Abstract | ||
---|---|---|
QUIC is a secure transport protocol developed by Google and implemented in Chrome in 2013, currently representing one of the most promising solutions to decreasing latency while intending to provide security properties similar with TLS. In this work we shed some light on QUICu0027s strengths and weaknesses in terms of its provable security and performance guarantees in the presence of attackers. We introduce a security model for analyzing performance-driven protocols like QUIC and prove that QUIC satisfies our definition under reasonable assumptions on the protocolu0027s building blocks. Our analyses also reveal that with simple replay and manipulation attacks on some public parameters exchanged during the handshake, an adversary could easily prevent QUIC from achieving minimal latency by causing connection failure, probably resulting in fallback to TLS. |
Year | DOI | Venue |
---|---|---|
2015 | 10.1109/SP.2015.21 | IEEE Symposiumon Security and Privacy |
Keywords | Field | DocType |
QUIC,provable security,performance analysis,secure transport protocol,Google,Chrome,performance guarantee,TLS-DHE,bit-flipping | Internet privacy,Handshake,Computer science,Computer security,Network security,Computer network,Forward secrecy,QUIC,Public-key cryptography,Replay attack,Computer security model,Provable security | Conference |
Volume | ISSN | Citations |
2015 | 1081-6011 | 27 |
PageRank | References | Authors |
1.30 | 28 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Robert Lychev | 1 | 61 | 4.29 |
Samuel Jero | 2 | 58 | 8.15 |
Alexandra Boldyreva | 3 | 2297 | 114.80 |
Cristina Nita-Rotaru | 4 | 27 | 1.30 |