Which Secure Transport Protocol for a Reliable HTTP/2-based Web Service : TLS or QUIC ?

Antoine Saverimoutou 1, 2, 3 Bertrand Mathieu 1 Sandrine Vaton 2, 3
3 ADOPNET - Advanced technologies for operated networks
UR1 - Université de Rennes 1, IMT Atlantique - IMT Atlantique Bretagne-Pays de la Loire, IRISA_D2 - RÉSEAUX, TÉLÉCOMMUNICATION ET SERVICES
Abstract : Web browsing protocols are currently gaining the interest of the researchers. Indeed, HTTP/2, an improvement of HTTP/1.1 has been standardized in 2015 and meanwhile, Google proposed another transport protocol, QUIC (Quick UDP Internet Connection). The main objective of the two protocols is to improve end-users quality of experience and communications security. Current HTTP/2-based web servers rely on the standardized TLS (Transport Layer Security) protocol, on top of TCP. Google has developed its own security system, natively integrated within QUIC, and runs on top of UDP. If performance issues, comparing HTTP/2 over TLS/TCP and QUIC/UDP, have been investigated by few researchers, no one studied the security aspects of the two transport protocols. This paper aims at filling this gap and proposes a first security analysis of TLS/TCP and QUIC/UDP. Based on their characteristics, this paper identifies the vulnerabilities of the two protocols and evaluates their impacts on HTTP/2-based web services. This study can enable web servers developers or administrators to either select TLS/TCP or QUIC/UDP.
Type de document :
Communication dans un congrès
ISCC 2017 : 22nd IEEE symposium on International Symposium on Computers and Communications, Jul 2017, Heraklion, Greece. 2017
Liste complète des métadonnées

Littérature citée [20 références]  Voir  Masquer  Télécharger

https://hal.archives-ouvertes.fr/hal-01565795
Contributeur : Stéphanie Moteau <>
Soumis le : jeudi 27 juillet 2017 - 14:38:50
Dernière modification le : jeudi 29 novembre 2018 - 10:30:08

Fichier

ISCC_2017_Final_Version.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : hal-01565795, version 1

Citation

Antoine Saverimoutou, Bertrand Mathieu, Sandrine Vaton. Which Secure Transport Protocol for a Reliable HTTP/2-based Web Service : TLS or QUIC ?. ISCC 2017 : 22nd IEEE symposium on International Symposium on Computers and Communications, Jul 2017, Heraklion, Greece. 2017. 〈hal-01565795〉

Partager

Métriques

Consultations de la notice

282

Téléchargements de fichiers

337