How secure and quick is QUIC? Provable security and performance analyses

Proceedings - IEEE Symposium on Security and Privacy

Volumn 2015-July, Issue , 2015, Pages 214-231

  Lychev, Robert ^a   Jero, Samuel ^b   Boldyreva, Alexandra ^c   Nita Rotaru, Cristina ^b  

^a MIT LINCOLN LABORATORY   (United States)

^b PURDUE UNIVERSITY   (United States)

^c GEORGIA INSTITUTE OF TECHNOLOGY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ECONOMIC AND SOCIAL EFFECTS;

BUILDING BLOCKES; FORWARD SECRECY; PERFORMANCE-DRIVEN; PROVABLE SECURITY; SECURITY MODEL; SECURITY PROPERTIES; SECURITY WEAKNESS; TRANSPORT PROTOCOLS;

SEEBECK EFFECT;

EID: 84945194545     PISSN: 10816011     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SP.2015.21     Document Type: Conference Paper

References (35)

1. T. Dierks and C. Allen, "The TLS protocol version 1.0," RFC 2246 (Proposed Standard), Internet Engineering Task Force, Jan. 1999.
2. J. Roskind, "Quick UDP internet connections: Multiplexed stream transport over UDP," 2012. [Online]. Available: https://docs.google.com/document/d/1RNHkx-VvKWyWg6Lr8SZ-saqsQx7rFV-ev2jRFUo VD34/edit
3. J. Erman, V. Gopalakrishnan, R. Jana, and K. K. Ramakr-ishnan, "Towards a SPDY'ier mobile web?" in Proceedings of the Ninth ACM Conference on Emerging Networking Experiments and Technologies, ser. CoNEXT '13. ACM, 2013, pp. 303-314.
4. R. Stewart, "Stream control transmission protocol," RFC 4960 (Proposed Standard), Internet Engineering Task Force, Sep. 2007.
5. B. Ford, "Structured streams: A new transport abstraction," in Proceedings of the 2007 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, ser. SIGCOMM '07. ACM, 2007, pp. 361-372.
6. J. Roskind, "Experimenting with QUIC," The Chromium Blog, 2013. [Online]. Available: http://blog.chromium.org/2013/06/experimenting-with-quic.html
7. E. Rescorla and N. Modadugu, "Datagram transport layer security version 1.2," RFC 6347 (Proposed Standard), Internet Engineering Task Force, Jan. 2012.
8. T. Jager, F. Kohlar, S. Schäge, and J. Schwenk, "On the security of TLS-DHE in the standard model," in CRYPTO, ser. Lecture Notes in Computer Science, R. Safavi-Naini and R. Canetti, Eds., vol. 7417. Springer, 2012, pp. 273-293.
9. H. Krawczyk, K. G. Paterson, and H. Wee, "On the security of the TLS protocol: A systematic analysis," in CRYPTO, ser. Lecture Notes in Computer Science, R. Canetti and J. A. Garay, Eds., vol. 8042. Springer, 2013, pp. 429-448.
10. K. Bhargavan, C. Fournet, M. Kohlweiss, A. Pironti, P.-Y. Strub, and S. Z. Bguelin, "Proving the TLS handshake secure (as it is)," 2014, IACR Cryptology ePrint Archive 2014: 182 (2014).
11. M. Fischlin and F. Günther, "Multi-stage key exchange and the case of google's QUIC protocol," in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS '14. ACM, 2014, pp. 1193-1204.
12. R. Clayton, S. J. Murdoch, and R. N. Watson, "Ignoring the great firewall of China," in Privacy Enhancing Technologies. Springer, 2006, pp. 20-35.
13. E. Rescorla, "New handshake flows for TLS 1.3," 2014. [Online]. Available: http://tools.ietf.org/html/draft-rescorla-tls13-new-flows-01
14. J. Salowey, H. Zhou, P. Eronen, and H. Tschofenig, "Transport layer security (TLS) session resumption without serverside state," RFC 5077 (Proposed Standard), Internet Engineering Task Force, Jan. 2008.
15. A. Langely, "Google, Personal communication," 2014.
16. R. Lychev, S. Jero, A. Boldyreva, and C. Nita-Rotaru, "How secure and quick is QUIC? Provable security and performance analyses," 2015, Full version of this paper. IACR Cryptology ePrint Archive 2015.
17. A. R. Wilk, J. Kulik, F. Kouranov, and A. Westerlund, "Google QUIC team, Personal communication," 2014.
