Design and Evaluation of a Hybrid AES-ECC Model for Secure Server Communication using REST API

Authors

  • Made Wisnu Adhi Saputra Magister Program, Department of Magister Information System, Institut Teknologi dan Bisnis STIKOM Bali, Indonesia
  • Roy Rudolf Huizen Department of Magister Information System, Institut Teknologi dan Bisnis STIKOM Bali, Indonesia
  • Dandy Pramana Hostiadi Department of Magister Information System, Institut Teknologi dan Bisnis STIKOM Bali, Indonesia

DOI:

https://doi.org/10.52436/1.jutif.2025.6.4.4989

Keywords:

Advanced Encryption Standard, Cryptography, Data Security, Elliptic Curve Cryptography, JSON Web Token

Abstract

Security in server-to-server communication is essential, especially in open networks vulnerable to data breaches and service disruptions. However, many existing solutions rely on a single cryptographic algorithm, limiting their ability to address diverse threats. This study aims to develop and evaluate a hybrid security model by combining the Advanced Encryption Standard (AES) and Elliptic Curve Cryptography (ECC) to ensure confidentiality, integrity, and authenticity of transmitted data. An experimental approach is applied through direct implementation in server communication. The model uses AES for symmetric encryption, ECC for dynamic session key exchange, and JSON Web Token (JWT) reinforced by nonce, timestamp, and HMAC-SHA256 for authentication and integrity verification. Test results show the model detects payload modification, replay attacks, JWT manipulation, and passive interception, with processing time still within an acceptable range. Communication efficiency is maintained with negligible payload overhead. The novelty of this research lies in integrating hybrid encryption with stateless authentication and integrity validation into a unified architecture. This integration allows security elements to be delivered systematically via REST API, making the model easy to adopt in existing architectures. The results of this study contribute to the advancement of secure API-based communication frameworks in the field of informatics, providing a practical, adaptable, and scalable solution for protecting data in distributed information systems.

Downloads

Download data is not yet available.

References

P. Suthanthiramani, M. Sannasy, G. Sannasi, and K. Arputharaj, “Secured Data Storage and Retrieval using Elliptic Curve Cryptography in Cloud,” International Arab Journal of Information Technology, vol. 18, no. 1, pp. 56–66, 2021, doi: 10.34028/iajit/18/1/7.

A. Hamza and B. Kumar, “A Review Paper on DES, AES, RSA Encryption Standards,” Proceedings of the 2020 9th International Conference on System Modeling and Advancement in Research Trends, SMART 2020, pp. 333–338, 2020, doi: 10.1109/SMART50582.2020.9336800.

S. Ullah, J. Zheng, N. Din, M. T. Hussain, F. Ullah, and M. Yousaf, “Elliptic Curve Cryptography; Applications, Challenges, Recent Advances, and Future Trends: A Comprehensive Survey,” Comput Sci Rev, vol. 47, 2023, doi: 10.1016/j.cosrev.2022.100530.

M. R. Khan et al., “Analysis of Elliptic Curve Cryptography & RSA,” Journal of ICT Standardization, vol. 11, no. 4, pp. 355–378, 2023, doi: 10.13052/jicts2245-800X.1142.

F. Nuraeni, D. Kurniadi, and D. N. Rahayu, “Implementation of RSA and AES-128 Super Encryption on QR-Code Based Digital Signature Schemes for Document Legalization,” Jurnal Teknik Informatika (JUTIF), vol. 5, no. 3, pp. 675–684, 2024, doi: 10.52436/1.jutif.2024.5.3.1426.

F. M. Kaffah, Y. A. Gerhana, I. M. Huda, A. Rahman, K. Manaf, and B. Subaeki, “E-Mail message Encryption using Advanced Encryption Standard (AES) and Huffman Compression Engineering,” Proceedings - 2020 6th International Conference on Wireless and Telematics, ICWT 2020, 2020, doi: 10.1109/ICWT50448.2020.9243651.

M. A. Alahe, Y. Chang, J. Kemeshi, K. Won, X. Yang, and L. Wei, “Real-Time Agricultural Image Encryption Algorithm Using AES on Edge Computing Devices,” Comput Electron Agric, vol. 237, pp. 1–13, 2025, doi: 10.1016/j.compag.2025.110594.

T. Sanida, A. Sideris, and M. Dasygenis, “Accelerating the AES Algorithm using OpenCL,” 2020 9th International Conference on Modern Circuits and Systems Technologies, MOCAST 2020, 2020, doi: 10.1109/MOCAST49295.2020.9200240.

