SlideShare ist ein Scribd-Unternehmen logo

Ice with that sir? Or what webRTC does once it has a UDP connection

Als PPTX, PDF herunterladen
Tim Panton
Tim Panton

Second part of a talk given on the VUC (http://www.voipusersconference.org/2014/vuc506-turn-and-stun-the-ice/) with Emil Ivov about how WebRTC uses ICE to get through firewalls.

Technologie
1 von 11
What to do now you have a hole in the ice Tim Panton - Protocol Droid Westhawk Ltd
https://www.flickr.com/photos/dougbrown47/
Make a secure P2P media + data connection? Use existing protocols: SRTP x2 - encrypted RTP for voice + video DTLS - secure set up SCTP - datagram protocol RTCP - channel stats and management
Multiplex all the things +----------------+ | 127 < B < 192 -+--> forward to RTP | | packet --> | 19 < B < 64 -+--> forward to DTLS | | | B < 2 -+--> forward to ICE +----------------+
Huh ? Why is ICE there ? Continuing consent to send: We are sending ~1mbit/s of video Imagine the user closes the receiving tab Signalling is gone ICE re-tests connection every 30s Can re-establish a session over different path
We know all about RTP Maybe not: SRTP - but uses DTLS to exchange the keys. Possibly multiple multiplexed streams RTCP too. Optional Headers (voice level etc)
DTLS - what is that? TLS (aka SSL) ’s UDP cousin: Uses Public key crypto to exchange session key Session key extracted and used for SRTP key Also carries datachannel messages Does not carry media
DTLS - not quite like SSL DTLS in webRTC has different requirements: Does not use PKI - no certs to buy Has heartbeat DTLS is client server Peers have to agree who is the client (rant)
Was all that worth it? Probably: Secure - selectable crypto suites No passwords No central authority Distributed system - but existing SRTP code used
You forgot STCP Oops: Originally designed to run alongside TCP webRTC uses it to provide Datachannel transport Run over DTLS (over UDP) Useful semantics - more flexible that TCP More widely used than you think (telcos)
A new layer? Perhaps: We have a modern set of secure peer to peer network protocols supported by > 1bn endpoints and counting. It runs well over the existing internet infrastructure Lets use it to build fun stuff.

Empfohlen

Introduction to tcpdump
Introduction to tcpdumpIntroduction to tcpdump
Introduction to tcpdumpLev Walkin
 
Tcpdump
TcpdumpTcpdump
TcpdumpSourav Roy
 
CNIT 50: 6. Command Line Packet Analysis Tools
CNIT 50: 6. Command Line Packet Analysis ToolsCNIT 50: 6. Command Line Packet Analysis Tools
CNIT 50: 6. Command Line Packet Analysis ToolsSam Bowne
 
Tcpdump
TcpdumpTcpdump
TcpdumpMohamed Gamel
 
Beyond TCP: The evolution of Internet transport protocols
Beyond TCP: The evolution of Internet transport protocolsBeyond TCP: The evolution of Internet transport protocols
Beyond TCP: The evolution of Internet transport protocolsOlivier Bonaventure
 
TCPLS presentation @ietf 109
TCPLS presentation @ietf 109TCPLS presentation @ietf 109
TCPLS presentation @ietf 109Olivier Bonaventure
 
Part 6 : Internet applications
Part 6 : Internet applicationsPart 6 : Internet applications
Part 6 : Internet applicationsOlivier Bonaventure
 
Netcat - A Swiss Army Tool
Netcat - A Swiss Army ToolNetcat - A Swiss Army Tool
Netcat - A Swiss Army ToolChandrapal Badshah
 

Empfohlen

Introduction to tcpdump
Introduction to tcpdumpIntroduction to tcpdump
Introduction to tcpdumpLev Walkin
 
Tcpdump
TcpdumpTcpdump
TcpdumpSourav Roy
 
CNIT 50: 6. Command Line Packet Analysis Tools
CNIT 50: 6. Command Line Packet Analysis ToolsCNIT 50: 6. Command Line Packet Analysis Tools
CNIT 50: 6. Command Line Packet Analysis ToolsSam Bowne
 
