Date of Award
Spring 6-5-2026
Document Type
Thesis (Undergraduate)
Department
Computer Science
First Advisor
Sergey Bratus
Abstract
HTTP/3 introduces QPACK, a header compression scheme that maintains exactly one encoder state per connection, a design that implicitly assumes each backend connection carries traffic from a single client. In proxy deployments where a single backend QUIC connection is reused across multiple clients, this assumption breaks down because multiple clients may have their headers indexed in the same table. Our research demonstrates through experimentation that an attacker who is also a client of such a proxy can exploit this shared state through a request round-trip timing side-channel to infer properties of other clients’ traffic without any privileged access. The results show that backend connection reuse in HTTP/3 proxy deployments, while not prohibited by any current specification, carries meaningful and previously undocumented privacy implications for clients using such proxies.
Recommended Citation
Parfrey, Joshua T., "Cross-Client Privacy Leakage via Backend Connection Reuse in HTTP/3 Proxies" (2026). Computer Science Senior Theses. 59.
https://digitalcommons.dartmouth.edu/cs_senior_theses/59
