A Survey on the Security Issues of QUIC

Abstract

A newly established multiplexed network protocol - QUIC, which is based on User Datagram Protocol (UDP), has emerged in recent years and gained a large share of Internet traffic quickly. Initially proposed by Google, the goal of QUIC is to achieve a higher Internet communication performance and eventually replace the Transmission Control Protocol (TCP) + Transport Layer Security (TLS) + HTTP/2 architecture. In particular, the 3rd version of the Hypertext Transfer Protocol - HTTP/3.0 is built on top of QUIC. A good number of research papers have been published recently to evaluate the performance and security of the QUIC protocol. In this paper, we conduct a comprehensive survey on the QUIC security issues and analyze its future research directions regarding security prospective. We investigate several topics including the QUIC protocol structure, QUIC security model, security issues related to QUIC protocol, and future research directions on QUIC Security. To the best of our knowledge, it is the one of first surveys that focus on the security of the QUIC protocol.