SRTP requires an external key exchange mechanism for sharing its session keys , and DTLS-SRTP does that by multiplexing the DTLS-SRTP. Datagram Transport Layer Security (DTLS) is a communications protocol that provides security Real-time Transport Protocol (SRTP) subsequently called DTLS-SRTP in a draft with Secure Real-Time Transport Control Protocol (SRTCP ). DTLS-SRTP tries to repurpose itself to VoIP’s peer-to-peer environment, but it cannot escape its client-server roots, and that’s why it depends so.
|Country:||Republic of Macedonia|
|Published (Last):||23 March 2010|
|PDF File Size:||5.16 Mb|
|ePub File Size:||17.84 Mb|
|Price:||Free* [*Free Regsitration Required]|
Web Real-Time Communication abbreviated as WebRTC is strp recent trend in web application technology, which promises the ability to enable real-time communication in the browser without the need for plug-ins or other requirements. However, the open-source nature of the technology may have the potential to cause security-related concerns to potential adopters of the technology.
This paper will discuss in detail the security of WebRTC, with the aim of demonstrating the comparative security of the technology. WebRTC is an open-source web-based application technology, which allows users to send real-time media without the need for installing plugins.
Using a suitable browser can enable a user to call another party simply by browsing to the relevant webpage. Unlike most real-time systems e. The prospect of enabling embedded audio and visual communication stls a browser without plugins is exciting.
However, this naturally raises concerns over the security of such technology, and whether it can be trusted to provide reliable communication for both the end users and any intermediary carriers or third parties.
This report will address these topics and examine the protections that WebRTC provides to provide security in all cases. For the purposes of this paper however, native applications will be treated as being out of scope.
WebRTC resides within the user’s browser, and requires no additional software to dgls. The actual communication between peers is prefaced by an exchange of metadata, termed “signalling”.
DTLS-SRTP – WebRTC Glossary
This process is used to initiate and advertise calls, and facilitates connection establishment between unfamiliar parties. A signaling protocol is not specified dts WebRTC, allowing sryp to implement their own choice of protocol. This allows for a deeper degree of flexibility in adapting a WebRTC app for a specific use case or scenario. WebRTC relies on three APIs, each of which performs a specific function in order to enable real-time communication within ctls web application. These APIs will be named and explained briefly.
When a caller wants to initiate a connection with a remote party, the browser starts by instantiating a RTCPeerConnection object. This includes a self-generated SDP description to exchange with their peer. The recipient in turn responds with its own SDP description.
With the connection now established, RTCPeerConnection enables the sending of real-time audio and video data as a bitstream between browsers. Ultimately, RTCPeerConnection API is responsible for managing the full life-cycle of each peer-to-peer connection and encapsulates all the connection setup, management, and state within a single easy-to-use interface. RTCPeerConnection has two specific traits: In other words, it is used to transfer data directly from one peer to another.
Although a number rstp alternative options for communication channels exist e. WebSocket, Server Sent Eventshowever these alternatives were designed for communication with a server dtlx than a directly-connected peer. RTCDataChannel resembles the popular WebSocket, but instead takes a peer-to-peer format while offering customisable delivery properties of the underlying transport. Finally, SCTP and SRTP are the application protocols used to multiplex the different streams, provide congestion and flow control, and provide partially reliable delivery and other additional services on top of UDP.
Session Description Protocol SDP is a descriptive protocol that is used as a standard method of announcing and managing session invitations, as well as performing other initiation tasks for multimedia sessions. SDP represents the browser capabilities and preferences in a text-based format, and may include the following information: Signalling requires the initial use of an intermediary server for the exchange of metadata, but upon completion WebRTC attempts to establish a direct P2P connection between the users.
This process is carried out through the ICE framework. ICE is a framework used for establishing a connection between peers over the internet. Due the continuing widespread prevalence of IPv4 addresses with their limited bit representation, most network-enabled devices do not have a unique public-facing IPv4 address with which it would be directly visible on the Internet.
NAT works by dynamically translating private addresses into public ones when an outbound request passes strp them. Similarly, inbound requests to a public IP are converted back into a private IP to ensure correct routing on the internal network. Resultantly, sharing a private IP is often not enough information to establish a connection to a peer.
ICE attempts to overcome the difficulties posed by communicating via NAT to find the best path to connect dlts. By trying all possibilities in parallel, Drls is able to choose the most efficient option that works. ICE first tries to make a connection using the host address obtained from a device’s operating system and network card; if that fails which it inevitably will for devices behind NATs ICE then obtains an external address using a STUN server.
