryption scheme for sensor networks. Comput. Mater. Contin. 65(3), 2079–2090 (2020).

    Google Scholar 

  29. Goyal, V., Pandey, O., Sahai, A. & Waters, B. Attribute-based encryption for fine-grained access control of encrypted data. In Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 89–98 (2006). ACM.

  30. Liang, K., Susilo, W., Liu, J. K. & Wong, D. S. Efficient and fully cca secure conditional proxy re-encryption from hierarchical identity-based encryption. Comput. J. 58(10), 2778–2792 (2015).

    Google Scholar 

  31. Pedersen, T. P. Non-interactive and information-theoretic secure verifiable secret sharing. In Annual International Cryptology Conference, pp. 129–140 (1991). Springer.

Download references

Author information

Authors and Affiliations

  1. College of Cryptography Engineering, Engineering University of PAP, No. 1, Wujing Road, Xi’an, 710086, Shaanxi, China

    Shi Lin, Niu Ke & Hu Jun Ru

  2. College of Information and Communication, Information Support Force Engineering University, No. 618, Yanhe Avenue, Wuhan, 430033, Hubei, China

    Li Cui

  3. College of Information and Communication, National University of Defense Technology, No. 618, Yanhe Avenue, Wuhan, 430033, Hubei, China

    Li Cui

Authors
  1. Shi Lin
    View author publications

    Search author on:PubMed Google Scholar

  2. Niu Ke
    View author publications

    Search author on:PubMed Google Scholar

  3. Hu Jun Ru
    View author publications

    Search author on:PubMed Google Scholar

  4. Li Cui
    View author publications

    Search author on:PubMed Google Scholar

Contributions

Shi Lin wrote the main manuscript text and Niu KE prepared Fig. 1. All authors reviewed the manuscript.

Corresponding author

Correspondence to Shi Lin.

Ethics declarations

Competing interests

The authors declare no competing interests.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Lin, S., Ke, N., Jun Ru, H. et al. A dynamic policy-aware conditional proxy re-encryption system for fine-grained access control in IoT pub/sub systems. Sci Rep (2026). https://doi.org/10.1038/s41598-026-46939-3

Download citation

  • Received: 23 December 2025

  • Accepted: 28 March 2026

  • Published: 02 April 2026

  • DOI: https://doi.org/10.1038/s41598-026-46939-3

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Keywords

  • Internet of things
  • Conditional proxy re-encryption
  • Dynamic access control
  • Publish-subscribe systems
Download PDF

Advertisement

Explore content

  • Research articles
  • News & Comment
  • Collections
  • Subjects
  • Follow us on Facebook
  • Follow us on X
  • Sign up for alerts
  • RSS feed

About the journal

  • About Scientific Reports
  • Contact
  • Journal policies
  • Guide to referees
  • Calls for Papers
  • Editor's Choice
  • Journal highlights
  • Open Access Fees and Funding

Publish with us

  • For authors
  • Language editing services
  • Open access funding
  • Submit manuscript

Search

Advanced search

Quick links

  • Explore articles by subject
  • Find a job
  • Guide to authors
  • Editorial policies

Scientific Reports (Sci Rep)

ISSN 2045-2322 (online)

nature.com footer links

About Nature Portfolio

  • About us
  • Press releases
  • Press office
  • Contact us

Discover content

  • Journals A-Z
  • Articles by subject
  • protocols.io
  • Nature Index

Publishing policies

  • Nature portfolio policies
  • Open access

Author & Researcher services

  • Reprints & permissions
  • Research data
  • Language editing
  • Scientific editing
  • Nature Masterclasses
  • Research Solutions

Libraries & institutions

  • Librarian service & tools
  • Librarian portal
  • Open research
  • Recommend to library

Advertising & partnerships

  • Advertising
  • Partnerships & Services
  • Media kits
  • Branded content

Professional development

  • Nature Awards
  • Nature Careers
  • Nature Conferences

Regional websites

  • Nature Africa
  • Nature China
  • Nature India
  • Nature Japan
  • Nature Middle East
  • Privacy Policy
  • Use of cookies
  • Legal notice
  • Accessibility statement
  • Terms & Conditions
  • Your US state privacy rights
Springer Nature

© 2026 Springer Nature Limited

Nature Briefing AI and Robotics

Sign up for the Nature Briefing: AI and Robotics newsletter — what matters in AI and robotics research, free to your inbox weekly.

Get the most important science stories of the day, free in your inbox. Sign up for Nature Briefing: AI and Robotics