Design and Optimization of Hybrid End-to-end Encryption Architecture for a Secure Web Application System

Authors

  • Xiyuan Ma Information System Security Laboratory Department of Computer Science and Engineering, Korea University, 145 Anam-ro, Seongbuk-gu, Seoul 136-701, Republic of Korea, Department of Mathematics and Information Engineering, Dongchang College, Liaocheng University,, Liaocheng, Shandong, 252000, China
  • Junbeom Hur Information System Security Laboratory Department of Computer Science and Engineering, Korea University, 145 Anam-ro, Seongbuk-gu, Seoul 136-701, Republic of Korea
  • Mulin Gu Department of Mathematics and Information Engineering, Dongchang College, Liaocheng University,, Liaocheng, Shandong, 252000, China
  • Ning Du College of Electrical Engineering and Automation, Shandong university of science and technology, Qingdao 266590, China

DOI:

https://doi.org/10.13052/jwe1540-9589.2476

Keywords:

Web application system, End-to-end encryption, Data security, Encryption algorithm, Performance optimization

Abstract

With the rapid development of web engineering technology, modern web applications face unprecedented security challenges in data transmission and cloud processing. The traditional transport layer encryption mechanism still has server-side data processing and storage vulnerabilities. This paper proposes an end-to-end encryption (E2EE) system architecture designed for a web application environment, combining asymmetric elliptic curve encryption (ECC) with AES-GCM symmetric encryption through a new hybrid protocol. Our scheme employs a three-layer protection model, covering network-layer packet encryption, application-layer payload security, and session-level key management. The architecture introduces an optimised key distribution mechanism based on ECDH key exchange and HKDF derivation, which reduces computational overhead and achieves 128-bit security equivalent to that of 3072-bit RSA. Experiments conducted under a typical web server configuration demonstrate that, compared to the traditional RSA solution, the handshake completion speed is 12.3% higher, and the continuous throughput of AES-GCM on the Node.js platform reaches 8.2 MB/s. The system achieves forward confidentiality through the use of temporary key pairs and employs certificate locking and OCSP binding to enhance authentication integrity. Performance benchmarks show that cryptographic latency is reduced by 40% compared to a single encryption method, while meeting W3C web security standards. This study presents a secure development model for distributed web architecture, striking a balance between computing efficiency and data confidentiality.

Downloads

Download data is not yet available.

Author Biographies

Xiyuan Ma, Information System Security Laboratory Department of Computer Science and Engineering, Korea University, 145 Anam-ro, Seongbuk-gu, Seoul 136-701, Republic of Korea, Department of Mathematics and Information Engineering, Dongchang College, Liaocheng University,, Liaocheng, Shandong, 252000, China

Xiyuan Ma obtained her M.Sc. degree in Department of Computer Science and Engineering from Korea University, Korea, in 2012. She is currently working toward her Ph.D. degree in Department of Computer Science and Engineering from Korea University, Korea. She is also a teacher in the Department of Mathematics and Information Engineering, Liaocheng University Dongchang College, Liaocheng, China. Her general research interests include secure rotating in the WSN, key management in dynamic distributed systems, and lightweight secure authentication in IOV.

Junbeom Hur, Information System Security Laboratory Department of Computer Science and Engineering, Korea University, 145 Anam-ro, Seongbuk-gu, Seoul 136-701, Republic of Korea

Junbeom Hur received his B.Sc. degree in computer science from Korea University, Seoul, South Korea, in 2001, and his M.Sc. and Ph.D. degrees in computer science from KAIST in 2005 and 2009, respectively. He was a Post-Doctoral Researcher with the University of Illinois at Urbana–Champaign from 2009 to 2011. He was with the School of Computer Science and Engineering, Chung-Ang University, South Korea, as an Assistant Professor, from 2011 to 2015. He is currently a Professor with the Department of Computer Science and Engineering, Korea University. His research interests include information security, cloud computing security, network security, and applied cryptography.

Mulin Gu, Department of Mathematics and Information Engineering, Dongchang College, Liaocheng University,, Liaocheng, Shandong, 252000, China

Mulin Gu obtained his B.Eng. in Procurement and Supply Chain Management from Shandong University of Finance and Economics in 2018. He obtained his M.Eng. in Architectural Engineering from GACHON University in 2021. Presently, he is working as the general manager of Liaocheng Youxiong Network Technology Co., Ltd. His areas of involvement are network and information software development, information consulting, and network marketing.

Ning Du, College of Electrical Engineering and Automation, Shandong university of science and technology, Qingdao 266590, China

Ning Du received his M.Sc. degree in communication and information systems from Chongqing University of Posts and Telecommunications, Chongqing, China, in 2008. He is currently working toward a Ph.D. degree in systems engineering with the College of Electrical Engineering and Automation, Shandong University of Science and Technology, Qingdao, China. He is also a professor in the Department of Mathematics and Information Engineering, Liaocheng University Dongchang College, Liaocheng, China. His general research interests include fifth generation mobile communication systems, dynamic radio resource management, and cooperative communication.

References

Z. Ahmad, S. Casarin, and S. Calzavara, “An Empirical Analysis of Web Storage and Its Applications to Web Tracking,” ACM Transactions on the Web, vol. 18, no. 1, 2024.

K. A. Al-Dhlan et al., “Customizable Encryption Algorithms to Manage Data Assets Based on Blockchain Technology in Smart City,” Mathematical Problems in Engineering, vol. 2022, 2022.

