Exploiting Satellite Broadcast despite HTTPS

HTTPS enhances end-user privacy and is often preferred or enforced by over-the-top content providers, but renders inoperable all intermediate network functions operating above the transport layer, including caching, content/protocol optimization, and security filtering tools. These functions are crucial for the optimization of integrated satellite-terrestrial networks. Additionally, due to the use of end-to-end and per- session encryption keys, the advantages of a satellite's wide- area broadcasting capabilities are limited or even negated completely. This paper investigates two solutions for authorized TLS interception that involve TLS splitting. We present how these solutions can be incorporated into integrated satellite- terrestrial networks and we discuss their trade-offs in terms of deployment, performance, and privacy. Furthermore, we design a solution that leverages satellite broadcast transmission even in the presence of TLS (i.e. with the use of HTTPS) by exploiting application layer encryption in the path between the satellite terminal and the TLS server. Our findings indicate that even if no other operation than TLS splitting is performed, TLS handshake time, which involves roundtrips through possibly a Geosynchronous satellite, can be reduced by up to 94%. Moreover, by combining an application layer encryption solution with TLS splitting, broadcast transmissions can be exploited as well as proactive caching, content pushing, request aggregation, and other optimizations.