Context-aware cryptographic policy for event-driven architectures: encryption based on event importance
DOI:
https://doi.org/10.46299/j.isjea.20260501.04Keywords:
event-driven architecture, context-aware encryption, cryptographic policy, event classification, lightweight cryptography, encryption optimization, IoT securityAbstract
The article discusses an approach to building a context-oriented cryptographic policy for event-driven systems in which data exchange is implemented through asynchronous events, streams, and logs (log-based integration). Such systems generate huge volumes of heterogeneous events with varying criticality and confidentiality requirements. In such architectures, events are often delivered according to the at-least-once semantics, duplicated when repeated, stored for a long time in brokers/repositories, transferred between domains, and reproduced to restore the state. This increases the risks of compromising confidentiality and integrity, and also creates practical prerequisites for nonce/IV usage errors in authenticated encryption modes with attached data. The main idea of the work is to formalize the «importance of an event» as a policy attribute that guides the choice of a cryptographic profile (encryption algorithm, nonce strategy, associated data policy, key rotation, anti-replay mechanisms) taking into account limited resources (execution time, memory, energy consumption, overhead bytes, and network constraints). Existing approaches to event classification and selective encryption mechanisms are analyzed. A model of events and context, an importance function, a cost model, and a risk model are proposed, as well as an optimization problem of “minimizing costs under risk constraints” for automated selection of a protection profile. The scientific novelty lies in combining the principles of Authenticated Encryption with Associated Data and Attribute-Based Access Control approach to policies and hierarchical key management in a unified policy framework that takes into account the duplicates/retries/long-term storage of events characteristic of event-driven systems and introduces semantic integrity through authentication of the delivery context as part of associated data. The practical significance lies in the proposed policy templates for different levels of importance (L0–L3), as well as the methodology for domain isolation of keys and short cryptographic epochs, which reduce the consequences of compromise. An algorithm for dynamic determination of cryptographic parameters based on event priority has been developed. It is shown that adaptive encryption «by event importance» reduces cryptographic overhead in high-frequency streams without degrading the security of critical events, providing a manageable trade-off between risk and resources.References
Confluent. (2024). What is Event Driven Architecture? https://www.confluent.io/learn/event-driven-architecture/
Pietrzak, S. (2024). Event-Driven Architectures: An Introduction and Security Challenges. Medium. https://medium.com/@spietrza/event-driven-architectures-an-introduction-and-security-challenges
Radhakrishnan, I., Jadon, S., & Honnavalli, P. B. (2024). Efficiency and Security Evaluation of Lightweight Cryptographic Algorithms for Resource-Constrained IoT Devices. Sensors, 24(12), 4008. https://doi.org/10.3390/s24124008
Liyanage, M. (2024). Event Driven Architecture for Large Scale IoT Systems. Medium; Xeynergy Blog. https://blog.xeynergy.com/event-driven-architecture-for-large-scale-iot-systems-511ea7d8b6cd
Zhong, Y., & Gu, J. (2024). Lightweight block ciphers for resource-constrained environments: A comprehensive survey. Future Generation Computer Systems, 157, 288-302. https://doi.org/10.1016/j.future.2024.03.054
Sylla, T., Chalouf, M.A., Krief, F., Samaké, K. (2020). Towards a Context-Aware Security and Privacy as a Service in the Internet of Things. https://doi.org/10.1007/978-3-030-41702-4_15
Turan M., McKay K., Kang J., Kelsey J., Chang D. (2025). Ascon-Based Lightweight Cryptography Standards for Constrained Devices: Authenticated Encryption, Hash, and Extendable Output Functions. https://doi.org/10.6028/NIST.SP.800-232
Lookabaugh, T., & Sicker, D. C. (2004). Selective encryption for consumer applications. IEEE Communications Magazine, 42(5), 124–129. https://doi.org/10.1109/mcom.2004.1299355
Inshi, S., Chowdhury, R., Ould-Slimane, H., & Talhi, C. (2023). Secure Adaptive Context-Aware ABE for Smart Environments. IoT, 4(2), 112-130. https://doi.org/10.3390/iot4020007
Shujaa W., Alanzi M., Sankaranarayanan S. (2025). Enhancing IoT security through blockchain integration. Frontiers in Computer Science. 7:1670473. https://doi.org/10.3389/fcomp.2025.1670473
Ansari, S.A., Ali, S. (2025). A systematic review of lightweight cryptographic schemes for security and privacy in IoT. Discov Computing 28, 266. https://doi.org/10.1007/s10791-025-09755-3
Dobraunig, C., Eichlseder, M., Mendel, F., & Schläffer, M. (2021). Ascon v1.2: Lightweight Authenticated Encryption and Hashing. Journal of Cryptology, 34(3). https://doi.org/10.1007/s00145-021-09398-9
Alzubaidi, A., & Kalita, J. (2016). Authentication of Smartphone Users Using Behavioral Biometrics. IEEE Communications Surveys & Tutorials, 18(3). https://doi.org/10.1109/comst.2016.2537748
Khan, S., Ferreira Lopes martins, P. A., Sousa, B., & Pereira, V. (2025). A Comprehensive Review on Lightweight Cryptographic Mechanisms for Industrial Internet of Things Systems. ACM Computing Surveys, 58(1), 1–37. https://doi.org/10.1145/3757734
Menon, R. (2024). The Impact Of Adaptive Encryption Algorithms On Cloud Data Confidentiality. In International Journal of Scientific Research & Engineering Trends. http://doi.org/10.5281/zenodo.17800103
Xu, Z., Zhou, W., Han, H. et al. (2025). A secure and scalable IoT access control framework with dynamic attribute updates and policy hiding. Sci Rep 15, 11913. https://doi.org/10.1038/s41598-024-80307-3
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Igor Andrushchak, Oleksandr Koloshko
This work is licensed under a Creative Commons Attribution 4.0 International License.
