A Survey On The Security Issues of QUIC
A Survey On The Security Issues of QUIC
A Survey On The Security Issues of QUIC
Abstract—A newly established multiplexed network pro- the standardized QUIC protocol as RFC 9000 in May
tocol – QUIC, which is based on User Datagram Protocol 2021 [8]. At around the same time, RFC 9001 [9] was
2022 6th Cyber Security in Networking Conference (CSNet) | 979-8-3503-9722-2/22/$31.00 ©2022 IEEE | DOI: 10.1109/CSNET56116.2022.9955622
(UDP), has emerged in recent years and gained a large released that standardizes how TLS 1.3 functions as a
share of Internet traffic quickly. Initially proposed by
Google, the goal of QUIC is to achieve a higher Internet security component of QUIC protocol. It is worth noting
communication performance and eventually replace the that HTTP/3 [10] connections can only be established
Transmission Control Protocol (TCP) + Transport Layer using QUIC. It is developed as a better substitute for
Security (TLS) + HTTP/2 architecture. In particular, the Transmission Control Protocol (TCP) [8]. It has multiple
3rd version of the Hypertext Transfer Protocol – HTTP/3.0 unique or pioneer characteristics that surpass TCP in
is built on top of QUIC. A good number of research papers
have been published recently to evaluate the performance various areas theoretically. For instance, it offers a 0-
and security of the QUIC protocol. In this paper, we Round Trip Time (0-RTT) handshake mechanism to re-
conduct a comprehensive survey on the QUIC security duce handshake latency [11]. Although the same feature
issues and analyze its future research directions regarding is possible in TCP by combining the use of TCP Fast
security prospective. We investigate several topics including Option (TFO) and 0-RTT (early data) in TLS 1.3, recent
the QUIC protocol structure, QUIC security model, secu-
rity issues related to QUIC protocol, and future research version of QUIC is superior to TFO regarding security
directions on QUIC Security. To the best of our knowledge, aspect of 0-RTT handshake mechanism [12]. Since the 0-
it is the one of first surveys that focus on the security of RTT feature was initiated by QUIC and it is performing
the QUIC protocol. better in QUIC architecture compared to the TFO, we
Index Terms—QUIC, Survey, TLS, Network Security, can consider 0-RTT to be a pioneer feature of QUIC.
HTTP/3, Network Protocol, Transport Layer Protocol,
TCP, UDP, Vulnerabilities By using multiplexing approach, it also overcomes HOL
blocking issue, which is one of the major problems
I. I NTRODUCTION of TCP. For being mobility-friendly and responsive, it
In recent years, a contemporary general-purpose, re- has connection migration feature as well [13]. Note that
liable, latency reducing, connection-oriented and secure connection migration feature stands for switching from
transport layer network protocol: QUIC [1] has emerged one type of network to another type of network. For
and has gained popularity quickly. It is now the default example, switching from Local Area Network (LAN)
transport layer encrypted protocol for the majority of connection to Wide Area Network (WAN) connection.
well-known applications, including Facebook, Gmail, There are already a number of QUIC implementations in
Instagram, Google Chrome, and YouTube [2]. Interest- use, some of these use gQUIC and others QUIC. gQUIC
ingly, from the operating system perspective, it looks like is still used by about 8% of the top 10 million lead-
an application layer protocol that behaves like a transport ing websites, according to latest assessments on those
layer network protocol. The QUIC protocol’s primary sites [14]. In contract, approximately 25% of websites
goals are to increase Internet traffic’s speed and reduce worldwide presently use HTTP/3 over QUIC [15]. More
latency by decreasing connection establishment duration than 75% of internet traffic of Facebook uses QUIC and
[3], multiplex without Head-of-Line (HOL) blocking [4], HTTP/3 by October 2020 [16].
and provide invariably-encrypted edge-to-edge security In spite of a de novo design brought higher
[5]. In 2012, Google first introduced a new transport performance to QUIC, security loopholes still exist.
layer network protocol built on User Datagram Protocol QUIC cannot perform according to its potentiality in
(UDP) titled “gQUIC”, to address the web traffic perfor- real world. As a result, every now and then, cyber
mance issues at that time [6], [7]. In 2016, the Internet attackers contravene QUIC protocol’s security [5]. Large
Engineering Task Force (IETF) formed a research group Technological Organizations, Internet Content Providers
to enlarge and standardize QUIC. The effort led to (ICPs), and other businesses are increasingly embracing
Authorized licensed use limited to: SICHUAN UNIVERSITY. Downloaded on January 26,2024 at 07:08:56 UTC from IEEE Xplore. Restrictions apply.
