FORMAL MODEL OF ADAPTIVE SELECTION OF CRYPTOGRAPHIC PARAMETERS FOR CHANNEL PROTECTION IN CORPORATE COMPUTER NETWORKS BASED ON DYNAMIC TRUST ASSESSMENT
DOI:
https://doi.org/10.28925/2663-4023.2026.32.1111Keywords:
dynamic trust, integrated risk, channel cryptographic profile, event-driven update, crypto-agility, Zero Trust, corporate computer networksAbstract
The paper proposes a formal model for the adaptive selection of cryptographic parameters for protecting communication channels in corporate computer networks based on dynamic trust assessment and integrated risk. The relevance of the study stems from the fact that common practices of static configuration of encryption algorithms, modes of operation, and cryptographic strength parameters do not account for changes in access context and the behavior of interacting entities, which leads either to excessive computational overhead or to the emergence of vulnerability windows during threat escalation. The scientific novelty lies in interpreting the cryptographic profile as a controllable dynamic state of the security system, where trust acts as a direct control parameter of the cryptographic configuration rather than merely a factor in access decision-making. A protected channel is formalized as a state tuple combining the subject, resource, context, trust level, risk, and cryptographic profile, while adaptive parameter selection is described by a mapping that establishes a correspondence between (resource criticality, context) and a set of cryptographic characteristics (algorithm, mode, strength parameter, session lifetime). An optimization formulation for profile selection is developed that accounts for the trade-off between cryptographic strength and operational costs, along with an event-driven mechanism for updating the cryptographic state (Rekey/Upgrade/Revoke) in response to trust degradation, risk increase, or critical security events. Scenario analysis (normal operation, contextual/behavioral anomaly, critical event) demonstrates the model’s ability to coherently enhance strength and reduce cryptographic session lifetimes in high-risk situations, thereby reducing the potential attack window while maintaining acceptable performance under low-risk conditions. The obtained results provide a theoretical foundation for deploying adaptive cryptographic profiles in TLS/VPN and Zero Trust–oriented corporate environments.
Downloads
References
Zhang, D., Yang, S., Chen, M., et al. (2025). Adaptive encryption method of sensitive data in data center database based on big data cross-mapping fusion algorithm. Discover Applied Sciences, 7, 924. https://doi.org/10.1007/s42452-025-07581-2
Pastor-Galindo, J., López-Millán, G., & Marín-López, R. (2022). A framework for dynamic configuration of TLS connections based on standards. Journal of Network and Systems Management, 30, 24. https://doi.org/10.1007/s10922-021-09640-6
Kumar, P. R., & Goel, S. (2025). A secure and efficient encryption system based on adaptive and machine learning for securing data in fog computing. Scientific Reports, 15, 11654. https://doi.org/10.1038/s41598-025-92245-9
Alanazi, M. J., Alhoweiti, R. A., Alhwaity, G. A., & Alharbi, A. R. (2025). An adaptive hybrid cryptographic framework for resource-constrained IoT devices. Electronics, 14(23), 4666. https://doi.org/10.3390/electronics14234666
Li, Z., Ju, Z., Zhao, H., Wei, Z., & Lan, G. (2025). A lightweight certificateless authenticated key agreement scheme based on Chebyshev polynomials for the Internet of Drones. Sensors, 25(14), 4286. https://doi.org/10.3390/s25144286
Pokhrel, C., Ghimire, R., Dawadi, B. R., & Manzoni, P. (2025). A machine learning-based hybrid encryption approach for securing messages in software-defined networking. Network, 5(1), 8. https://doi.org/10.3390/network5010008
Ruhault, S., Lafourcade, P., & Mahmoud, D. (2024). A unified symbolic analysis of WireGuard. In Proceedings of the Network and Distributed System Security Symposium (NDSS 2024). https://doi.org/10.14722/ndss.2024.24364
Marchesi, L., Marchesi, M., & Tonelli, R. (2024). A survey on cryptoagility and agile practices in the light of quantum resistance. Information and Software Technology, 178, 107604. https://doi.org/10.1016/j.infsof.2024.107604
Calvo, M., & Beltrán, M. (2022). A model for risk-based adaptive security controls. Computers & Security, 115, 102612. https://doi.org/10.1016/j.cose.2022.102612
Selvan, S., & Singh, M. M. (2022). Adaptive contextual risk-based model to tackle confidentiality-based attacks in fog-IoT paradigm. Computers, 11(2), 16. https://doi.org/10.3390/computers11020016
Cho, J., Lee, C., Kim, E., Lee, J., & Cho, B. (2024). Software-defined cryptography: A design feature of cryptographic agility. arXiv preprint arXiv:2404.01808.
