Sunday, April 26, 2015

QUIC and transport delivery and encryption.

We at Canada Cyber have noticed an increased amount of traffic using the QUIC UDP protocol delivery system that is provided by google.

Canada cyber logs from a one of our sensors also confirm this.

It’s exciting to see what security implications this bring, as things like Session Hijacking for standard UDP is considerably easier than TCP. Since UDP does not use packet sequencing and synchronizing; it is easier than TCP to takeover UDP session. The hijacker has simply to falsify a server reply to a client UDP request before the backend server can reply. If wire sniffing is used then it will be easier to control the traffic generating from the side of the server and therefore limiting server’s reply to the client in the first place.

Now with this new QUIC protocol it's going to be harder to do the above as the sessions as it encrypts the entire transport channel.

The winners:
1. If you are using a google server, and the Chrome browser, you will notice a much faster internet experience.

The losers:
1. Other Browsers, that do not currently support QUIC.
2. Firewall and IDS systems as its much harder to inspect the current  QUIC UDP sessions.
3. Competing TCP sessions. as they are going to lose when compared with QUIC UDP sessions that most current security Sensors do no inspect at all yet.