If that also fails, traffic falls back to routing via a TURN relay server. The candidate communication routes are rendered in a text-based format, and the list ordered by priority. The options take the form of one of the following: In order to perform P2P communication, both parties necessarily require at least the knowledge of their peer’s IP address and the assigned UDP port.
As a result, a certain amount of information exchange is necessary before WebRTC communication can be established. By relaying traffic between peers the WebRTC communication can be ensured, but can suffer degradations in media quality and latency.
TURN servers can ensure high success in setting up calls, regardless of the end-user’s environments. As the data is sent through an intermediary server, server bandwidth is vtls consumed. If many calls are simultaneously routed sryp the server, the bandwidth was also become considerable in size.
The server itself is typically not freely accessible, and has to be specifically provided or rented by the application provider. There are a number of ways in that a real-time communication application dgls impose security risks, both on the carrier and the end users. Such security risks can be applicable to any application which deals with the transmission of real-time data and media.
WebRTC differs from other RTC apps by providing a strong and reliable infrastructure for even new developers to utilise without compromising on security. We will now proceed to discuss how WebRTC deals with each of these risks in turn.
The WebRTC architecture assumes from a security perspective that network resources exist in a hierarchy of trust. The browser’s job is to enable access to the internet, while providing adequate security protections to the user. The security requirements of WebRTC are built directly upon this requirement; the browser is the portal through which the user accesses all WebRTC applications and content.
While HTML and JS provided by the server can cause the browser to execute a variety of actions, the browser segregates those scripts into sandboxes. Said sandboxes isolate scripts from each other, and from the user’s computer. Generally speaking, scripts are only allowed to interact with resources from the same domain – or more specifically, the same “origin”. The browser enforces all security policies that the user desires and is the first step in the verification of all third parties.
All authenticated entities have their identity checked by the browser. Srgp the user chooses a suitable browser which they know can trust, then all WebRTC communication can be considered “secure” and to follow the standard accepted security architecture of WebRTC technology.
However, if there is any doubt that a browser is “trustable” e. In other words, the level of trust provided to the user by WebRTC is directly influenced by the user’s trust in the browser. It is a fundamental aspect of the DOM that all webpage resources are fetched from the page’s web server, whenever some or all of the page is loaded. Fetching of resources takes place either when a page dtl freshly loaded by the browser, or when a script residing on a webpage makes such a request.
Such scripts are readily able to make HTTP requests via e. Rather, requests have to be made to the same “origin” from where the script originated.
Datagram Transport Layer Security
An “origin” comprises of a URI scheme, hostname, and port number. SOP forces scripts to execute in isolated sandboxes specific to their originating domain, therefore preventing pages from different origins or even iframes on the same page from exchanging information. Srt such, the origin constitutes the basic unit of web sandboxing.
Through enforcing execution sandboxes on a per-origin basis, the end user is protected from the misuse of their credentials. You would reasonably expect to safely use a social networking website without a script executing from within an advertisement panel and stealing your login information.
Similarly, the servers of e. SOP is incredibly important dtlls the security of both the user and web servers in general, although it does have the disadvantage of making certain types of web app harder to create. Methods of permitting inter-site interaction do exist, although these are typically mutually consensual and limited to certain channels.
It allows the browser to contact the script’s target server to determine whether it etls willing to participate in a given type of transaction. As such, cross-origin requests can be safely allowed, by giving the target server the option to specifically opt-in to certain requests and decline drls others. WebSockets is another srgp allowing similar functionality, but on transparent channels rather than isolated HTTP requests.
In both cases, the initial verification stage prevents the arbitrary transfer of data by a script with a different origin. A prevalent issue with traditional desktop software is whether one can trust the application itself.
Installation of new software or a plugin can potentially surreptitiously install malware or other undesirable software. Many end users have no idea where the software was made or exactly who they are downloading the app from. Malicious third parties have had great success in repackaging perfectly safe and trusted software to include malware, and offering their custom package on free software websites.
WebRTC however is not a plugin, nor is there any installation process for any of its components. If a user has such a browser, they can browse to and use any WebRTC application with no other setup or preparation required. As such there is no risk of installation of malware or viruses through the use of an appropriate WebRTC application. Another related consideration is the patching of discovered security flaws in software.
As with any software technology, it is entirely possible that future bugs or vulnerabilities will be discovered in WebRTC. If a vulnerability is found in a traditional desktop application such as a typical VoIP applicationdevelopment of a patch may take considerable time.
This is a frequent issue with application development, as security is still often treated as a secondary consideration after functionality. Going deeper than this, we can contemplate hardware-based communication methods.
How often does a VoIP phone get a security update? Can you trust the person responsible to update it regularly? Do you even know who is responsible?