M. Al-Mashhadani and M. Shujaa, “IoT Security Using AES Encryption Technology Based ESP32 Platform,” International Arab Journal of Information Technology, vol. 19, no. 2, pp. 214–223, 2022.

H. Arshad et al., “Semantic Attribute-Based Encryption: A Framework for Combining ABE Schemes with Semantic Technologies,” Information Sciences, vol. 616, pp. 558–576, 2022.

L. Bai et al., “Research on Noise Management Technology for Fully Homomorphic Encryption,” IEEE Access, vol. 12, pp. 135564–135576, 2024.

C. C. Aladi, “Web Application Security: A Pragmatic Expose,” Digital Threats: Research and Practice, vol. 5, no. 2, 2024.

S. Balsam and D. Mishra, “Web Application Testing-Challenges and Opportunities,” Journal of Systems and Software, vol. 219, 2025.

L. Fernandes et al., “Intrinsic Explainability for End-to-End Object Detection,” IEEE Access, vol. 12, pp. 2623–2634, 2024.

S. Hu et al., “Image Camouflage and Encryption Scheme Employing Multimode Fibers Specklegram and Polarization Multiplexing Technology,” Optics Communications, vol. 547, 2023.

M. S. Khan et al., “Chaotic Quantum Encryption to Secure Image Data in Post Quantum Consumer Technology,” IEEE Transactions on Consumer Electronics, vol. 70, no. 4, pp. 7087–7101, 2024.

T. Buyuktanir, I. O. Sigirci, and M. S. Aktas, “Enhancing Accessibility to Data in Data-Intensive Web Applications by Using Intelligent Web Prefetching Methodologies,” International Journal of Software Engineering and Knowledge Engineering, 2023.

O. Chakir, Y. Sadqi, and E. A. A. Alaoui, “An Explainable Machine Learning-Based Web Attack Detection System for Industrial IoT Web Application Security,” Information Security Journal, 2024.

S. Chawla, “Application of Convolution Neural Networks in Web Search Log Mining for Effective Web Document Clustering,” International Journal of Information Retrieval Research, vol. 12, no. 1, 2022.

F.-K. Chen, C.-H. Liu, and S. D. You, “Using Large Language Model to Fill in Web Forms to Support Automated Web Application Testing,” Information, vol. 16, no. 2, 2025.

Y. Chen et al., “APIMiner: Identifying Web Application APIs Based on Web Page States Similarity Analysis,” Electronics, vol. 13, no. 6, 2024.

V. Dakic et al., “Optimizing Kubernetes Scheduling for Web Applications Using Machine Learning,” Electronics, vol. 14, no. 5, 2025.

B. R. Dawadi et al., “Deep Learning Technique-Enabled Web Application Firewall for the Detection of Web Attacks,” Sensors, vol. 23, no. 4, 2023.

L. Chen and J. Wang, “An Image Decryption Technology Based on Machine Learning in an Irreversible Encryption System,” Optics Communications, vol. 541, 2023.

J. Lee et al., “Neutralization Method of Ransomware Detection Technology Using Format Preserving Encryption,” Sensors, vol. 23, no. 10, 2023.

Y. Ma, “Research and Application of Big Data Encryption Technology Based on Quantum Lightweight Image Encryption,” Results in Physics, vol. 54, 2023.

G. Verma and S. Kanrar, “Secure Document Sharing Model Based on Blockchain Technology and Attribute-Based Encryption,” Multimedia Tools and Applications, vol. 83, no. 6, pp. 16377–16394, 2024.

M. Backendal, M. Haller, and K. Paterson, “End-to-End Encrypted Cloud Storage,” IEEE Security & Privacy, vol. 22, no. 2, pp. 69–74, 2024.

D. Baimukashev et al., “End-to-End Deep Fault-Tolerant Control,” IEEE-ASME Transactions on Mechatronics, vol. 27, no. 4, pp. 2224–2234, 2022.

C. Cao et al., “End-to-End Implicit Object Pose Estimation,” Sensors, vol. 24, no. 17, 2024.

B. Cogliati, J. Ethan, and A. Jha, “Subverting Telegram’s End-to-End Encryption,” IACR Transactions on Symmetric Cryptology, vol. 2023, no. 1, pp. 5–40, 2023.

Y. Hong et al., “PAR2

Net: End-to-End Panoramic Image Reflection Removal,” IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 45, no. 10, pp. 12192–12205, 2023.

Z. Jia et al., “EMRNet: End-to-End Electrical Model Restoration Network,” IEEE Transactions on Geoscience and Remote Sensing, vol. 60, 2022.

J. Krivochiza et al., “End-to-End Performance Evaluation of SLP Waveforms,” IEEE Access, vol. 11, pp. 127402–127410, 2023.

R. Li, S. Zhang, and X. He, “SGTR plus: End-to-End Scene Graph Generation with Transformer,” IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 46, no. 4, pp. 2191–2205, 2024.

Y. Wang et al., “End-to-End Point Cloud Registration with Transformer,” Artificial Intelligence Review, vol. 58, no. 1, 2024.

Downloads

Published

2025-11-13

How to Cite

Ma, X. ., Hur, J. ., Gu, M. ., & Du, N. . (2025). Design and Optimization of Hybrid End-to-end Encryption Architecture for a Secure Web Application System. Journal of Web Engineering, 24(07), 1155–1180. https://doi.org/10.13052/jwe1540-9589.2476

Issue

2025: Vol 24 Iss 7

Section

Advanced Practice in Web Engineering in Asia