QUIC, making it a desirable target for malicious Connection ID is used identify a connection. The QUIC
attackers. Thus, analyzing and enumerating security connection created in the one (original) network can be
issues and threats of QUIC on existing network services easily moved to a new network, so that the network
is completely vital. A lot of research works have been service won’t be disrupted when the user switches their
conducted and published in the literature regarding the network. It is particularly useful for handover process in
security issues around QUIC [5], [17], [18], [19], [20], cellular networks or WiFi networks. Figure 1 illustrates
[21]. Unfortunately, there is still a lack of a pervasive the architectural view of the QUIC protocol.
inspection in the pertinent literature on QUIC security.
In this paper, we aim at filling the gap and conduct a
comprehensive survey on the QUIC protocol’s security
related issues that have been published so far.
Authorized licensed use limited to: SICHUAN UNIVERSITY. Downloaded on January 26,2024 at 07:08:56 UTC from IEEE Xplore. Restrictions apply.
which contains a TLS 1.3 “Client Hello” message. The
initial packet, which includes TLS “Server Hello”, is
then returned by the server. A handshake packet made
up of certificates, encrypted extensions, and other TLS
server communications comes next. A message from the
client is delivered after the handshake. Using 1-RTT
Fig. 3: Multiplexing in QUIC packets, application data can now be sent.
Authorized licensed use limited to: SICHUAN UNIVERSITY. Downloaded on January 26,2024 at 07:08:56 UTC from IEEE Xplore. Restrictions apply.
(a)
(b)
Fig. 4: (a) TCP and QUIC Handshake Latency illustration (b) QUIC’s Handshake Procedure
avoided the security flaws in TLS1.2 and is no longer
vulnerable to similar attacks.
Authorized licensed use limited to: SICHUAN UNIVERSITY. Downloaded on January 26,2024 at 07:08:56 UTC from IEEE Xplore. Restrictions apply.
against attacks coming from outside the network where 6) Spoofed ACK Attack: Iyengar, et al. [13] presented
a connection is established. There is a proof that the a severe security loophole of QUIC where an attacker
recipient saw a previous packet from its peer is included may get an address validation token from the server
in every QUIC packet. However, The available defenses and subsequently divulge the IP address used to get
aren’t meant to be useful against an attacker who can the token. The attacker may spoof this IP address to
catch QUIC packets before the connection is made. connect to a server using a 0-RTT connection disguised
as the victim. The server will then transfer an excessive
QUIC is susceptible to a number of security threats, quantity of data to the IP address, which allows the
according to [5]. These attacks are separated into attacker to spoof ACK frames to the server.
two categories: online attacks and offline attacks 7) Stream Fragmentation and Reassembly Attacks:
depending on whether the attacker is on the network As Iyengar, et al. mentioned in [13], to generate ex-
path connecting the client and the server. cessive receive buffer memory commitment and/or the
formation of a big, inefficient data structure, an adver-
sarial sender may purposefully broadcast stream data
3) Online Attacks: As mentioned by Li, et al. [11],
fragments. In order to force the sender to hold the
an attacker can make both parties (client and server)
unacknowledged stream data for re-transmission, an ad-
in the communication believe that the connection has
versarial receiver may purposefully fail to acknowledge
been successful for a long period of time by tampering
packets carrying stream data.
with the connection ID used by the client during the
handshake process. However, they are unable to analyze 8) Cache Poisoning Attacks: It is a cyber attack in
the received data normally. As a result, the connection which perpetrators inject false data into a web cache or
drop is taken place. The attacker can also tamper with the DNS cache with the intent of damaging users [35].
