Industry Blog

How to Optimize Encrypted Data Traffic

By Matt Halligan, Chief Technology Officer, Openwave Mobility

Encrypted traffic is estimated to be 30% of the mobile data flow. And, with expectations for secure traffic set to grow by 57% Compound Annual Growth Rate (CAGR) from 2014-2019, these numbers will only increase year-over-year. While privacy and security are, of course, paramount for subscribers, this trend presents a serious challenge for operators to deliver an optimal customer experience, as encrypted traffic renders former optimization techniques defunct.

Adding to the pressure on mobile operators is the variety of players that are moving towards encryption.  Google encrypts all its traffic – and, from its position of power, it is encouraging all website owners to follow suit.  Already bandwidth-intensive HD video traffic is increasingly encrypted by content owners.  And Facebook even encrypts the self-playing video ads that you didn’t ask to see.  Now, with iOS8 encrypting everything from photos to messages, the pressure is on for mobile operators to find the optimal solution to ease the strain on the network, and get back in control of the user experience.

A two-pronged approach

It has taken years of R&D and product enhancements to optimize unencrypted data traffic, especially video, to the level of maturity it is at now.  Now, encrypted data threatens to change everything for operators.  This time around, operators do not have the luxury of taking years to solve the problem, because the rate at which data is being encrypted for the mobile device could soon lead to operators losing control over their network. Without an effective approach to optimize and manage growing volumes of encrypted data, operators will continue to experience higher operating costs and subscribers will start to pay for a less than optimal user experience.  And you can guarantee that encryption-happy content owners will not bear the brunt of their frustration.

So, how can carriers optimize their networks while ensuring privacy and security? There are two key technologies coming into play which would target both the transport layer and the application layer. This would offer multi-layer stability to help handle the overflow of pressure placed on the networks.

TCP/IP acceleration

TCP/IP, the language of internet data transportation, is a poor match for cellular-based communications, and it always has been.  It is a very chatty protocol.  It has lagginess built into it at a conceptual level, with the slow start that is baked into the delivery of internet data.  It also checks that one aspect of the data delivery is okay before delivering another, going backward and forward from the host to the client far more than is useful.  And it doesn’t “understand” about spotty coverage – give it poor coverage and it determines that the game is over, the client doesn’t want to receive the data – and it stops trying.

The beauty of TCP/IP optimization is that it doesn’t matter whether data traffic is encrypted or not.  It can bring down the data transport delivery times, and deliver a better user experience, by tweaking the rules of TCP/IP to the benefit of the user. By applying heuristics based eg on the TCP destination and domain we can deduce what type of content is being carried in the TCP flow. Once it is accurately recognized eg as audio, or SD or HD video, we can apply rate-limiting techniques that will result in optimization of the flow. No encryption has been broken, privacy is secure and the user gets a far better video playback experience allowing operators to save on data and improve content delivery, without sacrificing privacy.

Application-layer answers

In addition to these advanced TCP/IP techniques, what if the content could be “met” by a friendly mediator in the traffic path? For example, you want to catch up on your favorite television show, using Netflix, on your handset. This “trusted proxy” in the traffic flow offers the end user the opportunity to opt-in to an improved user experience eg reduced stalling. This end-user agreement can then be used as the basis for accessing the video content. Taking the opting-in one stage further, the operator may also establish a relationship with the CDN or content provider. In both of these scenarios the trusted-proxy takes on the role of sharing encryption key storage and may therefore manipulate content in real time to suit delivery conditions or at the user’s request.

This mediation capability allows carriers to be in the encrypted traffic path with the ability to optimize the network based on the agreements either with end user or content provider or both. Content would effectively be offered to subscribers to match their device and context and they would have access to improved service. This process would allow content like HD videos to be viewed to their full potential – making subscribers happy without straining the mobile network.

Walking a tightrope

The exponential growth in data encryption is a relatively new challenge that mobile operators have to face up to. They have to grapple with a drastic change in data traffic and balance the privacy needs of subscribers without compromising on quality. That’s why maintaining an optimized network is more important than ever. Intelligent TCP/IP acceleration coupled with a secure traffic mediation capability is helping the most advanced mobile operators address a challenge that is growing by the day.