Abstract—The main goal of Transport Layer Security (TLS) protocol is to provide a secure communication channel between communicating pairs. A new version of the protocol, TLS 1.3, is introduced to improve security and performance for customers. One of the major advantages of TLS 1.3 over earlier versions is that it introduces Zero RoundTrip Time (0-RTT) feature, that saves a round trip at connection setup stage. 0-RTT data security properties are weaker than other kinds of TLS data because the data is not forward secret and it is vulnerable to replay attacks. Existing solutions such as single-use tickets, client hello recording, and freshness checks provide inefficient solutions for 0-RTT problems. In this paper, we propose an efficient technique to utilize 0-RTT feature with forward secrecy and prevent replay attacks. Our technique uses a synchronized pseudorandom number generator (PRNG) that depends on initial shared secret between communicating pairs. The initial secret can be shared using TLS 1.3 three basic key exchange modes. In our technique, the PRNG also uses session shared information such as session ID to dynamically provide Just-in-Time Shared Keys (JIT-SK) for 0-RTT. Client and server sides change the keys in each session and hence securely and efficiently use the 0-RTT. We implement a proof of concept for our technique using our private PRNG, named Quantum Entropy Expansion and Propagation (QEEP), and WolfSSL implementation for TLS 1.3 and show the differences using our solution.
Index Terms—Transport Layer Security (TLS v1.3), Zero RoundTrip Time (0-RTT), pseudorandom number generator (PRNG), Quantum Entropy Expansion and Propagation (QEEP).
Eslam. G. AbdAllah was at the Department of Systems and Computer Engineering, Carleton University, Ottawa, ON, Canada. He is now with the Master of Information Systems Security Management (MISSM), Faculty of Management, Concordia University of Edmonton, AB, Canada (e-mail: eslam.abdallah@concordia.ab.ca).
Randy Kuang is with Quantropi Inc., Ottawa, ON, Canada (e-mail: randy.kuang@quantropi.com).
Changcheng Huang is with the Department of Systems and Computer Engineering, Carleton University, Ottawa, ON, Canada (e-mail: huang@sce.carleton.ca).
Cite: Eslam G. AbdAllah, Randy Kuang, and Changcheng Huang, "Generating Just-in-Time Shared Keys (JIT-SK) for TLS 1.3 Zero RoundTrip Time (0-RTT)," International Journal of Machine Learning and Computing vol. 12, no. 3, pp. 96-101, 2022.
Copyright © 2022 by the authors. This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited (CC BY 4.0).