Take the best of the Transmission Control Protocol (TCP), add the security of TLS encryption, and then make them establish a connection and transfer data 3 times faster. If you think that’s impossible, you haven’t heard of QUIC. Can any internet protocol be that perfect? Find out more about QUIC below.
QUIC (Quick UDP Internet Connection) is a new encrypted transport layer network protocol. QUIC was designed to make HTTP traffic more secure, efficient, and faster. Theoretically, QUIC has taken all the best qualities of TCP connections and TLS encryption and implemented it on UDP. But if QUIC is so similar to TCP+TLS over an HTTP/2 connection, why did it need to be created?
QUIC is a low-latency transportation protocol often used for apps and services that require speedy online service. This kind of protocol is a necessity for gamers, streamers, or anyone who relies on VoIP in their day-to-day life. Here are the changes QUIC brings to an online session:
Google has been pushing for widespread QUIC integration since its genesis in the early 2010s. While the protocol is technically still experimental and in its draft phase, Google already uses it in its Chrome browser. Any connection to a Google server is established via QUIC. As to be expected, everything under Google’s umbrella uses QUIC. YouTube, Blogger, Hangouts – they’re all QUIC-based.
QUIC has also been adopted by businesses that rely on a stable, fast connection for their service to be viable. Uber, for example, uses QUIC for their mobile apps. They rely on short bursts of latency-reliant data transfers – something that QUIC can help with. Less packet loss means a more efficient app.
Is QUIC really worth choosing over the standard TCP/IP connection we’ve relied on for so long? In a world where speed dictates success, QUIC is soon to have a much larger presence online. With Google announcing that, on average, QUIC searches are one second faster than TCP searches, the age of QUIC may come quicker than we think.
QUIC relies on multiplexing — this is what gives it an edge over TCP. Where TCP uses a single end-to-end connection point, QUIC establishes multiple connections between 2 endpoints. If one of the streams of information is interrupted, either by shoddy connection or other outside interference, the multiple connection points will allow the streams of information to continue. If a website uses TCP and the connection is disrupted, the data in the packet midway between endpoints will now hold up the rest of the information This head-of-line blocking has been an issue for decades, and QUIC solves it.
If you want to get into the nitty-gritty of which protocol performs more efficiently — TCP or QUIC — have a look at a test run here. The results show that, in the right situation and under the right circumstances, QUIC performs marginally better. However, we need to remember that TCP has been in use and has worked for decades. QUIC has been used for not even half the amount of time that TCP has been prevalent. Knowing Google’s resources and the fact that QUIC can be implemented on an application level instead of an operating system level like TCP, QUIC may just start to outstrip its competition very soon.
There are few downsides to the QUIC protocol. It improves web communications and reduces latency, but it’s still in its experimental stages. It’s not widely adopted by other websites or web servers, nor is it supported by cybersecurity tools such as firewalls. Because of this, experimental QUIC protocol can currently open a security loophole.
Firewalls pass HTTP and HTTPS traffic through a web protection module, which performs malware scanning. But what happens if the connection is made via QUIC? Well, the browser and supporting web servers do recognize it as a QUIC connection, but the device you are browsing on may not. It treats it like simple UDP traffic, which doesn’t get sent to your firewall’s web protection module.
Until it’s adopted more widely and recognized by most firewalls, it’s recommended to block or disable QUIC:
For more cybersecurity tips, subscribe to our free monthly newsletter below!