Received 2 November 2023, accepted 30 December 2023, date of publication 8 January 2024, date of current version 23 February 2024.

Digital Object Identifier 10.1109/ACCESS.2024.3351119

Dynamic AES Encryption and Blockchain Key

Management: A Novel Solution for
Cloud Data Security
MOHAMMED Y. SHAKOR 1,2 , MUSTAFA IBRAHIM KHALEEL 2 , MEJDL SAFRAN 3,

SULTAN ALFARHOOD 3 , AND MICHELLE ZHU 4 , (Member, IEEE)

1 Department of English, College of Education, University of Garmian, Kalar 46021, Iraq
2 Department of Computer, College of Science, University of Sulaimani, Sulaymaniyah 46001, Iraq
3 Department of Computer Science, College of Computer and Information Sciences, King Saud University, Riyadh 11543, Saudi Arabia
4 Department of Computer Science, College of Science and Mathematics, Montclair State University, Montclair, NJ 07043, USA

Corresponding author: Mustafa Ibrahim Khaleel ([Link]@[Link])

This research is funded by the Researchers Supporting Project Number (RSPD2024R1027), King Saud University, Riyadh, Saudi Arabia.

ABSTRACT In the rapidly evolving realm of cloud computing security, this paper introduces an innovative
solution to address persistent challenges. The proliferation of cloud technology has brought forth heightened
concerns regarding data security, necessitating novel approaches to safeguarding sensitive information.
The issue centers on the vulnerability of cloud-stored data, usually necessitating enhanced encryption
and key management strategies. Traditional methods usually fall short in mitigating risks associated with
compromised encryption keys and centralized key storage. To combat these challenges, our proposed
solution encompasses a two-phase approach. In the first phase, dynamic Advanced Encryption Standard
(AES) keys are generated, ensuring each file’s encryption with a unique and ever-changing key. This
approach significantly enhances file-level security, curtailing an attacker’s ability to decrypt multiple files
even if a key is compromised. The second phase introduces blockchain technology, where keys are securely
stored with accompanying metadata, bolstering security and data integrity. Elliptic Curve Cryptography
(ECC) public key encryption enhances security during transmission and storage, while also facilitating
secure file sharing. In conclusion, this comprehensive approach enhances cloud security, providing robust
encryption, decentralized key management, and protection against unauthorized access. Its scalability and
adaptability make it a valuable asset in contemporary cloud security paradigms, assuring users of data
security in the cloud.

INDEX TERMS AES, blockchain, cloud computing, cloud storage, dynamic encryption, ECC.

I. INTRODUCTION Cloud storage exhibits several salient characteristics,

Given that cloud computing stands as one of the pervasive including immediate availability, affordability, accessibility,
technologies within the Information Technology (IT) sector, ease, reliability, flexibility, and a wide range of leasing
it presents a set of advantages which are: encompassing choices [3]. Furthermore, cloud computing is underpinned
virtualization, extensive scalability, cost-efficiency, remote by critical attributes such as security, scalability, economic
data processing, and the provision of on-demand clients- efficiency, accessibility, data recovery capabilities, and
centric sharing services [1]. It is useful for different areas optimized resource utilization. Trust emerges as a pivotal
in IT, including business applications, educational platforms, concern when contemplating the transfer of user data to cloud
and especially, data storage and sharing enabled by cloud environments, representing a significant challenge in the
services [2]. relationship between users and cloud service providers [4].
Users of cloud storage services necessitate clear visibility
The associate editor coordinating the review of this manuscript and and assurance regarding the security and integrity of their
approving it for publication was Mueen Uddin . data stored in the cloud, given the limited means for
2024 The Authors. This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License.
26334 For more information, see [Link] VOLUME 12, 2024
M. Y. Shakor et al.: Dynamic AES Encryption and Blockchain Key Management

monitoring stored data. To address this imperative and foster Advanced Encryption Standard (AES). This method
broad user acceptance, a multitude of data and resource is characterized by its dynamic and efficient key
protection strategies have been introduced and integrated generation mechanism, which bolsters the security of
within the domain of cloud security, leveraging contemporary file storage in the cloud.
cryptographic algorithms. • Blockchain-Powered Key Security: A notable contribu-
Data protection through encryption in the cloud entails tion lies in the integration of Blockchain technology to
the implementation of robust security measures to safeguard secure cryptographic keys within the cloud environment.
customer data within server centers against external and This ensures the robust protection of encryption keys and
internal threats, facilitated by encryption algorithms [5]. safeguards against potential security breaches.
Two primary categories of encryption methods, supported • User-Friendly Key Management: The article streamlines
by cryptographic keys, are symmetric and asymmetric the process of key management for end-users. This
cryptography [6]. The selection between these methods simplification empowers users to efficiently manage the
hinges on the number of keys employed: one key for substantial volume of dynamic keys required for encryp-
symmetric cryptography and a pair of keys for asymmetric tion tasks, thereby enhancing usability and security in
encryption/decryption. The use of larger and more intricate cloud-based storage systems.
keys enhances the security of encryption algorithms and
renders attacks more formidable.
Conversely, cloud users have the opportunity to bolster II. BACKGROUND AND METHODOLOGY
trust and enhance data protection when engaging in out- A. DYNAMIC ENCRYPTION
sourcing and cloud services by harnessing the innovative and In contrast to the conventional practices of encrypting data
emerging technology of Blockchain [7]. Blockchain security either at rest (i.e., during storage) or during transmission
offers a more complex and reliable paradigm than centralized (i.e., while traversing a network), dynamic encryption,
database security. Blockchain works by keeping track of also referred to as ‘‘runtime encryption’’ or ‘‘real-time
documents in a ledger that are safely connected to earlier encryption,’’ encompasses the process of encrypting data as
blocks using cryptographic hash algorithms. A blockchain it is generated or accessed. Dynamic encryption ensures the
is a type of distributed ledger that is used to record protection of data from the moment of its creation or access
transactions and prevent tampering. Usually run via a peer- until it is no longer required.
to-peer network, the Blockchain is designed specifically to Key characteristics and principles associated with dynamic
prevent unwanted manipulation. As a result, Blockchain can encryption include the following:
furnish security measures on par with those found in central
database storage, effectively averting potential attacks and • Encryption in Real-Time [9]: Dynamic encryption
data breaches from a managerial perspective. secures data while it is in use, typically employing
Furthermore, in scenarios where data transparency is encryption keys generated or derived in the active
imperative, Blockchain’s inherent attribute of openness can process. This ensures data security during processing,
facilitate the necessary level of data transparency [8]. transfer, or utilization.
Because of these unique benefits, Blockchain is used in a • Data-in-Use Protection [10]: Dynamic encryption safe-
variety of industries, such as finance and the Internet of guards data during its active utilization, ensuring encryp-
Things (IoT) ecosystem, and its use is expected to grow tion even when authorized users access it or applications
dramatically. In light of its effectiveness and accessibility, process it. That sets it apart from data-in-transit encryp-
numerous IT environments have embraced cloud computing. tion (like file encryption on storage devices) and data-at-
Consequently, there has been a heightened focus on exploring rest encryption (like network transmission encryption).
critical security facets concerning cloud security and privacy • Granular Access Control [11]: is frequently used in
issues. tandem with dynamic encryption, gives businesses the
This paper introduces a novel approach aimed at enhancing ability to specify who can access data and under what
file storage security within the cloud infrastructure. This conditions. Permissions granted to the user, the time, the
approach leverages a hybrid dynamic encryption technique, place, and other pertinent variables can all be used to
incorporating elements of Elliptic Curve Cryptography, restrict access.
Advanced Encryption Standard, and Blockchain technology. • Adaptive Security [12]: Dynamic encryption demon-
The primary objective is to establish a highly secure strates flexibility in reaction to changing security sce-
environment conducive to elevating the overall security of narios. For example, according on the perceived danger
cloud-based storage solutions. level or the sensitivity of the material, the encryption
The article’s primary contributions are encapsulated within strength and key management may be changed.
the following key points: • Robust Authentication [13]: Strict authentication pro-
cedures are often included with dynamic encryption to
• Dynamic AES File Encryption: The article introduces guarantee that only authorized entities-individuals or
an innovative approach to file encryption utilizing the systems-are able to access encrypted data. Techniques

VOLUME 12, 2024 26335

 M. Y. Shakor et al.: Dynamic AES Encryption and Blockchain Key Management

such as digital certificates and multi-factor authentica- TLS protocol, that establish a secure internet connection. The
tion may be deployed for this purpose. prime modulus p, the generator point G, the elliptic curve’s
• Key Management [14]: Managing keys well is essential coefficients a and b, and the order of the generator point n
when it comes to dynamic encryption. To maintain the are input parameters for the ECC method. The public key Q
security of encrypted data, encryption keys must be is determined as dG, while the private key d is produced as a
generated, stored, cycled, and destroyed on time and random integer between 1 and n − 1.
securely. Considering the aforementioned points, ECC is a secure
In order to protect sensitive data, dynamic encryption and efficient encryption algorithm which can be used for a
adds an extra layer of security, reducing the danger of data wide range of applications consisting of those that require the
breaches and illegal access. It is frequently used in situations use of mobile gadgets.
like secure communications, financial transactions, health- An equation: y2 = x 3 + ax + b is an equation of an elliptic
care, and cloud computing, where data security and privacy curve. In this equation, the constants a and b represent the
are crucial. shape of the curve which looks like an elongated circle or
oval. The curve contains point at infinity which is involved in
the point addition operation and it also has locations where
B. AES
y2 = x 3 + ax + b.
In 2000, the NIST intentionally selected Rijndael as the The algorithm starts with a point P and perform a point
advanced encryption standard due to its outstanding qualities doubling or point addition operation to create points on the
in terms of security, performance, and elegance. As per NIST curve. A point P on the curve is used as input for the point
guidelines, the symmetric encryption method AES has a doubling operation, which outputs a new point 2P. When two
block size of 128 bits. A key feature is that AES can vary points P and Q are added together, a third point R, which is
the number of encryption rounds according to the size of the also on the curve, is produced.
encryption key. More specifically, For a 128-bit key, the AES
uses 10 rounds of encryption; for 192-bit and 256-bit keys,
it uses 12 rounds and 14 rounds, respectively [15]. D. BLOCKCHAIN TECHNOLOGY
The fundamental building blocks of each encryption round Blockchain technology has recently garnered potential to
in AES encompass SubBytes, ShiftRows, MixColumns, and revolutionize several industries, including cloud computing
AddRoundKey operations. Among these, the AddRoundKey recently [18]. The urgency with which this problem must
operation assumes paramount importance as it executes an be solved in order to improve cloud data storage security is
exclusive OR (XOR) operation between the input state matrix highlighted. Because blockchain technology is known for its
and the cryptographic key. It is noteworthy that in the immutable, transparent, and secure record-keeping, it appears
traditional AES framework, each round key is generated by to be a viable solution. Blockchain integration with cloud
means of a predetermined key expansion process. computing systems seems to be a good fit because of its
The selection of Rijndael as the advanced encryption decentralized architecture, which protects against fraud and
standard, its block length, the variable number of encryp- manipulation.
tion rounds, and the integral components of AES rounds, The application of blockchain technology holds promise
including the critical AddRoundKey operation, collectively in addressing several critical issues within the realm of
contribute to the robustness and effectiveness of this widely cloud security research. Blockchain technology may provide
adopted encryption algorithm [16]. a strong answer to this issue by utilizing smart contracts that
are able to confirm device identities and authorize network
C. ELIPTIC CURVE CRYPTOGRAPHY access in accordance with predetermined standards [19].
Elliptic Curve Cryptography, which also know as ECC, is a Numerous research endeavors have explored the utilization
method for encrypting and decrypting data that creates a of blockchain technology to enhance cloud security. These
pair of keys by mathematically connecting each point on an studies include the use of blockchain-based solutions to
elliptic curve to a specific set of public and private keys [17]. protect the privacy and integrity of data, enable private
But the public key is distributed, the private key remains communication in cloud services, and provide secure device
private. To guarantee the security of data being transmitted identification. Still, more study is required to fully understand
through ECC the sender has to get the recipient’s public key how blockchain technology might improve cloud security and
first. The data is then encrypted using the public key and to determine the best ways to put it into practice.
can be unencrypted only with the recipient’s private key. The Public and private blockchains exhibit marked dispar-
data can be viewed only by the intended receiver when the ities in terms of their decentralization paradigms. While
encryption method is applied. private blockchains act as closed, limited networks, public
Many applications from Virtual Private Networks (VPNs) blockchains are open, decentralized, and welcome participa-
to file transfers and secure email protocols employ the tion from everybody interested [20]. Consequently, private
currently popular methods, the so-called ECC. It is also blockchains, in theory, offer superior efficiency and security
utilized in the design of cryptographic protocols such as the attributes when compared to their public counterparts.

