A Secure Splitting and Acceleration Strategy for TCP/QUIC in Interplanetary Networks

Imagine you are trying to send a very important, secret letter from Earth to a colony on the Moon.

In our normal world (the Internet), sending a letter is fast. You write it, drop it in the mailbox, and the post office delivers it almost instantly. If the letter gets lost, the post office asks for a copy immediately, and you resend it.

But sending data to space is like trying to mail a letter to someone on the other side of the galaxy. Here are the three big problems:

The Distance is Huge: It takes about 2.5 seconds just for a signal to get there, and another 2.5 seconds for a reply to come back. That's a 5-second round trip! If you ask "Did you get my letter?" you have to wait 5 seconds for an answer.
The Signal is Noisy: Space is full of interference. Letters often get shredded or lost in the mail.
The Mail Stops: Sometimes, the Moon goes behind the Earth, or a solar storm hits, and the mail service stops completely for minutes or even days.

The Problem with Current Methods

Standard internet protocols (like TCP and QUIC) are like impatient postmen. They send a letter, wait for a "Got it!" reply, and if they don't hear back quickly, they panic and slow down. In space, because of the 5-second delay, they think the network is broken and stop sending data entirely. They also try to resend lost letters immediately, which wastes precious time and bandwidth.

The Solution: "PEPspace" (The Smart Relay Station)

The authors of this paper built a new system called PEPspace. Think of it as setting up a secure, high-tech relay station on a satellite orbiting the Moon.

Here is how it works, using simple analogies:

1. The "Secret Handshake" Split (NTSP Architecture)

Normally, if you want to send a secret letter, you seal it in a box that only the receiver can open. If a relay station tries to help, they can't see inside the box, so they can't optimize the delivery.

The Innovation: The authors created a special "Non-Transparent Secure Proxy" (NTSP). Imagine the sender and receiver agree on a second, secret code just for the content of the letter, while the outer box (the internet protocol) is handled by the relay station.
The Result: The relay station can open the outer box to fix the delivery route, speed things up, and handle the messy space conditions, but it cannot read the secret letter inside. This keeps your data safe while still letting the relay station do its job.

2. The "Pre-Planned Route" (Rate-Based Control)

On Earth, postmen check traffic lights and slow down if the road is jammed. In space, the "road" (the link to the Moon) is pre-planned. We know exactly how fast the satellite can fly and how long the delay is.

The Innovation: Instead of guessing and waiting for traffic reports, PEPspace knows the speed limit in advance. It sets the data flow to match the exact capacity of the space link.
The Result: It's like a train running on a dedicated track. It doesn't stop to ask "Is the track clear?" because it knows the schedule. It runs at full speed without crashing.

3. The "Magic Repair Kit" (Forward Error Correction)

In normal internet, if a letter is lost, you wait 5 seconds, ask for a copy, and wait another 5 seconds to get it. That's too slow for space.

The Innovation: PEPspace uses a technique called Forward Error Correction (FEC). Imagine you don't just send the letter; you send the letter plus a few pages of "magic puzzle pieces."
The Result: If a few pages of the letter get shredded in space, the receiver can use the puzzle pieces to reconstruct the missing parts instantly. No waiting, no asking for a resend. It's like having a backup copy built right into the original package.

4. The "Smart Buffer" (Preventing the Traffic Jam)

If the sender on Earth sends data faster than the Moon can receive it, the relay station's memory (buffer) will fill up, causing a massive traffic jam (bufferbloat).

The Innovation: The authors did complex math to figure out the perfect size for the relay station's waiting room. It's big enough to keep the pipeline full, but small enough that data doesn't sit there too long.
The Result: The system stays stable. It never clogs up, and the data flows smoothly like water in a well-designed pipe.

The Big Picture: Why This Matters

The paper tested this system in a simulation of an Earth-Moon network.

Old Methods: Got stuck, slowed down, or lost data when the signal was noisy.
PEPspace: Delivered data at near-maximum speed, stayed stable even when the connection was shaky, and kept the data secret.

The Future Vision:
The authors also suggest that this system could be the bridge between our current Internet and the future "Interplanetary Internet." It could act as a universal translator, letting Earth computers talk to Mars rovers, even if the Mars rover uses a completely different, older system designed for long delays.

In short: PEPspace is like a super-efficient, secure, and pre-planned mail service for space. It stops the "wait-and-see" panic of current internet protocols and replaces it with a smart, proactive system that knows how to handle the long, noisy, and broken roads of deep space.

Here is a detailed technical summary of the paper "A Secure Splitting and Acceleration Strategy for TCP/QUIC in Interplanetary Networks."

1. Problem Statement

Interplanetary Networks (IPNs), such as those connecting Earth to the Moon or Mars, present unique challenges that severely degrade the performance of standard Internet transport protocols (TCP and QUIC):

Extreme Latency: Round-trip times (RTT) can range from seconds (Earth-Moon) to minutes (Earth-Mars), causing feedback loops in congestion control to lag significantly behind actual link conditions.
High Packet Loss & Disruptions: Deep-space links suffer from high bit error rates and frequent interruptions due to planetary occlusion or electromagnetic interference.
Encryption Barrier: The widespread adoption of end-to-end encrypted protocols (like QUIC) renders traditional Performance Enhancing Proxies (PEPs) ineffective, as they cannot inspect or manipulate encrypted packet headers.
Architectural Mismatch: Existing solutions like Delay/Disruption Tolerant Networking (DTN) offer robustness but lack interoperability with the terrestrial IP ecosystem, while standard IP optimizations fail under extreme deep-space conditions.

2. Methodology

The authors propose a comprehensive strategy centered on a Non-Transparent Secure Proxy (NTSP) architecture and an IPN-aware transport policy.