the source-address token [11] in a manner similar to the Cache poisoning attacks against HTTP-based implemen-
connection ID tampering attack, preventing both parties tations,like QUIC, are immensely troublesome [36].
from parsing the data packets that the other side has 9) Slowloris Attacks: Slowloris attacks [13] can be
received. The connection is seen as successful within carried out against a QUIC endpoint by producing the
the first a few seconds before being aggressively cut off. bare minimum of activities required to prevent it from
being shut down for inactivity. They aim to maintain as
4) Offline Attacks: Li, et al. [11] described a server many connections open as possible to the target destina-
configuration repeated attack, which is similar to TCP tion, by sending sparse quantities of data, progressively
reset injection [33]. In this attack, the attacker sniffs the opening flow control windows to regulate the sender rate,
server’s configuration information and use that knowl- or creating ACK frames that imitate a high loss rate.
edge together with a cloak of the server’s IP address 10) Explicit Congestion Notification Attacks: Another
to transmit reset packet to the client, which resets the major security threat for QUIC protocol is explicit con-
QUIC connection. Iyengar, et al. [13] also described gestion notification Attacks [13]. In order to affect the
that a stateless resets can lead to a DoS attack. This sender’s rate, an on-path attacker can change the value
attack is available if an attacker can make a connection of Explicit Congestion Notification (ECN) code points in
with a certain connection ID with a stateless reset token. the IP header. To alter the sender’s rate, an on-the-side
An attacker who produces this token can reset a open attacker can copy and transmit packets with altered ECN
connection with the same connection ID. codepoints. An off-path attacker will need to race the
QUIC is unable to offer an efficient way to stop both duplicate packet against the original in order to succeed
online and offline attackers from disrupting a QUIC in this attack if a recipient discards duplicate packets.
connection. It can cause both parties’ connections to 11) Optimistic ACK Attack: In an optimistic ACK
go inactive for a while, which can be used by online attack [13], a congestion controller could allow trans-
attackers to delay detection. Both communication parties mission at rates that are higher than what the network
are able to identify it. It takes little connection-related can handle because an endpoint recognizes packets it
knowledge for an attacker to break a QUIC connection. has not received. In order to identify this behavior, an
5) Reflective Amplification Attack and State Exhaus- endpoint can omit packet numbers while transmitting
tion Attack: In 2021, Nawrocki, et al. [17] described a packets. Once this happens, an endpoint has the option
security loophole in QUIC’s Handshake protocol. During to instantly terminate the connection with a PROTO-
the first round-trip, the server responds to an unverified COL VIOLATION connection error [37].
source. As a result, the attacker can easily establish Re- 12) Firewall Negligence Issue: Firewalls often offer
flective Amplification Attack [17] and State Exhaustion a variety of options when handling HTTP/HTTPS traffic
Attack [34]. The responding to unverified source issue [38]. When web traffic is discovered by a firewall, it of-
is a vital security weakness of QUIC protocol. ten goes via a web protection module that runs extensive
Authorized licensed use limited to: SICHUAN UNIVERSITY. Downloaded on January 26,2024 at 07:08:56 UTC from IEEE Xplore. Restrictions apply.
checks using deep packet inspection and web filtering. of increasing QUIC traffic has left TCP less and less
Firewalls, these days, can provide a lot of information, bandwidth to use. However, will it completely take over
including enhanced reporting and malware scanning. TCP in bandwidth competition? We could answer this
However, the majority firewalls do not recognize QUIC question by investigating the competition between QUIC
traffic as web traffic [2]. QUIC packets do not receive and TCP when the bandwidth shares changes. Through
the same amount of inspection and logging. This raises studying the cost and benefit of adopting QUIC, we can
serious security issues with consequences such as not make a prediction on the future of QUIC.
being able to limit access to websites or turning on safe 4) Cache Poisoning Attacks against QUIC: Cache
search on Google. poisoning attacks (DNS, web and so on) against HTTP-
13) Recent Explored Attacks: Chatzoglou, et al. [43] based implementations can be very problematic. How-
categorized overall security related attacks on QUIC ever, no study has yet looked at similar attacks against
into five types: Cryptographic Attacks, Handshake At- QUIC. Future research can study cache poisoning threats
tacks, Privacy Attacks, Fuzzing Attacks, and Trans- in such infrastructures because QUIC is implemented in
port Layer Attacks. They found some new issues of many proxies and load balancers.