Tcpdump
TcpdumpTcpdump
TcpdumpMohamed Gamel
 
Beyond TCP: The evolution of Internet transport protocols
Beyond TCP: The evolution of Internet transport protocolsBeyond TCP: The evolution of Internet transport protocols
Beyond TCP: The evolution of Internet transport protocolsOlivier Bonaventure
 
TCPLS presentation @ietf 109
TCPLS presentation @ietf 109TCPLS presentation @ietf 109
TCPLS presentation @ietf 109Olivier Bonaventure
 
Part 6 : Internet applications
Part 6 : Internet applicationsPart 6 : Internet applications
Part 6 : Internet applicationsOlivier Bonaventure
 
Netcat - A Swiss Army Tool
Netcat - A Swiss Army ToolNetcat - A Swiss Army Tool
Netcat - A Swiss Army ToolChandrapal Badshah
 
Netcat
NetcatNetcat
Netcatpenetration Tester
 
Asfws2014 tproxy
Asfws2014 tproxyAsfws2014 tproxy
Asfws2014 tproxyCyber Security Alliance
 
Protocols
Protocols Protocols
Protocols Kopi Maheswaran
 
Netcat
NetcatNetcat
Netcatyogendra singh chahar
 
NetCat - the suiss army knife of network
NetCat - the suiss army knife of networkNetCat - the suiss army knife of network
NetCat - the suiss army knife of networkMehdi Djoughi
 
Tomasz P from Poland
Tomasz P from PolandTomasz P from Poland
Tomasz P from Polandirenazd
 
Netcat 101 by-mahesh-beema
Netcat 101 by-mahesh-beemaNetcat 101 by-mahesh-beema
Netcat 101 by-mahesh-beemaRaghunath G
 
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Pavel Odintsov
 
#KPC #CST #Protocols
#KPC #CST #Protocols #KPC #CST #Protocols
#KPC #CST #Protocols KEIKolkata
 
Header compression and multiplexing in LISP
Header compression and multiplexing in LISPHeader compression and multiplexing in LISP
Header compression and multiplexing in LISPJose Saldana
 
DPDK Support for New HW Offloads
DPDK Support for New HW OffloadsDPDK Support for New HW Offloads
DPDK Support for New HW OffloadsNetronome
 
TC Flower Offload
TC Flower OffloadTC Flower Offload
TC Flower OffloadNetronome
 
Colt sp sec2014_appsec-nf-vfinal
Colt sp sec2014_appsec-nf-vfinalColt sp sec2014_appsec-nf-vfinal
Colt sp sec2014_appsec-nf-vfinalCyber Security Alliance
 
Part 9 : Congestion control and IPv6
Part 9 : Congestion control and IPv6Part 9 : Congestion control and IPv6
Part 9 : Congestion control and IPv6Olivier Bonaventure
 
Part 12 : Local Area Networks
Part 12 : Local Area Networks Part 12 : Local Area Networks
Part 12 : Local Area Networks Olivier Bonaventure
 
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecasesLF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecasesLF_OpenvSwitch
 
Part 7 : HTTP/2, UDP and TCP
Part 7 : HTTP/2, UDP and TCPPart 7 : HTTP/2, UDP and TCP
Part 7 : HTTP/2, UDP and TCPOlivier Bonaventure
 
Tuning 17 march
Tuning 17 marchTuning 17 march
Tuning 17 marchBinan AL Halabi
 
Ds1307
Ds1307Ds1307
Ds1307Jackson Martins
 
Dhcp Server Linux Server
Dhcp Server Linux ServerDhcp Server Linux Server
Dhcp Server Linux Servermuh kemal
 
16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)Jeff Green
 
Demuxed 2020
Demuxed 2020Demuxed 2020
Demuxed 2020SeanDuBois3
 

Weitere ähnliche Inhalte

Was ist angesagt?

