Which Secure Transport Protocol for a Reliable HTTP/2-based Web Service : TLS or QUIC ?

Antoine Saverimoutou 1, 2, 3 Bertrand Mathieu 1 Sandrine Vaton 2, 3
3 ADOPNET - Advanced technologies for operated networks
UR1 - Université de Rennes 1, IMT Atlantique - IMT Atlantique Bretagne-Pays de la Loire, IRISA-D2 - RÉSEAUX, TÉLÉCOMMUNICATION ET SERVICES
Abstract : Web browsing protocols are currently gaining the interest of the researchers. Indeed, HTTP/2, an improvement of HTTP/1.1 has been standardized in 2015 and meanwhile, Google proposed another transport protocol, QUIC (Quick UDP Internet Connection). The main objective of the two protocols is to improve end-users quality of experience and communications security. Current HTTP/2-based web servers rely on the standardized TLS (Transport Layer Security) protocol, on top of TCP. Google has developed its own security system, natively integrated within QUIC, and runs on top of UDP. If performance issues, comparing HTTP/2 over TLS/TCP and QUIC/UDP, have been investigated by few researchers, no one studied the security aspects of the two transport protocols. This paper aims at filling this gap and proposes a first security analysis of TLS/TCP and QUIC/UDP. Based on their characteristics, this paper identifies the vulnerabilities of the two protocols and evaluates their impacts on HTTP/2-based web services. This study can enable web servers developers or administrators to either select TLS/TCP or QUIC/UDP.
Document type :
Conference papers
Complete list of metadatas

Cited literature [20 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-01565795
Contributor : Stéphanie Moteau <>
Submitted on : Thursday, July 27, 2017 - 2:38:50 PM
Last modification on : Friday, September 13, 2019 - 9:50:55 AM

File

ISCC_2017_Final_Version.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-01565795, version 1

Citation

Antoine Saverimoutou, Bertrand Mathieu, Sandrine Vaton. Which Secure Transport Protocol for a Reliable HTTP/2-based Web Service : TLS or QUIC ?. ISCC 2017 : 22nd IEEE symposium on International Symposium on Computers and Communications, Jul 2017, Heraklion, Greece. ⟨hal-01565795⟩

Share

Metrics

Record views

385

Files downloads

545