Overview
Explore a comprehensive analysis of QUIC, Google's secure transport protocol, in this IEEE Symposium on Security & Privacy conference talk. Delve into the provable security and performance guarantees of QUIC in the presence of attackers. Examine the protocol's strengths and weaknesses, including its security model, forward secrecy limitations, and vulnerability to bit-flipping and replay attacks. Learn about practical implementations of these attacks and their impact on QUIC's latency advantages. Investigate the trade-offs between minimizing latency and providing robust security guarantees in performance-driven protocols. Gain insights into QUIC's protocol structure, security analysis challenges, and potential areas for future improvements in secure, low-latency transport protocols.
Syllabus
Intro
Minimizing Latency
What is QUIC?
Setup Time: QUIC vs TLS
Starting Data Exchange: QUIC vs TLS
Main Questions We Address
Summary of Our Results
Outline
QUIC Protocol
Security Analysis Main Challenges
How Secure is QUIC?
Performance Attack Overview
Attacks We Have Implemented
Summary and Future Work
Taught by
IEEE Symposium on Security and Privacy