Browsing by Author "Selvam, Hari Hara Sudhan"

In this work, we meticulously examine and demonstrate the security vulnerabilities associated with HTTP/3 and the adversities it brings to the operations of the network services (middleboxes). HTTP/3 is built using the new QUIC transport protocol to introduce enhancements to web communication by leveraging the QUIC protocols secure and privacy focused features such as connection migration, passive latency monitoring, congestion control, flow control, and support for multiple streams. In the course of our investigation, we unveil unintended vulnerabilities inherent in the QUIC protocol. Specifically, we demonstrate that the passive latency monitoring feature in the QUIC protocol exposes a covert channel that can be exploited for reliable covert communication. Furthermore, we reveal that the QUIC connection migration feature disrupts the functionality of critical network functions, such as NAT/NAPT, leading to a denial-of-service vulnerability.We provide a practical demonstration of this denial-of-service vulnerability in a NAT network. Our findings highlight the need for comprehensive and robust security solutions to address the outlined vulnerabilities in HTTP/3.

Security and Privacy have become fundamental requirements of modern Internet services. Over the years, both Hypertext Transfer Protocol (HTTP) and Transport Layer Security (TLS) have evolved significantly to meet the performance, privacy and security demands of the web services. However, the usage of Service Name Identity (SNI) in TLS carry service-related information in plain-text, which potentially reveal the user's activity and compromise the privacy. In this work, we analyse the performance, security and privacy trade-offs offered by the recent developments in HTTP and TLS protocols namely HTTP/3 and TLS1.3. Our results indicate the end-to-end performance of HTTP/3 and HTTP/2 to be very similar, but HTTP/3 offers better security and privacy. Further, we quantify the overheads associated with HTTP/3 and find that the computational complexity with HTTP/3 for SNI obfuscation and extraction from 'ClientHello' packets is nearly 10 times more than HTTP/2. Further, we find that the user-space implementations of QUIC in HTTP/3 are more compute-intensive and prone to be unstable. We conclude that a leaner alternative would be the adoption of "Encrypted ClientHello"(ECH), that proposes to overcome this privacy issue by extending TLS 1.3, where all the information that could potentially reveal the service type is encrypted using a public key. The widespread adoption of TLS 1.3 with ECH is imperative to enable complete privacy in web services.