This paper presents the development of an adaptive method for optimizing the allocation of cryptographic resources in distributed databases. The method is based on dynamic system load analysis and adaptive redistribution of encryption keys depending on the threat level and current system state. The proposed approach utilizes clustering analysis and blockchain technologies to ensure a high level of security and efficient cryptographic resource management. Implementing this method minimizes data access time, enhances system resilience against man-in-the-middle (MITM) attacks, and optimizes node load distribution. Simulation results indicate a 15% reduction in access time and an improvement in system security.
In modern distributed databases, cryptographic methods are a key factor in ensuring information security. As data volumes grow and distributed systems expand, the challenge of optimal cryptographic resource management, particularly encryption key distribution, becomes increasingly important. Traditional key distribution methods often fail to account for dynamic system load changes, leading to excessive computational overhead or reduced security levels.
One of the critical threats to distributed databases is MITM attacks, which can compromise transmitted data if the system lacks adaptive cryptographic resource distribution mechanisms. Therefore, it is essential to develop methods that enable dynamic key management based on changing load conditions and security levels.
The problem of optimizing cryptographic resource allocation in distributed databases has gained particular relevance due to the increasing volume of information and the need for enhanced security. A major issue is the uneven distribution of load among system nodes, which can cause data access delays and increase the risk of MITM attacks. Moreover, existing methods often rely on static key distribution, making it difficult to respond effectively to dynamic system changes.
[1] examines cryptographic methods in distributed systems using identity-based encryption (IBE) algorithms. While effective for confidentiality, it lacks adaptability to varying threat levels.
[2] presents symmetric encryption with adaptive key management, focusing on automatic key updates when a threat threshold is exceeded. However, it does not address load balancing between nodes. [3] proposes adaptive cryptographic protocols for key redistribution in distributed systems. Although resistant to MITM attacks, it does not incorporate dynamic load analysis for optimization.
[4] suggests optimizing key distribution in blockchain-based systems by analyzing node load, reducing access delays but not addressing adaptive redistribution under heightened threats.
[5] discusses cryptographic key management in cloud platforms, proposing adaptive redistribution approaches but without sufficient exploration of decentralized management and functional resilience.
The literature review highlights that most existing approaches focus on centralized systems or static key distribution. Adaptive cryptographic resource management methods, considering both threat levels and dynamic load changes, remain underexplored. This justifies the need for a method that combines adaptive key distribution with an optimization-based load-balancing approach.
Existing cryptographic resource management methods in distributed databases have several limitations, primarily due to their static approach to key distribution. These methods do not account for variable system load parameters and data access patterns, leading to increased encrypted data access times and security vulnerabilities against MITM attacks. The lack of adaptive key redistribution mechanisms can also cause excessive load on specific system nodes, reducing overall efficiency [6].
Therefore, it is necessary to develop a method that ensures dynamic and optimized encryption key allocation according to the current system load, minimizes access delays, and enhances security without significantly increasing computational complexity.
The objective of this paper is to develop and justify an adaptive method for optimizing the allocation of cryptographic resources in distributed databases [7]. The proposed approach is based on dynamic system load analysis and seeks to balance security and performance. The main focus is on reducing data access times and improving system resilience to MITM attacks.
The developed method for optimizing cryptographic resource allocation in distributed databases is based on adaptive encryption key management, considering system load variations and threat levels. The core idea is to use real-time dynamic request analysis and risk modeling to modify key distribution schemes accordingly. The approach accounts for user activity, data processing volume, and potential system vulnerabilities, allowing the selection of optimal encryption algorithms and key storage methods to balance security and performance [8].
The scientific novelty of the method lies in its adaptive key distribution approach, which leverages machine learning techniques and heuristic optimization algorithms. Specifically, neural network models are employed to predict system load changes and select cryptographic mechanisms accordingly [9]. This approach enables automatic adjustments in key length, encryption algorithms, and distribution methods, minimizing data compromise risks.
Key elements of the method include:
Clustering analysis to identify user groups with similar request patterns.
Distributed key management using blockchain mechanisms.
The implementation of the method not only enhances security without significantly increasing computational complexity but also reduces access time to encrypted data. This is especially important for large distributed systems, where high performance is critical. The optimization mechanism helps avoid overloading cryptographic processing servers by distributing the load according to the predicted user activity [10–14].
