Skip to main content

21. Security Considerations

21. Security Considerations

The goal of QUIC is to provide a secure transport for application protocols. Section 21.1 provides an overview of those security properties; subsequent sections discuss constraints and caveats regarding this protection.

21.1 Overview of Security Properties

A complete security analysis of QUIC is provided in [QUIC-TLS].

21.1.1 Handshake

QUIC relies on the TLS 1.3 handshake to establish secure communication.

21.1.2 Protected Packets

Packet protection provides confidentiality and integrity protection for QUIC packets.

21.1.3 Connection Migration

Connection migration allows an endpoint to continue a connection when its IP address changes.

21.2 Handshake Denial of Service

QUIC is designed to reduce the effectiveness of amplification attacks by requiring both endpoints to demonstrate reachability at their advertised addresses.

21.3 Amplification Attack

An attacker might be able to receive an address validation token from a server and reuse that token on multiple connections.

21.4 Optimistic ACK Attack

An endpoint that acknowledges packets it has not received might cause a congestion controller to permit sending at rates beyond what the network supports.

21.5 Request Forgery Attacks

QUIC can be used to send data to endpoints with which the sender has no established connection.

21.6 Slowloris Attacks

Slowloris attacks [SLOWLORIS] try to tie up server resources by opening many connections and sending data slowly.

21.7 Stream Fragmentation and Reassembly Attacks

An adversarial sender might intentionally not send portions of the stream data, causing the receiver to commit resources for the unsent data.

21.8 Stream Commitment Attack

An adversarial endpoint can open a large number of streams, exhausting state on an endpoint.

21.9 Peer Denial of Service

QUIC and TLS both contain frames or messages that have legitimate uses in some contexts, but these frames or messages can be abused to cause a peer to expend processing resources without having any observable impact on the state of the connection.

21.10 Explicit Congestion Notification Attacks

An on-path attacker could manipulate ECN markings to cause endpoints to respond as though there were congestion on the path.

21.11 Stateless Reset Oracle

A Stateless Reset oracle is an off-path attacker that can observe the presence of a connection between two endpoints.

21.12 Version Downgrade

Attackers could interfere with version negotiation to force endpoints to use a version of QUIC that is vulnerable to attacks.

21.13 Targeted Attacks by Routing

Deployments should limit the ability of an attacker to target a specific connection.

21.14 Traffic Analysis

QUIC provides some protection against traffic analysis, but metadata about connections can still be observed by an attacker.

Last updated on