Key Management in Outer Space

This project is offered in conjunction with the Cyber-Defence Campus

The modern internet infrastructure relies on asymmetric cryptography to ensure privacy and security of communications. Within this paradigm, users rely on a combination of public and private keys to exchange information. There is a big problem however: how can I be sure that the public key of the party I want to communicate with actually belongs to them? Nowadays, this issue is solved via a sophisticated system of trusted third parties, such as Certificate Authorities, which validate and issue certificates linking public keys to specific identities [3].

This system is broadly referred to as a Public Key Infrastructure (PKI). While PKI is foundational to modern secure communications, its deployment becomes challenging in networks with unique constraints, such as large-scale satellite systems.

In large satellite networks, particularly interplanetary networks, key management is currently an unsolved problem [4]. Pre-shared keys become infeasible due to the large number of nodes in the network, and PKI is made more difficult due to the long distances and intermittent connectivity between nodes. Recent work within the Cyber-Defence Campus makes use of a network simulator to test the suitability of terrestrial PKI to large-scale satellite systems, finding that it can be used with a small number of modifications [5].

This project will seek to extend this work by implementing additional assessment criteria to the network simulator. For example: Current simulations focus on connection establishment time and the time taken for revocation messages to cover the entire network. This could be extended to add storage and network load measurement capabilities to the simulator: showing that it is possible to use protocols that are not only faster but also require less space and network load.

Milestones

1. Get familiar with the topic and simulator
2. Identify areas of improvement

• Extend simulator to add storage and network load measurement capabilities
• Gather data using the new simulations, identify shortcomings or areas of improvement

3. Come up with and test own proposed improvements to the PKI

Requirements

• Basic knowledge of network protocols and key management
• A good grasp of the Python programming language

References

1. Key Management in Outer Space - The original project proposal
2. Public-key cryptography
3. Sharon Boeyen, Stefan Santesson, Tim Polk, Russ Housley, Stephen Farrell, and David Cooper. “Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile.” Request for Comments RFC 5280, Internet Engineering Task Force, May 2008.
4. Fred Templin. “Delay Tolerant Networking Security Key Management - Problem Statement.” Internet-Draft, Internet Engineering Task Force, March 12, 2014.
5. Joshua Smailes, Sebastian Köhler, Simon Birnbach, Martin Strohmeier, and Ivan Martinovic. “KeySpace: Public Key Infrastructure Considerations in Interplanetary Networks.” arXiv, 2024.

Supervisors

Pietro Ronchetti

PhD student

Dr. Martin Strohmeier

Armasuisse

martin.strohmeier@armasuisse.ch

Prof. Laurent Vanbever

Group Leader