arxiv: 2605.05948 · v1 · submitted 2026-05-07 · 💻 cs.CR · cs.ET

Recognition: unknown

Toward Space-Based Public Key Systems: Enabling Secure Space Communications through In-Orbit Trust Services

Rehana Yasmin , Paulo Esteves-Verissimo , Ali Shoker

Authors on Pith no claims yet

Pith reviewed 2026-05-08 09:21 UTC · model grok-4.3

classification 💻 cs.CR cs.ET

keywords space-based PKIin-orbit trust servicessatellite authenticationpublic key infrastructuresecure space communicationsmulti-operator space systemssatellite certificate management

0 comments

The pith

Moving certificate management and validation into orbit reduces ground station delays for authenticating satellites from independent operators.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper argues that ground-dependent public key infrastructure creates latency and scalability limits as more independent entities launch satellites that need near-real-time secure coordination. It proposes two architectures that place certificate validation authorities in orbit, either as a hybrid with ground systems or as a fully autonomous space-only system with in-space issuance. These shifts would cut reliance on ground stations, improve availability, and support collaboration across operators. A sympathetic reader would care because growing satellite constellations require efficient authentication without constant ground infrastructure bottlenecks.

Core claim

The authors claim that space-based public key infrastructure architectures, using in-orbit validation authorities in a space-ground integrated scheme or full in-space issuance and validation in an autonomous scheme, shift certificate management from ground infrastructure into space. This reduces ground dependency while enabling interoperability, with analysis showing trade-offs in scalability, availability, security, cost, and operational complexity, plus a baseline latency comparison.

What carries the argument

The two deployment schemes for space-based PKI: a space-ground integrated model with in-orbit validation authorities, and a fully autonomous model with in-space certificate issuance and validation.

If this is right

Lower latency for authentication of space assets through in-orbit validation.
Higher availability and scalability in environments with many independent satellite operators.
Improved interoperability and cross-entity collaboration without heavy ground station involvement.
Deployment decisions informed by explicit trade-offs in security, cost, and operational complexity.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

Direct satellite-to-satellite authentication could enable new collaborative missions that currently wait for ground approval.
The latency analysis suggests potential for real-time secure data exchange in dynamic orbital environments.
Standards bodies might adopt elements of these designs for future space network protocols.

Load-bearing premise

In-orbit validation authorities and issuance services can be deployed and operated securely in the space environment without introducing unacceptable new risks or operational complexity.

What would settle it

A demonstration of an in-orbit certificate authority issuing and validating certificates for satellites from multiple independent operators, with measured authentication latency lower than ground-based systems and no security incidents over months of operation.

Figures

Figures reproduced from arXiv: 2605.05948 by Ali Shoker, Paulo Esteves-Verissimo, Rehana Yasmin.

**Figure 1.** Figure 1: Bridge Certification Authority (BCA) connecting different PKI architectures view at source ↗

**Figure 2.** Figure 2: Independent Validation Authority (VA) 4 Space-Based Public Key Systems and Infrastructure As of today, there is no dedicated PKI certificate authority or certificate validation service physically deployed in space. While the concept of a space-based PKI system is yet to be realized, view at source ↗

**Figure 3.** Figure 3: Grd-BCA connecting disparate ground-based PKIs via cross-certification view at source ↗

**Figure 4.** Figure 4: Certification Path • Certificate Validation Response. The Spc-VA either confirms or denies the trustworthiness of the certificate based on its validation checks and the information provided by view at source ↗

**Figure 5.** Figure 5: Near-real-time validation of certificates in iPKI view at source ↗

**Figure 6.** Figure 6: Certificate Issuance in SpcPKI B. Certificate Renewal and Revocation • Certificate Renewal. The Spc-CA may renew a user certificate user upon request. The renewed certificate is uploaded to the CA-Repository view at source ↗

**Figure 7.** Figure 7: Near-Real-Time validation of certificates in SpcPKI view at source ↗

**Figure 8.** Figure 8: Spc-CA/VA in MEO constant line of sight with a significant portion of the Earth’s surface, enabling almost realtime updates from Grd-BCAs on the ground to the Certificate Repository in space, addressing line-of-sight limitation of MEO satellites. They also maintain continuous connectivity with MEO satellites, ensuring that at least one GEO satellite is always visible to any given MEO satellite, facilitati… view at source ↗

**Figure 9.** Figure 9: Placement of Certificate Repository Certificate Format. The X.509 public key certificate, the most widely used format, is also the primary CCSDS-recommended credential for authentication in space [30]. For space-specific applications, certificates could be extended to incorporate orbital parameters or behavioral traits unique to each satellite. Orbital signatures, such as position, velocity, altitude, incl… view at source ↗

