The big security issue with UDP is that you are subject to spoofing and DOS attacks . It is not possible to fake an address over the Internet using TCP, as the handshake will never end. There is no implicit handshake in OTOH with UDP â any session service must be performed by your code (processing overhead).
I know UDP offers some performance advantages over TCP
Only through the local network - partly the reason is to reduce the waiting time for the lack of need for a handshake, but the big difference is that it bypasses the mechanisms for controlling congestion. This is not a problem for data on a local network where packet loss will be very low, but if you want to send data over the Internet, you will have to implement bandwidth throttling, error recovery and congestion control in your application (more processing overhead). Although you can handle some types of packet loss with direct error checking, this will not help with an overloaded router. All of these things that slow down UDP exist for some reason.
If your data flows do not exceed, say, 2 MSS in any direction, followed by confirmation from the far end, then do this, but if you want to quickly move a lot of data, use TCP (or wagon).