26336 VOLUME 12, 2024

M. Y. Shakor et al.: Dynamic AES Encryption and Blockchain Key Management

However, more centralization and decreased transparency are from different forms of cyberattacks. These featured pro-
the cost paid for this improved performance. cesses are enabled by the system’s remarkable capability to
In this paper, a private blockchain has been employed as the use biometric authentication correctly that was achieved by
chosen framework for implementing blockchain technology developing a strong approval procedure which follows the
to enhance the security of data within cloud storage systems. rule of permissions and requirements to the latter.
In 2023, An novel Non-Deterministic Cryptographic
III. RELATED WORKS Scheme (NCS) solution has been proposed to ensure
The growing adoption of cloud storage can be attributed data confidentiality and privacy in cloud environments,
to its convenient accessibility, resource efficiency, and cost- incorporating Sliding Window Algorithm (SWA), Linear
effectiveness. However, ensuring user privacy during data Congruential Generator (LGC), and XOR implementation.
transfers to the cloud requires implementing technologies The suggested method’s strength was compared with the
that guarantee data privacy and integrity. This aspect holds encryption algorithms of AES, RSA, and DES to show
particular significance within the related work context, where its superiority in terms of execution time. The resolution
investigating diverse techniques for enhancing security in presented in [25] also emphasized striking a balance between
data migration to the cloud remains a central focus. the encryption algorithm’s strength and efficiency in relation
In 2021, [21] introduced a new Lightweight Cryptographic to the volume of data.
Algorithm named (NLCA), which operates as a 16-byte block In 2023, the solution in [26] proposed utilizing AES, RSA,
cipher and utilizes a 16-byte key for encryption within cloud DES, and Blowfish encryption algorithms to elevate data
environments. The objective of this proposal is to enhance security within a cloud environment. The solution is including
data security. Notably, the algorithm exhibits a flexible nature computing time, strength of encryption, and resource use
while concurrently achieving optimal encryption speed and is carried out to undertake a thorough performance evalua-
an elevated level of security which is accomplished by incor- tion of these methods. The comparison analysis’s findings
porating supplementary logical operations, distinguishing demonstrate the AES algorithm’s superiority in terms of
NLCA from other encryption algorithms. cryptographic resilience and encryption speed.
In 2021, Hybrid algorithms have demonstrated their
effectiveness in enhancing data protection within the cloud IV. PROPOSED DYNAMIC ENCRYPTION SOLUTION
environment, corroborated by researchers in [22]. This The proposed solution relies primarily on three fundamental
research proffered a hybrid algorithm that capitalizes on elements, as shown in Figure 1, to secure data at three
the synergistic attributes of Elliptic Curve Cryptography levels: when it is transferred from the client to the server,
(ECC) and AES algorithms. An ECC algorithm was enlisted when it is stored and managed on the server, and when it
for AES key generation to harmonize the imperatives of is shared among clients. The utilized components are the
data security, computational efficiency, and implementation AES encryption algorithm, the ECC public key encryption
expediency. The algorithm’s key size, notable for its compact algorithm, and blockchain technology.
dimensions, is an additional strength of the proposed system. Therefore, we will elucidate the processes of securing data
A comprehensive comparative analysis involving diverse through data encryption and decryption, as well as how to
encryption algorithms and alternative proposed systems manage file sharing operations by creating branches in the
was conducted. The outcomes firmly establish that the blockchain, thereby enhancing blockchain management.
AES-ECC hybrid algorithm attains superior levels of security
and exhibits reduced energy consumption in contrast to A. KEY GENERATION AND FILE ENCRYPTION
its counterparts, rendering it a quintessential choice for In the initial stage of the proposed solution, the client initiates
data-safeguarding endeavors in the cloud. the blockchain if they do not already possess any previous
In 2022, Blockchain technology has been employed to blocks. The first block is initialized with random data, and
tackle the shortcomings and obstacles inherent in conven- the block number and creation date are added to it, as depicted
tional medical cloud storage systems and establish trust, audi- in Figure 2. However, if the client already has a pre-existing
bility, and data-sharing interoperability as employed in [23]. blockchain, they have two options. They can either fetch the
The proposed solution incorporates a consensus algorithm for latest block from the server, should it not be available locally,
validating new blocks, authenticating healthcare providers, or retrieve it from their device, if it is locally available.
and enhancing data management in the cloud. This flexibility allows the user to access the necessary data
In 2022, the Fine-Grained Access Control (FGAC) system even if it is not present locally or to leverage the data available
has been proposed to enhance the trustworthiness and on their device to expedite operations. Following this, the
confidentiality of users and service providers by leveraging a client inputs the file they wish to upload to the cloud storage
fuzzy logic framework [24]. The system creates three groups service into the SHA-256 algorithm to obtain the file’s hash
of keys which are the public, private, and session keys. The code. Subsequently, the client inputs the hash code of the last
proposed solution utilizes such an elaborate management block in the blockchain into the same algorithm to acquire a
scheme to deliver an array of security functions. Thus, hash code. These two codes are then combined using XOR to
it encompasses various aspects of possible threats emerging yield a final code, which serves as the encryption key for the