NetCat - the suiss army knife of network
NetCat - the suiss army knife of networkNetCat - the suiss army knife of network
NetCat - the suiss army knife of networkMehdi Djoughi
 
Tomasz P from Poland
Tomasz P from PolandTomasz P from Poland
Tomasz P from Polandirenazd
 
Netcat 101 by-mahesh-beema
Netcat 101 by-mahesh-beemaNetcat 101 by-mahesh-beema
Netcat 101 by-mahesh-beemaRaghunath G
 
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Pavel Odintsov
 
#KPC #CST #Protocols
#KPC #CST #Protocols #KPC #CST #Protocols
#KPC #CST #Protocols KEIKolkata
 
Header compression and multiplexing in LISP
Header compression and multiplexing in LISPHeader compression and multiplexing in LISP
Header compression and multiplexing in LISPJose Saldana
 
DPDK Support for New HW Offloads
DPDK Support for New HW OffloadsDPDK Support for New HW Offloads
DPDK Support for New HW OffloadsNetronome
 
TC Flower Offload
TC Flower OffloadTC Flower Offload
TC Flower OffloadNetronome
 
Part 9 : Congestion control and IPv6
Part 9 : Congestion control and IPv6Part 9 : Congestion control and IPv6
Part 9 : Congestion control and IPv6Olivier Bonaventure
 
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecasesLF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecasesLF_OpenvSwitch
 
Dhcp Server Linux Server
Dhcp Server Linux ServerDhcp Server Linux Server
Dhcp Server Linux Servermuh kemal
 

Was ist angesagt? (20)

Netcat
NetcatNetcat
Netcat
 
Asfws2014 tproxy
Asfws2014 tproxyAsfws2014 tproxy
Asfws2014 tproxy
 
Protocols
Protocols Protocols
Protocols
 
Netcat
NetcatNetcat
Netcat
 
NetCat - the suiss army knife of network
NetCat - the suiss army knife of networkNetCat - the suiss army knife of network
NetCat - the suiss army knife of network
 
Tomasz P from Poland
Tomasz P from PolandTomasz P from Poland
Tomasz P from Poland
 
Netcat 101 by-mahesh-beema
Netcat 101 by-mahesh-beemaNetcat 101 by-mahesh-beema
Netcat 101 by-mahesh-beema
 
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
 
#KPC #CST #Protocols
#KPC #CST #Protocols #KPC #CST #Protocols
#KPC #CST #Protocols
 
Header compression and multiplexing in LISP
Header compression and multiplexing in LISPHeader compression and multiplexing in LISP
Header compression and multiplexing in LISP
 
DPDK Support for New HW Offloads
DPDK Support for New HW OffloadsDPDK Support for New HW Offloads
DPDK Support for New HW Offloads
 
TC Flower Offload
TC Flower OffloadTC Flower Offload
TC Flower Offload
 
Colt sp sec2014_appsec-nf-vfinal
Colt sp sec2014_appsec-nf-vfinalColt sp sec2014_appsec-nf-vfinal
Colt sp sec2014_appsec-nf-vfinal
 
Part 9 : Congestion control and IPv6
Part 9 : Congestion control and IPv6Part 9 : Congestion control and IPv6
Part 9 : Congestion control and IPv6
 
Part 12 : Local Area Networks
Part 12 : Local Area Networks Part 12 : Local Area Networks
Part 12 : Local Area Networks
 
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecasesLF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
 
Part 7 : HTTP/2, UDP and TCP
Part 7 : HTTP/2, UDP and TCPPart 7 : HTTP/2, UDP and TCP
Part 7 : HTTP/2, UDP and TCP
 
Tuning 17 march
Tuning 17 marchTuning 17 march
Tuning 17 march
 
Ds1307
Ds1307Ds1307
Ds1307
 
Dhcp Server Linux Server
Dhcp Server Linux ServerDhcp Server Linux Server
Dhcp Server Linux Server
 

Ähnlich wie Ice with that sir? Or what webRTC does once it has a UDP connection

16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)Jeff Green
 
Abandon Decades-Old TCPdump for Modern Troubleshooting
Abandon Decades-Old TCPdump for Modern TroubleshootingAbandon Decades-Old TCPdump for Modern Troubleshooting
Abandon Decades-Old TCPdump for Modern TroubleshootingAvi Networks
 
sshuttle VPN (2011-04)
sshuttle VPN (2011-04)sshuttle VPN (2011-04)
sshuttle VPN (2011-04)apenwarr
 
Reconsider TCPdump for Modern Troubleshooting
Reconsider TCPdump for Modern TroubleshootingReconsider TCPdump for Modern Troubleshooting
Reconsider TCPdump for Modern TroubleshootingAvi Networks
 
