QFAM: Mitigating QUIC Handshake Flooding Attacks Through Crypto Challenges
Abdollah Jabbari, Y A Joarder, Benjamin Teyssier, Carol Fung
TL;DR
QUIC handshake flooding can exhaust server CPU due to high amplification during cryptographic handshakes. The paper introduces QFAM, a proactive mitigation that embeds cryptographic challenges in an Enhanced RETRY token and activates a mitigation mode under attack, shifting cost to attackers. The design includes a detailed token structure, server/client procedures, and complexity analysis, showing $O(2^n)$ client work versus $O(1)$ server work, which helps balance resource usage under flood conditions. Experimental results on a modified aioquic setup demonstrate reduced server CPU load and attacker cost with acceptable overhead for legitimate clients, highlighting practical resilience gains for QUIC deployments.
Abstract
QUIC protocol is primarily designed to optimize web performance and security. However, previous research has pointed out that it is vulnerable to handshake flooding attacks. Attackers can send excessive volume of handshaking requests to exhaust the CPU resource of the server, through utilizing the large CPU amplification factor occurred during the handshake process under attack. In this paper, we introduce a novel defense mechanism by introducing the concept of crypto challenges into the handshake protocol. This enhancement involves a proposal of modifying the RETRY token to integrate a cryptographic challenge into it. The client must solve crypto challenges during the handshake process in order to receive a high priority on the server side. By properly choosing the difficulty level of the challenges, the CPU amplification can be reduced, thus the DDoS vulnerability is naturalized. We evaluated the effectiveness of our proposed solution by integrating the crypto challenges into the clients and server of \textit{aioquic}. Our experimental results demonstrate that our solution can effectively balance the resource usage between the attacker and the server during of handshake flooding attacks while maintaining a low overhead for legitimate clients.