QUIC is a modern transport protocol initially developed by Google and standardised by the IETF that aims to improve internet performance and security by integrating transport and cryptographic functions using TLS. In 2022, Nawrocki et al. analyzed QUIC deployment in the wild focusing on handshakes having unnecessary additional round trips impacting performance or exceeding the so-called amplification limit. The amplification limit is a limit mandated by the QUIC standard limiting the size of the server's response to three times the size of the client's request until the client has verified its source address (Section 9.3, RFC 9001). This is to prevent potential Amplification Attacks. Amplification attacks are a kind of attack where third-party systems are abused to amplify an attacker's traffic towards a victim with the intent to overload the victim's system and cause a Denial of Service (DoS).
Nawrocki et al. found the majority of QUIC handshakes to exceed the amplification limit. Predominant reasons for this were missing packet coalescence and/or large certificate chains. Since QUIC has been standardised by IETF only fairly recently, we assume that QUIC deployment is still undergoing changes and development and a continued study of the issues identified is worthwhile.
Your tasks for this thesis topic:
- Implement a testing methodology similar to Nawrocki et al.'s Methodology. This should be done using our TLS-Attacker framework.
- Collect handshake and certificate data by conducting a large-scale scan.
- Compare your results to the results from Nawrocki et al. and evaluate whether the situation has improved.
