TLS Guard for TLS 1.3 zero round-trip time (0-RTT) in a distributed environment

One of the most vastly used protocols to protect services traffic like the web and email is Transport Layer Security (TLS). In 2018 the Internet Engineering Task Force (IETF) standardized the latest version TLS 1.3, Introduced a significant enhancement in the protocol performance, and presented some new features. One of the new features is zero round trip-time (0-RTT) handshake mode, where the client can send the application data to the server within the handshake messages before the TLS connection is fully established. However, this application data is replayable. The replay attacks in 0-RTT handshake mode have been studied, and several mechanisms are proposed for protection, these proposed mechanisms are not able to prevent replay attacks when the server functionality is provided by a distributed environment such as multiple servers in a cloud computing environment or a CDN. This paper introduces TLS Guard as a new mechanism that extends TLS 1.3 to prevent replay attacks in a distributed environment. We evaluated a prototype TLS Guard implementation in controlled experiments and showed that its effect comes at the cost of some CPU overhead. More importantly, we showed that TLS Guard is scalable and tolerates faults without any required changes on the client side.