Author
Listed:
- He-Jun Lu
- Roben A Juanatas
- Mideth B Abisado
Abstract
With the rapid integration of instant messaging systems (IMS) into critical domains such as finance, public services, and enterprise operations, ensuring the confidentiality, integrity, and availability of communication data has become a pressing concern. Existing IMS security solutions commonly employ traditional public-key cryptography, centralized authentication servers, or single-layer encryption, each of which is susceptible to single-point failures and provides only limited resistance against sophisticated attacks. This study addresses the research gap regarding the complementary advantages of SM2, SM3, and SM4 algorithms, as well as hybrid collaborative security schemes in IMS security. This paper presents a hybrid encryption security framework that combines the SM2, SM3, and SM4 algorithms to address emerging threats in IMS. The proposed framework adopts a decentralized architecture with certificateless authentication and performs all encryption and decryption operations on the client side, eliminating reliance on centralized servers and mitigating single-point failure risks. It further enforces an encrypt-before-store policy to enhance data security at the storage layer. The framework integrates SM2 for key exchange and authentication, SM4 for message encryption, and SM3 for integrity verification, forming a multi-layer defense mechanism capable of countering Man-in-the-Middle (MITM) attacks, credential theft, database intrusions, and other vulnerabilities. Experimental evaluations demonstrate the system’s strong security performance and communication efficiency: SM2 achieves up to 642 times faster key generation and 2.2 times faster decryption compared to RSA-3072; SM3 improves hashing performance by up to 11.5% over SHA-256; and SM4 delivers up to 22% higher encryption efficiency than AES-256 for small data blocks. These results verify the proposed framework’s practicality and performance advantages in lightweight, real-time IMS applications.
Suggested Citation
He-Jun Lu & Roben A Juanatas & Mideth B Abisado, 2025.
"Enhancing security in instant messaging systems with a hybrid SM2, SM3, and SM4 encryption framework,"
PLOS ONE, Public Library of Science, vol. 20(9), pages 1-22, September.
Handle:
RePEc:plo:pone00:0332665
DOI: 10.1371/journal.pone.0332665
Download full text from publisher
Corrections
All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:plo:pone00:0332665. See general information about how to correct material in RePEc.
If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.
We have no bibliographic references for this item. You can help adding them by using this form .
If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.
For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: plosone (email available below). General contact details of provider: https://journals.plos.org/plosone/ .
Please note that corrections may take a couple of weeks to filter through
the various RePEc services.
Printed from https://ideas.repec.org/a/plo/pone00/0332665.html
My bibliography
Save this article