**Figure 10.** Figure 10: Certificate Validation With Certificate Repository in MEO and GEO view at source ↗

**Figure 11.** Figure 11: IGCA Bridge CA by CCSDS [26] Remarks. While the IGCA provides a ground-based framework for certificate issuance and dissemination across multiple space agencies, it does not define mechanisms for in-space verification of these certificates. As a result, the authentication of satellites or space systems from different agencies during actual in-orbit operations remains unaddressed. 5.2.2 Key Management The… view at source ↗

**Figure 12.** Figure 12: Constellation with Individual Key Management [ view at source ↗

**Figure 13.** Figure 13: Federated Satellite System PKI [9] For data authentication in Satellite-Based Augmentation Systems (SBAS), a PKI-based key management framework is proposed in [45]. SBAS improves the accuracy and reliability of GNSS positioning data, with information transmitted in a unidirectional stream from satellite to user. This one-way communication makes the authentication requirement one-directional. For this purp… view at source ↗

**Figure 14.** Figure 14: Different PKI Architectures view at source ↗

read the original abstract

The New Space era has led to a rapid increase in satellites operated by independent entities in near-Earth orbit. This shift enables richer space services but also requires secure, near-real-time coordination, making efficient authentication of space assets critical for next-generation missions. Traditional ground-dependent Public Key Infrastructure (PKI) suffers from latency and operational bottlenecks that limit scalability and availability in dynamic space environments. This paper proposes architectural designs for space-based PKI that shift certificate management and validation from ground infrastructure into space, reducing reliance on ground stations while enabling interoperability and cross-entity collaboration. Two deployment schemes are introduced: a space-ground integrated PKI with in-orbit validation authorities, and a fully autonomous space-based PKI with in-space issuance and validation. We analyze deployment trade-offs in scalability, availability, security, cost, and operational complexity in multi-operator environments. A baseline latency analysis is provided to illustrate performance implications of in-orbit trust management.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

This is a high-level sketch of two space-based PKI architectures that flags real latency issues with ground stations but leaves the space-specific risks and availability modeling unaddressed.

read the letter

The paper's main contribution is laying out two concrete deployment options for shifting certificate issuance and validation into orbit: one hybrid with ground ties and one fully autonomous. It maps trade-offs across scalability, cost, security, and complexity for multi-operator satellite setups, plus a simple latency comparison. That framing is useful because it directly ties the architecture choices to the growing number of independent satellites and the need for faster cross-entity authentication.

Referee Report

2 major / 2 minor

Summary. The paper claims that traditional ground-dependent PKI suffers from latency and operational bottlenecks limiting scalability in dynamic space environments with increasing independent satellite operators. It proposes two architectural designs for space-based PKI: a space-ground integrated scheme using in-orbit validation authorities, and a fully autonomous in-space PKI for issuance and validation. The work analyzes trade-offs across scalability, availability, security, cost, and operational complexity in multi-operator settings and includes a baseline latency analysis to illustrate performance implications of shifting trust management into orbit.

Significance. If the architectures can be realized with adequate security and availability, the designs could meaningfully advance secure coordination among heterogeneous space assets by reducing ground-station dependence and supporting interoperability. The high-level framing identifies relevant deployment dimensions and provides an initial latency sketch, but the absence of detailed modeling or validation limits immediate applicability to mission planning.

major comments (2)

[Trade-off Analysis] Trade-off Analysis section: the availability and operational-complexity discussion does not incorporate quantitative modeling of orbital dynamics, radiation-induced hardware faults, or satellite outage scenarios. This omission is load-bearing for the central claim that in-orbit services reduce ground reliance while preserving continuous operation, because unquantified disruptions could necessitate fallback mechanisms that reintroduce the original bottlenecks.
[Security Analysis] Security Analysis section: the assessment of in-orbit validation and issuance authorities does not address space-specific threats such as single-event upsets from radiation or physical-access risks in orbit. Without concrete threat models or mitigation analysis, the assertion that the schemes maintain or improve security relative to ground PKI cannot be evaluated.

minor comments (2)

[Abstract] Abstract: the baseline latency analysis is referenced but no numerical values, comparison baselines, or assumptions (e.g., orbital altitude, link budgets) are supplied, reducing the abstract's utility for quick assessment.
[Introduction] Notation and terminology: terms such as 'in-orbit trust services' and 'validation authorities' would benefit from explicit definitions on first use to assist readers bridging cryptography and space-systems domains.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive feedback on the architectural proposals and analyses. We address each major comment below and describe the revisions planned for the manuscript.

read point-by-point responses

Referee: [Trade-off Analysis] Trade-off Analysis section: the availability and operational-complexity discussion does not incorporate quantitative modeling of orbital dynamics, radiation-induced hardware faults, or satellite outage scenarios. This omission is load-bearing for the central claim that in-orbit services reduce ground reliance while preserving continuous operation, because unquantified disruptions could necessitate fallback mechanisms that reintroduce the original bottlenecks.