Jingle: Cutting Edge VoIP
Jingle: Cutting Edge VoIPJingle: Cutting Edge VoIP
Jingle: Cutting Edge VoIPmattjive
 
Advancing IoT Communication Security with TLS and DTLS v1.3
Advancing IoT Communication Security with TLS and DTLS v1.3Advancing IoT Communication Security with TLS and DTLS v1.3
Advancing IoT Communication Security with TLS and DTLS v1.3Hannes Tschofenig
 
Intro tcpip-part1
Intro tcpip-part1Intro tcpip-part1
Intro tcpip-part1Kit Ramsey
 
Training Day Slides
Training Day SlidesTraining Day Slides
Training Day Slidesadam_merritt
 
UAV Data Link Design for Dependable Real-Time Communications
UAV Data Link Design for Dependable Real-Time CommunicationsUAV Data Link Design for Dependable Real-Time Communications
UAV Data Link Design for Dependable Real-Time CommunicationsGerardo Pardo-Castellote
 
Encrypt what? - A lightning talk
Encrypt what? - A lightning talkEncrypt what? - A lightning talk
Encrypt what? - A lightning talkJisc
 
14 network tools
14 network tools14 network tools
14 network toolsShay Cohen
 

Ähnlich wie Ice with that sir? Or what webRTC does once it has a UDP connection (20)

16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)
 
Demuxed 2020
Demuxed 2020Demuxed 2020
Demuxed 2020
 
Webrtc overview
Webrtc overviewWebrtc overview
Webrtc overview
 
Abandon Decades-Old TCPdump for Modern Troubleshooting
Abandon Decades-Old TCPdump for Modern TroubleshootingAbandon Decades-Old TCPdump for Modern Troubleshooting
Abandon Decades-Old TCPdump for Modern Troubleshooting
 
class12_Networking2
class12_Networking2class12_Networking2
class12_Networking2
 
Introduction to VOIP
Introduction to VOIPIntroduction to VOIP
Introduction to VOIP
 
sshuttle VPN (2011-04)
sshuttle VPN (2011-04)sshuttle VPN (2011-04)
sshuttle VPN (2011-04)
 
Reconsider TCPdump for Modern Troubleshooting
Reconsider TCPdump for Modern TroubleshootingReconsider TCPdump for Modern Troubleshooting
Reconsider TCPdump for Modern Troubleshooting
 
Jingle: Cutting Edge VoIP
Jingle: Cutting Edge VoIPJingle: Cutting Edge VoIP
Jingle: Cutting Edge VoIP
 
Os Tucker
Os TuckerOs Tucker
Os Tucker
 
Advancing IoT Communication Security with TLS and DTLS v1.3
Advancing IoT Communication Security with TLS and DTLS v1.3Advancing IoT Communication Security with TLS and DTLS v1.3
Advancing IoT Communication Security with TLS and DTLS v1.3
 
Intro tcpip-part1
Intro tcpip-part1Intro tcpip-part1
Intro tcpip-part1
 
Training Day Slides
Training Day SlidesTraining Day Slides
Training Day Slides
 
TCP/IP Basics
TCP/IP BasicsTCP/IP Basics
TCP/IP Basics
 
UAV Data Link Design for Dependable Real-Time Communications
UAV Data Link Design for Dependable Real-Time CommunicationsUAV Data Link Design for Dependable Real-Time Communications
UAV Data Link Design for Dependable Real-Time Communications
 
F5 tcpdump
F5 tcpdumpF5 tcpdump
F5 tcpdump
 
Assignment on data network
Assignment on data networkAssignment on data network
Assignment on data network
 
Assignment on data network
Assignment on data networkAssignment on data network
Assignment on data network
 
Encrypt what? - A lightning talk
Encrypt what? - A lightning talkEncrypt what? - A lightning talk
Encrypt what? - A lightning talk
 
14 network tools
14 network tools14 network tools
14 network tools
 

Mehr von Tim Panton

10 voipmistakes
10 voipmistakes10 voipmistakes
10 voipmistakesTim Panton
 
Putting the 'web' into webRTC
Putting the 'web' into webRTCPutting the 'web' into webRTC
Putting the 'web' into webRTCTim Panton
 