Sokolov, V., Kostiuk, Y., Skladannyi, P., & Korshun, N. (2025). Adaptation of network traffic routing policy to information security and network protection requirements. In Proceedings of the 13th International Scientific and Practical Conference “Information Control Systems and Technologies” (ICST 2025) (pp. 397–411). CEUR-WS.org.
Dovzhenko, N., Ivanichenko, Y., Skladannyi, P., & Ausheva, N. (2024). Integration of security and fault tolerance in sensor networks based on the analysis of energy consumption and traffic. Cybersecurity: Education, Science, Technique, 1, 390–400. https://doi.org/10.28925/2663-4023.2024.25.390400
Zhdanova, Y., Spasiteleva, S., Shevchenko, S., & Kravchuk, K. (2020). Applied and methodological aspects of hash function usage in information security. Cybersecurity: Education, Science, Technique, 4(8), 85–96. https://doi.org/10.28925/2663-4023.2020.8.8596
Kostiuk, Y., Skladannyi, P., Rzayeva, S., Mazur, N., Cherevyk, V., & Anosov, A. (2025). Features of network attack implementation via TCP/IP protocols. Cybersecurity: Education, Science, Technique, 1(29), 571–597. https://doi.org/10.28925/2663-4023.2025.29.915
Radhakrishnan, I., Jadon, S., & Honnavalli, P. B. (2024). Efficiency and security evaluation of lightweight cryptographic algorithms for resource-constrained IoT devices. Sensors, 24(12), 4008. https://doi.org/10.3390/s24124008
Zhdanova, Y., Spasiteleva, S., & Shevchenko, S. (2019). Application of the security.cryptography class library for cybersecurity specialist training. Cybersecurity: Education, Science, Technique, 4(4), 44–53. https://doi.org/10.28925/2663-4023.2019.4.4453
Kostiuk, Y., Skladannyi, P., Rzayeva, S., Samoilenko, Y., & Korshun, N. (2025). Intelligent control and protection systems in cyber-physical and cloud-based smart grid environments. Cybersecurity: Education, Science, Technique, 2(30), 125–156. https://doi.org/10.28925/2663-4023.2025.30.956
Alharbe, N., Aljohani, A., Rakrouki, M. A., & Khayyat, M. (2023). An access control model based on system security risk for dynamic sensitive data storage in the cloud. Applied Sciences, 13(5), 3187. https://doi.org/10.3390/app13053187
Skladannyi, P., Kostiuk, Y., Zhyltsov O., Savchenko, Y., Antypin, Ye. (2025) Intelligent modeling of personalized learning in cybersecurity training. Proceedings of the Cybersecurity Providing in Information and Telecommunication Systems II (CPITS-IІ 2025), October 26, 2025, Kyiv, Ukraine, Vol-4145, P. 95-119. ISSN 1613-0073.
Shevchenko, S., Zhdanova, Y., Dreis, Y., Kyrychok, R., & Tsyrkaniuk, D. (2023). Protection of information in telecommunication medical systems based on a risk-oriented approach. In Cybersecurity Providing in Information and Telecommunication Systems (CPITS 2023). CEUR Workshop Proceedings.
Skladannyi, P., Kostiuk, Y., Rzayeva, S., & Mazur, N. (2025). Parallel data processing in extensible hash structures and performance evaluation. Cybersecurity: Education, Science, Technique, 3(31), 242–269. https://doi.org/10.28925/2663-4023.2025.31.1015
Gour, A., Malhi, S., Singh, G., & Kaur, G. (2024). Hybrid cryptographic approach for secure data communication using block cipher techniques. E3S Web of Conferences, 556, 01048. https://doi.org/10.1051/e3sconf/202455601048
Siyal, R., Long, J., Khan, S. U., et al. (2025). Secure big data sharing with hybrid encryption and deep learning. Journal of King Saud University – Computer and Information Sciences, 37, 216. https://doi.org/10.1007/s44443-025-00093-4
Skladannyi, P. M., Hulak, H. M., & Kostiuk, Y. V. (2025). Generator of chaotic numbers with fuzzy control for cryptographic systems with dynamic trust. Telecommunications and Information Technologies, 4(89), 137–147. https://doi.org/10.31673/2412-4338.2025.048916
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Юлія Костюк, Павло Складанний, Наталія Мазур, Світлана Рзаєва, Дмитро Гнатченко, Ігор Гончаренко
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
