The presentation discusses the impact of zero round trip time (0RTT) in TLS 1.3 and how it can lead to replay attacks. It also provides recommendations on how to prevent such attacks.
- 0RTT can lead to replay attacks as it allows for the reuse of previously sent data
- Applications need to be aware of 0RTT and implement additional protections to prevent replay attacks
- Mitigations include disabling 0RTT, implementing strict browser request forgery policies, and creating a strict application profile
- Various organizations have implemented different protections against 0RTT, such as single-use tickets and disabling 0RTT by default
The presenter demonstrates how an attacker can use 0RTT to perform a replay attack on a banking application. By intercepting the communication between the web browser and server, the attacker sends a zero RTT packet which is accepted by the server. The attacker then sends a rejection to the browser, forcing a full handshake to be made. After the handshake, the original request is sent again and the server accepts it, allowing the attacker to perform a successful replay attack. This illustrates the potential danger of 0RTT and the need for additional protections.