Simple secure federated identity for webRTC (your new phone number)
Simple secure federated identity for webRTC (your new phone number)Simple secure federated identity for webRTC (your new phone number)
Simple secure federated identity for webRTC (your new phone number)Tim Panton
 
Kranky geek15 - securing IoT with webrtc
Kranky geek15 - securing IoT with webrtcKranky geek15 - securing IoT with webrtc
Kranky geek15 - securing IoT with webrtcTim Panton
 
Kranky geeklondon build an app
Kranky geeklondon build an appKranky geeklondon build an app
Kranky geeklondon build an appTim Panton
 
Yo pet - building a webRTC app in 20 mins
Yo pet - building a webRTC app in 20 minsYo pet - building a webRTC app in 20 mins
Yo pet - building a webRTC app in 20 minsTim Panton
 
Westhawk integration
Westhawk integrationWesthawk integration
Westhawk integrationTim Panton
 
WebRTC Standards overview.
WebRTC Standards overview.WebRTC Standards overview.
WebRTC Standards overview.Tim Panton
 

Mehr von Tim Panton (8)

10 voipmistakes
10 voipmistakes10 voipmistakes
10 voipmistakes
 
Putting the 'web' into webRTC
Putting the 'web' into webRTCPutting the 'web' into webRTC
Putting the 'web' into webRTC
 
Simple secure federated identity for webRTC (your new phone number)
Simple secure federated identity for webRTC (your new phone number)Simple secure federated identity for webRTC (your new phone number)
Simple secure federated identity for webRTC (your new phone number)
 
Kranky geek15 - securing IoT with webrtc
Kranky geek15 - securing IoT with webrtcKranky geek15 - securing IoT with webrtc
Kranky geek15 - securing IoT with webrtc
 
Kranky geeklondon build an app
Kranky geeklondon build an appKranky geeklondon build an app
Kranky geeklondon build an app
 
Yo pet - building a webRTC app in 20 mins
Yo pet - building a webRTC app in 20 minsYo pet - building a webRTC app in 20 mins
Yo pet - building a webRTC app in 20 mins
 
Westhawk integration
Westhawk integrationWesthawk integration
Westhawk integration
 
WebRTC Standards overview.
WebRTC Standards overview.WebRTC Standards overview.
WebRTC Standards overview.
 

Kürzlich hochgeladen

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 

Kürzlich hochgeladen (20)

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 

Ice with that sir? Or what webRTC does once it has a UDP connection

  • 1. What to do now you have a hole in the ice Tim Panton - Protocol Droid Westhawk Ltd
  • 3. Make a secure P2P media + data connection? Use existing protocols: SRTP x2 - encrypted RTP for voice + video DTLS - secure set up SCTP - datagram protocol RTCP - channel stats and management
  • 4. Multiplex all the things +----------------+ | 127 < B < 192 -+--> forward to RTP | | packet --> | 19 < B < 64 -+--> forward to DTLS | | | B < 2 -+--> forward to ICE +----------------+
  • 5. Huh ? Why is ICE there ? Continuing consent to send: We are sending ~1mbit/s of video Imagine the user closes the receiving tab Signalling is gone ICE re-tests connection every 30s Can re-establish a session over different path
  • 6. We know all about RTP Maybe not: SRTP - but uses DTLS to exchange the keys. Possibly multiple multiplexed streams RTCP too. Optional Headers (voice level etc)
  • 7. DTLS - what is that? TLS (aka SSL) ’s UDP cousin: Uses Public key crypto to exchange session key Session key extracted and used for SRTP key Also carries datachannel messages Does not carry media
  • 8. DTLS - not quite like SSL DTLS in webRTC has different requirements: Does not use PKI - no certs to buy Has heartbeat DTLS is client server Peers have to agree who is the client (rant)
  • 9. Was all that worth it? Probably: Secure - selectable crypto suites No passwords No central authority Distributed system - but existing SRTP code used
  • 10. You forgot STCP Oops: Originally designed to run alongside TCP webRTC uses it to provide Datachannel transport Run over DTLS (over UDP) Useful semantics - more flexible that TCP More widely used than you think (telcos)
  • 11. A new layer? Perhaps: We have a modern set of secure peer to peer network protocols supported by > 1bn endpoints and counting. It runs well over the existing internet infrastructure Lets use it to build fun stuff.