UDP vs TCP security

security tcp network-programming udp
23,724

Solution 1

This is a good resource to compare UDP and TCP : http://www.skullbox.net/tcpudp.php.

Traditionally,most real-time applications use UDP eg:VOIP.I am not an expert on Security, but I guess both of them are equally secure/unsecure.It depends on usage of Security protocols like TLS etc.

TCP just has mechanisms to guarantee delivery of packets.

Solution 2

The big security problem with UDP is that you are susceptible to spoofing and DOS attacks. It's not possible to spoof an address across the internet using TCP since the handshake will never complete. OTOH with UDP there is no implicit handshake - any session maintenance must be done by your code (processing overhead).

I am aware that UDP offers some performance advantages over TCP

Only across a LAN - part of the reason is the decreased latency of not having to carry out a handshake - but the big difference is that it bypasses congestion control mechanisms. That's not an issue for data across a LAN where the packet loss will be very low - but if you want to send data across the internet you're going to have to implement bandwidth throttling, error recovery and congestion control in your application (more processing overhead). While you can handle some types of packet loss via forward error control, this won't help with an overloaded router. All that stuff which slows down UDP is there for a reason.

If your dataflows are not more than, say 2 MSS in any direction followed by an acknowledgement from the remote end, then go for it - but if you want to move a lot of data quickly use TCP (or a station wagon).

Share:
23,724
Benny Smith
Author by

Benny Smith

Updated on July 09, 2022

Comments

  • Benny Smith
    Benny Smith almost 2 years

    We are working on a game with millions of clients communicating with our servers. These games are for the most part turn-based. I am aware that UDP offers some performance advantages over TCP, but I'm wondering if one protocol enjoys a security advantage over the other? I've read some sites indicating that TCP will generally be safer, but I've seen a significant number of attacks that exploit weaknesses in TCP.

    Our code is pretty tolerant of unreliable connections and lost/out-of-order data, which is why I thought of UDP. Thank you!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Why is it bad to have open ports?
What is "backlog" in TCP connections?
Difference between TCP and UDP?
Sending string/data via php to device connected to my server
How to write a C++ socket programming based UDP with QT?
Convert UDP to TCP - Ngrok TCP => UDP
Confusion over how UDP server sends the response back to UDP client
how to forward udp packets over tcp (udptunnel)
Node.js UDP client to handle a response from a udp server
Proper way to calculate Link Throughput