It is also worth noting the increased resilience of the system to man-in-the-middle attacks. The dynamic key distribution and their updating at random intervals make such attacks significantly more difficult to execute. Moreover, by integrating multi-factor authentication and biometric access verification mechanisms, the risks of unauthorized key acquisition are greatly reduced [15– 18]. As a result of implementing the proposed method, the overall security of distributed databases is enhanced, the risks of information compromise are minimized, and the use of cryptographic resources is optimized, ensuring stable system operation even during large-scale cyberattacks [19, 20].
The main scientific novelty of this method lies in the dynamic optimization of cryptographic resource distribution, based on adaptive real-time system load analysis. Traditional approaches either distribute keys statically or change them according to a predefined schedule, making them less flexible and potentially vulnerable to attacks [21, 22].
The proposed method uses a combination of machine learning and blockchain technologies for distributing and updating cryptographic keys, allowing for: 1. Predicting load changes in the distributed database and adapting the encryption strategy.
The use of cluster analysis helps identify typical user request patterns and respond to anomalies. 2. Automatically changing keys according to risk levels. If the system detects suspicious activity, it can dynamically increase the frequency of key updates or switch to more secure encryption algorithms. 3. Reducing system load through a smart balance between cryptographic protection and query processing speed. The adaptive approach ensures resources are not overloaded during peak loads. 4. Distributing cryptographic keys via decentralized trust servers instead of a centralized key store significantly complicates their compromise and reduces the likelihood of man-in-themiddle attacks. 5. Recording key changes in the blockchain, ensuring their transparency, and authenticity, and enabling retrospective analysis for suspicious actions.
Thus, the main uniqueness of the method lies in the combination of adaptive load analysis, decentralized key management, and machine learning to create an optimal, attack-resistant, and high-performance cryptographic system for distributed databases.
The input data for the proposed method of optimizing the distribution of cryptographic resources in distributed databases includes the number of nodes in the system N, the load level on each node Li (ranging from 0 to 1, where 1 represents maximum load), the threat level for each node Si (ranging from 0 to 1, where 1 indicates a critical threat), the total number of available cryptographic keys Kmax, and a threshold threat value θ, exceeding which triggers an emergency key update for the node to enhance the system’s information security.
The algorithm consists of the following steps:
The values of load Li and threat level Si are transformed into the range [0,1] to ensure the correct operation of the algorithm. If the system reads absolute values, normalization is applied:
Normalization allows for the standardization of input data for further processing and ensures their comparability when calculating weight coefficients.
i
i
Li max(L)
Si
max(S )
(
Ki KmaNjx1WWji where α = 0.7, β = 0.3 are weight coefficients that determine the influence of load and threat.
This approach allows for consideration of both the current load on the nodes and potential risks arising from a high threat level.
For each node, we check whether the threat level Si exceeds the threshold value θ. If Si>θ (critical threat), an emergency key update is performed. Keys are distributed evenly among all nodes to avoid risk concentration:
K i= K total / N , (
At the same time, a notification is sent to the administrator about the increased threat level.
If Si≤θ (normal operating mode), the keys are distributed proportionally to the weight coefficients Wi. Each node receives keys according to the formula:
The importance of each node for key distribution is determined, taking into account the load
and threat level. The weight coefficient is defined as:
(
This approach minimizes risks in critical threat situations and ensures an optimal distribution of keys under normal operating conditions.
The values of Ki are rounded to the nearest whole number to obtain the number of keys for each node. Additionally, a check is performed to ensure that the total number of distributed keys equals Ktotal.
At this stage, the cryptographic key table in the distributed database is updated, after which the system sends the updated keys to the corresponding nodes. If some nodes still face a high threat level, a re-evaluation is triggered to provide an additional layer of security.
Since an uneven distribution of cryptographic resources may lead to server overload, it is proposed to minimize the variation in load across the nodes. The optimization model for minimizing load variation is defined as:
N V (t) (Li (t) Lavg (t))2 , Lavg (t) i1 1 N
(Li (t) N i1 where Lavg(t) is the average system load, and N is the number of servers in the system.
To balance the load, an adaptive redistribution of cryptographic keys is performed. Servers with a load coefficient exceeding the permissible value Ki>α are identified as nodes that require a reduction in cryptographic load, while nodes with Kj can take on additional computations. The process of key redistribution is described by the key migration equation between nodes: where γ is the adaptation coefficient, which defines the speed of key redistribution.
