Description
QUIC, a relatively new transport protocol, is designed to improve the shortcomings
of the conventional TCP protocol by offering faster connection establishments with
fewer RTTs and integrated security features. As QUIC gains traction, with numerous
independent implementations and even production use, ensuring its reliability
through robust security is critical. The security of QUIC is addressed in various works,
including RFC 9000, which outlines critical security considerations. However, the
diversity of QUIC implementations necessitates an automatic and dynamic security test
suite to ensure consistent and comprehensive validation of security mechanisms across
different QUIC versions. This master's thesis contributes to this need by analyzing three
security considerations from RFC 9000 (namely, Amplification Attack, Optimistic ACK Attack,
and Request Forgery Attacks) and proposing dynamic testing models specifically designed to
validate these aspects. Each testing model consists of multiple test cases derived from the
corresponding security consideration and relevant requirements detailed in RFC 9000, ensuring
a thorough and rigorous validation of QUIC's security mechanisms. In addition to these models,
the thesis provides a tool that implements them, providing a practical solution for the dynamic
and automatic validation of QUIC's security mechanisms across various QUIC implementations.
The development of this tool also provides a practical framework for enhancing the security and
reliability of QUIC implementations, ensuring that they can be safely deployed in a wide range of
network environments.
|
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching