As satellite networks expand to encompass megaconstellations and interplanetary communication, the need for effective Public Key Infrastructure (PKI) becomes increasingly pressing. This paper addresses the challenge of implementing PKI in these complex networks, identifying the essential goals and requirements. We develop a standardized framework for comparing PKI systems across various network topologies, enabling the evaluation of their performance and security. Our results demonstrate that terrestrial PKI techniques can be adapted for use in highly distributed interplanetary networks, achieving efficient low-latency connection establishment and minimizing the impact of attacks through effective revocation mechanisms. This result has significant implications for the design of future satellite networks, as it enables the reuse of existing PKI solutions to provide increased compatibility with terrestrial networks. We evaluate this by building the Deep Space Network Simulator (DSNS), a novel tool for efficiently simulating large space networks. Using DSNS, we conduct comprehensive simulations of connection establishment and key revocation under a range of network topologies and PKI configurations. Furthermore, we propose and evaluate two new configuration options: OCSP Hybrid, and the use of relay nodes as a firewall. Together these minimize the extent of the network an attacker can reach with a compromised key, and reduce the attacker's load on interplanetary relay links.

翻译：随着卫星网络扩展至巨型星座和星际通信范畴，构建有效的公钥基础设施（PKI）的需求日益紧迫。本文针对在复杂网络中实施PKI所面临的挑战，明确了核心目标与基本要求。我们开发了用于比较不同网络拓扑结构下PKI系统的标准化框架，从而能够评估其性能与安全性。研究结果表明，地面PKI技术可适配于高度分布式的星际网络，实现高效低延迟的连接建立，并通过有效的撤销机制将攻击影响降至最低。这一发现对未来卫星网络设计具有重要启示，它使得现有PKI解决方案得以复用，从而增强与地面网络的兼容性。我们通过构建新型工具——深空网络模拟器（DSNS）对此进行验证，该工具能高效模拟大规模空间网络。利用DSNS，我们在多种网络拓扑和PKI配置下对连接建立与密钥撤销进行了全面仿真。此外，我们提出并评估了两种新型配置方案：OCSP混合模式以及将中继节点作为防火墙使用。这些方案共同作用，既能限制攻击者通过泄露密钥可触及的网络范围，又能降低攻击者对星际中继链路的负载压力。