SlideShare ist ein Scribd-Unternehmen logo

Privacy Enhanced RTP Conferencing with WebRTC - PERC

Arnaud BUDKIEWICZ
Arnaud BUDKIEWICZ

Nowadays the cloud made deploying RTP conferencing solutions easier than ever. Wether you manage your own instances in a public cloud, or you use a (C)PaaS, not having to deal with the underlying physical machines, Virtual Machines, Operating Systems, .... has lower the adoption bar. Unfortunately, it has also introduced some security concerns, since your data is now flowing through a third-party machine, possibly in clear. WebRTC is fully encrypted end-to-end, but only for p2p connection. In connections that go through a media server, it's only encrypted hop-by-hop, leaving the Media Server accessing the media in clear. Anybody who would compromise the media server (or issue a gag order to the operator) would have access to your data. For many, this is unacceptable, and for a few, this is actually against regulations (Banks, MPAA, HIPAA, EU Telco operators, ....). Privacy Enhanced RTP Conferencing, PERC in short, comes up with solutions to achieve true end-to-end encryption, solutions that prevent third-party Media Server for ever having access to the media in Clear. Active participants to the corresponding PERC Working Group at IETF, we have also implemented the first public solution in chrome (client-side) and Jitsi Media Server and Janus (server-side), in used by banks today. We will provide here some insight about how one can benefit from PERC, and which modifications are needed on client side and server side.

