{"title":"用于保护云数据免受密钥暴露的自适应事件驱动密钥管理","authors":"Atul Kumar Singh, Kriti Bhushan","doi":"10.1002/cpe.70329","DOIUrl":null,"url":null,"abstract":"<div>\n \n <p>Ensuring data confidentiality and integrity in dynamic cloud storage environments is a growing challenge, particularly in the face of key exposure threats. Traditional key management schemes, which rely on periodic updates, introduce significant vulnerabilities due to long windows of exposure between key rotations. Also, it often requires high computational overhead from re-encrypting entire datasets during key updates and frequently depends on third-party auditors for integrity verification, which can compromise privacy. However, a major research gap remains in developing a scalable, efficient, and auditor-free key management protocol that can adapt in real time to evolving cloud access patterns. In this paper, we propose a novel Dynamic Event-Driven Key Regeneration System that leverages Elliptic Curve Diffie-Hellman (ECDH) for secure key exchange and Advanced Encryption Standard—Galois/Counter Mode (AES-GCM) for combined encryption and integrity verification. Unlike conventional time- or session-based strategies, the proposed design uses statistically adaptive thresholding derived from real-time file access patterns to enable on-demand key regeneration and selective re-encryption, drastically reducing computational overhead. By re-encrypting only affected files, the system is optimized for large-scale, multi-tenant cloud environments. Furthermore, the proposed approach eliminates the need for external auditors, as integrity verification is performed internally via cryptographic mechanisms, ensuring both privacy and security. Experimental results show that the proposed system achieves an average key generation time of 2.3 ms, encryption latency of just 0.21 s for 100 MB files, and key regeneration times as low as 0.0012–0.0350 s, outperforming existing approaches by up to 80% in computational efficiency. The system scales efficiently in multi-tenant environments, maintaining low overhead with up to 100 users and providing near-linear performance even with 1000 concurrent encryption operations. These results demonstrate that the proposed adaptive, event-driven system offers enhanced protection against key exposure while maintaining low overhead, making it a viable and secure solution for modern cloud infrastructures.</p>\n </div>","PeriodicalId":55214,"journal":{"name":"Concurrency and Computation-Practice & Experience","volume":"37 25-26","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2025-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Adaptive Event-Driven Key Management for Securing Cloud Data Against Key Exposure\",\"authors\":\"Atul Kumar Singh, Kriti Bhushan\",\"doi\":\"10.1002/cpe.70329\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div>\\n \\n <p>Ensuring data confidentiality and integrity in dynamic cloud storage environments is a growing challenge, particularly in the face of key exposure threats. Traditional key management schemes, which rely on periodic updates, introduce significant vulnerabilities due to long windows of exposure between key rotations. Also, it often requires high computational overhead from re-encrypting entire datasets during key updates and frequently depends on third-party auditors for integrity verification, which can compromise privacy. However, a major research gap remains in developing a scalable, efficient, and auditor-free key management protocol that can adapt in real time to evolving cloud access patterns. In this paper, we propose a novel Dynamic Event-Driven Key Regeneration System that leverages Elliptic Curve Diffie-Hellman (ECDH) for secure key exchange and Advanced Encryption Standard—Galois/Counter Mode (AES-GCM) for combined encryption and integrity verification. Unlike conventional time- or session-based strategies, the proposed design uses statistically adaptive thresholding derived from real-time file access patterns to enable on-demand key regeneration and selective re-encryption, drastically reducing computational overhead. By re-encrypting only affected files, the system is optimized for large-scale, multi-tenant cloud environments. Furthermore, the proposed approach eliminates the need for external auditors, as integrity verification is performed internally via cryptographic mechanisms, ensuring both privacy and security. Experimental results show that the proposed system achieves an average key generation time of 2.3 ms, encryption latency of just 0.21 s for 100 MB files, and key regeneration times as low as 0.0012–0.0350 s, outperforming existing approaches by up to 80% in computational efficiency. The system scales efficiently in multi-tenant environments, maintaining low overhead with up to 100 users and providing near-linear performance even with 1000 concurrent encryption operations. These results demonstrate that the proposed adaptive, event-driven system offers enhanced protection against key exposure while maintaining low overhead, making it a viable and secure solution for modern cloud infrastructures.</p>\\n </div>\",\"PeriodicalId\":55214,\"journal\":{\"name\":\"Concurrency and Computation-Practice & Experience\",\"volume\":\"37 25-26\",\"pages\":\"\"},\"PeriodicalIF\":1.5000,\"publicationDate\":\"2025-10-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Concurrency and Computation-Practice & Experience\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://onlinelibrary.wiley.com/doi/10.1002/cpe.70329\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, SOFTWARE ENGINEERING\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Concurrency and Computation-Practice & Experience","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/cpe.70329","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
Adaptive Event-Driven Key Management for Securing Cloud Data Against Key Exposure
Ensuring data confidentiality and integrity in dynamic cloud storage environments is a growing challenge, particularly in the face of key exposure threats. Traditional key management schemes, which rely on periodic updates, introduce significant vulnerabilities due to long windows of exposure between key rotations. Also, it often requires high computational overhead from re-encrypting entire datasets during key updates and frequently depends on third-party auditors for integrity verification, which can compromise privacy. However, a major research gap remains in developing a scalable, efficient, and auditor-free key management protocol that can adapt in real time to evolving cloud access patterns. In this paper, we propose a novel Dynamic Event-Driven Key Regeneration System that leverages Elliptic Curve Diffie-Hellman (ECDH) for secure key exchange and Advanced Encryption Standard—Galois/Counter Mode (AES-GCM) for combined encryption and integrity verification. Unlike conventional time- or session-based strategies, the proposed design uses statistically adaptive thresholding derived from real-time file access patterns to enable on-demand key regeneration and selective re-encryption, drastically reducing computational overhead. By re-encrypting only affected files, the system is optimized for large-scale, multi-tenant cloud environments. Furthermore, the proposed approach eliminates the need for external auditors, as integrity verification is performed internally via cryptographic mechanisms, ensuring both privacy and security. Experimental results show that the proposed system achieves an average key generation time of 2.3 ms, encryption latency of just 0.21 s for 100 MB files, and key regeneration times as low as 0.0012–0.0350 s, outperforming existing approaches by up to 80% in computational efficiency. The system scales efficiently in multi-tenant environments, maintaining low overhead with up to 100 users and providing near-linear performance even with 1000 concurrent encryption operations. These results demonstrate that the proposed adaptive, event-driven system offers enhanced protection against key exposure while maintaining low overhead, making it a viable and secure solution for modern cloud infrastructures.
期刊介绍:
Concurrency and Computation: Practice and Experience (CCPE) publishes high-quality, original research papers, and authoritative research review papers, in the overlapping fields of:
Parallel and distributed computing;
High-performance computing;
Computational and data science;
Artificial intelligence and machine learning;
Big data applications, algorithms, and systems;
Network science;
Ontologies and semantics;
Security and privacy;
Cloud/edge/fog computing;
Green computing; and
Quantum computing.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
