Introduction to the QUIC Protocol

QUIC Protocol

If you've been looking at your firewall logs lately you may have seen a relatively new protocol called quick like me you've probably wondered, what is it is it relevant and more importantly does it pose any security threat to the network let's take a look the quick protocol was originally released by google in 2012 as a general purpose transport layer protocol it's heavily used between the chrome web browser and google servers this has now become an ietf standard and other vendors especially web browsers have started supporting it quick's primary purpose is to improve the performance of connection-oriented web applications that is web apps that currently use tcp in this way quick is kind of like a competitor to tcp to improve performance quick creates independent multiplexed udp connections between two endpoints that is it doesn't just use a single stream of data it will use several at once each of these streams is independent of each other so while one stream may drop packets the others will not how is this useful think of loading a web page there are usually several items that need loading like html code scripts images and more when the connection between the browser and the server is multiplexed the client does not need to wait for one of them to finish loading before downloading the next you may be thinking doesn't http version 2 already do this it does use multiple streams yes but it contains these within a single tcp connection that means that one stream will still be able to affect the quality of another stream if tcp needs to reset missing packets all streams need to wait for this to complete before they can get on with their job and because of this similarity between the two mapping http over quick is often called http version 3. other benefits that multiplexing brings is the ability to monitor each stream this then enables the protocol to prioritize some streams over others which reduces latency and helps avoid congestion additionally quick uses encryption to provide tls equivalent security so now the big question is this protocol insecure or is there some sort of security risk that quick poses to us at the time that i'm making this video many security experts are recommending that you block the quick protocol this won't lose functionality as browsers will fall back to tcp and tls why do they recommend this it's not necessarily insecure but there are a few concerns first many still consider this to be experimental it hasn't had time to prove itself yet also changes may still be made to the protocol revealing new security concerns in addition while still providing tls equivalent encryption it is still proprietary encryption it simply hasn't had the same amount of scrutiny as other encryption types and finally many firewalls do not handle quick as web traffic and will not inspect it accordingly this means they can't adequately check for malware being downloaded can't enforce safe search can't log web access and can't filter by url many of these things will just require time to resolve by the time overall the quick protocol offers some enhancements to the traffic that's being sent over the internet.