VOLUME 12, 2024 26337

 M. Y. Shakor et al.: Dynamic AES Encryption and Blockchain Key Management

FIGURE 1. Proposed solution architecture.

Algorithm 1 Key Generation and File Encryption

1: Input: Plain File
2: Output: Encrypted File and Encrypted Block
3: if Blockchain is Empty then
4: Block ← New Block
5: Block Data ← Random Data
6: Block ID = 1
7: else
8: Block Data ← Random Data
9: Block ID = Block ID + 1
10: Block DateTime = DateTimeNow
11: end if
12: if Local(Blockchain) is Null then
13: Request Block[Last] ← Server
14: else
15: Hash Code = Hash(Block[Last])
16: end if
17: File Hash Code = Hash(Plain File)
L
18: key = Hash Code File Hash Code
19: encrypted file = Encrypt(Plain File, key)

The process of generating blocks for the purpose of

adding them to the blockchain comprises the following
stages, as illustrated in Figure 3. It commences with the
retrieval of the dynamic encryption key used to encrypt
the file, which is generated as part of the key generation
process. Simultaneously, the contents of the latest block in
the blockchain are read. Subsequently, the block counter is
incremented by one, and the current time and date on the
FIGURE 2. Dynamic encryption flowchart.
client’s device are recorded.
The next step involves constructing the block, which will
file. This process helps fortify the security of the stored file contain the encryption key as data and the hash of the previous
within the Blockchain. block. Following this, the user encrypts the entire block using
Algorithm 1 outlines the primary steps involved in the key their private encryption key, and the new block, along with
generation and file encryption process. the encrypted file, is transmitted to the server. Additionally,

26338 VOLUME 12, 2024

M. Y. Shakor et al.: Dynamic AES Encryption and Blockchain Key Management

key generation mechanism substantially elevates the

security of files. Even in the event of key compromise,
an attacker’s ability to decrypt multiple files is restricted,
as each file is encrypted with a distinct key.
• Dynamic Key Generation: The utilization of two
distinct hashes, namely the file hash and the block
hash, to derive encryption keys ensures the generation of
different keys for each encryption instance, even when
the content remains the same. This feature not only
bolsters security but also thwarts any attempts by service
providers to acquire or deduce the key based solely on
block content, as it necessitates both hash codes for key
derivation.
• File Sharing with Asymmetric Key Encryption:
Encrypting blocks with an asymmetric key, such as ECC
(Elliptic Curve Cryptography) public key, affords two
significant advantages. Firstly, it shields the blockchain
from unauthorized access by service providers or poten-
tial attackers during transmission to or storage within
FIGURE 3. Blockchain generating flowchart.
the cloud. Secondly, it enables efficient file sharing
with clients. Clients can request block permissions
a local copy of the block may be retained for the purpose of from recipients and subsequently employ the blocks to
expedited retrieval when necessary. generate encryption keys, facilitating the secure addition
Every client is required to possess a pair of ECC keys, of files to the recipient’s cloud-based file chain. This
comprising a both public and private keys. The public key dual-pronged benefit enhances both security and user
serves the dual purpose of being disseminated to the general functionality.
public and stored alongside the client’s unique identifier on
B. DECRYPTION AND FILE DOWNLOADING
the server when sharing with other clients is necessitated.
Conversely, the private key is retained by the client to In the process of decryption and file retrieval, the client
facilitate the decryption of blocks and to obtain the access key initiates a request for the file they wish to decrypt as depicts
for each individual file exclusively. The client’s public key in Figure 4. Consequently, the server transmits the file along
plays a pivotal role in encrypting block data on the client side with its associated block. Using the private key of the ECC
prior to transmission to the server, thereby rendering the block algorithm, the client decrypts the block to access its specific
data impervious to inspection by the server’s administrators. data, which includes the encryption key specific to the file.
Algorithm 2 outlines the primary steps involved in the key The absence of the key in an explicit form on the server
securing using blockchain and ECC algorithm. enables the service provider to create multiple copies of
the user’s blockchain and provide them in a decentralized
Algorithm 2 Block Generating and Securing Keys manner. Only authorized individuals possessing the ECC
1: Input: AES Key 256-bit, ECC Public Key
decryption key will be able to access the keys needed for
2: Output: Encrypted Block
any given file. Furthermore, users will have the capability to
3: New Block Data = AES Key
manage millions of files with distinct keys using a single key
4: New Block ID = Block ID + 1
stored on their device.
5: New Block DateTime = DateTimeNow
C. FILE SHARING WITH BLOCKCHAIN
6: Encrypted Block = Encrypt(New Block, ECC Public
Key) One of the most critical services required by the client in
7: Send Encrypted Block H⇒ Server
cloud file storage is the secure sharing of files with other
8: Send Encrypted File H⇒ Server
clients, and this has been taken into account in the proposed
9: Server Save New Block and Encrypted File
system. In this section, a new modification has been imposed
on the blockchain, which is the multi-branch blockchain.
It allows the user to add new files to their secure files, which
The novel approach outlined herein offers several distinct have been shared with them by other clients.
advantages, which can be delineated as follows: Initially, as illustrated in Figure 5, the sender needs a copy
• Enhanced File-Level Security: By employing key of the recipient’s hash code and the block number associated
generation based on individual files, this approach with the hash code. Here, the recipent needs to choose one
facilitates the encryption of each file with a unique and of the blocks to start a branching blockchain and send it
dynamically changing key. Consequently, this dynamic along with its number to the client they want to share the

