*Result*: QUIC安全研究综述: 协议、实现和生态.
*Further Information*
*As quick UDP Internet connection (QUIC) is increasingly deployed across the Internet, its designs in rapid handshakes, integrated encryption, and multiplexing enhance the efficiency and security of modern communication. However, continuous protocol evolution, heterogeneous implementations, and complex interactions with network infrastructure expose multiple security risks in practice. To address these issues, the key security mechanisms and evolutionary developments of QUIC were systematically reviewed, and a research framework consisting of three dimensions--protocol-mechanism security, implementation security, and ecosystem security--with 18 subcategories was constructed to outline the overall structure of current security challenges. A longitudinal analysis of protocol drafts further identified the temporal characteristics of security risks, enabling an assessment of threat persistence and mitigation effectiveness. The results indicate that QUIC security research is expanding from foundational analyses of handshakes and cryptographic mechanisms toward cross-layer defenses, privacy enhancement, and ecosystem governance, with future trends focusing on observability improvement, automated security testing, and integration of post-quantum security. [ABSTRACT FROM AUTHOR]*
*随着快速UDP网络连接(QUIC)在互联网中的加速部署, 其在快速握手、加密集成和多路复用方面的 设计推动了现代网络通信的高效与安全。然而, 受协议持续演进、实现差异以及网络生态复杂性的影响, 多类 安全风险仍在实际环境中出现。为应对这些问题, 对QUIC的关键安全机制与演化路径进行了系统梳理, 并构建 了涵盖协议机理安全、实现安全与生态安全三大维度、共18 个子类的研究框架, 用于刻画当前安全问题的整体 结构。同时, 通过对协议草案的纵向分析识别了安全风险的时效性特征, 并评估了主要威胁的持续性与缓解措 施的有效性。研究结果表明, QUIC安全研究正从早期的握手与密码机制分析扩展至跨层防护、隐私增强与生态 治理等方向, 未来趋势集中在协议可观测性提升、安全自动化测试以及后量子安全集成等领域. [ABSTRACT FROM AUTHOR]
Copyright of Journal on Communication / Tongxin Xuebao is the property of Journal on Communications Editorial Office and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)*