QUIC protocol after deploying QUIC, including QUIC- 5) Guarantee Mechanisms to QUIC Connections: As
downgrade, QUIC-out-of-joint, QUIC-fuzz, QUIC-loris, we described in the last section, QUIC connections are
QUIC-flooding and QUIC-encapsulation. They men- accessible by online or offline attackers. To better iden-
tioned a future potential research challenge of QUIC tify malicious attacker’s actions and enhance connection
is “QUIC-focused fuzzer”. To find setup errors in the security, we can investigate how to improve the protocol
several QUIC implementations, a stateful QUIC fuzzer to provide additional guarantee mechanisms to QUIC
can be helpful. Table I shows an overall taxonomy on connections.
QUIC attacks.
V. C ONCLUSION
IV. D ISCUSSION AND FUTURE WORK
QUIC is a new transport layer protocol appeared
Although some research work has been done on after 2012, which is built on top of UDP with several
QUIC security, there are still room for advancement in improvements over TCP to address its performance
the current body of scientific research regarding QUIC issues. It is designed to achieves lower latency and
security. In this section, we discuss our vision on future higher efficiency than TCP. In addition, QUIC offers
work that can be done on QUIC security. improved privacy and higher performance in demanding
1) A Comprehensive Study on How Resistant QUIC is network environments. In the past a few years, there
against IP Spoofing and Flooding Attacks: No research have been much research done to address the security
has yet focused on the QUIC’s resistance to IP Spoof- issues of QUIC protocol. However, there is a lack of
ing and Flooding Attacks. Although address validation comprehensive survey that focuses on QUIC security.
protection is implemented by QUIC, it should be further In this paper, we aim to fulfil the gap and present a
investigated to see if this protection is functional against comprehensive survey on QUIC Security. We expect this
all QUIC implementations or not. In addition, we could effort to serve as a foundation and source of references
do comparison among available protection mechanisms for more research in the related field.
of QUIC on a User Datagram Protocol (UDP) based
Amplification Attack. In addition, We could propose R EFERENCES
feasible countermeasures that can be adopted by QUIC
[1] A. Langley, A. Riddoch, A. Wilk, A. Vicente, C. Krasic,
to improve its robustness. D. Zhang, F. Yang, F. Kouranov, I. Swett, J. Iyengar,
2) Balancing Security with Performance: The J. Bailey, J. Dorfman, J. Roskind, J. Kulik, P. Westin,
forward-secure 0-RTT handshake [29] has a high R. Tenneti, R. Shade, R. Hamilton, V. Vasiliev, W.-T. Chang,
and Z. Shi, “The QUIC Transport Protocol: Design and
performance cost, while 0-RTT handshake used by Internet-Scale Deployment,” in Proceedings of the Conference
QUIC cannot ensure forward security. On the contrary, of the ACM Special Interest Group on Data Communication,
in order to obtain stronger security than the current ser. SIGCOMM ’17. New York, NY, USA: Association for
Computing Machinery, Aug. 2017, pp. 183–196. [Online].
security standards, QUIC uses TLS1.3. As a result, Available: https://doi.org/10.1145/3098822.3098842
the processing demands of QUIC on the CPU have [2] P. N. N. G, N. Dey, N. N, M. Hariprasad, S. S, M. Moharir,
significantly increased due to the Encryption and and M. Akram, “A Detail Survey on QUIC and its Impact
on Network Data Transmission,” in 2022 6th International
Decryption burden imposed on by QUIC. Thus, it is Conference on Trends in Electronics and Informatics (ICOEI).
important to investigate and explore how to balance Tirunelveli, India: IEEE, Apr. 2022, pp. 378–385. [Online].
security and computation overhead. Available: https://ieeexplore.ieee.org/document/9777199/
[3] P. Kumar, “QUIC (Quick UDP Internet Connections) – A Quick
3) The Competition between QUIC and TCP as well Study,” Oct. 2020, arXiv:2010.03059 [cs]. [Online]. Available:
as the Prediction of the Future of QUIC: The trend http://arxiv.org/abs/2010.03059
Authorized licensed use limited to: SICHUAN UNIVERSITY. Downloaded on January 26,2024 at 07:08:56 UTC from IEEE Xplore. Restrictions apply.