Authors: We agree that the availability and operational-complexity discussion would benefit from additional consideration of these factors. The current Trade-off Analysis section offers a qualitative comparison across the listed dimensions together with a baseline latency analysis, consistent with the paper's focus on high-level architectural designs rather than detailed simulations. In the revised manuscript we will expand this section to include a qualitative treatment of orbital dynamics (e.g., constellation geometry for redundancy), radiation-induced faults, and outage scenarios, drawing on established space-systems literature. We will also add an explicit statement identifying comprehensive quantitative modeling of these effects as important future work. These changes will clarify how the proposed architectures can incorporate redundancy and fallback mechanisms without reintroducing the original ground-station bottlenecks. revision: partial
Referee: [Security Analysis] Security Analysis section: the assessment of in-orbit validation and issuance authorities does not address space-specific threats such as single-event upsets from radiation or physical-access risks in orbit. Without concrete threat models or mitigation analysis, the assertion that the schemes maintain or improve security relative to ground PKI cannot be evaluated.

Authors: We concur that the Security Analysis section would be strengthened by explicit treatment of space-specific threats. The original text provides a high-level comparative assessment but does not develop detailed threat models for single-event upsets or orbital physical-access risks. In the revision we will add a concise threat-model subsection that (1) describes SEU risks and standard mitigations such as error-correcting codes, radiation-hardened hardware, and triple-modular redundancy, and (2) discusses physical-access considerations, noting the substantial practical barriers relative to terrestrial facilities together with cryptographic and access-control protections. These additions will enable a clearer evaluation of whether the schemes maintain or improve security relative to ground PKI. revision: yes

Circularity Check

0 steps flagged

No circularity: architectural proposal is self-contained

full rationale

The paper is an engineering/architectural proposal that identifies problems with ground-dependent PKI and outlines two deployment schemes (space-ground integrated and fully autonomous) with qualitative trade-off analysis in scalability, availability, security, cost, and complexity, plus a baseline latency discussion. No equations, fitted parameters, or mathematical derivations appear that could reduce to inputs by construction. No load-bearing self-citations, uniqueness theorems, or ansatzes imported from prior author work are invoked to force the result; the claims rest on stated operational bottlenecks rather than self-referential loops. The derivation chain is therefore independent and non-circular.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The proposal depends on domain assumptions about secure in-orbit hardware and operational feasibility that are not evidenced in the abstract.

axioms (1)

domain assumption In-orbit hardware and software can host trusted validation authorities without being compromised by the space environment or adversaries.
Required for both proposed schemes to deliver the claimed security and availability benefits.

pith-pipeline@v0.9.0 · 5461 in / 1057 out tokens · 47601 ms · 2026-05-08T09:21:45.130129+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

66 extracted references · 3 canonical work pages

[1]

CCSDS Report Concerning Space Data System Standards: SPACE MISSIONS KEY MANAGEMENT CONCEPT,

“CCSDS Report Concerning Space Data System Standards: SPACE MISSIONS KEY MANAGEMENT CONCEPT,” Consultative Committee for Space Data Systems (CCSDS), Washington, D.C., USA, Standard CCSDS 350.6-G-1, Nov. 2011, Informational Report, Issue 1. [Online]. Available: https://ccsds.org/Pubs/350x6g1.pdf

2011
[2]

Inter-spacecraft communication architectures and technologies for coordinated spacecraft missions,

K. Bhasin and J. Hayden, “Inter-spacecraft communication architectures and technologies for coordinated spacecraft missions,” inAIAA Space 2001 Conference and Exposition, Albuquerque, NM, USA, August 2001. [Online]. Available: https: //arc.aiaa.org/doi/pdf/10.2514/6.2001-4709

work page doi:10.2514/6.2001-4709 2001
[3]

(2009, Sep.) Catalog of Earth Satellite Orbits

National Aeronautics and Space Administration (NASA. (2009, Sep.) Catalog of Earth Satellite Orbits. [Online]. Available: https://earthobservatory.nasa.gov/features/ OrbitsCatalog

