IMPLEMENTATION OF HTTP/3 AND QUIC PROTOCOLS: ENHANCING SECURITY AND SPEED OF WEB CONNECTIONS

ABSTRACT

This article explores the implementation of HTTP/3 and QUIC protocols, representing the next generation of data transmission technologies on the internet. It examines their impact on the performance of web services, including latency reduction, faster loading speeds, and adaptation to unstable networks. Technological advantages such as the use of TLS 1.3, multiplexing of independent streams, and connection migration capabilities are considered. Special attention is given to security and reliability issues, including protection against cyberattacks and resilience to network failures, making these protocols promising for modern digital ecosystems.

АННОТАЦИЯ

В данной статье исследуется внедрение протоколов HTTP/3 и QUIC, представляющих новое поколение технологий передачи данных в интернете. Изучается их влияние на производительность веб-сервисов, включая снижение задержек, ускорение загрузки и адаптацию к нестабильным сетям. Рассматриваются технологические преимущества, такие как использование TLS 1.3, мультиплексирование независимых потоков и возможность миграции соединений. Особое внимание уделяется вопросам безопасности и надежности, включая защиту от кибератак и устойчивость к сетевым сбоям, что делает данные протоколы перспективными для современных цифровых экосистем.

Keywords: HTTP/3, QUIC, web protocols, performance, security, multiplexing, TLS 1.3, latency reduction, connection migration.

Ключевые слова: HTTP/3, QUIC, веб-протоколы, производительность, безопасность, мультиплексирование, TLS 1.3, снижение задержек, миграция соединений.

Introduction

Modern web services and applications make stringent requirements on the security levels and data communication speeds. Even with improvements, the older data transfer protocols like HTTP/1.1 and HTTP/2 continue to be limited by latency, congestion, and inefficiency of data delivery. The problem is compounded by the growing web application architectures and the total internet traffic. In response, the latest generation of protocols, namely HTTP/3, based on the QUIC transport protocol, was designed for low latency and better security.

The most recent protocols, HTTP/3 and QUIC, represent a great leap for the world of internet data exchange. These protocols leverage technologies like stream multiplexing, native TLS 1.3 support, and the usage of UDP instead of TCP, which dramatically boosts web page loading, decreases the round-trip time (RTT), and enhances the stability of connections. Deployment of these protocols offers the potential for web service performance and stability optimization, thus making the web services increasingly aligned with the needs of the current digital age. The purpose of this article is to investigate the implementation of HTTP/3 and QUIC protocols and their impact on the performance and security of web services.

Materials and methods. Evolution of web protocols: from HTTP/1.1 to HTTP/3

Web protocols are very important in facilitating communication between clients and servers, the transmission of data over networks, and the enabling of most contemporary internet services. While the first launch of HTTP/1.1 was in 1999, after having operated for over 20 years, it was found to become more limited with the rapid growth of internet traffic volume and the demands that users make on the service. The main weakness of this protocol is the high latency that occurs during web page loading, caused by TCP connections, the issuing of multiple requests, and the need to establish a new connection for each resource. The head-of-line blocking mechanism within a single connection further contributed to delays in data transmission, particularly under unstable network conditions.

With the advent of the internet and the growing demand for faster content loading speeds, the demand for better protocols was felt. HTTP/2 was introduced formally in the year 2015 and resolved these issues. Unlike HTTP/1.1, HTTP/2 uses the facility of stream multiplexing, which supports simultaneous responses and requests on the same connection. This feature discourages delays and supports increased efficiency of operation. Even with this upgrade, HTTP/2 relies on TCP as the transport protocol, thus limiting its ability to completely prevent delays, especially for cases of congestion and packet losses.

One of the primary problems with TCP is its «congestion», referring to data flow control when the network is overloaded and the retransmission of packets that get lost. In high-speed, task-switching internet services, this results in significant delays. To address these limitations, a new transport protocol QUIC was introduced, forming the foundation for HTTP/3. According to 2024 statistics [1], there is an increase in the adoption of HTTP/3 among site elements on websites, possibly driven by its advantages (fig. 1).

Figure 1. Historical trends in the usage statistics of site elements for websites, %

By utilizing UDP instead of TCP, QUIC overcomes many TCP constraints, such as the three-way handshake required to establish a connection and the handling of data streams at a higher level. This accelerates data transmission and reduces latency. HTTP/3, in turn, utilizes QUIC as its transport layer, integrating its advantages, including stream multiplexing, increased security with built-in TLS 1.3, and faster connection establishment (table 1).

