A Scheme of CA Digital Signature Based on Intrusion Tolerance

The security of critical infrastructures like water, gas or power grid control systems has been discussed more thoroughly in recent years due to recent events that have questioned their security. One has to understand that, despite some systems being considered secure, attackers will continue to discover new vulnerabilities, to try new attacks and some of those attempts will succeed. One approach to address this problem that is gaining momentum recently is intrusion tolerance. Based on this paradigm, there already are intrusion-tolerant network architectures that enhance the protection of critical infrastructures. This paper justifies how we combine the concept of intrusion-tolerant with public key infrastructure(PKI) and presents some in-sights on how to do it. With the kernel of PKI, which is certificate authority, this paper brings the concept of intrusion tolerance to CA, and gives a feasible scheme of CA based on intrusion tolerance. The most important part is that it discusses the system architect, a digital signature of CA based on intrusion tolerance, and the working process of the whole system. Aiming at some shortcomings, it indicates the further work which needs to be improved in the future.