2009
[4]

The impact of weather on Ka-band frequencies,

J. Yates, “The impact of weather on Ka-band frequencies,”ROOM - Space Journal of Asgardia, no. 33, 2023. [Online]. Available: https://room.eu.com/article/ the-impact-of-weather-on-ka-band-frequencies

2023
[5]

Satellite frequency bands,

ESA - The European Space Agency, “Satellite frequency bands,” [Accessed: 01-Feb- 2026]. [Online]. Available: https://www.esa.int/Applications/Connectivity and Secure Communications/Satellite frequency bands

2026
[6]

(2024, Jul.) Knowledge be- yond our planet: space-based data centres

European Space Agency (ESA). (2024, Jul.) Knowledge be- yond our planet: space-based data centres. [Online]. Avail- able: https://www.esa.int/Enabling Support/Preparing for the Future/ Discovery and Preparation/Knowledge beyond our planet space-based data centres? fbclid=IwY2xjawEgHgFleHRuA2FlbQIxMQABHb8yqgOrul9hQ7Og9TwxPHcoBN BMCqpa11k-3rIlLHFHE7qrJ9xRil...

2024
[7]

(2024) Advanced Space Cloud for European Net zero Emission and Data sovereignty (ASCEND)

Thales Alenia Space. (2024) Advanced Space Cloud for European Net zero Emission and Data sovereignty (ASCEND). [Online]. Available: https://ascend-horizon.eu/

2024
[8]

The federated satellite systems paradigm: Concept and business case evaluation,

A. Golkar and I. Lluch i Cruz, “The federated satellite systems paradigm: Concept and business case evaluation,”Acta Astronautica, vol. 111, pp. 230–248, Jun. 2015

2015
[9]

Data authentication, integrity and confidentiality mechanisms for federated satellite systems,

O. von Maurich and A. Golkar, “Data authentication, integrity and confidentiality mechanisms for federated satellite systems,”Acta Astronautica, vol. 149, pp. 61–76, 2018. [Online]. Available: https://www.sciencedirect.com/science/article/pii/ S0094576517301418 30 R. Yasmin et. al

2018
[10]

(2024) Virtual Missions: Deploy your software on our space infrastructure

Loft Orbital. (2024) Virtual Missions: Deploy your software on our space infrastructure. [Online]. Available: https://www.loftorbital.com/fly-with-us/virtual-missions/

2024
[11]

CCSDS Recommendation for Space Data System Practices: SECURITY ARCHI- TECTURE FOR SPACE DATA SYSTEMS,

“CCSDS Recommendation for Space Data System Practices: SECURITY ARCHI- TECTURE FOR SPACE DATA SYSTEMS,” Consultative Committee for Space Data Systems (CCSDS), Washington, D.C., USA, Standard CCSDS 351.0-M-1, Nov. 2012, Recommended Practice, Issue 1. [Online]. Available: https://ccsds.org/Pubs/351x0m1.pdf

2012
[12]

[Online]

Consultative Committee for Space Data Systems (CCSDS). [Online]. Available: https://ccsds.org/
[13]

CCSDS Recommendation for Space Data System Practices: CCSDS CRYPTOGRAPHIC ALGORITHMS,

“CCSDS Recommendation for Space Data System Practices: CCSDS CRYPTOGRAPHIC ALGORITHMS,” Consultative Committee for Space Data Systems (CCSDS), Washington, D.C., USA, Standard CCSDS 352.0-B-2, Aug. 2019, Recommended Standard, Issue 2. [Online]. Available: https://ccsds.org/Pubs/352x0b2.pdf

2019
[14]

Tracking and Data Relay Satellites

National Aeronautics and Space Administration (NASA). Tracking and Data Relay Satellites. [Online]. Available: https://www.nasa.gov/mission/ tracking-and-data-relay-satellites/
[15]

NASA’S Efforts To Mitigate The Risks Posed By Orbital Debris,

NASA Office of Inspector General, “NASA’S Efforts To Mitigate The Risks Posed By Orbital Debris,” NASA, Washington, DC, USA, Report, January 2021. [Online]. Available: https://oig.nasa.gov/wp-content/uploads/2024/02/IG-21-011.pdf

2021
[16]

D. D. Murakami, S. Nag, M. Lifson, and P. H. Kopardekar,Space Traffic Management with a NASA UAS Traffic Management (UTM) Inspired Architecture. American Institute of Aeronautics and Astronautics (AIAA), 2019

