Paper 2015/582

How Secure and Quick is QUIC? Provable Security and Performance Analyses

Robert Lychev, Samuel Jero, Alexandra Boldyreva, and Cristina Nita-Rotaru

Abstract

QUIC is a secure transport protocol developed by Google and implemented in Chrome in 2013, currently representing one of the most promising solutions to decreasing latency while intending to provide security properties similar with TLS. In this work we shed some light on QUIC's strengths and weaknesses in terms of its provable security and performance guarantees in the presence of attackers. We first introduce a security model for analyzing performance-driven protocols like QUIC and prove that QUIC satisfies our definition under reasonable assumptions on the protocol's building blocks. However, we find that QUIC does not satisfy the traditional notion of forward secrecy that is provided by some modes of TLS, e.g., TLS-DHE. Our analyses also reveal that with simple bit-flipping and replay attacks on some public parameters exchanged during the handshake, an adversary could easily prevent QUIC from achieving minimal latency advantages either by having it fall back to TCP or by causing the client and server to have an inconsistent view of their handshake leading to a failure to complete the connection. We have implemented these attacks and demonstrated that they are practical. Our results suggest that QUIC's security weaknesses are introduced by the very mechanisms used to reduce latency, which highlights the seemingly inherent trade off between minimizing latency and providing `good' security guarantees.

Note: Added some modifications to address the results of the follow up paper, and the citation to that paper.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. Major revision. IEEE Security & Privacay 2015
Keywords
Network securitykey exchangesecure channels
Contact author(s)
robert lychev @ gmail com
History
2018-05-15: last of 3 revisions
2015-06-21: received
See all versions
Short URL
https://ia.cr/2015/582
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/582,
      author = {Robert Lychev and Samuel Jero and Alexandra Boldyreva and Cristina Nita-Rotaru},
      title = {How Secure and Quick is {QUIC}? Provable Security and Performance Analyses},
      howpublished = {Cryptology {ePrint} Archive, Paper 2015/582},
      year = {2015},
      url = {https://eprint.iacr.org/2015/582}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.