Background and Motivation
Low Earth Orbit (LEO) satellite networks, particularly Starlink, have revolutionized global Internet connectivity by providing high-speed access with significantly lower latency compared to traditional geostationary satellites. However, the unique characteristics of LEO networks—including variable propagation delays, frequent satellite handovers, and intermittent connectivity—present challenges for secure communication protocols.
TLS 1.3 and QUIC represent the current state-of-the-art in secure transport protocols, with QUIC integrating cryptographic handshakes directly into the transport layer to reduce connection establishment latency. While TLS 1.3 reduces handshake overhead from 2-RTT to 1-RTT compared to TLS 1.2, and QUIC further optimizes this with 0-RTT resumption capabilities, the performance implications over LEO satellite links remain poorly understood. The additional round-trips required for secure connection establishment may be particularly costly in satellite environments where RTT can vary from 20ms to over 100ms depending on satellite position and ground station distance.
Recent studies have shown that QUIC performance can be improved by up to 35% in terms of completion time over Starlink networks through congestion control optimizations, but comprehensive analysis of TLS handshake overhead and security establishment costs over LEO links is lacking. Understanding these overheads is critical as encrypted traffic continues to dominate Internet communications, with over 95% of web traffic now using HTTPS.
Expected Outcomes
This thesis will conduct comprehensive performance evaluation of TLS 1.3 and QUIC security mechanisms over real Starlink connections available in Delft and the global LeoScope testbed. The research will quantify the overhead introduced by cryptographic handshakes, session establishment, and key exchange protocols across varying satellite link conditions.
The study will measure connection establishment times, comparing TLS 1.2, TLS 1.3, and QUIC handshake performance under different RTT conditions and packet loss scenarios typical of LEO networks. Key metrics include handshake completion time, certificate validation overhead, and the impact of satellite handovers on secure session continuity. The research will analyze 0-RTT resumption effectiveness in QUIC when clients reconnect through different satellites or ground stations.
Performance optimization strategies will be developed specifically for LEO environments, including adaptive timeout mechanisms, pre-established security contexts, and optimized cipher suite selection for satellite links. The thesis will investigate certificate chain optimization, OCSP stapling effectiveness, and the trade-offs between security level and performance in space-based networks.
Large-scale experiments using the LeoScope testbed will provide global perspective on TLS/QUIC performance variations across different geographic regions, orbital positions, and network congestion levels. The research will establish performance baselines and provide recommendations for application developers and network operators deploying secure services over LEO satellite networks.
Requirements
- Strong understanding of TLS/QUIC protocols and cryptographic handshake mechanisms
- Network measurement and analysis experience with tools like tcpdump, Wireshark, and iperf
- Python/Go programming skills for developing measurement tools and automation scripts
- Knowledge of satellite networking fundamentals and LEO constellation characteristics
- Experience with containerized deployments and remote testbed management
Related Work
[1] Nitinder Mohan, Andrew E. Ferguson, Hendrik Cech, Rohan Bose, Prakita Rayyan Renatin, Mahesh K. Marina, and Jörg Ott. 2024. A Multifaceted Look at Starlink Performance. In Proceedings of the ACM Web Conference 2024 (WWW '24). Association for Computing Machinery, New York, NY, USA, 2723–2734.
[2] Xumiao Zhang, Shuowei Jin, Yi He, Ahmad Hassan, Z. Morley Mao, Feng Qian, and Zhi-Li Zhang. 2024. QUIC is not Quick Enough over Fast Internet. In Proceedings of the ACM Web Conference 2024 (WWW '24).