TABLE I: Categorization of Attacks on QUIC
[4] R. Marx, T. De Decker, P. Quax, and W. Lamotte, “Resource Mul- Internet Measurement Conference, Nov. 2021, pp. 283–291,
tiplexing and Prioritization in HTTP/2 over TCP Versus HTTP/3 arXiv:2109.01106 [cs]. [Online]. Available: http://arxiv.org/abs/
over QUIC,” in Web Information Systems and Technologies, ser. 2109.01106
Lecture Notes in Business Information Processing, A. Bozzon, [18] L. Barman, S. Siby, C. Wood, M. Fayed, N. Sullivan, and
F. J. Domı́nguez Mayo, and J. Filipe, Eds. Cham: Springer C. Troncoso, “This is not the padding you are looking for!
International Publishing, 2020, pp. 96–126. On the ineffectiveness of QUIC PADDING against website
[5] R. Lychev, S. Jero, A. Boldyreva, and C. Nita-Rotaru, “How fingerprinting,” arXiv, Tech. Rep. arXiv:2203.07806, Mar.
Secure and Quick is QUIC? Provable Security and Performance 2022, arXiv:2203.07806 [cs] type: article. [Online]. Available:
Analyses,” in 2015 IEEE Symposium on Security and Privacy, http://arxiv.org/abs/2203.07806
May 2015, pp. 214–231, iSSN: 2375-1207. [19] P. Zhan, L. Wang, and Y. Tang, “Website fingerprinting on
[6] “Experimenting with QUIC.” [Online]. Available: https://blog. early QUIC traffic,” Computer Networks, vol. 200, p. 108538,
chromium.org/2013/06/experimenting-with-quic.html Dec. 2021. [Online]. Available: https://www.sciencedirect.com/
[7] “QUIC,” Jul. 2022, page Version ID: 1097684976. science/article/pii/S1389128621004618
[Online]. Available: https://en.wikipedia.org/w/index.php?title= [20] Y. Govil, L. Wang, and J. Rexford, “{MIMIQ}: Masking
QUIC&oldid=1097684976 {IPs} with Migration in {QUIC},” 2020. [Online]. Available:
[8] J. Iyengar and M. Thomson, “QUIC: A UDP-Based Multiplexed https://www.usenix.org/conference/foci20/presentation/govil
and Secure Transport,” Internet Engineering Task Force, Request [21] X. Cao, S. Zhao, and Y. Zhang, “0-RTT Attack and Defense
for Comments RFC 9000, May 2021. [Online]. Available: of QUIC Protocol,” in 2019 IEEE Globecom Workshops (GC
https://datatracker.ietf.org/doc/rfc9000/ Wkshps), Dec. 2019, pp. 1–6.
[9] M. Thomson and S. Turner, “Using TLS to Secure QUIC,” [22] “QUIC: Design Document and Specification Rationale.”
Internet Engineering Task Force, Request for Comments RFC [Online]. Available: https://docs.google.com/document/d/
9001, May 2021. [Online]. Available: https://datatracker.ietf.org/ 1RNHkx VvKWyWg6Lr8SZ-saqsQx7rFV-ev2jRFUoVD34/
doc/rfc9001/ edit?usp=embed facebook
[10] M. Bishop, “HTTP/3,” Internet Engineering Task Force, Request [23] M. Scharf and S. Kiesel, “NXG03-5: Head-of-line Blocking in
for Comments RFC 9114, Jun. 2022. [Online]. Available: TCP and SCTP: Analysis and Measurements,” in IEEE Globecom
https://datatracker.ietf.org/doc/draft-ietf-quic-http/34/ 2006, Nov. 2006, pp. 1–5, iSSN: 1930-529X.