VOLUME 12, 2024 26339

 M. Y. Shakor et al.: Dynamic AES Encryption and Blockchain Key Management

requested from the server that holds the clients’ public ECC
algorithm keys.
The ability to modify the blockchain mechanism and
add new branches to it provides the advantage of verifying
that a file has been shared from a trusted source. This
is achieved by regenerating the block from the file after
decrypting it. Additionally, revoking or deleting a file from
the blockchain will not affect the main chain that contains
the user’s primary files uploaded to the server. This flexibility
allows for the creation of branches to any extent, with each
branch containing multiple files in a hierarchical manner.

V. EXPERIMENTAL RESULTS AND ANALYSIS

The proposed solution has been assessed and analyzed
across several stages, encompassing both statistical and
detailed mathematical evaluations. This comprehensive anal-
ysis extends to its resilience against data analysis attacks
and key guessing. These evaluations serve to underscore
the significance and robustness of the proposed solution
in the requisite encryption scenarios. The performance
measurements were conducted using randomly generated
synthetic data, created algorithmically for the purpose of
simulating various text inputs. Additionally, image data
FIGURE 4. File decryption flowchart.
was collected from well-known online sources, serving the
purpose of simulating multimedia data.

A. HISTOGRAM ANALYSIS OF IMAGE ENCRYPTION

As depicted in Figure 6, the system under consideration
demonstrates its proficiency in the encryption and decryption
of grayscale images, specifically the ‘‘Cameraman’’ image,
both sized at 256 × 256 pixels.
These images are accompanied by their respective his-
tograms, illustrating their pixel intensity distributions both
before and after encryption, employing both the proposed
AES model and the conventional AES model. Upon closer
examination, it becomes evident that while the pixel values
of the encrypted images are uniformly distributed, the
histograms of the original, unencrypted images exhibit
non-uniform distributions with noticeable variations. Impor-
tantly, the suggested encryption method exhibits reduced
fluctuations and a more balanced distribution compared to
the traditional AES approach. This discernible distinction
underscores the enhanced security and greater resilience
against statistical attacks offered by the proposed approach.
However, it is worth noting that the computational
complexity of the suggested algorithm results in somewhat
FIGURE 5. File sharing mechanism. prolonged computation times.

B. SENSITIVITY ANALYSIS
file with. The recipient hashes the file they want to share and The proportion of ’1’s within a binary data stream relative
then creates a new block and a new encryption key in the to the total number of bits in the data is commonly denoted
same way previously explained for file encryption and block as sensitivity or bit density. Bit density serves as a metric to
construction. They assign a sequence to the block directly assess the entropy or predictability of a given data stream.
after the number of the block received from the client they In the case of highly random data, it is anticipated that the
intend to share with. Then, they encrypt the file and the block bit density will closely approach 0.5, signifying an equitable
with the recipient’s ECC public key, which can be directly distribution of ‘‘0’’ and ‘‘1’’ bits.

26340 VOLUME 12, 2024

M. Y. Shakor et al.: Dynamic AES Encryption and Blockchain Key Management

TABLE 2. Dynamic keys sensitivity.

TABLE 3. Dynamic keys sensitivity comparison.