Table 1.

Technological benefits of HTTP/3 and QUIC [2, 3]

The development of web protocols from HTTP/1.1, then HTTP/2, and now HTTP/3 is a logical growth aimed at making web services better and secure. Their introduction into practice stands in need of technological updates on the part of the server and client. It also needs addressing issues of compatibility and network adaptation. It is crucial to understand how these changes impact real-world performance and what benefits they bring in the context of modern internet usage.

Results

HTTP/3 and QUIC: technological advantages and impact on performance

New approaches, HTTP/3 and QUIC, have been developed to address several fundamental weaknesses of previous generations of protocols. Those are the new ways of connection management and data transmission that introduce an essential improvement to performance and efficiency for web applications. Unlike their predecessors, HTTP/3 and QUIC were designed with contemporary constraints in mind-for instance, low latency, high-speed connections, and strong security.

One of the primary advantages of HTTP/3 is its reliance on the QUIC transport protocol, which operates over UDP. This enables it to overcome the limitations associated with multiple connection establishments in TCP. QUIC reduces connection setup time to a single step by combining the initial handshake with TLS 1.3. This feature is particularly beneficial for mobile devices and users in regions with unstable internet connectivity, where each additional step in connection setup can significantly increase page load times.

Stream multiplexing in HTTP/3 is another significant improvement. Unlike HTTP/2, where packet loss in one stream could block others, streams in HTTP/3 are independent. This means that data loss in one stream does not impact the others, which is particularly beneficial under high network load or in environments with a large number of users. This independence minimizes latency and improves connection stability.

One of the other key improvements is the ability of instantaneous retransmission of data. QUIC also uses its own packet-loss handling mechanism that is much better and better than the mechanism used with TCP. This feature is most useful for services that require low latency response, like streaming, internet calls, and online gaming. As a result, this translates into a better and smooth experience for users involved with web services.

With cases that require large bandwidth, HTTP/3 is better. With networks that involve high latency, like satellite links, HTTP/3 is shown to be capable of loading web pages faster compared to HTTP/2. This is achieved with the elimination of retransmitted data and the speeding up of the recovery of connections upon disruptions.

The handling of adaptive data transmission rates, as realized by QUIC, adjusts dynamically based on current network conditions. Such adaptability ensures the effective use of available resources while at the same time reducing the threats of congestion and data loss. Considering current requirements for web application scalability and high availability, this innovation represents a significant step forward.

The technological virtues of HTTP/3 and QUIC make them particularly suitable for usage in large web services, cloud services, and online shop sites. The two protocols make the optimization of smartphone energy consumption possible by allowing for rapid data exchanges and reducing the time spent keeping connections alive. Studies on performance over web, cloud storage, and video workloads indicate that for cloud storage, TLS 1.2 over TCP demonstrates higher throughput for larger files (>20 MB), while QUIC outperforms for smaller files (≤20 MB) [4]. For video content, QUIC enables faster connection establishment and reduces the frequency and duration of playback stalls by up to 50%, thanks to its lower latency.

HTTP/3 and QUIC deliver significant improvements in web application performance through advanced data transmission mechanisms, adaptability, and reduced latency. These technologies represent a major step toward creating a faster, more reliable, and secure environment for internet data exchange.

Discussion. Security and reliability of web services with HTTP/3 and QUIC

One of the most important advantages of HTTP/3 and the QUIC transport is that they were created to enhance security and reliability for Web services. Modern Internet service is under a great number of threats, including cyberattacks, man-in-the-middle (MITM) interceptions, and weaknesses in the data protection systems [5]. Created from scratch, HTTP/3 and QUIC have taken all these risks into consideration to include some built-in security features and better tolerance to network failures.