K. Muttaqin and J. Rahmadoni, “Analysis and Design of File Security System AES (Advanced Encryption Standard) Cryptography Based,” Journal of Applied Engineering and Technological Science, vol. 1, no. 2, pp. 113–123, 2020, doi: 10.37385/jaets.v1i2.78.

R. Marqas, S. M. Almufti, and R. Rebar, “Comparing Symmetric and Asymmetric Cryptography in Message Encryption and Decryption by using AES and RSA Algorithms,” Journal of Xi’an University of Architecture & Technology, vol. 12, no. 3, 2020, doi: 10.37896/jxat12.03/262.

J. Sunil, H. S. Suhas, B. K. Sumanth, and S. Santhameena, “Implementation of AES Algorithm on FPGA and on Software,” 2020 IEEE International Conference for Innovation in Technology, INOCON 2020, pp. 10–13, 2020, doi: 10.1109/INOCON50539.2020.9298347.

A. Nitaj, W. Susilo, and J. Tonien, “Enhanced S-boxes for the Advanced Encryption Standard with Maximal Periodicity and Better Avalanche Property,” Comput Stand Interfaces, vol. 87, pp. 1–5, 2024, doi: 10.1016/j.csi.2023.103769.

M. S. Arman, T. Rehnuma, and M. M. Rahman, “Design and Implementation of a Modified AES Cryptography with Fast Key Generation Technique,” Proceedings of 2020 IEEE International Women in Engineering (WIE) Conference on Electrical and Computer Engineering, WIECON-ECE 2020, pp. 191–195, 2020, doi: 10.1109/WIECON-ECE52138.2020.9397992.

H. J. Ali, T. M. Jawad, and H. Zuhair, “Data Security using Random Dynamic Salting and AES Based on Master-Slave Keys for Iraqi DAM Management System,” Indonesian Journal of Electrical Engineering and Computer Science, vol. 23, no. 2, pp. 1018–1029, 2021, doi: 10.11591/ijeecs.v23.i2.pp1018-1029.

A. N. Salim, T. Sutabri, E. S. Negara, and M. I. Herdiansyah, “Communication Security in the MQTT Protocol for Monitoring Internet of Things Devices using Methods Elliptic Curve Cryptography,” Jurnal Teknik Informatika (JUTIF), vol. 5, no. 2, pp. 377–387, 2024, doi: 10.52436/1.jutif.2024.5.2.1916.

Y. Yan, “The Overview of Elliptic Curve Cryptography (ECC),” in Journal of Physics: Conference Series, Institute of Physics, 2022, pp. 1–8. doi: 10.1088/1742-6596/2386/1/012019.

N. Josias Gbètoho Saho and E. C. Ezin, “Comparative Study on the Performance of Elliptic Curve Cryptography Algorithms with Cryptography through RSA Algorithm,” in CARI 2020 - Colloque Africain sur la Recherche en Informatique et en Mathématiques Apliquées, Proceedings of CARI 2020, 2020. [Online]. Available: https://hal.science/hal-02926106v1

J. R. Arunkumar, S. Velmurugan, B. Chinnaiah, G. Charulatha, M. R. Prabhu, and A. P. Chakkaravarthy, “Logistic Regression with Elliptical Curve Cryptography to Establish Secure IoT,” Computer Systems Science and Engineering, vol. 45, no. 3, pp. 2635–2645, 2023, doi: 10.32604/csse.2023.031605.

D. Sadhukhan, S. Ray, M. S. Obaidat, and M. Dasgupta, “A Secure and Privacy Preserving Lightweight Authentication Scheme for Smart-Grid Communication using Elliptic Curve Cryptography,” Journal of Systems Architecture, vol. 114, 2021, doi: 10.1016/j.sysarc.2020.101938.

C. Patel, A. K. Bashir, A. A. AlZubi, and R. Jhaveri, “EBAKE-SE: A Novel ECC-Based Authenticated Key Exchange Between Industrial IoT Devices using Secure Element,” Digital Communications and Networks, vol. 9, no. 2, pp. 358–366, 2023, doi: 10.1016/j.dcan.2022.11.001.

M. Rashid, O. S. Sonbul, M. Arif, F. A. Qureshi, S. S. Alotaibi, and M. H. Sinky, “A Flexible Architecture for Cryptographic Applications: ECC and PRESENT,” Computers, Materials and Continua, vol. 76, no. 1, pp. 1009–1025, 2023, doi: 10.32604/cmc.2023.039901.

Bhagappa, H. S. Divyashree, N. Avinash, B. N. Manjunatha, J. Vishesh, and M. Mamatha, “Enhancing Secrecy using Hybrid Elliptic Curve Cryptography and Diffie Hellman Key Exchange Approach and Young’s Double Slit Experiment Optimizer Based Optimized Cross Layer in Multihop Wireless Network,” Measurement: Sensors, vol. 31, 2024, doi: 10.1016/j.measen.2023.100967.

