Analyzing and Fixing the QACCE Security of QUIC

  • Hideki Sakurada
  • Kazuki Yoneyama
  • Yoshikazu Hanatani
  • Maki Yoshida
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10074)


QUIC is a secure transport protocol developed by Google. Lychev et al. proposed a security model (QACCE model) to capture the security of QUIC. However, the QACCE model is very complicated, and it is not clear if security requirements for QUIC are appropriately defined. In this paper, we show the first formal analysis result of QUIC using automated security verification tool ProVerif. Our symbolic model formalizes the QACCE model and the specification of QUIC. As the result of the verification, we find three attacks against QUIC in the QACCE model. It means that the Lychev et al.’s security proofs are not correct. We discuss why such attacks occur, and clarify there are unnecessarily strong points in the QACCE model. Finally, we give a way to improve the QACCE model to exactly address the appropriate security requirements.


QUIC QACCE model Automated verification ProVerif 

Supplementary material


  1. 1.
    Dierks, T., Allen, C.: The TLS protocol version 1.0. In: RFC 2246 (Proposed Standard), Internet Engineering Task Force (1999)Google Scholar
  2. 2.
    Ford, B.: Structured streams: a new transport abstraction. In: SIGCOMM 2007, pp. 361–372 (2007)Google Scholar
  3. 3.
    Stewart, R.: Stream control transmission protocol. In: RFC 4960 (Proposed Standard), Internet Engineering Task Force (2007)Google Scholar
  4. 4.
    Erman, J., Gopalakrishnan, V., Jana, R., Ramakrishnan, K.K.: Towards a SPDY’ier mobile web? In: CoNEXT 2013, pp. 303–314 (2013)Google Scholar
  5. 5.
    Roskind, J.: QUIC (Quick UDP Internet Connections): Multiplexed Stream Transport Over UDP (2013).
  6. 6.
    StatCounter: StatConter Global Stats: Top. 5 Desktop Browsers from to Apr 2016 (2016).
  7. 7.
    Fischlin, M., Günther, F.: Multi-stage key exchange and the case of Google’s QUIC protocol. In: ACM Conference on Computer and Communications Security 2014, pp. 1193–1204 (2014)Google Scholar
  8. 8.
    Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994). doi: 10.1007/3-540-48329-2_21 CrossRefGoogle Scholar
  9. 9.
    Lychev, R., Jero, S., Boldyreva, A., Nita-Rotaru, C.: How secure and quick is QUIC? Provable security and performance analyses. In: 2015 IEEE Symposium on Security and Privacy, pp. 214–231 (2015)Google Scholar
  10. 10.
    Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.3. Internet-Draft draft-ietf-tls-tls13-13 (2016)Google Scholar
  11. 11.
    ProVerif: Cryptographic protocol verifier in the formal model.
  12. 12.
    Blanchet, B.: Automatic verification of correspondences for security protocols. J. Comput. Secur. 17(4), 363–434 (2009)CrossRefGoogle Scholar
  13. 13.
    Blanchet, B., Abadi, M., Fournet, C.: Automated verification of selected equivalences for security protocols. J. Logic Algebraic Program. 75(1), 3–51 (2008). Algebraic Process Calculi. The First Twenty Five Years and Beyond. IIIMathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Cheval, V., Blanchet, B.: Proving more observational equivalences with ProVerif. In: Basin, D., Mitchell, J.C. (eds.) POST 2013. LNCS, vol. 7796, pp. 226–246. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-36830-1_12 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Hideki Sakurada
    • 1
  • Kazuki Yoneyama
    • 2
  • Yoshikazu Hanatani
    • 3
  • Maki Yoshida
    • 4
  1. 1.NTT Communication Science LaboratoriesNTT CorporationKanagawaJapan
  2. 2.Ibaraki UniversityIbarakiJapan
  3. 3.Corporate Research & Development CenterToshiba CorporationKanagawaJapan
  4. 4.Network Security Research InstituteNational Institute of Information and Communications Technology (NICT)TokyoJapan

Personalised recommendations