|
Work item:
|
X.ckrp
|
|
Subject/title:
|
Framework of cryptographic key resource pool for cloud computing
|
|
Status:
|
Under study
|
|
Approval process:
|
AAP
|
|
Type of work item:
|
Recommendation
|
|
Version:
|
New
|
|
Equivalent number:
|
-
|
|
Timing:
|
2026-02 (Medium priority)
|
|
Liaison:
|
ISO, NIST, CSA
|
|
Supporting members:
|
China Telecom, ZTE
|
|
Summary:
|
As companies migrate their applications and data to the cloud and more cloud-native applications emerge, there is an increasing demand for cloud service for their cryptographic key management and cryptographic operation needs. Cryptographic key resource pool can serve as an infrastructure to provide cryptographic key management and cryptographic operation services in cloud computing environment, where hardware security modules (HSM) deployed in resource pool are virtualized as virtual security modules (VSM) and VSMs are created, provisioned, orchestrated, scaled up or down according to CSCs’ demands. The benefits of cryptographic key resource pool include:
It generates and stores cryptographic keys in VSMs that are based on HSMs, which provides higher security and performance than when cryptographic keys are generated in general virtual machines.
It can create, scale up or down VSMs according to CSCs’ demand, which provides scalability, redundancy, and high availability.
It can reduce CSCs’ investment.
Cryptographic key resource pool for cloud computing with multi-tenant environment would face special challenges, such as:
CSCs need to retain control over their cryptographic keys. Mechanisms are needed to ensure that only CSCs can generate, use, and control their own cryptographic keys.
A cryptographic key resource pool provides services to multiple CSCs. Mechanisms are needed to ensure that one CSC cannot access another CSC’s cryptographic keys.
Mechanisms are needed to protect the information transferred between CSC and cryptographic key resource pool from being eavesdropped, modified, or tampered by attackers.
This Recommendation provides the introduction, requirements, and framework of cryptographic key resource pool for cloud computing with multi-tenant environment.
|
|
Comment:
|
-
|
|
Reference(s):
|
|
|
Historic references:
|
|
Contact(s):
|
|
| ITU-T A.5 justification(s): |
|
|
|
|
First registration in the WP:
2024-03-12 14:34:18
|
|
Last update:
2024-03-12 14:37:53
|
|
