An Empirical Approach to Evaluate the Resilience of QUIC Protocol against Handshake Flood Attacks

QUIC is a new transport protocol aiming to enhance web connection performance and security. It was gaining popularity quickly in recent years and has been adopted by a number of prominent tech companies, including Facebook, Amazon, and Google. However, the resilience of QUIC Protocol against various cyber attacks has not been fully tested yet. In this paper, we investigate the resilience of QUIC Protocol against handshake flood attacks. We conducted comprehensive experiments to evaluate the resource consumptions of both the attacker and the target during incomplete handshake attacks, including CPU, memory, and bandwidth. The DDoS amplification factor was measured and analyzed based on the results. We compared the results against TCP Syn Cookies under Syn flood attacks. We show that the QUIC Protocol design has a much larger DDoS amplification factor compared to the TCP Syn Cookies, which means QUIC is more vulnerable to handshake DDoS attacks. Also, the CPU resource of QUIC servers is most likely the bottleneck during the handshake flood attacks. To the best of our knowledge, this is the first study to thoroughly investigate resilience of QUIC to handshake DDoS attacks.