A. NTSP Architecture (Secure Connection Splitting)

To overcome the encryption barrier, the authors introduce NTSP, which decomposes an end-to-end connection into three independent segments:

Client-to-Proxy
Proxy-to-Proxy (Deep-space segment)
Proxy-to-Server

Mechanism: Proxies terminate the transport connection at segment boundaries. To maintain end-to-end security, the architecture employs an Application Layer Data Encryption (ALDE) mechanism.
Security Model: While proxies manage the transport layer (QUIC headers/signaling), the application payload remains encrypted via ALDE. The ALDE keys are derived from the TLS handshake but are never transmitted to the proxies. This ensures that even if a proxy is compromised, it cannot decrypt, tamper with, or replay the application data.
Overhead: The handshake overhead is minimized to approximately one end-to-end RTT (equivalent to standard QUIC) by utilizing 0-RTT handshakes for historical sessions and parallel connection establishment.

B. IPN-Aware Transport Policy

Once the connection is split, the deep-space segment is optimized using two key components:

Rate-Based Congestion Control (CCA):
- Instead of relying on delayed ACK feedback, this algorithm leverages the pre-scheduled and predictable nature of deep-space links.
- It calculates the Bandwidth-Delay Product (BDP) based on known link capacity and minimum RTT, setting the Congestion Window (CWND) directly to achieve near-capacity utilization without the slow-start oscillations typical of TCP Cubic or BBR.
Adaptive Packet-Level Forward Error Correction (FEC):
- To avoid the high latency of retransmissions (which would take minutes/hours in IPNs), the system uses Streaming Codes (SC).
- Data is encoded into "Source" frames, and "Repair" frames are generated as linear combinations.
- The system adaptively adjusts the redundancy ratio based on real-time loss estimates. If a packet is lost, it is recovered immediately upon receiving enough repair frames without waiting for a retransmission, effectively decoupling loss recovery from congestion control.

C. Backpressure Flow Control & Buffer Management

To prevent bufferbloat and system instability caused by rate mismatches between high-speed access links and slow deep-space links:

The authors derive an analytical model (based on M/M/1/K and M/D/1/K queuing theory) to determine the optimal buffer size ( $K_{opt}$ ).
Formula: $K_{opt} = \frac{BW_{out} \times RTT_{in}}{N}$ , where $BW_{out}$ is the deep-space link bandwidth, $RTT_{in}$ is the access link RTT, and $N$ is the number of concurrent streams.
This ensures the buffer is large enough to keep the deep-space link saturated but small enough to prevent excessive queuing delay.

3. Key Contributions

NTSP Architecture: A novel secure proxy framework that enables connection splitting for encrypted flows (TCP/QUIC) while preserving application-layer confidentiality via ALDE.
IPN-Aware Transport Strategy: A synergistic combination of rate-based congestion control (exploiting link predictability) and adaptive Streaming Codes for low-latency loss recovery without retransmissions.
Theoretical Buffer Sizing: A mathematically derived backpressure mechanism that optimizes the trade-off between bandwidth utilization and queuing delay in split-connection architectures.
PEPspace Prototype: A full implementation of the strategy in Go (using quic-go) and extensive validation in Earth-Moon scenarios.
Unified IP/DTN Framework: A discussion and Proof-of-Concept (PoC) demonstrating how NTSP can bridge IP and DTN (Bundle Protocol/LTP) architectures, offering a path toward a unified Interplanetary Internet.

4. Results

The strategy was evaluated using the PEPspace prototype in a simulated Earth-Moon network (10 Mbps downlink, 2.01s one-way delay, varying packet loss).

Goodput Performance: PEPspace consistently achieved near-capacity goodput (approx. 8.5–8.9 Mbps) across all packet loss rates (0.1% to 5%), significantly outperforming standard TCP (Cubic, BBR), QUIC variants, and existing PEP solutions (PEPsal, Kcptun, PEPesc).
Stability: PEPspace demonstrated the lowest Coefficient of Variation (CoV) in goodput, indicating highly stable throughput compared to the oscillating performance of other schemes.
Latency & Congestion: Unlike aggressive schemes that caused severe link congestion and high RTT (bufferbloat), PEPspace maintained RTT close to the physical link delay.
Multi-Flow Fairness: In 10-flow scenarios, PEPspace achieved a Jain's Fairness Index > 0.98, ensuring equitable bandwidth sharing.
Robustness to Interruptions: In scenarios with 12-second link interruptions, PEPspace maintained high goodput and recovered quickly, whereas DTN-based BP/LTP suffered significant degradation in lossy environments due to ARQ-based recovery delays.
Buffer Optimization: Experiments confirmed that the theoretically derived optimal buffer size ( $K_{opt}$ ) maximizes throughput while minimizing queuing delay; buffers smaller than $K_{opt}$ underutilized the link, while larger buffers increased latency without improving throughput.

5. Significance

Bridging the Gap: The work addresses the critical gap between the need for secure, encrypted communication and the necessity for deep-space optimization. It proves that encrypted protocols can be accelerated without breaking end-to-end security.
Scalability: By moving away from the store-and-forward paradigm of DTN for continuous links, the proposed strategy offers higher scalability and better compatibility with existing terrestrial applications.
Future Architecture: The paper provides a foundational framework for a Unified IP/DTN architecture. The PoC demonstrates that NTSP can act as a gateway, seamlessly translating between IP streams and DTN bundles, which is essential for future heterogeneous space networks (e.g., combining Earth-Moon IP links with Mars DTN links).
Practical Implementation: The open-source prototype (PEPspace) and rigorous analytical modeling provide a concrete, deployable solution for upcoming missions like NASA's Artemis and China's lunar exploration programs.