2019
[17]

Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework,

W. S. Ford, S. Chokhani, S. S. Wu, R. V. Sabett, and C. C. R. Merrill, “Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework,” RFC 3647, Nov. 2003. [Online]. Available: https://www.rfc-editor.org/info/rfc3647

2003
[18]

Internet X.509 Public Key Infrastructure: Certification Path Building,

P. Hesse, M. Cooper, Y. A. Dzambasow, S. Joseph, and R. Nicholas, “Internet X.509 Public Key Infrastructure: Certification Path Building,” RFC 4158, Sep. 2005. [Online]. Available: https://www.rfc-editor.org/info/rfc4158

2005
[19]

X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP,

S. Santesson, M. Myers, R. Ankney, A. Malpani, S. Galperin, and D. C. Adams, “X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP,” RFC 6960, Jun. 2013. [Online]. Available: https://www.rfc-editor.org/info/rfc6960

2013
[20]

Bridge Certification Authorities: Connecting B2B Public Key Infrastructures,

W. T. Polk and N. E. Hastings, “Bridge Certification Authorities: Connecting B2B Public Key Infrastructures,” National Institute of Standards and Technology, Tech. Rep. [Online]. Available: https://csrc.nist.rip/groups/ST/crypto apps infra/documents/B2B-article.pdf
[21]

Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile,

S. Boeyen, S. Santesson, T. Polk, R. Housley, S. Farrell, and D. Cooper, “Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile,” RFC 5280, May 2008. [Online]. Available: https://www.rfc-editor.org/info/rfc5280

2008
[22]

Delegated Path Validation and Delegated Path Discovery Protocol Requirements,

R. Housley and D. Pinkas, “Delegated Path Validation and Delegated Path Discovery Protocol Requirements,” RFC 3379, Sep. 2002. [Online]. Available: https://www.rfc-editor.org/info/rfc3379

2002
[23]

Public Key Infrastructure (PKI) Technical Specifications: Part A Technical Concept of Operations,

W. E. Burr, “Public Key Infrastructure (PKI) Technical Specifications: Part A Technical Concept of Operations,” National Institute of Standards and Technology, Tech. Rep. NIST Working Draft TWG-98-59, 1998. [Online]. Available: https: //csrc.nist.rip/archive/pki-twg/baseline/pkicon20b.PDF Toward Space-Based Public Key Systems 31

1998
[24]

The US Federal PKI and the Federal Bridge Certification Authority,

P. Alterman, “The US Federal PKI and the Federal Bridge Certification Authority,” Computer Networks, vol. 37, no. 6, pp. 685–690, 2001. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S1389128601002444

2001
[25]

PKI Interoperability by an Independent, Trusted Validation Authority,

J. Ølnes, “PKI Interoperability by an Independent, Trusted Validation Authority,” in 5th Annual PKI R&D Workshop “Making PKI Easy to Use”, 2006. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7313.pdf

2006
[26]

Research and Development for Space Data System Standards: INTERGOVERNMEN- TAL CERTIFICATION AUTHORITY,

“Research and Development for Space Data System Standards: INTERGOVERNMEN- TAL CERTIFICATION AUTHORITY,” Consultative Committee for Space Data Systems (CCSDS), Washington, D.C., USA, Standard CCSDS 357.1-O-1, Dec. 2024, Experimental Specification, Issue 1. [Online]. Available: https://ccsds.org/Pubs/357x1o1.pdf

2024
[27]

(2025, July) SES’s Ninth and Tenth O3b mPOWER Satellites Successfully Launched

Soci´ et´ e Europ´ eenne des Satellites (SES). (2025, July) SES’s Ninth and Tenth O3b mPOWER Satellites Successfully Launched. [Online]. Available: https://www.ses.com/ press-release/sess-ninth-and-tenth-o3b-mpower-satellites-successfully-launched

2025
[28]

Department of Defense (DOD)

U.S. Department of Defense (DOD). (2024, Oct.) Global Positioning System (GPS) Overview. [Online]. Available: https://www.navcen.uscg.gov/ global-positioning-system-overview

2024
[29]

Extra-terrestrial relays: Can rocket stations give world-wide radio cov- erage?

