A Quic(k) Security Overview: A Literature Research on Implemented Security Recommendations

Stefan Tatschner, Sebastian N. Peters, David Emeis, John Morris, Thomas Newe

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Built on top of UDP, the relatively new QUIC protocol serves as the baseline for modern web protocol stacks. Equipped with a rich feature set, the protocol is defined by a 151 pages strong IETF standard complemented by several additional documents. Enabling fast updates and feature iteration, most QUIC implementations are implemented as user space libraries leading to a large and fragmented ecosystem. This work addresses the research question, "if a complex standard with a large number of different implementations leads to an insecure ecosystem?". The relevant RFC documents were studied and "Security Consideration"items describing conceptional problems were extracted. During the research, 13 popular production ready QUIC implementations were compared by evaluating 10 security considerations from RFC9000. While related studies mostly focused on the functional part of QUIC, this study confirms that available QUIC implementations are not yet mature enough from a security point of view.

Original languageEnglish
Title of host publicationARES 2023 - 18th International Conference on Availability, Reliability and Security, Proceedings
PublisherAssociation for Computing Machinery
ISBN (Electronic)9798400707728
DOIs
Publication statusPublished - 29 Aug 2023
Event18th International Conference on Availability, Reliability and Security, ARES 2023 - Benevento, Italy
Duration: 29 Aug 20231 Sep 2023

Publication series

NameACM International Conference Proceeding Series

Conference

Conference18th International Conference on Availability, Reliability and Security, ARES 2023
Country/TerritoryItaly
CityBenevento
Period29/08/231/09/23

Keywords

  • QUIC
  • RFC9000
  • security considerations
  • web

Fingerprint

Dive into the research topics of 'A Quic(k) Security Overview: A Literature Research on Implemented Security Recommendations'. Together they form a unique fingerprint.

Cite this