As the use of satellites continues to grow, new networking paradigms are emerging to support the scale and long distance communication inherent to these networks. In particular, interplanetary communication relays connect distant network segments together, but result in a sparsely connected network with long-distance links that are frequently interrupted. In this new context, traditional Public Key Infrastructure (PKI) becomes difficult to implement, due to the impossibility of low-latency queries to a central authority. This paper addresses the challenge of implementing PKI in these complex networks, identifying the essential goals and requirements. Using these requirements, we develop the KeySpace framework, comprising a set of standardized experiments and metrics for comparing PKI systems across various network topologies, evaluating their performance and security. This enables the testing of different protocols and configurations in a standard, repeatable manner, so that improvements can be more fairly tested and clearly demonstrated. We use KeySpace to test two standard PKI protocols in use in terrestrial networks (OCSP and CRLs), demonstrating for the first time that both can be effectively utilized even in interplanetary networks with high latency and frequent interruptions, provided authority is properly distributed throughout the network. Finally, we propose and evaluate a number of novel techniques extending standard OCSP to improve the overhead of connection establishment, reduce link congestion, and limit the reach of an attacker with a compromised key. Using KeySpace we validate these claims, demonstrating their improved performance over the state of the art.

翻译：随着卫星应用的持续增长，新的网络范式正在涌现，以支持此类网络固有的规模化和长距离通信需求。特别是星际通信中继将遥远的网络段连接在一起，但形成了连接稀疏、链路距离长且频繁中断的网络拓扑。在此新背景下，由于无法对中心认证机构进行低延迟查询，传统公钥基础设施（PKI）的实施变得极为困难。本文针对复杂网络中PKI实施的挑战，明确了核心目标与需求。基于这些需求，我们开发了KeySpace框架——一套包含标准化实验与评估指标的体系，用于在不同网络拓扑中比较各类PKI系统的性能与安全性。该框架支持以标准化、可复现的方式测试不同协议与配置，从而更公平地验证改进措施并清晰展示其效果。我们运用KeySpace测试了地面网络中两种标准PKI协议（OCSP与CRL），首次证明只要在整网中合理分布认证机构，这两种协议即使在具有高延迟和频繁中断特性的星际网络中也能有效运行。最后，我们提出并评估了多项创新技术，通过扩展标准OCSP协议以降低连接建立开销、缓解链路拥塞，并限制密钥泄露后攻击者的影响范围。借助KeySpace我们验证了这些技术的有效性，证明了其相较于现有技术具有更优的性能表现。