K. Yokoyama, M. Yasuda, Y. Takahashi, and J. Kogure, “Complexity Bounds on Semaev’s Naive Index Calculus Method for ECDLP,” Journal of Mathematical Cryptology, vol. 14, no. 1, pp. 460–485, 2020, doi: 10.1515/jmc-2019-0029.

B. Ranganatha Rao and B. Sujatha, “A Hybrid Elliptic Curve Cryptography (HECC) Technique for Fast Encryption of Data for Public Cloud Security,” Measurement: Sensors, vol. 29, pp. 1–12, 2023, doi: 10.1016/j.measen.2023.100870.

A. Tidrea, A. Korodi, and I. Silea, “Elliptic Curve Cryptography Considerations for Securing Automation and SCADA Systems,” Sensors, vol. 23, no. 5, 2023, doi: 10.3390/s23052686.

R. Qazi, K. N. Qureshi, F. Bashir, N. U. Islam, S. Iqbal, and A. Arshad, “Security Protocol using Elliptic Curve Cryptography Algorithm for Wireless Sensor Networks,” J Ambient Intell Humaniz Comput, vol. 12, no. 1, pp. 547–566, 2021, doi: 10.1007/s12652-020-02020-z.

S. Di Matteo, L. Baldanzi, L. Crocetti, P. Nannipieri, L. Fanucci, and S. Saponara, “Secure Elliptic Curve Crypto-Processor for Real-Time IoT Applications,” Energies (Basel), vol. 14, no. 15, 2021, doi: 10.3390/en14154676.

L. Zhang, C. Zhou, and J. Wen, “APSH-JWT: an Authentication Protocol Based on JWT With Scalability and Heterogeneity in Edge Computing,” Wireless Networks, vol. 31, pp. 2939–2953, 2025, doi: 10.1007/s11276-025-03926-2.

S. Ahmad, M. Arif, J. Ahmad, and S. Mehfuz, “A TOTP-Based Secure Data Storage System in the Cloud Environment using the JWT Token Approach,” International Journal of System Assurance Engineering and Management, vol. 16, no. 4, pp. 1565–1578, 2025, doi: 10.1007/s13198-025-02775-8.

A. S. Shatnawi, B. Al-Duwairi, and A. A. Samarneh, “Comprehensive Empirical Study of Python JWT Libraries,” in Procedia Computer Science, Elsevier B.V., 2024, pp. 827–832. doi: 10.1016/j.procs.2024.06.099.

F. De Rango, G. Potrino, M. Tropea, and P. Fazio, “Energy-aware Dynamic Internet of Things Security System based on Elliptic Curve Cryptography and Message Queue Telemetry Transport Protocol for Mitigating Replay Attacks,” Pervasive Mob Comput, vol. 61, pp. 3–17, 2020, doi: 10.1016/j.pmcj.2019.101105.

K. Karthikeyan and P. Madhavan, “Building a Trust Model for Secure Data Sharing (TM-SDS) in Edge Computing Using HMAC Techniques,” Computers, Materials and Continua, vol. 71, no. 3, pp. 4183–4197, 2022, doi: 10.32604/cmc.2022.019802.

C. E. Castellon, S. Roy, O. P. Kreidl, A. Dutta, and L. Boloni, “Towards an Energy-Efficient Hash-based Message Authentication Code (HMAC),” in 2022 IEEE 13th International Green and Sustainable Computing Conference, IGSC 2022, Institute of Electrical and Electronics Engineers Inc., 2022. doi: 10.1109/IGSC55832.2022.9969377.

B. Ahamed, F. Kareem, and M. Y. Noor Mohamed, “Advancement of The ECC Algorithm to Prevent Man-in-the-Middle and Replay Attacks,” in Procedia Computer Science, Elsevier B.V., 2025, pp. 1259–1269. doi: 10.1016/j.procs.2025.04.081.

Additional Files

Published

2025-08-25

How to Cite

[1]
M. W. A. . Saputra, R. R. . Huizen, and D. P. Hostiadi, “Design and Evaluation of a Hybrid AES-ECC Model for Secure Server Communication using REST API”, J. Tek. Inform. (JUTIF), vol. 6, no. 4, pp. 2740–2755, Aug. 2025.

Issue

Vol. 6 No. 4 (2025): JUTIF Volume 6, Number 4, Agustus 2025

Section

Articles

License

Copyright (c) 2025 Made Wisnu Adhi Saputra, Roy Rudolf Huizen, Dandy Pramana Hostiadi

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.