Quick UDP Internet Connections (QUIC)

Simone Ferlin [email protected] draft-ietf-quic-transport-latest https://quicwg.github.io/base-drafts/draft-ietf-quic-transport.html

A First Look at QUIC in the Wild, PAM 2018 https://arxiv.org/pdf/1801.05168.pdf

Taking a Long Look at QUIC, ACM IMC 2017 https://mislove.org/publications/QUIC-IMC.pdf References for this Multipath QUIC, ACM CoNEXT 2017 presentation https://multipath-quic.org/conext17-deconinck.pdf

The QUIC Transport Protocol: Design and Internet-Scale Deployment, ACM SIGCOMM 2017 • https://static.googleusercontent.com/media/research.google.co m/en//pubs/archive/46403.pdf • https://conferences.sigcomm.org/sigcomm/2017/files/program/t s-5-1-QUIC.pdf Why QUIC?

• Improve performance and latency of web applications • Most web applications running with HTTP and TCP and TLS (HTTPS). • Keep the idea of flow and congestion control from TCP. • It provides at least a connection-oriented, reliable and in-order byte stream. • It enables stream multiplexing (similar to HTTP/2) to optimize for latency. • Improve security with end-to-end encryption by default and full encryption. • Still with TLS/SSL, but avoiding TLS’s handshake delay inflation. • Overcome slow adoption with code in user-space • No full system updates needed (code inside your browser). • The transport layer with only UDP and TCP is difficult to update.

• Overcome slow updates and ubiquitous devices, i.e. middleboxes • TCP is often affected and it became incredibly difficult to propose extensions: Is it Still Possible to Extend TCP?, M. Honda et al., ACM IMC 2011. Where is QUIC?

User-space

Kernel-space Where is QUIC?

User-space

Kernel-space Some QUICk remarks

• QUIC’s first implementation appeared around 2012 in Chromium • Standardisation group established in 2016 • QUIC-WG: https://datatracker.ietf.org/wg/quic).

• QUIC was and still is an experimental protocol • Approximately 9 versions update since 2015.

• It accounts for 2.6% to 9.1% of the Internet’s traffic • Looking at the addresses, this share is dominated by Google with up to 42.1%. • Only 0.06% to 0.1% of .com, .net, .org domains are QUIC enabled. • Only 1.6% to 2.44% of these domains present a valid certificate. Measuring QUIC: Handshake

- client sends an incomplete client hello (CHLO) message.

server responds with a reject (REJ): - server config, e.g. Diffie-Hellman public value. - certificate chain authenticating the server. - authenticated-encryption block with the client’s public IP. Measuring QUIC: Handshake

client: - after a complete CHLO, it is in possession of initial keys for the connection and free to send data to the server. Measuring QUIC: Handshake

If the handshake is successful, the server returns with a server hello (SHLO). - both server and client switch to send packets encrypted with the forward-secure keys. Measuring QUIC: Handshake

If the handshake is successful, the server returns with a server hello (SHLO).

In future connections the client can cache the previous negotiations and start from here. Measuring QUIC: Handshake

If the handshake is successful, the server returns with a server hello (SHLO).

In future connections the client can cache the previous negotiations and start from here.

QUIC’s provides two levels of secrecy: - initial client data is encrypted using initial keys (TLS). - subsequent data encrypted with forward-secure keys. Measuring QUIC: Little more inside packets…

1. CHLO: - Connection ID (CID) - QUIC version, e.g. Q039.

2. Find a common supported version: Measuring QUIC: A little more inside packets…

3. CHLO (again…)

4. REJ with some information (3. and 4. may repeat multiple times until all required data is available) - Signed Server Config (SCFG), Source Address Token (STK), supported ciphers, key exchange algorithms with public values, and certificates. Measuring QUIC: A little more inside packets…

5. Client can issue another CHLO with enough information to establish a connection

6. The server acknowledges CHLO with a successful connection establishment SHLO with further key/value-pairs enabling to fully utilize the connection. Good reference for packet format: draft-ietf-quic-transport-latest

QUIC Packets Long Header

Long headers are sent prior to the completion of version negotiation and establishment of 1-RTT keys.

Few unencrypted public fields: Few flags, Connection ID (CID), Packet Number (PKN) and encrypted payload. Why is some info is not encrypted? Good reference for packet format: draft-ietf-quic-transport-latest

QUIC Packets Short Header

The short header can be used after the version and 1-RTT keys are negotiated. Measuring QUIC:

Wireshark… Measuring QUIC: Setup and QUIC-Go

1. Go v1.9 Installation based on https://medium.com/@patdhlk/how-to-install-go-1-9-1-on-ubuntu-16-04-ee64c073cd79 cd /tmp wget https://storage.googleapis.com/golang/go1.9.1.linux-amd64.tar.gz tar xfz go1.9.1.linux-amd64.tar.gz sudo mv go /usr/local Measuring QUIC: Setup and QUIC-Go

2. Testing QUIC-Go mkdir ~/go cd ~/go /usr/local/go/bin/go get github.com/lucas-clemente/quic-go cd ~/go/src/github.com/lucas-clemente/quic-go /usr/local/go/bin/go get -t -u ./...

Disable verification of server certificate in client – we need a cert, since it is always encrypted. (use the one bundled with quic-go instead) nano internal/handshake/crypto_setup_client.go - err = h.certManager.Verify(h.hostname) + err = nil // h.certManager.Verify(h.hostname)

Fetch test data mkdir /tmp/quic-data cd /tmp/quic-data wget https://www.example.org Measuring QUIC: Setup and QUIC-Go Provider, e.g. GET to the Internet

Amazon EC2 instance Wireless and/or wired link

3. Start Server (defaults to port 6121) - start the server in your Amazon EC2 instance or for testing on 127.0.0.1. cd ~/go/src/github.com/lucas-clemente/quic-go /usr/local/go/bin/go run example/main.go -www /tmp/quic-data

4. Start Client locally, e.g. 127.0.0.1 cd ~/go/src/github.com/lucas-clemente/quic-go /usr/local/go/bin/go run example/client/main.go https://localhost:6121/