A Performance Evaluation of QUIC in Real-Time Networks

International audienceQUIC is a UDP-based transport protocol, standardized in RFC9000 (2021). It enhances privacy by encrypting entire packets and offers improvements over TCP, such as native multiplexing and connection migration. Despite these advantages, QUIC, like TCP, suffers from head-of-line blocking and variable latency, making it unsuitable for critical real-time systems. RFC9221 addresses this by introducing an extension that allows QUIC to transmit datagrams without retransmission, improving its suitability for real-time applications. However, real-time networks require a thorough evaluation of QUIC's performance. The potential delays caused by its cryptographic operations and the complex traffic patterns it generates could impact time-sensitive traffic. We conduct experiments using Mininet across a range of scenarios, including software updates in bandwidth-constrained environments and in the presence of malicious nodes. Additionally, we assess implementations in both Go and C. The performance of QUIC, along with its datagram extension, is compared against UDP and DTLS. Finally, the results are validated through testing on a physical network testbed. Our results show that, despite its cryptographic overhead, QUIC performs similarly to UDP and DTLS in most cases. However, it may interact poorly with lower-layer mechanisms like token-bucket filters. Overall, QUIC shows potential to replace older transport protocols in real-time systems

Monitoring the execution of cryptographic functions

International audienceWe propose a new framework for the analysis of program execution, devoted to identifying cryptographic functions and retrieving cryptographic secrets. The need for a new tool arises from our experimental observation that the generic analysis tools are clearly too intrusive / resource-consuming for the inspected process, leading to failures such as timeouts. Thus our aim is to build dynamic monitoring tools as lightweight as possible to inspect the execution of sensitive code without impacting the execution.</div

Monitoring the execution of cryptographic functions

International audienceWe propose a new framework for the analysis of program execution, devoted to identifying cryptographic functions and retrieving cryptographic secrets. The need for a new tool arises from our experimental observation that the generic analysis tools are clearly too intrusive / resource-consuming for the inspected process, leading to failures such as timeouts. Thus our aim is to build dynamic monitoring tools as lightweight as possible to inspect the execution of sensitive code without impacting the execution.</div