Efficient PKI Design for Secure Communication and Collaboration in Space Networks

Authors: David Koisser, Albert Schwarzkopf, Ferdinand Brasser and Giacomo Da Broi

The increasing scale and heterogeneity of space systems, spanning commercial, governmental, and future interplanetary assets, necessitate secure, interoperable communication under severe operational constraints, including limited processing capacity, intermittent connectivity, and large delays. Existing practices based on pre-shared symmetric keys are inherently unscalable and present operational and strategic challenges in dynamic, multi-operator environments. Public Key Infrastructures (PKIs), which have long addressed these challenges in terrestrial networks, are appealing candidates; however, their reliance on low-latency credential validation (e.g., OCSP, CRLs) renders them unsuitable for networks in which delays need to be tolerated. This work proposes a novel PKI architecture designed for space networks. The design leverages a delay- and disruption-tolerant credential validation layer based on peer-to-peer epidemic dissemination of compact, cryptographically verifiable revocation data. The PKI design supports multi-authority environments by enabling inter-party credential issuance with jurisdiction-compliance acknowledgment proofs, allowing validation of cross-domain trust without relying on a connection to ground. A custom simulator evaluating this design at constellation scale demonstrates that, for the targeted scenarios, the proposed mechanism propagates critical revocation updates orders of magnitude faster than CRLs or OCSP Stapling, while incurring significantly lower network overhead.