A. C. CLARKE, “Extra-terrestrial relays: Can rocket stations give world-wide radio cov- erage?” inCommunication Satellite Systems Technology, ser. Progress in Astronautics and Rocketry, R. B. Marsten, Ed. Elsevier, 1966, vol. 19, pp. 3–6

1966
[30]

CCSDS Recommendation for Space Data System Practices: CCSDS AUTHENTICA- TION CREDENTIALS,

“CCSDS Recommendation for Space Data System Practices: CCSDS AUTHENTICA- TION CREDENTIALS,” Consultative Committee for Space Data Systems (CCSDS), Washington, D.C., USA, Standard CCSDS 357.0-B-1, Jul. 2019, Recommended Standard, Issue 1. [Online]. Available: https://ccsds.org/Pubs/357x0b1.pdf

2019
[31]

Transport Layer Security (TLS) Extensions: Extension Definitions,

D. E. E. 3rd, “Transport Layer Security (TLS) Extensions: Extension Definitions,” RFC 6066, Jan. 2011. [Online]. Available: https://www.rfc-editor.org/info/rfc6066

2011
[32]

Server-Based Certificate Validation Protocol (SCVP),

T. Polk, D. Cooper, R. Housley, A. N. Malpani, and T. Freeman, “Server-Based Certificate Validation Protocol (SCVP),” RFC 5055, Dec. 2007. [Online]. Available: https://www.rfc-editor.org/info/rfc5055

2007
[33]

CCSDS Report Concerning Space Data System Standards: CCSDS GUIDE FOR SECURE SYSTEM INTERCONNECTION,

“CCSDS Report Concerning Space Data System Standards: CCSDS GUIDE FOR SECURE SYSTEM INTERCONNECTION,” Consultative Committee for Space Data Systems (CCSDS), Washington, D.C., USA, Standard CCSDS 350.4-G-2, Apr. 2019, Informational Report, Issue 2. [Online]. Available: https://ccsds.org/Pubs/350x4g2.pdf

2019
[34]

CCSDS Recommendation for Space Data System Practices: SPACE DATA LINK SECURITY PROTOCOL,

“CCSDS Recommendation for Space Data System Practices: SPACE DATA LINK SECURITY PROTOCOL,” Consultative Committee for Space Data Systems (CCSDS), Washington, D.C., USA, Standard CCSDS 355.0-B-2, Jul. 2022, Recommended Standard, Issue 2. [Online]. Available: https://ccsds.org/Pubs/355x0b2.pdf

2022
[35]

CCSDS Recommendation for Space Data System Practices: NETWORK LAYER SECURITY ADAPTATION PROFILE,

“CCSDS Recommendation for Space Data System Practices: NETWORK LAYER SECURITY ADAPTATION PROFILE,” Consultative Committee for Space Data Systems (CCSDS), Washington, D.C., USA, Standard CCSDS 356.0-B-1, Jun. 2018, Recommended Standard, Issue 1. [Online]. Available: https://ccsds.org/Pubs/356xb1.pdf

2018
[36]

(2023, Dec.) Track- ing and Data Relay Satellite System Reimbursable for Fiscal Year

National Aeronautics and Space Administration (NASA). (2023, Dec.) Track- ing and Data Relay Satellite System Reimbursable for Fiscal Year

2023
[37]

Available: https://www.nasa.gov/wp-content/uploads/2023/12/ tdrs-reimbursable-rates-fy24-signed.pdf?emrc=434f1e 32 R

[Online]. Available: https://www.nasa.gov/wp-content/uploads/2023/12/ tdrs-reimbursable-rates-fy24-signed.pdf?emrc=434f1e 32 R. Yasmin et. al

2023
[38]

L. J. Ippolito,Satellite Communications Systems Engineering: Atmospheric Effects, Satel- lite Link Design, and System Performance, 1st ed. Wiley, 2008

2008
[39]

TDRS: TRACKING AND DATA RELAY SATELLITE CONTINUING THE CRITICAL LIFELINE

National Aeronautics and Space Administration (NASA). TDRS: TRACKING AND DATA RELAY SATELLITE CONTINUING THE CRITICAL LIFELINE. [Online]. Available: https://www.nasa.gov/wp-content/uploads/2022/04/tdrsfactsheet 3.pdf?emrc=e97a55

2022
[40]

Packet Telecommand Standard,

“Packet Telecommand Standard,” European Space Agency (ESA), Netherland, Standard ESA PSS-04-107, Apr. 1992, Issue 2. [Online]. Available: http://microelectronics.esa.int/ vhdl/pss/PSS-04-107.pdf

1992
[41]

Telecommand Decoder Specification,

“Telecommand Decoder Specification,” European Space Agency (ESA), Netherland, Standard ESA PSS-04-151, Sep. 1992, Issue 1. [Online]. Available: http:// microelectronics.esa.int/vhdl/pss/PSS-04-151.pdf

