Adaptive Event-Driven Key Management for Securing Cloud Data Against Key Exposure

IF 1.5 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Concurrency and Computation-Practice & Experience Pub Date : 2025-10-02 DOI:10.1002/cpe.70329

Atul Kumar Singh, Kriti Bhushan

{"title":"Adaptive Event-Driven Key Management for Securing Cloud Data Against Key Exposure","authors":"Atul Kumar Singh, Kriti Bhushan","doi":"10.1002/cpe.70329","DOIUrl":null,"url":null,"abstract":"<div>\n \n <p>Ensuring data confidentiality and integrity in dynamic cloud storage environments is a growing challenge, particularly in the face of key exposure threats. Traditional key management schemes, which rely on periodic updates, introduce significant vulnerabilities due to long windows of exposure between key rotations. Also, it often requires high computational overhead from re-encrypting entire datasets during key updates and frequently depends on third-party auditors for integrity verification, which can compromise privacy. However, a major research gap remains in developing a scalable, efficient, and auditor-free key management protocol that can adapt in real time to evolving cloud access patterns. In this paper, we propose a novel Dynamic Event-Driven Key Regeneration System that leverages Elliptic Curve Diffie-Hellman (ECDH) for secure key exchange and Advanced Encryption Standard—Galois/Counter Mode (AES-GCM) for combined encryption and integrity verification. Unlike conventional time- or session-based strategies, the proposed design uses statistically adaptive thresholding derived from real-time file access patterns to enable on-demand key regeneration and selective re-encryption, drastically reducing computational overhead. By re-encrypting only affected files, the system is optimized for large-scale, multi-tenant cloud environments. Furthermore, the proposed approach eliminates the need for external auditors, as integrity verification is performed internally via cryptographic mechanisms, ensuring both privacy and security. Experimental results show that the proposed system achieves an average key generation time of 2.3 ms, encryption latency of just 0.21 s for 100 MB files, and key regeneration times as low as 0.0012–0.0350 s, outperforming existing approaches by up to 80% in computational efficiency. The system scales efficiently in multi-tenant environments, maintaining low overhead with up to 100 users and providing near-linear performance even with 1000 concurrent encryption operations. These results demonstrate that the proposed adaptive, event-driven system offers enhanced protection against key exposure while maintaining low overhead, making it a viable and secure solution for modern cloud infrastructures.</p>\n </div>","PeriodicalId":55214,"journal":{"name":"Concurrency and Computation-Practice & Experience","volume":"37 25-26","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2025-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Concurrency and Computation-Practice & Experience","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/cpe.70329","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

Abstract

Ensuring data confidentiality and integrity in dynamic cloud storage environments is a growing challenge, particularly in the face of key exposure threats. Traditional key management schemes, which rely on periodic updates, introduce significant vulnerabilities due to long windows of exposure between key rotations. Also, it often requires high computational overhead from re-encrypting entire datasets during key updates and frequently depends on third-party auditors for integrity verification, which can compromise privacy. However, a major research gap remains in developing a scalable, efficient, and auditor-free key management protocol that can adapt in real time to evolving cloud access patterns. In this paper, we propose a novel Dynamic Event-Driven Key Regeneration System that leverages Elliptic Curve Diffie-Hellman (ECDH) for secure key exchange and Advanced Encryption Standard—Galois/Counter Mode (AES-GCM) for combined encryption and integrity verification. Unlike conventional time- or session-based strategies, the proposed design uses statistically adaptive thresholding derived from real-time file access patterns to enable on-demand key regeneration and selective re-encryption, drastically reducing computational overhead. By re-encrypting only affected files, the system is optimized for large-scale, multi-tenant cloud environments. Furthermore, the proposed approach eliminates the need for external auditors, as integrity verification is performed internally via cryptographic mechanisms, ensuring both privacy and security. Experimental results show that the proposed system achieves an average key generation time of 2.3 ms, encryption latency of just 0.21 s for 100 MB files, and key regeneration times as low as 0.0012–0.0350 s, outperforming existing approaches by up to 80% in computational efficiency. The system scales efficiently in multi-tenant environments, maintaining low overhead with up to 100 users and providing near-linear performance even with 1000 concurrent encryption operations. These results demonstrate that the proposed adaptive, event-driven system offers enhanced protection against key exposure while maintaining low overhead, making it a viable and secure solution for modern cloud infrastructures.

Abstract Image

查看原文本刊更多论文

用于保护云数据免受密钥暴露的自适应事件驱动密钥管理

确保动态云存储环境中的数据机密性和完整性是一项日益严峻的挑战，特别是在面临关键暴露威胁时。传统的密钥管理方案依赖于定期更新，由于密钥轮换之间的暴露窗口很长，因此引入了重大漏洞。此外，在密钥更新期间重新加密整个数据集通常需要很高的计算开销，并且经常依赖第三方审计人员进行完整性验证，这可能会损害隐私。然而，在开发一种可伸缩的、高效的、无审计的密钥管理协议以实时适应不断发展的云访问模式方面，仍然存在一个主要的研究缺口。在本文中，我们提出了一种新的动态事件驱动密钥再生系统，该系统利用椭圆曲线Diffie-Hellman （ECDH）进行安全密钥交换，利用高级加密标准-伽罗瓦/计数器模式（AES-GCM）进行组合加密和完整性验证。与传统的基于时间或会话的策略不同，所提出的设计使用源自实时文件访问模式的统计自适应阈值来实现按需密钥再生和选择性重新加密，从而大大减少了计算开销。通过只对受影响的文件重新加密，该系统针对大规模、多租户云环境进行了优化。此外，所建议的方法消除了外部审计员的需要，因为完整性验证是通过加密机制在内部执行的，从而确保了隐私和安全性。实验结果表明，该系统的平均密钥生成时间为2.3 ms， 100 MB文件的加密延迟仅为0.21 s，密钥再生时间低至0.0012-0.0350 s，计算效率优于现有方法高达80%。该系统在多租户环境中可有效扩展，在多达100个用户的情况下保持较低的开销，即使有1000个并发加密操作，也能提供接近线性的性能。这些结果表明，所提出的自适应事件驱动系统在保持低开销的同时，增强了对密钥暴露的保护，使其成为现代云基础设施的可行且安全的解决方案。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Concurrency and Computation-Practice & Experience 工程技术-计算机：理论方法

CiteScore

5.00

自引率

10.00%

发文量

664

审稿时长

9.6 months

期刊介绍： Concurrency and Computation: Practice and Experience (CCPE) publishes high-quality, original research papers, and authoritative research review papers, in the overlapping fields of: Parallel and distributed computing; High-performance computing; Computational and data science; Artificial intelligence and machine learning; Big data applications, algorithms, and systems; Network science; Ontologies and semantics; Security and privacy; Cloud/edge/fog computing; Green computing; and Quantum computing.