[This is posted on behalf of the three students listed below.
This is yet another example of bad results when speed takes
precedence over doing things safely. Good work by the students!
As a part of an INSuRE
project at Purdue University, PhD Information Security student
Morton and seniors in Computer Science Austin
Klasa andDaniel Sokoler conducted an observational study on
Google’s QUIC protocol (Quick UDP Internet Connections, pronounced
quick). The team found that QUIC leaked the length of the password
potentially allowing eavesdroppers to bypass authentication in
popular services like Google Mail or G-mail. The team named the
vulnerability Ring-Road and is currently trying to quantify the
During the initial stages of the research, the Purdue team found
that the Internet has been transformed over the last five years
with a new suite of performance improving communication protocols
such as SPDY, HTTP/2 and QUIC. These new protocols are being
rapidly adopted to increase the speed and performance of
applications on the Internet. More than 10% of the top 1 Million
websites are already using some of these technologies, including
many of the 10 highest traffic sites.
While these new protocols have improved speed, the Purdue team
focused on determining if any major security issues arose from
using QUIC. The team was astonished to find that Google’s QUIC
protocol leaks the exact length of sensitive information when
transmitted over the Internet. This could allow an eavesdropper to
learn the exact length of someone’s password when signing into a
website. In part, this negates the purpose of the underlying
encryption, which is designed to keep data confidential —
including its length.
In practice, the Purdue team found QUIC leaks the exact length
of passwords into commonly used services such as Google’s E-mail or
G-mail. The Purdue team than created a proof-of concept exploit to
demonstrate the potential damage:
Step 1 – The team sniffed a target network to identify the
password length from QUIC.
Step 2 – The team optimized a password dictionary to the
identified password length.
Step 3 – The team automated an online attack to bypass
authentication into G-mail.
The Purdue team believes the root cause of this problem came
when Google decided to use a particular encryption method in QUIC:
the Advanced Encryption Standard Galois/Counter Mode (AES-GCM).
AES-GCM is a mode of encryption often adopted for its speed and
performance. By default, AES-GCM cipher text is the same length as
the original plaintext. For short communications such as passwords,
exposing the length can be damaging when combined with other
contextual clues to bypass authentication, and therein lies the
In summary, there seems to be an inherent trade-off between
speed and security. As new protocols emerge on the Internet, these
new technologies should be thoroughly tested for security
vulnerabilities in a real-world environment. Google has been
informed of this vulnerability and is currently working to identify
a patch to protect their users. As Google works to create a fix, we
recommend users and system administrators to
disable QUIC in Chrome and their servers by visiting this link.
We also recommend — independent of this issue — that users
consider enabling two step verification with
their G-mail accounts, for added protection, as described here.
The Purdue team will be presenting their talk and proof-of-concept
exploit against G-mail at the upcoming CERIAS Symposium on 18 April 2017.
This research is a part of the Information Security Research and Education
(INSuRE) project. The project was under the direction of
Dark and Dr. John
Springer and assisted by technical directors a part of the
Information Assurance Directorate of the National Security
INSuRE is a partnership
between successful and mature Centers of Academic Excellence in
Information Assurance Research (CAE-R) and the National Security
Agency (NSA), the Department of Homeland Security and other federal
and state agencies and laboratories to design, develop and test a
cybersecurity research network. INSuRE is a self-organizing,
cooperative, multi-disciplinary, multi-institutional, and
multi-level collaborative research project that can includes both
unclassified and classified research problems in cybersecurity.
This work was funded under NSF grant award No. 1344369. Robert
Morton, the PhD Information Security student, is supported under
the Scholarship For Service (SFS) Fellowship NSF grant award No.
Any opinions, findings, or conclusions or recommendations
expressed in this material are those of the authors and do not
necessarily reflect the views of the National Science Foundation,
CERIAS, Purdue University, or the National Security Agency.