Mathias Hall-Andersen
ABSTRACT
We present nQUIC, a variant of QUIC-TLS that uses the Noise protocol framework for its key exchange and basis of its packet protector with no semantic transport changes. nQUIC is designed for deployment in systems and for applications that assert trust in raw public keys rather than PKI-based certificate chains. It uses a fixed key exchange algorithm, compromising agility for implementation and verification ease. nQUIC provides mandatory server and optional client authentication, resistance to Key Compromise Impersonation attacks, and forward and future secrecy of traffic key derivation, which makes it favorable to QUIC-TLS for long-lived QUIC connections in comparable applications. We developed two interoperable prototype implementations written in Go and Rust. Experimental results show that nQUIC finishes its handshake in a comparable amount of time as QUIC-TLS.
Supplemental Material
- {n. d.}. OpenSSL. https://www.openssl.org/. ({n. d.}).Google Scholar
- {n. d.}. OpenSSL Vulnerabilities. https://www.openssl.org/news/vulnerabilities.html. ({n. d.}).Google Scholar
- {n. d.}. QUIC Crypto. https://docs.google.com/document/d/1g5nIXAIkN_Y-7XJW5K45IblHd_L2f5LTaDUDwvZ5L6g/edit. ({n. d.}).Google Scholar
- 2016. BOLT 8: Encrypted and Authenticated Transport. https://github.com/lightningnetwork/lightning-rfc/blob/master/08-transport.md. (2016).Google Scholar
- 2016. WhatsApp Encryption Overview. https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf. (2016).Google Scholar
- Daniel Bernstein. 2011. CurveCP: Usable security for the Internet. URL: http://curvecp.org (2011).Google Scholar
- Katriel Cohn-Gordon, Cas Cremers, and Luke Garratt. 2016. On post-compromise security. In Computer Security Foundations Symposium (CSF), 2016 IEEE 29th. IEEE, 164--178.Google ScholarCross Ref
- Cas Cremers, Marko Horvat, Jonathan Hoyland, Sam Scott, and Thyla van der Merwe. 2017. A comprehensive symbolic analysis of TLS 1.3. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, Dallas, USA. Google ScholarDigital Library
- Cas Cremers, Marko Horvat, Jonathan Hoyland, Sam Scott, and Thyla van der Merwe. 2017. A Comprehensive Symbolic Analysis of TLS 1.3. http://doi.acm.org/10.1145/3133956.3134063. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS '17). ACM, New York, NY, USA, 1773--1788. Google ScholarDigital Library
- Jason A Donenfeld. 2016. WireGuard: Next generation kernel network tunnel. In Proceedings of the 2017 Network and Distributed System Security Symposium, NDSS, Vol. 17.Google Scholar
- Jason A. Donenfeld and Kevin Milner. 2017. Formal Verification of the WireGuard Protocol. Technical Report.Google Scholar
- Marc Fischlin and Felix Günther. 2014. Multi-stage key exchange and the case of Google's QUIC protocol. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 1193--1204. Google ScholarDigital Library
- Martin Georgiev, Subodh Iyengar, Suman Jana, Rishita Anubhai, Dan Boneh, and Vitaly Shmatikov. 2012. The most dangerous code in the world: validating SSL certificates in non-browser software.Google Scholar
- Paul E. Hoffman and Jakob Schlyter. 2012. The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA. RFC 6698. (August 2012).Google ScholarDigital Library
- C. Huitema and E. Rescorla. 2018. SNI Encryption in TLS Through Tunneling. Internet-Draft. Internet Engineering Task Force. Work in Progress.Google Scholar
- Jana Iyengar and Martin Thomson. 2018. QUIC: A UDP-Based Multiplexed and Secure Transport. Internet-Draft draft-ietf-quic-transport-14. Internet Engineering Task Force. Work in Progress.Google Scholar
- Nadim Kobeissi. {n. d.}. Noise Explorer. https://noiseexplorer.com/. ({n. d.}).Google Scholar