18. W. Aiello, S. M. Bellovin, R. Canetti, J. Ioannidis, A. D. Keromytis, and O. Reingold, "Just fast keying: Key agreement in a hostile Internet," in ACM Transactions on Information and System Security, ser. TISSEC, vol. 7, no. 2. ACM, May 2004, pp. 1-30.
19. B. Blanchet, "A computationally sound mechanized prover for security protocols," in Proceedings of the 2006 IEEE Symposium on Security and Privacy. IEEE Computer Society, 2006, pp. 140-154.
20. G. Barthe, B. Grégoire, S. Heraud, and S. Z. Béguelin, "Computer-aided security proofs for the working cryptographer," in CRYPTO, ser. Lecture Notes in Computer Science, P. Rogaway, Ed., vol. 6841. Springer, 2011, pp. 71-90.
21. C. Fournet, M. Kohlweiss, and P. Strub, "Modular code-based cryptographic verification," in Proceedings of the 18th ACM Conference on Computer and Communications Security, ser. CCS '11. ACM, 2011, pp. 341-350.
22. K. Bhargavan, C. Fournet, M. Kohlweiss, A. Pironti, P. Strub, and S. Z. Béguelin, "Proving the TLS handshake secure (as it is)," in CRYPTO, ser. Lecture Notes in Computer Science, J. A. Garay and R. Gennaro, Eds., vol. 8617. Springer, 2014, pp. 235-255.
23. K. Bhargavan, C. Fournet, M. Kohlweiss, A. Pironti, and P. Strub, "Implementing TLS with verified cryptographic security," in Proceedings of the 2013 IEEE Symposium on Security and Privacy. IEEE Computer Society, 2013, pp. 445-459.
24. P. Rogaway, "Authenticated-encryption with associated-data," in Proceedings of the 9th ACM Conference on Computer and Communications Security, ser. CCS '02. ACM, 2002, pp. 98-107.
25. M. Abdalla, M. Bellare, and P. Rogaway, "The oracle Diffie-Hellman assumptions and an analysis of DHIES," in Topics in Cryptology-CT-RSA, ser. Lecture Notes in Computer Science, D. Naccache, Ed., vol. 2020. Springer, 2001, pp. 143-158.
26. D. A. McGrew and J. Viega, "The security and performance of the Galois/counter mode (GCM) of operation," in Progress in Cryptology-INDOCRYPT 2004. Springer, 2004, pp. 343-355.
27. M. Bellare and P. Rogaway, "Random oracles are practical: a paradigm for designing efficient protocols." in Proceedings of the 1st ACM Conference on Computer and Communications Security, ser. CCS '93. ACM, 1993, pp. 62-73.
28. -, "Entity authentication and key distribution," in CRYPTO, ser. Lecture Notes in Computer Science, D. Stin-son, Ed. Springer, 1994, vol. 773, pp. 232-249.
29. C. Brzuska, N. P. Smart, B. Warinschi, and G. J. Watson, "An analysis of the EMV channel establishment protocol," in Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS '13. ACM, 2013, pp. 373-386.
30. EMVCo LLC, "EMV ECC key establishment protocols," 2012. [Online]. Available: http://www.emvco.com/specifications.aspx?id=243
31. M. Bellare, T. Kohno, and C. Namprempre, "Breaking and provably repairing the SSH authenticated encryption scheme: A case study of the Encode-then-Encrypt-and-MAC paradigm," ACM Trans. Inf. Syst. Secur., vol. 7, no. 2, pp. 206-241, 2004.
32. 2 and HMAC." in CRYPTO, ser. Lecture Notes in Computer Science, R. Safavi-Naini and R. Canetti, Eds. Springer, 2012, vol. 7417, pp. 348-366.
33. W. Eddy, "TCP SYN flooding attacks and common mitigations," RFC 4987 (Informational), Aug. 2007.
34. J. Clark and P. C. van Oorschot, "SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements," in Proceedings of the 2013 IEEE Symposium on Security and Privacy. IEEE Computer Society, 2013, pp. 511-525.
35. R. Abramov and A. Herzberg, "TCP ack storm DoS attacks," in Future Challenges in Security and Privacy for Academia and Industry, J. Camenisch, S. Fischer-Hbner, Y. Murayama, A. Portmann, and C. Rieder, Eds. Springer, 2011, pp. 29-40.