A Novel Collaborative PKI Framework in Public Cloud

Abstract

Public Key Infrastructure (PKI) is a repository and management system for digital certificates. It can be the centralized or decentralized PKI system for issuing, managing, storing, verifying and distributing the key pairs, public key and private key, or one of the public key certificates. In public cloud, Data Owners and Data Users can upload or download their encrypted data along with services, resources and infrastructures in the hands of Cloud Service Provider. It creates the big security concerns in terms of data security and data privacy for the user and Cloud Service Provider is the sole responsibility to provide the Access Control Policy to restrict the cloud services centrally. With the emergence of cloud computing, Public Key Infrastructure (PKI) technology enables the secure communications in between systems. X.509 certificates are based on the centralized PKI and suffers so many issues in the public cloud. Gnu Privacy Guard (GnuPG) certificates are based on the decentralized PKI system. Imagine a world with decentralized PKI system in which each Kerberos is also a Central Authority for issuing certificates to the system or users. This proposed collaborative PKI framework describes the use of PKI in public cloud, proposed algorithm for Kerberos SSO token and provides acquisition of Public Key certificates from the client via Kerberized Central Authorities.