1992
[42]

CCSDS Report Concerning Space Data System Standards: THE APPLICATION OF SECURITY TO CCSDS PROTOCOLS,

“CCSDS Report Concerning Space Data System Standards: THE APPLICATION OF SECURITY TO CCSDS PROTOCOLS,” Consultative Committee for Space Data Systems (CCSDS), Washington, D.C., USA, Standard CCSDS 350.0-G-3, Mar. 2019, Informational Report, Issue 3. [Online]. Available: https://ccsds.org/Pubs/350x0g3.pdf

2019
[43]

CCSDS Recommendation for Space Data System Practices: SYMMETRIC KEY MANAGEMENT,

“CCSDS Recommendation for Space Data System Practices: SYMMETRIC KEY MANAGEMENT,” Consultative Committee for Space Data Systems (CCSDS), Washington, D.C., USA, Standard CCSDS 354.0-M-1, Dec. 2023, Recommended Practice, Issue 1. [Online]. Available: https://ccsds.org/Pubs/354x0m1.pdf

2023
[44]

KeySpace: Enhancing Public Key Infrastructure for Interplanetary Networks,

J. Smailes, F. Futera, S. K¨ ohler, S. Birnbach, M. Strohmeier, and I. Martinovic, “KeySpace: Enhancing Public Key Infrastructure for Interplanetary Networks,” 2026. [Online]. Available: https://arxiv.org/abs/2408.10963

work page arXiv 2026
[45]

Efficient PKI Design for Secure Communication and Collaboration in Space Networks,

D. Koisser, A. Schwarzkopf, F. Brasser, and G. Da Broi, “Efficient PKI Design for Secure Communication and Collaboration in Space Networks,” in2025 Security for Space Systems (3S), 2025, pp. 1–12

2025
[46]

Design and analysis of a public key infrastructure for sbas data authentication,

A. Neish, T. Walter, and J. D. Powell, “Design and analysis of a public key infrastructure for sbas data authentication,”NAVIGATION, vol. 66, no. 4, pp. 831–844, 2019

2019
[47]

ADOPT. A Distributed OCSP for Trust Establishment in MANETs,

G. F. Marias, K. Papapanagiotou, and P. Georgiadis, “ADOPT. A Distributed OCSP for Trust Establishment in MANETs,” in11th European Wireless Conference 2005 - Next Generation wireless and Mobile Communications and Services, 2005, pp. 1–7

2005
[48]

A more efficient use of delta-crls,

D. A. Cooper, “A more efficient use of delta-crls,” inProceedings of the 2000 IEEE Symposium on Security and Privacy. IEEE, 2000, pp. 190–202. [Online]. Available: https://nist.gov

2000
[49]

Certificate revocation system imple- mentation based on the Merkle hash tree,

J. L. Mu˜ noz, J. Forne, O. Esparza, and M. Soriano, “Certificate revocation system imple- mentation based on the Merkle hash tree,”Int. J. Inf. Secur., vol. 2, no. 2, p. 110–124, Jan. 2004

2004
[50]

CRLite: A Scalable System for Pushing All TLS Revocations to All Browsers,

J. Larisch, D. Choffnes, D. Levin, B. M. Maggs, A. Mislove, and C. Wilson, “CRLite: A Scalable System for Pushing All TLS Revocations to All Browsers,” in2017 IEEE Symposium on Security and Privacy (SP), 2017, pp. 539–556

2017
[51]

A Delay-Tolerant Network Architecture for Challenged Internets,

K. Fall, “A Delay-Tolerant Network Architecture for Challenged Internets,” in Proceedings of the 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, ser. SIGCOMM ’03. New York, NY, USA: Association for Computing Machinery, 2003, p. 27–34. [Online]. Available: https://doi.org/10.1145/863955.863960 Toward...

work page doi:10.1145/863955.863960 2003
[52]

A Distributed Hash Table,

F. Dabek, “A Distributed Hash Table,” Ph.D. dissertation, Massachusetts Institute of Tech- nology, 2005. [Online]. Available: https://pdos.csail.mit.edu/papers/fdabek-phd-thesis.pdf

2005
[53]

Named data networking,

L. Zhang, A. Afanasyev, J. Burke, V. Jacobson, k. claffy, P. Crowley, C. Papadopoulos, L. Wang, and B. Zhang, “Named data networking,”SIGCOMM Comput. Commun. Rev., vol. 44, no. 3, p. 66–73, Jul. 2014

2014
[54]

