Conference item
QPEP: An actionable approach to secure and performant broadband from geostationary orbit
- Abstract:
- Satellite broadband services are critical infrastructures, bringing connectivity to the most remote regions of the globe. However, due to performance concerns, many geostationary satellite broadband services are unencrypted by default and vulnerable to long-range eavesdropping attacks. The result is that deeply sensitive internet traffic is regularly broadcast in clear-text over vast coverage areas. This paper delves into the underlying causes of this insecure network design, presenting the case that physical characteristics effecting TCP performance and the widespread use of Performance Enhancing Proxies (PEPs) have created the perception of a security/performance trade-off in these networks. A review of previous mitigation attempts finds limited real-world adoption due to a variety of factors ranging from misaligned commercial incentives to the prevalence of unverified ``black-box'' encryption products. To address these shortcomings, we design and implement a fully open-source and encrypted-by-default PEP/VPN hybrid, call QPEP. Built around the QUIC standard, QPEP enables individuals to encrypt satellite traffic without ISP involvement. Additionally, we present an open and replicable Docker-based testbed for benchmarking satellite PEPs like QPEP through simulation. These experiments show that QPEP enables satellite customers to encrypt their TCP traffic with up to 65% faster page load times (PLTs) compared to traditional VPN encryption. Even relative to unencrypted PEPs, QPEP offers up to 45% faster PLTs while adding over-the-air security. We briefly evaluate additional tweaks to QUIC which may further optimize QPEP performance. Together, these assessments suggest that QPEP represents a promising new technique for bringing both security and performance to high-latency satellite broadband without requiring alterations to status-quo network implementations.
- Publication status:
- Published
- Peer review status:
- Peer reviewed
Actions
Authors
- Publisher:
- Internet Society
- Publication date:
- 2021-02-21
- Acceptance date:
- 2020-12-21
- Event title:
- Network and Distributed System Security Symposium (NDSS 2021)
- Event website:
- https://www.ndss-symposium.org/ndss2021/
- Event start date:
- 2021-02-21
- Event end date:
- 2021-02-24
- ISBN:
- 1-891562-66-5
- Language:
-
English
- Keywords:
- Pubs id:
-
1151265
- Local pid:
-
pubs:1151265
- Deposit date:
-
2020-12-29
Terms of use
- Copyright holder:
- Pavur et al.
- Copyright date:
- 2021
- Rights statement:
- © The Author(s) 2021.
- Notes:
- This paper was presented at the Network and Distributed System Security Symposium (NDSS 2021), February 2021. This is the accepted manuscript version of the paper. The final version is available online from NDSS at: https://www.ndss-symposium.org/ndss-paper/qpep-an-actionable-approach-to-secure-and-performant-broadband-from-geostationary-orbit/
If you are the owner of this record, you can report an update to it here: Report update to this record