[11] L. Xuebing, C. Yang, Z. Mengying, and W. Xin, [24] F. Qian, V. Gopalakrishnan, E. Halepovic, S. Sen, and
“Internet Data Transfer Protocol QUIC: A Survey,” O. Spatscheck, “TM3: 11th ACM Conference on Emerging
Journal of Computer Research and Development, vol. 57, Networking Experiments and Technologies, CoNEXT 2015,”
no. 9, p. 1864, Sep. 2020. [Online]. Available: Proceedings of the 11th ACM Conference on Emerging
https://crad.ict.ac.cn/EN/10.7544/issn1000-1239.2020.20190693 Networking Experiments and Technologies, CoNEXT 2015, Dec.
[12] S. Chen, S. Jero, M. Jagielski, A. Boldyreva, and C. Nita- 2015. [Online]. Available: http://www.scopus.com/inward/record.
Rotaru, “Secure Communication Channel Establishment: TLS url?scp=84994161453&partnerID=8YFLogxK
1.3 (over TCP Fast Open) versus QUIC,” Journal of Cryptology, [25] “SMig: Stream Migration Extension For HTTP/2,” Jan.
vol. 34, no. 3, p. 26, May 2021. [Online]. Available: 2017. [Online]. Available: https://cse.buffalo.edu/faculty/xmi/
https://doi.org/10.1007/s00145-021-09389-w publication/conext16 http2/
[13] J. Iyengar and M. Thomson, “QUIC: A UDP- [26] E. Rescorla, “The Transport Layer Security (TLS) Protocol
Based Multiplexed and Secure Transport,” Jul. Version 1.3,” Internet Engineering Task Force, Request for
2022. [Online]. Available: https://greenbytes.de/tech/webdav/ Comments RFC 8446, Aug. 2018. [Online]. Available: https:
draft-ietf-quic-transport-16.html#handshake-denial-of-service //datatracker.ietf.org/doc/rfc8446/
[14] “Usage Statistics of QUIC for Websites, July 2022.” [Online]. [27] S. R. Das, “Evaluation of QUIC on web page performance,”
Available: https://w3techs.com/technologies/details/ce-quic Thesis, Massachusetts Institute of Technology, 2014. [Online].
[15] “Usage Statistics of HTTP/3 for Websites, July 2022.” [Online]. Available: https://dspace.mit.edu/handle/1721.1/91444
Available: https://w3techs.com/technologies/details/ce-http3 [28] M. Bellare and B. Yee, “Forward-Security in Private-Key Cryp-
[16] “How Facebook is bringing QUIC to billions,” Oct. tography,” in Topics in Cryptology — CT-RSA 2003, ser. Lecture
2020. [Online]. Available: https://engineering.fb.com/2020/10/21/ Notes in Computer Science, M. Joye, Ed. Berlin, Heidelberg:
networking-traffic/how-facebook-is-bringing-quic-to-billions/ Springer, 2003, pp. 1–18.
[17] M. Nawrocki, R. Hiesgen, T. C. Schmidt, and M. Wählisch, [29] F. Günther, B. Hale, T. Jager, and S. Lauer, “0-RTT Key Ex-
“QUICsand: Quantifying QUIC Reconnaissance Scans and change with Full Forward Secrecy,” in Advances in Cryptology –
DoS Flooding Events,” in Proceedings of the 21st ACM EUROCRYPT 2017, ser. Lecture Notes in Computer Science, J.-
Authorized licensed use limited to: SICHUAN UNIVERSITY. Downloaded on January 26,2024 at 07:08:56 UTC from IEEE Xplore. Restrictions apply.
S. Coron and J. B. Nielsen, Eds. Cham: Springer International In Review, preprint, Jul. 2022. [Online]. Available:
Publishing, 2017, pp. 519–548. https://www.researchsquare.com/article/rs-1676730/v1
[30] M. Fischlin and F. Günther, “Multi-Stage Key Exchange and the [44] C. Cremers, M. Horvat, S. Scott, and T. van der Merwe, “Auto-
Case of Google’s QUIC Protocol,” in Proceedings of the 2014 mated Analysis and Verification of TLS 1.3: 0-RTT, Resumption
ACM SIGSAC Conference on Computer and Communications and Delayed Authentication,” in 2016 IEEE Symposium on
Security, ser. CCS ’14. New York, NY, USA: Association for Security and Privacy (SP), May 2016, pp. 470–485, iSSN: 2375-
Computing Machinery, Nov. 2014, pp. 1193–1204. [Online]. 1207.