- H. Krawczyk and P. Eronen. 2010. HMAC-based Extract-and-Expand Key Derivation Function (HKDF). RFC 5869. (May 2010).Google Scholar
- Hugo Krawczyk and Hoeteck Wee. 2015. The OPTLS Protocol and TLS 1.3. Cryptology ePrint Archive, Report 2015/978. (2015). https://eprint.iacr.org/2015/978.Google Scholar
- Subodh Iyengar Kyle Nekritz. {n. d.}. Facebook Zero Protocol. https://code.fb.com/android/building-zero-protocol-for-fast-secure-mobile-connections/. ({n. d.}).Google Scholar
- Adam Langley. {n. d.}. Cryptographic Agility. https://www.imperialviolet.org/2016/05/16/agility.html. ({n. d.}).Google Scholar
- Adam Langley. 2014. PKCS1 signature validation. https://www.imperialviolet.org/2014/09/26/pkcs1.html. (2014).Google Scholar
- Adam Langley and Wan-Teh Chang. 2013. QUIC Crypto. (2013).Google Scholar
- B. Laurie, A. Langley, and E. Kasper. 2013. Certificate Transparency. RFC 6962. RFC Editor.Google Scholar
- Benjamin Lipp. 2018. A Mechanised Computational Analysis of the WireGuard Virtual Private Network Protocol. Technical Report.Google Scholar
- Trevor Perrin. 2017. Noise protocol framework. https://noiseprotocol.org/ (October 2017).Google Scholar
- W Michael Petullo, Xu Zhang, Jon A Solworth, Daniel J Bernstein, and Tanja Lange. 2013. MinimaLT: minimal-latency networking through better security. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. ACM, 425--438. Google ScholarDigital Library
- J Ronald Prins and Business Unit Cybercrime. 2011. DigiNotar Certificate Authority breach 'Operation Black Tulip'. Fox-IT, November (2011).Google Scholar
- E. Rescorla. 2018. The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446. RFC Editor.Google Scholar
- Eric Rescorla, Kazuho Oku, Nick Sullivan, and Christopher A. Wood. 2018. Encrypted Server Name Indication for TLS 1.3. Internet-Draft draft-rescorla-tls-esni-00. Internet Engineering Task Force. Work in Progress.Google Scholar
- Chris McMahon Stone, Tom Chothia, and Flavio D Garcia. 2017. Spinner: Semi-Automatic Detection of Pinning without Hostname Verification. (2017).Google Scholar
- Nick Sullivan. {n. d.}. Why TLS 1.3 isn't in browsers yet. https://blog.cloudflare.com/why-tls-1-3-isnt-in-browsers-yet/. ({n. d.}).Google Scholar
- Martin Thomson and Sean Turner. 2018. Using Transport Layer Security (TLS) to Secure QUIC. Internet-Draft draft-ietf-quic-tls-14. Internet Engineering Task Force. Work in Progress.Google Scholar
- David A. Wheeler. 2014. The Apple goto fail vulnerability: lessons learned. https://www.dwheeler.com/essays/apple-goto-fail.html. (2014).Google Scholar
Index Terms
- nQUIC: Noise-Based QUIC Packet Protection
Recommendations
Evaluating TCP-friendliness in light of Concurrent Multipath Transfer
In prior work, a CMT protocol using SCTP multihoming (termed SCTP-based CMT) was proposed and investigated for improving application throughput. SCTP-based CMT was studied in (bottleneck-independent) wired networking scenarios with ns-2 simulations. ...
TCP CERL: congestion control enhancement over wireless networks
In this paper, we propose and verify a modified version of TCP Reno that we call TCP Congestion Control Enhancement for Random Loss (CERL). We compare the performance of TCP CERL, using simulations conducted in ns-2, to the following other TCP variants: ...
A framework to mitigate ARP sniffing attacks by cache poisoning
Today in the digital era of computing, most of the network attacks are caused by sniffing the sensitive data over the network. Among various types of sniffing attacks, ARP sniffing causes most of the LAN attacks wired and wireless LAN coexist. ARP ...
Comments