Background and Motivation
Low Earth Orbit (LEO) satellite networks create unique challenges for maintaining secure communications during satellite handovers. Unlike terrestrial networks, LEO connections frequently switch between satellites and ground stations (Points of Presence). These transitions can disrupt encrypted sessions. Secure transport protocols like TLS and QUIC were designed for relatively stable endpoints, which makes connection migration during handovers particularly problematic.
QUIC offers a built-in connection migration mechanism based on Connection IDs (RFC 9000, Section 9), allowing sessions to survive changes in the underlying IP address. However, this mechanism was designed primarily for terrestrial mobility scenarios such as switching from Wi-Fi to cellular. In LEO satellite networks, handovers are far more frequent, involve server-side path changes across different ground stations, and introduce rapidly fluctuating round-trip times. The interaction between QUIC's connection migration, its TLS 1.3 integration, and the dynamics of satellite routing remains poorly understood.
The core challenge is enabling seamless and secure connection migration without compromising end-to-end encryption or requiring full session re-establishment. Addressing this demands novel approaches to key exchange, session state management, and integration with satellite-specific routing protocols.
Expected Outcomes
This thesis will develop mechanisms for secure connection migration in satellite networks. The goal is to enable users to transition seamlessly between Points of Presence without disrupting their encrypted sessions.
Key research questions include:
- How can key exchange protocols be designed to efficiently support connection migration across multiple PoPs?
- How should secure session migration integrate with end-to-end routing decisions in LEO networks?
- What performance trade-offs arise between security guarantees and handover latency?
Requirements
- Strong background in computer networking, particularly transport-layer protocols (TCP, QUIC, TLS 1.3)
- Familiarity with network security concepts such as key exchange, session resumption, and authenticated encryption
- Programming experience in C, C++, Go, or Rust (for protocol implementation and experimentation)
- Ability to work with network emulation or simulation tools (e.g., Mininet, ns-3, or satellite emulators)
- Interest in satellite networking and willingness to engage with LEO-specific measurement and emulation setups
- Prior coursework or experience in cryptographic protocols is a plus but not mandatory
