Table of Contents
Fetching ...

An Automated Blackbox Noncompliance Checker for QUIC Server Implementations

Kian Kai Ang, Guy Farrelly, Cheryl Pope, Damith C. Ranasinghe

TL;DR

QUICtester addresses the gap in open-source conformance testing for ratified QUIC (RFC 9000/9001) by combining active automata learning with a protocol-specific test harness and automated cross-implementation analysis. It learns time-aware behavior models under multiple security configurations, then uses pairwise differential analysis to detect deviations without requiring formal reference models. Across 19 QUIC implementations and 186 learned models, it uncovers 55 faults, including 44 spec violations, memory-corruption bugs, and logical flaws, with several issues prompting CVEs and bug bounties and revealing a DoS vulnerability tied to specification ambiguity. The framework is modular, extensible, and open-source, offering practitioners a scalable method to verify security promises and interoperability in QUIC servers while guiding RFC improvements.

Abstract

We develop QUICtester, an automated approach for uncovering non-compliant behaviors in the ratified QUIC protocol implementations (RFC 9000/9001). QUICtester leverages active automata learning to abstract the behavior of a QUIC implementation into a finite state machine (FSM) representation. Unlike prior noncompliance checking methods, to help uncover state dependencies on event timing, QUICtester introduces the idea of state learning with event timing variations, adopting both valid and invalid input configurations, and combinations of security and transport layer parameters during learning. We use pairwise differential analysis of learned behaviour models of tested QUIC implementations to identify non-compliance instances as behaviour deviations in a property-agnostic way. This exploits the existence of the many different QUIC implementations, removing the need for validated, formal models. The diverse implementations act as cross-checking test oracles to discover non-compliance. We used QUICtester to analyze analyze 186 learned models from 19 QUIC implementations under the five security settings and discovered 55 implementation errors. Significantly, the tool uncovered a QUIC specification ambiguity resulting in an easily exploitable DoS vulnerability, led to 5 CVE assignments from developers, and two bug bounties thus far.

An Automated Blackbox Noncompliance Checker for QUIC Server Implementations

TL;DR

QUICtester addresses the gap in open-source conformance testing for ratified QUIC (RFC 9000/9001) by combining active automata learning with a protocol-specific test harness and automated cross-implementation analysis. It learns time-aware behavior models under multiple security configurations, then uses pairwise differential analysis to detect deviations without requiring formal reference models. Across 19 QUIC implementations and 186 learned models, it uncovers 55 faults, including 44 spec violations, memory-corruption bugs, and logical flaws, with several issues prompting CVEs and bug bounties and revealing a DoS vulnerability tied to specification ambiguity. The framework is modular, extensible, and open-source, offering practitioners a scalable method to verify security promises and interoperability in QUIC servers while guiding RFC improvements.

Abstract

We develop QUICtester, an automated approach for uncovering non-compliant behaviors in the ratified QUIC protocol implementations (RFC 9000/9001). QUICtester leverages active automata learning to abstract the behavior of a QUIC implementation into a finite state machine (FSM) representation. Unlike prior noncompliance checking methods, to help uncover state dependencies on event timing, QUICtester introduces the idea of state learning with event timing variations, adopting both valid and invalid input configurations, and combinations of security and transport layer parameters during learning. We use pairwise differential analysis of learned behaviour models of tested QUIC implementations to identify non-compliance instances as behaviour deviations in a property-agnostic way. This exploits the existence of the many different QUIC implementations, removing the need for validated, formal models. The diverse implementations act as cross-checking test oracles to discover non-compliance. We used QUICtester to analyze analyze 186 learned models from 19 QUIC implementations under the five security settings and discovered 55 implementation errors. Significantly, the tool uncovered a QUIC specification ambiguity resulting in an easily exploitable DoS vulnerability, led to 5 CVE assignments from developers, and two bug bounties thus far.
Paper Structure (25 sections, 20 figures, 8 tables)

This paper contains 25 sections, 20 figures, 8 tables.

Figures (20)

  • Figure 1: A simplified overview of handshake security configurations consisting of Initial packets, 0-RTT packets, Retry packets, Handshake packets and 1-RTT packets. Frames for Address validation are in blue text and for Client Authentication are red text. Messages in purple text carries the negotiated parameters to derive the pre-shared key for 0-RTT encryption in a future connection. Packet space numbers for each packet type are within square brackets.
  • Figure 2: An overview of QUICtester. FSM Inference with active learning and Automated Analysis method for identifying deviating behaviors.
  • Figure 3: Automated analysis using Differential Analyzer.
  • Figure 4: Example illustrating a Differential Analyzer result. Given two optimized models as inputs (Model 1 and Model 2), unique state transitions (the green edge denotes the unique edge in Model 1 while the red edge denotes it is unique to Model 2) are identified by the algorithm.
  • Figure 5: Simplified learned model of a Quiche server with the ClientAuth configuration. Blue edges show a valid path to complete a QUIC handshake. Red edges demonstrate an invalid path that bypasses the client authentication. The complete model is in Figure \ref{['fig:quicheClienttAuth']}, in the Appendix.
  • ...and 15 more figures