One of the basic features of QUIC is that it has opted for using TLS 1.3 by default. This means that this protocol encrypts data right after a connection is established, so no information can be leaked to third-party readers. TLS 1.3 accelerates this encryption by optimizing the handshake procedure; with it, a good balance between high-speed performance and reliable protection of data is struck. This makes HTTP/3 with QUIC very relevant for applications with sensitive information, like banking and trading platforms. The security of HTTP/3 and QUIC is also reinforced by their resilience to MITM attacks and duplicate data packets. QUIC employs unique connection identifiers tied to specific sessions, as this makes it impossible to intercept or restart a session on unauthorized devices. This can reduce the risk of cyberattacks aimed at compromising connections. Another notable feature is protection against Distributed Denial of Service (DDoS) attacks [6]. Unlike TCP, where connection establishment demands substantial server resources, QUIC minimizes these requirements. Operating over UDP, QUIC enables servers to efficiently discard malicious requests at the connection initiation stage [7].

In unstable network conditions, HTTP/3 also demonstrates high reliability. QUIC supports a connection migration mechanism that allows users to maintain active connections even when changing IP addresses or switching between networks (e.g., from Wi-Fi to mobile data). This is particularly essential for mobile users who frequently encounter unstable internet connections. This mechanism eliminates the need to re-establish connections and retransmit data, reducing the risk of information loss and ensuring smooth operation of web applications [8].

Another factor contributing to reliability is the built-in protection against transport-layer attacks. QUIC isolates each data stream, preventing blockages caused by issues in a single stream. The relevance of HTTP/3 and QUIC is especially strong for large-scale real-time web services, since any delay can considerably affect the end-user experience. In addition, the application of HTTP/3 and QUIC supports compliance with current security standards, such as protection of the data required by many global laws. This makes them among the best options in this field for firms seeking a service provider who is legally and technically reliable.

From the point of view of web services, HTTP/3 and QUIC represent significant steps toward security and reliability. Inherent protection, mechanisms resistant to attacks on the network, and resilience against unstable network conditions allow the protocols to be ideally suited for the current century's Internet and, therefore, provide very strong protection and stability to the users.

Conclusion

The release of the HTTP/3 and QUIC protocols is a major step forward from the development of data transport protocols, which aim at making web connections faster, more secure, and more dependable. Their novel mechanism, such as the incorporation of TLS 1.3, multiplexing of streams with independent streams, and migration of connections, comprehensively addresses the inherent problem of the preceding generations of protocols. This happens through providing low latency, cybersecurity, and uniform performance even in the most unpredictable networking environment. These advantages make HTTP/3 and QUIC critical tools for delivering a better client experience and efficiency in the operation of modern web services, ultimately stimulating continued growth and development in the digital world.

References:

1. Historical trends in the usage statistics of site elements for websites / W3Techs // [Electronic resource]. – Access mode: https://w3techs.com/technologies/history_overview/site_element/all (date of application: 04.03.2025).
2. Koch J., Falowo O., Elrod N. What We Know About HTTP/3 and Its Implementation: A Literature Review // 2024 IEEE 3rd International Conference on Computing and Machine Intelligence (ICMI). 2024. P. 1-7. DOI: 10.1109/ICMI60790.2024.10585883
3. Ravuri H.K., Vega M.T., Der Van Hooft J., Wauters T., De Turck F. Adaptive partially reliable delivery of immersive media over QUIC-HTTP/3 // IEEE Access. 2023. Vol. 11. P. 38094-111. DOI: 10.1109/access.2023.3268008 EDN: RKIDXC
4. Shreedhar T., Panda R., Podanev S., Bajpai V. Evaluating QUIC performance over web, cloud storage, and video workloads // IEEE Transactions on Network and Service Management. 2021. Vol. 19(2). P. 1366-81. DOI: 10.1109/TNSM.2021.3134562 EDN: GMFXCH
5. Israfilov A. Cyberattacks: the scale and possible consequences of viruses created by hackers for computers and phones // Trends in the development of science and education. 2024. № 106(11). P. 48-52.
6. Aluev A. Addressing security issues in Node.js applications: the economic implications of increased security // International Journal of Humanities and Natural Sciences. 2024. Vol. 9-1(96). P. 94-98.
7. Chatzoglou E., Kouliaridis V., Karopoulos G., Kambourakis G. Revisiting QUIC attacks: A comprehensive review on QUIC security and a hands-on study // International Journal of Information Security. 2023. Vol. 22(2). P. 347-65. DOI: 10.1007/s10207-022-00630-6 EDN: KYQBA
8. Ponomarev E. Data security in Android applications for the financial sector // Bulletin of the Voronezh Institute of High Technologies. 2024. Vol. 18. № 3.