TABLE 4. Dynamic keys sensitivity comparison.

algorithm’s efficacy in thwarting data analysis attacks, owing

to the inherent unpredictability of the data post-encryption.
Additionally, the dynamic encryption process, which alters
the bit positions within the resulting text, even when
employing identical input data, significantly enhances the
complexity of data analysis for potential attackers.
Compared with [27], the proposed solution outperformed
FIGURE 6. Image histogram analysis. the dynamic encryption in that paper in terms of sensitivity
which it was produced 51.46 at max compared with 59.04 in
TABLE 1. Encrypted file sensitivity.
the proposed solution.
As shown in Table 3, Compared with [27], the proposed
solution outperformed the dynamic encryption in that paper
in terms of sensitivity which it was produced 51.46 at max
compared with 59.04 in the proposed solution.
Table 4 demonstrated superior performance of the pro-
posed solution in sensitivity compared to the dynamic
encryption method presented in [1]. The sensitivity attained
a maximum value of 42.5 in the referenced paper, whereas
To ensure the security of the proposed solution, the level the proposed solution achieved a notably higher sensitivity of
of sensitivity has been systematically computed for various 60.54.
encrypted files and dynamic encryption keys.
As shown in Table 1, which represents the sensitivity C. STATISTICS ANALYSIS
values of encrypted data with different sizes, it is evident Entropy, also referred to as information density, serves as a
that the values are high compared to the benchmark solution. metric for quantifying uncertainty within a dataset or a series
This indicates the effectiveness of the algorithm against data of bytes. It is a mathematical concept that characterizes the
analysis attacks due to the randomness of the data after probability or level of difficulty associated with accurately
encryption. Furthermore, dynamic encryption rearranges the predicting each individual number within a given sequence.
positions of bits in the resulting text, even with the same Given that genuinely random data is infrequent in typical
input data, which increases the complexity of data analysis user data, entropy finds applications in various contexts,
for potential attackers. with a predominant role in the realms of encryption and
Conversely, a comprehensive sensitivity analysis of the compression.
encryption keys has been conducted. As illustrated in Table 2, This significance becomes particularly pronounced when
which portrays the sensitivity values of the keys utilized dealing with executables that have intentionally undergone
for encryption across diverse block sizes and distinct files, encryption through real-time decryption processes [28].
it becomes evident that these values notably exceed those In such cases, the very nature of this encryption approach
of the benchmark solution. This disparity underscores the renders it challenging for antivirus programs to perform an

