Analysis of QUIC Session Establishment and Its Implementations

Gagliardi, Eva; Levillain, Olivier

doi:10.1007/978-3-030-41702-4_11

“…In most cases, the QUIC handshake was ended after 2-3 packets, unable to complete the TLS handshake, since the transmitted QUIC packet was malformed. However, in some fewer cases, the fuzzer managed to perform a full handshake and receive some data, validating the observations of the work in [51] regarding the frame mangling attack.…”

Section: Methodssupporting

confidence: 62%

“…Gagliardi and Levillain [51] studied the QUIC transport and cryptographic layers in the related Internet drafts from version 18 to version 23. They focused on the connection establishment in existing implementations, testing them for security issues with the aid of the Scapy Python library.…”

Section: Handshake Attacksmentioning

confidence: 99%

Revisiting QUIC attacks: a comprehensive review on QUIC security and a hands-on study

Chatzoglou

¹

,

Kouliaridis

²

,

Καρόπουλος

³

et al. 2022

Int. J. Inf. Secur.

9

0

View full text Add to dashboard Cite

Built on top of UDP, the recently standardized QUIC protocol primarily aims to gradually replace the TCP plus TLS plus HTTP/2 model. For instance, HTTP/3 is designed to exploit QUIC’s features, including reduced connection establishment time, multiplexing without head of line blocking, always-encrypted end-to-end security, and others. This work serves two key objectives. Initially, it offers the first to our knowledge full-fledged review on QUIC security as seen through the lens of the relevant literature so far. Second and more importantly, through extensive fuzz testing, we conduct a hands-on security evaluation against the six most popular QUIC-enabled production-grade servers. This assessment identified several effective and practical zero-day vulnerabilities, which, if exploited, can quickly overwhelm the server resources. This finding is a clear indication that the fragmented production-level implementations of this contemporary protocol are not yet mature enough. Overall, the work at hand provides the first wholemeal appraisal of QUIC security from both a literature review and empirical standpoint, and it is therefore foreseen to serve as a reference for future research in this timely area.

show abstract

“…Reflective amplification [52] State overflow [52] Frame mangling [51] Missing parameters [51] Packet length manipulation [51] Version forgery [49,51] QUIC RST [49] DoS [31,47,49,52] Replay [31,48] Downgrade [31,50] Crypto Stream Offset [31] Packet manipulation [31]…”

Section: Quic-downgradementioning

confidence: 99%

“…Another identified issue is related to the Frame mangling attack [51]. Specifically, when running the Munityfuzzer it was observed that, similarly to the Frame mangling attack, the fuzzer was able to pass arbitrary QUIC packets to the server either during the TLS handshake or throughout the HTTP service.…”

Section: Quic-out-of-jointmentioning

confidence: 99%

Revisiting QUIC attacks: A comprehensive review on QUIC security and a hands-on study

Chatzoglou

¹

,

Kouliaridis

²

,

Καρόπουλος

³

et al. 2022

Preprint

View full text Add to dashboard Cite

Built on top of UDP, the recently standardized QUIC protocol primarily aims to gradually replace the TCP plus TLS plus HTTP/2 model. For instance, HTTP/3 is designed to exploit QUIC’s features, including reduced connection establishment time, multiplexing without head of line blocking, always-encrypted end-to-end security, and others. This work serves two key objectives. Initially, it offers the first to our knowledge full-fledged review on QUIC security as seen through the lens of the relevant literature so far. Second and more importantly, through extensive fuzz testing, we conduct a hands-on security evaluation against the six most popular QUIC-enabled production-grade servers. This assessment identified several effective and practical zero-day vulnerabilities, which, if exploited, can quickly overwhelm the server resources. This finding is a clear indication that the fragmented production-level implementations of this contemporary protocol are not yet mature enough. Overall, the work at hand provides the first wholemeal appraisal of QUIC security from both a literature review and empirical standpoint, and it is therefore foreseen to serve as a reference for future research in this timely area.

show abstract

“…Prior work suggests that some security trade-offs were specifically made in favor of improved latency [32]. The handshake, however, can suffer from additional latency if client and server do not agree on a version directly [11].…”

Section: Background and Related Workmentioning

confidence: 99%

On the interplay between TLS certificates and QUIC performance

Nawrocki¹,

Tehrani²,

Hiesgen³

et al. 2022

Proceedings of the 18th International Conference on Emerging Networking EXperiments and Technologies

View full text Add to dashboard Cite

In this paper, we revisit the performance of the QUIC connection setup and relate the design choices for fast and secure connections to common Web deployments. We analyze over 1M Web domains with 272k QUIC-enabled services and find two worrying results. First, current practices of creating, providing, and fetching Web certificates undermine reduced round trip times during the connection setup since sizes of 35% of server certificates exceed the amplification limit. Second, non-standard server implementations lead to larger amplification factors than QUIC permits, which increase even further in IP spoofing scenarios. We present guidance for all involved stakeholders to improve the situation.

show abstract

Analysis of QUIC Session Establishment and Its Implementations

Cited by 9 publications

References 3 publications

Revisiting QUIC attacks: a comprehensive review on QUIC security and a hands-on study

Revisiting QUIC attacks: a comprehensive review on QUIC security and a hands-on study

Revisiting QUIC attacks: A comprehensive review on QUIC security and a hands-on study

On the interplay between TLS certificates and QUIC performance

Contact Info

Product

Resources

About