QPEP: A QUIC-Based Approach to Encrypted Performance Enhancing Proxies for High-Latency Satellite Broadband

02/12/2020
by   James Pavur, et al.
0

Satellite broadband services are critical infrastructures enabling advanced technologies to function in the most remote regions of the globe. However, status-quo services are often unencrypted by default and vulnerable to eavesdropping attacks. In this paper, we challenge the historical perception that over-the-air security must trade off with TCP performance in high-latency satellite networks due to the deep-packet inspection requirements of Performance Enhancing Proxies (PEPs). After considering why prior work in this area has failed to find wide adoption, we present an open-source encrypted-by-default PEP - QPEP - which seeks to address these issues. QPEP is built around the open QUIC standard and designed so individual customers may adopt it without ISP involvement. QPEP's performance is assessed through simulations in a replicable docker-based testbed. Across many benchmarks and network conditions, QPEP is found to avoid the perceived security-encryption trade-off in PEP design. Compared to unencrypted PEP implementations, QPEP reduces average page load times by more than 30 VPN encryption available to customers today, QPEP more than halves average page load times. Together, these experiments lead to the conclusion that QPEP represents a promising new approach to protecting modern satellite broadband connections.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
06/20/2023

On Cross-Layer Interactions of QUIC, Encrypted DNS and HTTP/3: Design, Evaluation and Dataset

Every Web session involves a DNS resolution. While, in the last decade, ...
research
10/11/2018

QUIC and SATCOM

We analyze QUIC transport protocol behavior over a satellite communicati...
research
01/03/2022

A Survey on DNS Encryption: Current Development, Malware Misuse, and Inference Techniques

The domain name system (DNS) that maps alphabetic names to numeric Inter...
research
02/16/2022

Performance of QUIC Implementations Over Geostationary Satellite Links

QUIC was recently standardized as RFC 9000, but the performance of QUIC ...
research
09/24/2021

Developing and experimenting with LEO satellite constellations in OMNeT++

In this paper, we present our work in designing and implementing a LEO s...
research
08/01/2020

CROSSLINE: Breaking ”Security-by-Crash” based Memory Isolation in AMD SEV

AMD's Secure Encrypted Virtualization (SEV) is an emerging security feat...

Please sign up or login with your details

Forgot password? Click here to reset