VOLUME 12, 2024 26341

 M. Y. Shakor et al.: Dynamic AES Encryption and Blockchain Key Management

TABLE 5. File entropy with dynamic key. REFERENCES

[1] R. Anandkumar, K. Dinesh, A. J. Obaid, P. Malik, R. Sharma, A. Dumka,
R. Singh, and S. Khatak, ‘‘Securing e-health application of cloud
computing using hyperchaotic image encryption framework,’’ Comput.
Electr. Eng., vol. 100, May 2022, Art. no. 107860.
[2] Z. Bashir, T. Rashid, and S. Zafar, ‘‘Hyperchaotic dynamical system based
image encryption scheme with time-varying delays,’’ Pacific Sci. Rev. A,
Natural Sci. Eng., vol. 18, no. 3, pp. 254–260, Nov. 2016.
[3] W. Y. Chang, H. Abu-Amara, and J. F. Sanford, Transforming Enterprise
in-depth analysis of these executables while they are stored on Cloud Services. Berlin, Germany: Springer, 2010.
disk. This is because the encryption effectively conceals the [4] B. Alouffi, M. Hasnain, A. Alharbi, W. Alosaimi, H. Alyami, and M. Ayaz,
‘‘A systematic literature review on cloud computing security: Threats and
internal structure of the executable, preventing the inspection mitigation strategies,’’ IEEE Access, vol. 9, pp. 57792–57807, 2021.
for specific strings or patterns. [5] N. M. Sultana and K. Srinivas, ‘‘Survey on centric data protection method
Moreover, entropy analysis as shown in Table 5 proves for cloud storage application,’’ in Proc. Int. Conf. Comput. Intell. Comput.
Appl. (ICCICA), Nov. 2021, pp. 1–8.
invaluable in the detection of files characterized by a high [6] F. Thabit, O. Can, S. Alhomdy, G. H. Al-Gaphari, and S. Jagtap, ‘‘A
degree of unpredictability [29]. Such files often signify novel effective lightweight homomorphic cryptographic algorithm for data
the presence of an encrypted volume or container, a detail security in cloud computing,’’ Int. J. Intell. Netw., vol. 3, pp. 16–30, 2022.
[7] D. C. Nguyen, P. N. Pathirana, M. Ding, and A. Seneviratne, ‘‘Integration
that might otherwise remain concealed without the aid of of blockchain and cloud of things: Architecture, applications and
entropy-based identification techniques. challenges,’’ IEEE Commun. Surveys Tuts., vol. 22, no. 4, pp. 2521–2549,
4th Quart., 2020.
[8] S. N. G. Gourisetti, Ü. Cali, K.-K.-R. Choo, E. Escobar, C. Gorog, A. Lee,
VI. CONCLUSION C. Lima, M. Mylrea, M. Pasetti, F. Rahimi, R. Reddi, and A. S. Sani,
In this paper, a comprehensive and innovative solution ‘‘Standardization of the distributed ledger technology cybersecurity stack
to address critical security concerns in cloud computing for power and energy applications,’’ Sustain. Energy, Grids Netw., vol. 28,
Dec. 2021, Art. no. 100553.
environments has been introduced. The suggested approach [9] S. Banani, S. Thiemjarus, K. Wongthavarawat, and N. Ounanong, ‘‘A
utilizes an ECC, AES, and Blockchain hybrid dynamic dynamic light-weight symmetric encryption algorithm for secure data
encryption method, which being a multi-layered defense transmission via BLE beacons,’’ J. Sensor Actuator Netw., vol. 11, no. 1,
p. 2, Dec. 2021.
mechanism ensures high degree of security for sensitive [10] I. Keshta, Y. Aoudni, M. Sandhu, A. Singh, P. A. Xalikovich, A. Rizwan,
data. In the process, widely regarded security issues in cloud M. Soni, and S. Lalar, ‘‘Blockchain aware proxy re-encryption algorithm-
computing have been explained, specifically, the deficiency based data sharing scheme,’’ Phys. Commun., vol. 58, Jun. 2023,
Art. no. 102048.
of centralized key management and the necessity of privacy [11] O. A. Khashan, N. M. Khafajah, W. Alomoush, M. Alshinwan, S. Alamri,
reinforcement. The proposed answer, acting in two stages, S. Atawneh, and M. K. Alsmadi, ‘‘Dynamic multimedia encryption using a
is quite solid to the problems that have been discovered. parallel file system based on multi-core processors,’’ Cryptography, vol. 7,
no. 1, p. 12, Mar. 2023.
At first, dynamic AES keys are created to make sure each [12] K. Bhalla, D. Koundal, S. Bhatia, M. Khalid Imam Rahmani, and M. Tahir,
file is encrypted differently and changes often. This dynamic ‘‘Dynamic encryption and secure transmission of terminal data files,’’
key generation greatly enhances file-level security, mitigating Comput., Mater. Continua, vol. 71, no. 1, pp. 1221–1232, 2022.
[13] X. Liu, R. Zhang, and M. Zhao, ‘‘A robust authentication scheme with
the risk of compromise. The second phase introduces the dynamic password for wireless body area networks,’’ Comput. Netw.,
use of blockchain technology, providing an immutable vol. 161, pp. 220–234, Oct. 2019.
and decentralized ledger to securely store encryption keys. [14] M. Yousefpoor and H. Barati, ‘‘Dynamic key management algorithms
in wireless sensor networks: A survey,’’ Comput. Commun., vol. 134,
By encrypting these blocks with ECC public keys, we ensure pp. 52–69, Jan. 2019.
that unauthorized access is effectively prevented during both [15] R. K. Chaurasiya, B. Acharya, and P. Singh, ‘‘A comparative survey on
transmission and storage. The combined strength of these lightweight block ciphers for resource constrained applications,’’ Int. J.
High Perform. Syst. Archit., vol. 8, no. 4, p. 250, 2019.
components not only bolsters the security of cloud-stored [16] S. Hussain, T. Shah, and A. Javeed, ‘‘Modified advanced encryption
data but also enhances user trust. Users can confidently standard (MAES) based on non-associative inverse property loop,’’
manage an array of files with distinct encryption keys using Multimedia Tools Appl., vol. 82, no. 11, pp. 16237–16256, May 2023.
[17] S. Ullah, J. Zheng, N. Din, M. T. Hussain, F. Ullah, and M. Yousaf,
a single key stored on their device, while service providers ‘‘Elliptic curve cryptography; applications, challenges, recent advances,
benefit from decentralized key management. In simple words, and future trends: A comprehensive survey,’’ Comput. Sci. Rev., vol. 47,
the suggested way makes a strong and flexible security Feb. 2023, Art. no. 100530.
[18] G. Habib, S. Sharma, S. Ibrahim, I. Ahmad, S. Qureshi, and M. Ishfaq,
system that matches with the changing needs of cloud ‘‘Blockchain technology: Benefits, challenges, applications, and integra-
computing. It works well to solve security problems in cloud tion of blockchain technology with cloud computing,’’ Future Internet,
environments. It makes sure that the data is safe and private, vol. 14, no. 11, p. 341, Nov. 2022.
[19] M. Rashmi, P. William, N. Yogeesh, and D. K. Girija, ‘‘Blockchain-
while meeting the different wants of people using it or service based cloud storage using secure and decentralised solution,’’ in Proc.
providers. Int. Conf. Data Anal. Insights (ICDAI), in Lecture Notes in Networks
and Systems, vol. 727, N. Chaki, N. D. Roy, P. Debnath, and K. Saeed,
Eds. Singapore: Springer, 2023. [Online]. Available: [Link]
ACKNOWLEDGMENT com/chapter/10.1007/978-981-99-3878-0_23, doi: 10.1007/978-981-99-
The authors extend their appreciation to King Saud Univer- 3878-0_23.
sity for funding this research through Researchers Supporting [20] P. Sharma, R. Jindal, and M. D. Borah, ‘‘A review of blockchain-
based applications and challenges,’’ Wireless Pers. Commun., vol. 123,
Project Number (RSPD2024R1027), King Saud University, pp. 1201–1243, 2022. [Online]. Available: [Link]
Riyadh, Saudi Arabia. article/10.1007/s11277-021-09176-7, doi: 10.1007/s11277-021-09176-7.