Available: https://doi.org/10.1145/2660267.2660308 [45] N. Drucker and S. Gueron, “Selfie: reflections on TLS 1.3 with
[31] T. Jager, J. Schwenk, and J. Somorovsky, “On the Security PSK,” Journal of Cryptology, vol. 34, no. 3, p. 27, May 2021.
of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 [Online]. Available: https://doi.org/10.1007/s00145-021-09387-y
v1.5 Encryption,” Proceedings of the 22nd ACM SIGSAC [46] B. Arunkumar and G. Kousalya, “Nonce reuse/misuse resistance
Conference on Computer and Communications Security, Denver, authentication encryption schemes for modern TLS cipher
CO, USA, October 12-16, 2015, 2015. [Online]. Available: suites and QUIC based web servers,” Journal of Intelligent
https://ris.uni-paderborn.de/record/3121 & Fuzzy Systems, vol. 38, no. 5, pp. 6483–6493, Jan.
[32] N. Aviram, S. Schinzel, J. Somorovsky, N. Heninger, M. Dankel, 2020. [Online]. Available: https://content.iospress.com/articles/
J. Steube, L. Valenta, D. Adrian, J. A. Halderman, V. Dukhovni, journal-of-intelligent-and-fuzzy-systems/ifs179729
E. Käsper, S. Cohney, S. Engels, C. Paar, and Y. Shavitt, [47] K. L. McMillan and L. D. Zuck, “Formal specification
“{DROWN}: Breaking {TLS} Using {SSLv2},” 2016, pp. 689– and testing of QUIC,” in Proceedings of the ACM Special
706. [Online]. Available: https://www.usenix.org/conference/ Interest Group on Data Communication, ser. SIGCOMM
usenixsecurity16/technical-sessions/presentation/aviram ’19. New York, NY, USA: Association for Computing
[33] N. C. Weaver, “TCP Reset Injection,” in Encyclopedia of Machinery, Aug. 2019, pp. 227–240. [Online]. Available:
Cryptography and Security, H. C. A. van Tilborg and S. Jajodia, https://doi.org/10.1145/3341302.3342087
Eds. Boston, MA: Springer US, 2011, pp. 1282–1283. [Online]. [48] G. S. Reen and C. Rossow, “DPIFuzz: A Differential Fuzzing
Available: https://doi.org/10.1007/978-1-4419-5906-5 119 Framework to Detect DPI Elusion Strategies for QUIC,”
[34] X. Wang, “Memory and State Exhaustion Denial of Service,” in Annual Computer Security Applications Conference, ser.
in Encyclopedia of Cryptography and Security, H. C. A. van ACSAC ’20. New York, NY, USA: Association for Computing
Tilborg and S. Jajodia, Eds. Boston, MA: Springer US, Machinery, Dec. 2020, pp. 332–344. [Online]. Available:
2011, pp. 773–774. [Online]. Available: https://doi.org/10.1007/ https://doi.org/10.1145/3427228.3427662
978-1-4419-5906-5 270 [49] J. Zhang, X. Gao, L. Yang, T. Feng, D. Li, and Q. Wang, “A
[35] “What is cache poisoning and how does it work?” [Online]. Systematic Approach to Formal Analysis of QUIC Handshake
Available: https://www.techtarget.com/searchsecurity/definition/ Protocol Using Symbolic Model Checking,” Security and
cache-poisoning Communication Networks, vol. 2021, p. e1630223, Aug. 2021.