Networking Named Content,

V. Jacobson, D. K. Smetters, J. D. Thornton, M. F. Plass, N. H. Briggs, and R. L. Bray- nard, “Networking Named Content,” inProceedings of the 5th International Conference on Emerging Networking Experiments and Technologies, ser. CoNEXT ’09. New York, NY, USA: Association for Computing Machinery, 2009, p. 1–12

2009
[55]

A Distributed Online Certificate Status Protocol for Named Data Networks,

D. Rezende, C. Maziero, and E. Mannes, “A Distributed Online Certificate Status Protocol for Named Data Networks,” inProceedings of the 33rd Annual ACM Symposium on Applied Computing, ser. SAC ’18. New York, NY, USA: Association for Computing Machinery, 2018, p. 2102–2108

2018
[56]

NDN Certificate Management Protocol (NDNCERT),

Z. Zhang, Y. Yu, A. Afanasyev, and L. Zhang, “NDN Certificate Management Protocol (NDNCERT),” Named Data Networking (NDN), Tech. Rep. NDN-0050, 2017. [Online]. Available: https://named-data.net/publications/techreports/ndn-0050-1-ndncert/

2017
[57]

Robust threshold dss signatures,

R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin, “Robust threshold dss signatures,” inAdvances in Cryptology — EUROCRYPT ’96, U. Maurer, Ed. Berlin, Heidelberg: Springer Berlin Heidelberg, 1996, pp. 354–371

1996
[58]

COCA: A secure distributed online certi- fication authority,

L. Zhou, F. B. Schneider, and R. Van Renesse, “COCA: A secure distributed online certi- fication authority,”ACM Trans. Comput. Syst., vol. 20, no. 4, p. 329–368, Nov. 2002

2002
[59]

A Distributed Certificate Authority and Key Establishment Protocol for Mobile Ad Hoc Networks,

M. S. Zefreh, A. Fanian, S. M. Sajadieh, M. Berenjkoub, and P. Khadivi, “A Distributed Certificate Authority and Key Establishment Protocol for Mobile Ad Hoc Networks,” in 2008 10th International Conference on Advanced Communication Technology, vol. 2, 2008, pp. 1157–1162

2008
[60]

Practical Byzantine Fault Tolerance,

M. Castro and B. Liskov, “Practical Byzantine Fault Tolerance,” inProceedings of the Third Symposium on Operating Systems Design and Implementation, ser. OSDI ’99. USA: USENIX Association, 1999, p. 173–186

1999
[61]

HotStuff: BFT Consen- sus with Linearity and Responsiveness,

M. Yin, D. Malkhi, M. K. Reiter, G. G. Gueta, and I. Abraham, “HotStuff: BFT Consen- sus with Linearity and Responsiveness,” inProceedings of the 2019 ACM Symposium on Principles of Distributed Computing, ser. PODC ’19. New York, NY, USA: Association for Computing Machinery, 2019, p. 347–356

2019
[62]

The Honey Badger of BFT Protocols,

A. Miller, Y. Xia, K. Croman, E. Shi, and D. Song, “The Honey Badger of BFT Protocols,” inProceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’16. New York, NY, USA: Association for Computing Machinery, 2016, p. 31–42

2016
[63]

Trust Anchor Management Protocol (TAMP),

C. Wallace, S. Ashmore, and R. Housley, “Trust Anchor Management Protocol (TAMP),” RFC 5934, Aug. 2010. [Online]. Available: https://www.rfc-editor.org/info/rfc5934

2010
[64]

CRYSTALS-Dilithium: A Lattice-Based Digital Signature Scheme,

L. Ducas, E. Kiltz, T. Lepoint, V. Lyubashevsky, P. Schwabe, G. Seiler, and D. Stehl´ e, “CRYSTALS-Dilithium: A Lattice-Based Digital Signature Scheme,”IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2018, no. 1, p. 238–268, Feb

2018
[65]

Available: https://tches.iacr.org/index.php/TCHES/article/view/839 34 R

[Online]. Available: https://tches.iacr.org/index.php/TCHES/article/view/839 34 R. Yasmin et. al
[66]

CBOR Encoded X.509 Certificates (C509 Certificates),

J. P. Mattsson, G. Selander, S. Raza, J. H¨ oglund, and M. Furuhed, “CBOR Encoded X.509 Certificates (C509 Certificates),” Internet Engineering Task Force, Internet-Draft draft-ietf-cose-cbor-encoded-cert-17, Mar. 2026, work in Progress. [Online]. Available: https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/17/ A Public Key Infrastructure...

2026