University of Limerick
Browse
- No file added yet -

A quic(k) security overview: a literature research on implemented security recommendations

Download (504.69 kB)
conference contribution
posted on 2024-08-30, 13:43 authored by Stefan TatschnerStefan Tatschner, Sebastian N. Peters, David Emeis, John MorrisJohn Morris, THOMAS NEWETHOMAS NEWE

Built on top of UDP, the relatively new QUIC protocol serves as the baseline for modern web protocol stacks. Equipped with a rich feature set, the protocol is defined by a 151 pages strong IETF standard complemented by several additional documents. Enabling fast updates and feature iteration, most QUIC implementations are implemented as user space libraries leading to a large and fragmented ecosystem. This work addresses the research question, “if a complex standard with a large number of different implementations leads to an insecure ecosystem?”. The relevant RFC documents were studied and “Security Consideration” items describing conceptional problems were extracted. During the research, 13 popular production ready QUIC implementations were compared by evaluating 10 security considerations from RFC9000. While related studies mostly focused on the functional part of QUIC, this study confirms that available QUIC implementations are not yet mature enough from a security point of view.

Funding

Joint project: Post-quantum secure communication for industry 4.0 with internationally standardized trust anchors (PoQsiKom) - sub-project: security modules for trust anchors in industry 4.0

Federal Ministry for Economic Affairs and Energy

Find out more...

History

Publication

ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security, 2023, Article, 55, pp. 1-8

Publisher

Association for Computing Macinery

Other Funding information

This work was partially supported by the German Federal Ministry of Education and Re?search (BMBF) under Grant No. 16KIS1847 and partially by the German Federal Ministry for Economic Affairs and Climate Ac?tion (BMWK) under Grant No. 13I40V010A.

Sustainable development goals

  • (4) Quality Education
  • (9) Industry, Innovation and Infrastructure

Department or School

  • Electronic & Computer Engineering

Usage metrics

    University of Limerick

    Categories

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC