Demo: security vulnerabilities and network service disruptions with HTTP/3

Abstract

In this work, we meticulously examine and demonstrate the security vulnerabilities associated with HTTP/3 and the adversities it brings to the operations of the network services (middleboxes). HTTP/3 is built using the new QUIC transport protocol to introduce enhancements to web communication by leveraging the QUIC protocols secure and privacy focused features such as connection migration, passive latency monitoring, congestion control, flow control, and support for multiple streams.In the course of our investigation, we unveil unintended vulnerabilities inherent in the QUIC protocol. Specifically, we demonstrate that the passive latency monitoring feature in the QUIC protocol exposes a covert channel that can be exploited for reliable covert communication. Furthermore, we reveal that the QUIC connection migration feature disrupts the functionality of critical network functions, such as NAT/NAPT, leading to a denial-of-service vulnerability. We provide a practical demonstration of this denial-of-service vulnerability in a NAT network. Our findings highlight the need for comprehensive and robust security solutions to address the outlined vulnerabilities in HTTP/3.