26342 VOLUME 12, 2024

M. Y. Shakor et al.: Dynamic AES Encryption and Blockchain Key Management

[21] F. Thabit, A. P. S. Alhomdy, A. H. A. Al-Ahdal, and P. D. S. Jagtap, MEJDL SAFRAN received the bachelor’s degree
‘‘A new lightweight cryptographic algorithm for enhancing data security in computer science from King Saud University,
in cloud computing,’’ Global Transitions Proc., vol. 2, no. 1, pp. 91–99, in 2007, and the master’s and Ph.D. degrees in
Jun. 2021. computer science from Southern Illinois Univer-
[22] S. Rehman, N. Talat Bajwa, M. A. Shah, A. O. Aseeri, and A. Anjum, sity Carbondale, in 2013 and 2018, respectively.
‘‘Hybrid AES-ECC model for the security of data over cloud storage,’’ He is currently a Passionate Researcher and an
Electronics, vol. 10, no. 21, p. 2673, Oct. 2021. Educator in the field of artificial intelligence, with
[23] S. K. Dwivedi, R. Amin, J. D. Lazarus, and V. Pandi, ‘‘Blockchain-
a focus on deep learning and its applications in
based electronic medical records system with smart contract and consensus
various domains. He is also an Assistant Professor
algorithm in cloud environment,’’ Secur. Commun. Netw., vol. 2022,
pp. 1–10, Sep. 2022. in computer science with King Saud University,
[24] S. Virushabadoss and T. P. Anithaashri, ‘‘Enhancing data security in where he has been a Faculty Member, since 2008. His doctoral dissertation
mobile cloud using novel key generation,’’ Proc. Comput. Sci., vol. 215, was on developing efficient learning-based recommendation algorithms for
pp. 567–576, 2022. top-N tasks and top-N workers in large-scale crowdsourcing systems. He has
[25] J. K. Dawson, F. Twum, J. B. Hayfron Acquah, and Y. M. Missah, published more than 20 articles in peer-reviewed journals and conference
‘‘Ensuring confidentiality and privacy of cloud data using a non- proceedings, such as ACM Transactions on Information Systems, Applied
deterministic cryptographic scheme,’’ PLoS ONE, vol. 18, no. 2, Feb. 2023, Computing and Informatics, Mathematics, Sustainability, International
Art. no. e0274628. Journal of Digital Earth, IEEE ACCESS, Biomedicine, Sensors, IEEE
[26] Y. Alemami, A. M. Al-Ghonmein, K. G. Al-Moghrabi, and International Conference on Cluster, IEEE International Conference on
M. A. Mohamed, ‘‘Cloud data security and various cryptographic Computer and Information Science, International Conference on Database
algorithms,’’ Int. J. Electr. Comput. Eng. (IJECE), vol. 13, no. 2, p. 1867, Systems for Advanced Applications, and International Conference on
Apr. 2023. Computational Science and Computational Intelligence. He has been leading
[27] Y. A. Liu, L. Chen, X. W. Li, Y. L. Liu, S. G. Hu, Q. Yu, T. P. Chen, grant projects in the fields of AI in medical imaging and AI in smart farming.
and Y. Liu, ‘‘A dynamic AES cryptosystem based on memristive neural
He has been an AI Consultant for several national and international agencies,
network,’’ Sci. Rep., vol. 12, no. 1, p. 12983, Jul. 2022.
since 2018. His current research interests include developing novel deep
[28] K. Lee, S.-Y. Lee, and K. Yim, ‘‘Machine learning based file entropy
analysis for ransomware detection in backup systems,’’ IEEE Access, learning methods for image processing, pattern recognition, natural language
vol. 7, pp. 110205–110215, 2019. processing, predictive analytics, and modeling and analyzing user behavior
[29] C.-M. Hsu, C.-C. Yang, H.-H. Cheng, P. E. Setiasabda, and J.-S. Leu, and interest in online platforms.
‘‘Enhancing file entropy analysis to improve machine learning detection
rate of ransomware,’’ IEEE Access, vol. 9, pp. 138345–138351, 2021.

MOHAMMED Y. SHAKOR received the Master SULTAN ALFARHOOD received the Ph.D. degree
of Science degree from the Computer Science in computer science from the University of
Department, College of Science, University of Arkansas. He is currently an Assistant Professor
Sulaimani, in 2019. He is currently a Lecturer with the Department of Computer Science, King
with the University of Garmian. He is also Saud University (KSU). Since joining KSU,
an accomplished academic professional with a in 2007, he has made several contributions to the
profound expertise in computer science. During field of computer science through his research
this tenure, he exhibited a remarkable aptitude and publications. His research interests include
for advanced concepts and demonstrated a keen machine learning, recommender systems, linked
interest in cutting-edge developments within the open data, text mining, and the ML-based IoT
field. His research interests include cloud security, cryptography, deep systems. His work includes proposing innovative approaches and techniques
learning, and cloud computing. He has developed innovative methods and to enhance the accuracy and effectiveness of these systems. His recent
techniques to enhance accuracy and efficiency in these fields. publications have focused on using deep learning and machine learning
techniques to address challenges in these domains. His research continues to
make significant contributions to the field of computer science and machine
learning. His work has been published in several high-impact journals and
conferences.

MUSTAFA IBRAHIM KHALEEL received the

Ph.D. degree in computer science from Southern
Illinois University, USA. He is currently an Assis-
tant Professor with the Computer Department,
University of Sulaimani. Since joining the univer-
sity in 2006, he has made notable contributions
to computer science through various research MICHELLE ZHU (Member, IEEE) is currently a
projects and scholarly articles. His research inter- Professor and the Associate Director of the School
ests include wireless networks, high-performance of Computing, Montclair State University, NJ,
computing, cybersecurity, cryptography, and cloud USA. She has published about 150 peer-reviewed
computing. He has developed innovative methods and techniques to enhance articles in various journals and conferences. Her
accuracy and efficiency in these fields. Recently, his work has focused on research interests include parallel and distributed
game theory, artificial intelligence optimizers, and energy-efficient solutions computing and big data. Her research projects have
for challenges in these areas. His research, which has significantly enriched been funded by various agencies, such as NSF,
computer science and cloud computing domains, is recognized in many DOE, and Oak Ridge National Laboratory.
esteemed journals and conferences.

VOLUME 12, 2024 26343