[Online]. Available: https://www.hindawi.com/journals/scn/2021/
[36] K. Man, Z. Qian, Z. Wang, X. Zheng, Y. Huang, and H. Duan,
1630223/
“DNS Cache Poisoning Attack Reloaded: Revolutions with Side
[50] K. Thimmaraju and B. Scheuermann, “Count Me If You Can:
Channels,” in Proceedings of the 2020 ACM SIGSAC Conference
Enumerating QUIC Servers Behind Load Balancers,” Electronic
on Computer and Communications Security. Virtual Event
Communications of the EASST, vol. 80, no. 0, Sep. 2021.
USA: ACM, Oct. 2020, pp. 1337–1350. [Online]. Available:
[Online]. Available: https://journal.ub.tu-berlin.de/eceasst/article/
https://dl.acm.org/doi/10.1145/3372297.3417280
view/1172
[37] J. Iyengar and M. Thomson, “QUIC: A UDP-Based Multiplexed
[51] K. Y. Gbur and F. Tschorsch, “A QUIC(K) Way Through
and Secure Transport,” Internet Engineering Task Force,
Your Firewall?” arXiv, Tech. Rep. arXiv:2107.05939, Jul.
Internet Draft draft-ietf-quic-transport-19. [Online]. Available:
2021, arXiv:2107.05939 [cs] type: article. [Online]. Available:
https://datatracker.ietf.org/doc/draft-ietf-quic-transport/19/
http://arxiv.org/abs/2107.05939
[38] W. M. Shbair, T. Cholez, J. Francois, and I. Chrisment, [52] V. Tong, H. A. Tran, S. Souihi, and A. Mellouk, “A Novel QUIC
“A Survey of HTTPS Traffic and Services Identification Traffic Classifier Based on Convolutional Neural Networks,” in
Approaches,” Aug. 2020, arXiv:2008.08339 [cs]. [Online]. 2018 IEEE Global Communications Conference (GLOBECOM).
Available: http://arxiv.org/abs/2008.08339 Abu Dhabi, United Arab Emirates: IEEE Press, Dec. 2018,
[39] S. Lee, Y. Shin, and J. Hur, “Return of version downgrade pp. 1–6. [Online]. Available: https://doi.org/10.1109/GLOCOM.
attack in the era of TLS 1.3,” in Proceedings of the 16th 2018.8647128
International Conference on emerging Networking EXperiments [53] G. Arfaoui, X. Bultel, P.-A. Fouque, A. Nedelcu, and C. Onete,
and Technologies. New York, NY, USA: Association for “The privacy of the TLS 1.3 protocol,” Proceedings on Privacy
Computing Machinery, Nov. 2020, pp. 157–168. [Online]. Enhancing Technologies, vol. 2019, pp. 190 – 210, 2019.
Available: https://doi.org/10.1145/3386367.3431310 [Online]. Available: https://hal.archives-ouvertes.fr/hal-02482253
[40] M. Fischlin and F. Günther, “Replay Attacks on Zero Round-Trip
Time: The Case of the TLS 1.3 Handshake Candidates,” in 2017
IEEE European Symposium on Security and Privacy (EuroS&P),
Apr. 2017, pp. 60–75.
[41] A. Saverimoutou, B. Mathieu, and S. Vaton, “Which secure
transport protocol for a reliable HTTP/2-based web service:
TLS or QUIC?” in 2017 IEEE Symposium on Computers and
Communications (ISCC), Jul. 2017, pp. 879–884.
[42] E. Gagliardi and O. Levillain, “Analysis of QUIC session
establishment and its implementations,” in 13th IFIP
International Conference on Information Security Theory
and Practice (WISTP), ser. Information Security Theory
and Practice, M. Laurent and T. Giannetsos, Eds.,
vol. LNCS-12024. Paris, France: Springer International
Publishing, Dec. 2019, pp. 169–184. [Online]. Available:
https://hal.archives-ouvertes.fr/hal-02468596
[43] E. Chatzoglou, V. Kouliaridis, G. Karopoulos, and
G. Kambourakis, “Revisiting QUIC attacks: A comprehensive
review on QUIC security and a hands-on study,”
Authorized licensed use limited to: SICHUAN UNIVERSITY. Downloaded on January 26,2024 at 07:08:56 UTC from IEEE Xplore. Restrictions apply.