International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 21 June 2015

Robert Lychev, Samuel Jero, Alexandra Boldyreva, Cristina Nita-Rotaru
ePrint Report ePrint Report
QUIC is a secure transport

protocol developed by Google and implemented in Chrome in 2013, currently

representing one of the most promising solutions to decreasing latency

while intending to provide security properties similar with TLS.

In this work we shed some light on QUIC\'s strengths and weaknesses

in terms of its provable security and performance guarantees in the presence of attackers.

We first introduce a security model for analyzing performance-driven protocols like QUIC

and prove that QUIC satisfies our definition under reasonable assumptions on the protocol\'s building blocks.

However, we find that QUIC does not satisfy the traditional notion of forward secrecy that is provided by some modes of TLS,

e.g., TLS-DHE.

Our analyses also reveal that with simple bit-flipping and replay attacks on some

public parameters exchanged during the handshake, an

adversary could easily prevent QUIC from achieving minimal latency

advantages either by having it fall back to TCP or by causing

the client and server to have an inconsistent view of their

handshake leading to a failure to complete the connection.

We have implemented these attacks and demonstrated that they

are practical.

Our results suggest that QUIC\'s security weaknesses are introduced by the very mechanisms used to reduce latency,

which highlights the seemingly inherent trade off between minimizing latency and providing `good\' security guarantees.

Expand

Additional news items may be found on the IACR news page.