TY - GEN
T1 - A Quic(k) Security Overview
T2 - 18th International Conference on Availability, Reliability and Security, ARES 2023
AU - Tatschner, Stefan
AU - Peters, Sebastian N.
AU - Emeis, David
AU - Morris, John
AU - Newe, Thomas
N1 - Publisher Copyright:
© 2023 Owner/Author.
PY - 2023/8/29
Y1 - 2023/8/29
N2 - Built on top of UDP, the relatively new QUIC protocol serves as the baseline for modern web protocol stacks. Equipped with a rich feature set, the protocol is defined by a 151 pages strong IETF standard complemented by several additional documents. Enabling fast updates and feature iteration, most QUIC implementations are implemented as user space libraries leading to a large and fragmented ecosystem. This work addresses the research question, "if a complex standard with a large number of different implementations leads to an insecure ecosystem?". The relevant RFC documents were studied and "Security Consideration"items describing conceptional problems were extracted. During the research, 13 popular production ready QUIC implementations were compared by evaluating 10 security considerations from RFC9000. While related studies mostly focused on the functional part of QUIC, this study confirms that available QUIC implementations are not yet mature enough from a security point of view.
AB - Built on top of UDP, the relatively new QUIC protocol serves as the baseline for modern web protocol stacks. Equipped with a rich feature set, the protocol is defined by a 151 pages strong IETF standard complemented by several additional documents. Enabling fast updates and feature iteration, most QUIC implementations are implemented as user space libraries leading to a large and fragmented ecosystem. This work addresses the research question, "if a complex standard with a large number of different implementations leads to an insecure ecosystem?". The relevant RFC documents were studied and "Security Consideration"items describing conceptional problems were extracted. During the research, 13 popular production ready QUIC implementations were compared by evaluating 10 security considerations from RFC9000. While related studies mostly focused on the functional part of QUIC, this study confirms that available QUIC implementations are not yet mature enough from a security point of view.
KW - QUIC
KW - RFC9000
KW - security considerations
KW - web
UR - http://www.scopus.com/inward/record.url?scp=85169673665&partnerID=8YFLogxK
U2 - 10.1145/3600160.3605164
DO - 10.1145/3600160.3605164
M3 - Conference contribution
AN - SCOPUS:85169673665
T3 - ACM International Conference Proceeding Series
BT - ARES 2023 - 18th International Conference on Availability, Reliability and Security, Proceedings
PB - Association for Computing Machinery
Y2 - 29 August 2023 through 1 September 2023
ER -