To address the deployment challenges of traditional PKI in interplanetary networks—characterized by high latency, intermittent connectivity, and dynamic topologies—this paper proposes a lightweight, scalable PKI framework tailored for Earth–Moon and deep-space scenarios. Methodologically, it introduces the OCSP Hybrid protocol for asynchronous, efficient certificate status validation and incorporates a relay-node firewall mechanism, complemented by topology-aware trust anchor placement and policy-driven key filtering. The core contribution is the first controllable design of the PKI attack surface across interplanetary links, significantly constraining the impact domain of key compromise. Evaluated on the DSNS deep-space network simulator under thousand-node-scale interplanetary topologies, the framework reduces connection establishment latency by 37%, achieves certificate revocation propagation latency ≤12 seconds, and decreases relay-link attack load by 89%.

As satellite networks expand to encompass megaconstellations and interplanetary communication, the need for effective Public Key Infrastructure (PKI) becomes increasingly pressing. This paper addresses the challenge of implementing PKI in these complex networks, identifying the essential goals and requirements. We develop a standardized framework for comparing PKI systems across various network topologies, enabling the evaluation of their performance and security. Our results demonstrate that terrestrial PKI techniques can be adapted for use in highly distributed interplanetary networks, achieving efficient low-latency connection establishment and minimizing the impact of attacks through effective revocation mechanisms. This result has significant implications for the design of future satellite networks, as it enables the reuse of existing PKI solutions to provide increased compatibility with terrestrial networks. We evaluate this by building the Deep Space Network Simulator (DSNS), a novel tool for efficiently simulating large space networks. Using DSNS, we conduct comprehensive simulations of connection establishment and key revocation under a range of network topologies and PKI configurations. Furthermore, we propose and evaluate two new configuration options: OCSP Hybrid, and the use of relay nodes as a firewall. Together these minimize the extent of the network an attacker can reach with a compromised key, and reduce the attacker's load on interplanetary relay links.