Formal Analysis of QUIC Handshake Protocol Using Symbolic Model Checking

Jingjing Zhang; Lin Yang; Xianming Gao; Gaigai Tang; Jiyong Zhang; Qiang Wang

doi:10.1109/ACCESS.2021.3052578

IEEE Access (Jan 2021)

Formal Analysis of QUIC Handshake Protocol Using Symbolic Model Checking

Jingjing Zhang,
Lin Yang,
Xianming Gao,
Gaigai Tang,
Jiyong Zhang,
Qiang Wang

Affiliations

Jingjing Zhang: ORCiD; College of Command and Control Engineering, Army Engineering University of PLA, Nanjing, China
Lin Yang: ORCiD; National Key Laboratory of Science and Technology on Information System Security, Institute of System Engineering, PLA Academy of Military Science, Beijing, China
Xianming Gao: ORCiD; National Key Laboratory of Science and Technology on Information System Security, Institute of System Engineering, PLA Academy of Military Science, Beijing, China
Gaigai Tang: ORCiD; College of Computer Science and Technology, Harbin Engineering University, Harbin, China
Jiyong Zhang: ORCiD; School of Automation, Hangzhou Dianzi University, Hangzhou, China
Qiang Wang: ORCiD; National Key Laboratory of Science and Technology on Information System Security, Institute of System Engineering, PLA Academy of Military Science, Beijing, China

DOI: https://doi.org/10.1109/ACCESS.2021.3052578
Journal volume & issue: Vol. 9
pp. 14836 – 14848

Abstract

Read online

This work presents a security analysis of the QUIC handshake protocol based on symbolic model checking. As a newly proposed secure transport protocol, the purpose of QUIC is to improve the transport performance of HTTPS traffic and enable rapid deployment and evolution of transport mechanisms. QUIC is currently in the IETF standardization process and will potentially carry a significant portion of Internet traffic in the emerging future. For a better understanding of the essential security properties, we have developed a formal model of the QUIC handshake protocol and perform a comprehensive formal security analysis by using two state-of-the-art model checking tools for cryptographic protocols, i.e., ProVeirf and Verifpal. Our analysis shows that ProVerif is generally more powerful than Verifpal in terms of verifying authentication properties. Moreover, both tools produce a counterexample to some security properties, which reveal a design flaw in the current protocol specification. Last but not least, we analyze the root causes of this counterexample and suggest a possible fix.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords