As satellite networks grow larger and begin to incorporate interplanetary communication, there is an increasing interest in the unsolved problem of how to approach PKI in these conditions. In this paper we explore the goals and requirements for implementing key management systems in satellite networks, focusing on megaconstellations and interplanetary networks. We design a set of standardized experiments which can be used to compare systems against one another for particular network topologies. Using these, we demonstrate that terrestrial PKI techniques are feasible in highly distributed interplanetary networks, showing that it is possible to configure PKI systems to achieve efficient low-latency connection establishment, and minimize the impact of attacks through effective revocations. We evaluate this by building the Deep Space Network Simulator (DSNS), a novel network simulator aimed at efficient simulation of large space networks. We run simulations evaluating connection establishment and key revocation under a wide range of PKI configurations. Finally, we propose and evaluate two additional configuration options: OCSP Hybrid, and the use of relay nodes as a firewall. Together these minimize the extent of the network an attacker can reach with a compromised key, and reduce the attacker's load on interplanetary relay links.

翻译：随着卫星网络规模不断扩大并开始纳入星际通信，如何在这些条件下构建公钥基础设施（PKI）这一未解难题日益受到关注。本文探讨了在卫星网络中实施密钥管理系统的目标与要求，重点关注巨型星座与星际网络。我们设计了一套标准化实验方案，可用于在特定网络拓扑结构下比较不同系统的性能。通过实验论证，我们证明地面PKI技术在高度分布式星际网络中具有可行性，表明通过合理配置PKI系统能够实现高效低延迟的连接建立，并借助有效的证书撤销机制最大限度降低攻击影响。为验证此结论，我们开发了深空网络模拟器（DSNS）——一种面向大型空间网络高效仿真的新型网络模拟器。通过运行涵盖多种PKI配置的连接建立与密钥撤销模拟实验，最终我们提出并评估了两种增强配置方案：OCSP混合模式及中继节点防火墙化部署。这些方案共同作用，既能限制攻击者利用泄露密钥可触及的网络范围，又能降低攻击者对星际中继链路的负载压力。