How Secure and Quick is QUIC? Provable Security and Performance Analyses

Lychev, Robert; Jero, Samuel; Boldyreva, Alexandra; Nita-Rotaru, Cristina

doi:10.1109/sp.2015.21

Cited by 87 publications

(69 citation statements)

References 31 publications

(54 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…QUIC Security. A first security analysis QUIC's key exchange is presented in [7], followed by a later analysis of the complete protocol [12]. These works on the security analysis are complemented by presenting an attack vector in which the server config can be computed offline to impersonate the server [8].…”

Section: Related Workmentioning

confidence: 99%

A First Look at QUIC in the Wild

Rüth

Poese

Dietzel³

et al. 2018

Lecture Notes in Computer Science

112

View full text Add to dashboard Cite

For the first time since the establishment of TCP and UDP, the Internet transport layer is subject to a major change by the introduction of QUIC. Initiated by Google in 2012, QUIC provides a reliable, connection-oriented low-latency and fully encrypted transport. In this paper, we provide the first broad assessment of QUIC usage in the wild. We monitor the entire IPv4 address space since August 2016 and about 46% of the DNS namespace to detected QUIC-capable infrastructures. Our scans show that the number of QUIC-capable IPs has more than tripled since then to over 617.59 K. We find around 161K domains hosted on QUIC-enabled infrastructure, but only 15K of them present valid certificates over QUIC. Second, we analyze one year of traffic traces provided by MAWI, one day of a major European tier-1 ISP and from a large IXP to understand the dominance of QUIC in the Internet traffic mix. We find QUIC to account for 2.6% to 9.1% of the current Internet traffic, depending on the vantage point. This share is dominated by Google pushing up to 42.1% of its traffic via QUIC.

show abstract

Section: Related Workmentioning

confidence: 99%

A First Look at QUIC in the Wild

Rüth

Poese

Dietzel³

et al. 2018

Lecture Notes in Computer Science

112

View full text Add to dashboard Cite

show abstract

“…Web browsing includes 4 key actors, namely the enduser, the web browser, the network and the remote web server. While some research work [20,21] describes how to qualify user-experience better, other studies investigate the impact of different Internet protocols on web browsing quality [22,23,24,25,26,27]. Regarding the network, particular interest is given to the upload or download link when investigating bottlenecks [28,29,30] and Naseer and al.…”

Section: Background and Related Workmentioning

confidence: 99%

A 6-month analysis of factors impacting web browsing quality for QoE prediction

2019

View full text Add to dashboard Cite

A B S T R A C TWeb browsing is one of the main Internet services, which has largely evolved over the last years. It now includes many different components (images in various formats, css, Javascript, Progressive Web Apps, etc.) and a web page is composed of many different resources provided by many servers located in various places. Knowing how web browsing content is delivered is crucial for better understanding the Quality of Experience (QoE) offered to end-users. Detecting the factors impacting this QoE is important to improve them but also to be able to predict the quality in order to anticipate degradations to it and propose remediations, which is the main goal of our study. For this, we present an analysis of a measurement campaign we have performed during 6 months (July 2018 -January 2019) on the Top 10,000 Alexa websites, which helps to identify the main factors which can impact the quality perceived by end-users. This set of factors has been confirmed by a machine learning process (decision tree), which gives as outputs the set of rules to predict the QoE. The evaluation of our decision tree-based model, on the Top 10,000-15,000 Alexa websites, never accessed before, shows that we can correctly predict the web browsing quality an end-user can get.

show abstract

“…The unknown key share attack described above applies to both QUIC and OPTLS, but remained undiscovered despite several security analyses of these protocols [45,62,58], because these works did not consider client authentication, and hence did not formulate an authentication goal that exposed the flaw. We informed the authors of QUIC and they acknowledged our attack.…”

Section: -Rtt With Semi-static Diffie-hellmanmentioning

confidence: 99%

Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate

Bhargavan

Blanchet

Kobeissi

2017

2017 IEEE Symposium on Security and Privacy (SP)

150

View full text Add to dashboard Cite

TLS 1.3 is the next version of the Transport Layer Security (TLS) protocol. Its clean-slate design is a reaction both to the increasing demand for low-latency HTTPS connections and to a series of recent high-profile attacks on TLS. The hope is that a fresh protocol with modern cryptography will prevent legacy problems; the danger is that it will expose new kinds of attacks, or reintroduce old flaws that were fixed in previous versions of TLS. After 18 drafts, the protocol is nearing completion, and the working group has appealed to researchers to analyze the protocol before publication. This paper responds by presenting a comprehensive analysis of the TLS 1.3 Draft-18 protocol. We seek to answer three questions that have not been fully addressed in previous work on TLS 1.3: (1) Does TLS 1.3 prevent well-known attacks on TLS 1.2, such as Logjam or the Triple Handshake, even if it is run in parallel with TLS 1.2? (2) Can we mechanically verify the computational security of TLS 1.3 under standard (strong) assumptions on its cryptographic primitives? (3) How can we extend the guarantees of the TLS 1.3 protocol to the details of its implementations? To answer these questions, we propose a methodology for developing verified symbolic and computational models of TLS 1.3 hand-in-hand with a high-assurance reference implementation of the protocol. We present symbolic ProVerif models for various intermediate versions of TLS 1.3 and evaluate them against a rich class of attacks to reconstruct both known and previously unpublished vulnerabilities that influenced the current design of the protocol. We present a computational CryptoVerif model for TLS 1.3 Draft-18 and prove its security. We present RefTLS, an interoperable implementation of TLS 1.0-1.3 and automatically analyze its protocol core by extracting a ProVerif model from its typed JavaScript code. Résumé : TLS 1.3 est la prochaine version du protocole TLS (Transport Layer Security). Sa conception à partir de zéro est une réaction à la fois à la demande croissante de connexions HTTPS à faible latence et à une série d'attaques récentes de haut niveau sur TLS. L'espoir est qu'un nouveau protocole avec de la cryptographie moderne éviterait d'hériter des problèmes des versions précédentes; le danger est que cela pourrait exposer à de nouveaux types d'attaques ou réintroduire d'anciens défauts corrigés dans les versions précédentes de TLS. Après 18 versions préliminaires, le protocole est presque terminé, et le groupe de travail a appelé les chercheurs à analyser le protocole avant publication. Cet article répond en présentant une analyse globale du protocole TLS 1.3 Draft-18.Nous cherchons à répondre à trois questions qui n'ont pas été entièrement traitées dans les travaux antérieurs sur TLS 1.3: (1) TLS 1.3 empêche-t-il les attaques connues sur TLS 1.2, comme Logjam ou Triple Handshake, même s'il est exécuté en parallèle avec TLS 1.2 ? (2) Peuton vérifier mécaniquement la sécurité calculatoire de TLS 1.3 sous des hypothèses standard (fortes) sur ses primitives...

show abstract

How Secure and Quick is QUIC? Provable Security and Performance Analyses

Cited by 87 publications

References 31 publications

A First Look at QUIC in the Wild

A First Look at QUIC in the Wild

A 6-month analysis of factors impacting web browsing quality for QoE prediction

Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate

Contact Info

Product

Resources

About