The key redistribution between nodes is determined by the migration equation:
M ij (Li Lj ), i, j N , Li Lj
(
The efficiency of the proposed method is assessed based on the average access time to encrypted data. where Tproc is the processing time of the request on the server, and Tcomm is the delay associated with the transmission of cryptographic keys. Minimizing Tcomm through adaptive key distribution helps improve the overall system performance. The method involves dynamic updating of keys Ki depending on the load parameters. If:
Lj Lj (Li Lavg ), Li Li (Li Lavg ) where
, α—coefficient of distribution.
Encryption keys are updated if the node is overloaded or its performance is significantly lower than the average:
Ki K j , if Ci Cavg where Cavg is the average node performance, β is the threshold for key update.
Unlike traditional methods, the proposed approach involves the dynamic distribution of cryptographic resources in distributed databases using an adaptive key distribution method based on the current system load. The methods selected for comparison (AES-GCM, RSA-2048, ECDSA) are the most commonly used in cryptographic data protection and employ different encryption approaches:
AES-GCM—a representative of symmetric encryption that ensures fast data processing. RSA-2048—one of the classical asymmetric algorithms used for key exchange and digital signatures.
ECDSA—a digital signature algorithm based on elliptic curve cryptography that provides high security with a shorter key length.
The proposed method uses an adaptive approach to key distribution, which reduces latency and increases security without placing unnecessary load on the system. 128/192/256 bit
2048 bit
AES-GCM
RSA-2048
The proposed method
asymmetric algorithms (RSA, ECDSA) and slightly exceeds AES-GCM in speed, compensating for this with adaptive security. The graph demonstrates that the proposed method offers a higher level of security, efficiency, adaptability, and key update frequency. The proposed method for optimizing the distribution of cryptographic resources in distributed databases improves the efficiency of encryption key management by reducing the load on nodes and ensuring an even distribution of data processing requests. The use of an adaptive approach, based on dynamic system load analysis, helps avoid bottlenecks in encryption and decryption processes, which is crucial for scalable decentralized platforms such as blockchain networks and distributed data storage systems. The proposed solution strikes a balance between security and data access speed, significantly reducing the risks of man-in-the-middle attacks and enhancing the system’s resilience to potential threats.
The results show that the use of an adaptive key redistribution mechanism can significantly reduce cryptographic operation latency while lowering computational costs without compromising security. The practical application of the method is possible in blockchain systems, distributed databases, secure cloud storage, and financial and corporate systems, where data processing speed and protection against unauthorized access are critical.
Future research prospects are related to improving dynamic system state monitoring mechanisms, including the development of machine learning algorithms to predict node load and automatically adjust the key distribution strategy. Additionally, further experimental studies are necessary to determine the optimal parameters for adaptive redistribution based on the architecture of the distributed system, particularly analyzing the impact of various consensus models on the performance of cryptographic operations. An important direction is also the study of integrating the proposed method with modern cryptographic algorithms, such as post-quantum cryptography, which will enhance resilience to potential future threats.
Declaration on Generative AI While preparing this work, the authors used the AI programs Grammarly Pro to correct text grammar and Strike Plagiarism to search for possible plagiarism. After using this tool, the authors reviewed and edited the content as needed and took full responsibility for the publication’s content. [9] Y. Kostiuk, et al., Integrated protection strategies and adaptive resource distribution for secure video streaming over a Bluetooth network, in: Cybersecurity Providing in Information and Telecommunication Systems II, vol. 3826 (2024) 129–138. [10] A. V. Halchenko, Instrumental means of cryptographic systems based on deniable encryption,
Ph.D. Dissertation, Zaporizhzhia National University, 2021.
[11] A. Gharout, M. Merabti, D. Llewellyn-Jones, Adaptive group key management protocol for
wireless dynamic groups, J. UCS 18(
University, 2010.
[17] A. Astrakhantsev, Models and methods for improving the security and quality of data
transmission in mobile communication systems, Ph.D. Dissertation, National Technical
University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute,” 2021.
[18] F. Pierazzi, M. Colajanni, Performance and cost evaluation of an adaptive encryption
architecture for cloud databases, IEEE Transactions on Cloud Computing, 2(