Ingenieurwesen
1 von 27
“Is this line secure?” Privacy Enhanced RTP Conferencing Arnaud Budkiewicz Director of Collaboration, Symphony credit: General Artists Corporation
About me Telecom disrupter since 1998 • WebRTC Pioneer since 2010 • W3C Member Joined Symphony Early 2016 to build Symphony Meetings • Audio/Video Conferencing, Screen sharing • Compliant • End-to-end encrypted
What is Symphony? SECURE ENTERPRISE COLLABORATION PLATFORM • Trusted Global Directory • Robust chat • Apps, bots and integrations • Compliant with global regulations • Secure and open Customers includes: BlackRock, Citi, Goldman Sachs, J.P. Morgan, Morgan Stanley, Wells Fargo
Symphony Customers environment How do customers connect to Symphony • Not RTC friendly: • Mobile Solutions: MDM wrapping • Desktop OS: Windows 7, Classic Mode • Virtual Desktops: Citrix Xendesk, VMware • Browsers: IE • Proxies, Firewalls, SSL Termination • + SLA, Compliance, E2E Encryption Intercom Essential Trading Systems Keyboard Bloomberg Starboard Deskset Cisco 7900 series + Expansion units Turret BT IP Trade T4 OS Windows 7 (classic mode) VDI Citrix XenDesktop VMware Horizon
DC/VPN Customer Pod Shared Infrastructure Key Manager Key Manager Customer Premises How do customers connect to Symphony Symphony Customers environment • Content fully recorded • End-to-end Encrypted • With Customer Keys • Managed on premises
Does WebRTC offer End-to-end Media Encryption?
Cloud provider Alice Bob Encryption Key are generated in/by the browser Application Server Javascript Frontend Javascript Frontend This is a true End-To-End encryption (E2E) WebRTC Default Case - P2P
TURN Server Cloud provider Alice Bob Encryption Key are generated in/by the browser Application Server Javascript Frontend Javascript Frontend TURN Server DOES NOT terminate the encryption, also a true E2E encryption WebRTC Default Case - TURN
Cloud provider Alice Bob Encryption Key are generated in/by the browser Application Server Media Server Hop-by-Hop encryption (HBH) RAW MEDIA / CONTENT Javascript Frontend Javascript Frontend Media Server DOES terminate the encryption, content in clear on the server WebRTC Default Case - Media Server
Enterprise Internal Network Cloud “Untrusted” provider Alice Bob Encryption Keys Application Server Javascript Frontend Javascript Frontend Media Server Media Server DOES terminate the encryption, content encrypted on the server WebRTC Double Encryption – PERC lite E2E encryption of the content + Hop-by-Hop encryption (HBH) = Backward compatibility
Enterprise Internal Network Media Server Cloud “Untrusted” provider Alice Bob Key Manager Encryption Keys Application Server Media Server DOES terminate the encryption, content encrypted on the server Symphony Use Case - Key Management E2E encryption of the content + Hop-by-Hop encryption (HBH) = Backward compatibility Javascript Frontend Javascript Frontend
RTP Packet structure IP Header UDP Header RTP Header RTP Payload Type of Service, Time to Live, Source and Destination IP Address Protocol Identifier Source and destination ports, Data lenght, Checksum… RTP Payload Type, Sequence Number, Timestamp… Numerous Payload CODECS types exist, Each with differing structural and encoding methods
RTP Packet structure : VP8 IP Header UDP Header RTP Header RTP Payload VP8 Payload Descriptor VP8 Encoded Media
SRTP Packet structure vs RTP IP Header UDP Header RTP Header RTP Payload RTP IP Header UDP Header RTP Header RTP Payload Encrypted MKI AUTH Encrypted Portion Authenticated Portion Master Key Identifier Authentication Tag for RTP Header and Payload SRTP
RTP Header SRTP Packet structure vs RTP : VP8 RTP Header VP8 Encoded Media VP8 Payload Descriptor VP8 Encoded Media Signature VP8 Payload Descriptor RTP Header RTP packet SRTP packet Encrypted
SRTP Encrypted Media Transfer: SFU RTP Header VP8 Payload Descriptor VP8 Encoded Media Signature RTP Header SRTP packet Encrypted VP8 Payload Descriptor VP8 Encoded Media RTP Header RTP packet VP8 Payload Descriptor MODIFIED VP8 Encoded Media RTP Header VP8 Payload Descriptor MODIFIED VP8 Encoded Media RTP Header Packet are routed depending on Payload Headers HBH RTP Header VP8 Payload Descriptor MODIFIED VP8 Encoded Media Signature RTP Header Encrypted RTP Header VP8 Payload Descriptor MODIFED VP8 Encoded Media Signature RTP Header Encrypted HBH HBH
Double-Encrypted Media Transfer: PERC VP8 Payload Descriptor MODIFIED VP8 Encoded Media RTP Header RTP packet RTP Header VP8 Payload Descriptor VP8 Encoded Media Signature E2E RTP Header SRTP packet Encrypted E2E E2E RTP Header Encrypted HBH RTP Header PERC packet RTP Header VP8 Payload Descriptor VP8 Encoded Media Signature E2E Encrypted E2E HBH Signature HBH
Double-Encrypted Media Transfer within SFU RTP Header Encrypted HBH RTP Header PERC packet RTP Header VP8 Payload Descriptor VP8 Encoded Media Signature E2E Encrypted E2E Signature HBH RTP Header VP8 Payload Descriptor VP8 Encoded Media Signature E2E RTP Header SRTP packet Encrypted E2E HBH Packet are routed depending on Payload headers VP8 Payload Descriptor MODIFIED VP8 Encoded Media RTP Header VP8 Payload Descriptor MODIFIED VP8 Encoded Media RTP Header SFU CAN NOT read the VP8 Payload Descriptor
Solution: Frame Marking VP8 Payload Descriptor MODIFIED VP8 Encoded Media RTP Header RTP packet Part of Payload descriptor is copied over in RTC Header as an Extension RTP Header VP8 Payload Descriptor VP8 Encoded Media Signature E2E RTP Header SRTP packet RTC Header Extension Encrypted E2E E2E HBH RTP Header PERC packet RTP Header Encrypted HBH RTP Header VP8 Payload Descriptor VP8 Encoded Media Signature E2E Encrypted E2E Signature HBH RTC Header Extension
Packet are routed depending on Frame Marking Header Extension instead of regular Payload Headers PERC Encrypted Media Transfer: smartSFU Encrypted HBH RTP Header PERC packet RTP Header Encrypted HBH RTP Header VP8 Payload Descriptor VP8 Encoded Media Signature E2E Encrypted E2E Signature HBH RTC Header Extension RTP Header VP8 Payload Descriptor VP8 Encoded Media Signature E2E RTP Header SRTP packet RTC Header Extension Encrypted E2E HBH HBH RTP Header RTP Header Encrypted HBH RTP Header VP8 Payload Descriptor VP8 Encoded Media Signature E2E Encrypted E2E Signature HBH RTC Header Extension RTP Header RTP Header Encrypted HBH RTP Header VP8 Payload Descriptor VP8 Encoded Media Signature E2E Encrypted E2E Signature HBH RTC Header Extension RTP Header VP8 Payload Descriptor VP8 Encoded Media Signature E2E RTP Header RTC Header Extension Encrypted E2E RTP Header VP8 Payload Descriptor VP8 Encoded Media Signature E2E RTP Header RTC Header Extension Encrypted E2E
Minimum viable PERC implementation • Minimal impact on both UA and Media Distributor • E2E Keys are injected on UA side • No RTC E2E Header Extensions, no use case was found • Just support Frame Marking extension and use it to check for I frames, start & end frame marks and SVC layer indexes. • Original Header Block (OHB) carried in the RTP Payload (Encrypted Payload Header) • Second encryption is Media-Payload only, no changes required in RTP Processing (transparent for FEC, RED, RTX and other quality mechanisms)
• Already available for Symphony Customers • RFC PERC lite Draft is under construction (draft) Status • 3 Media Distributors • Jitsi • Medooze • Janus • Chrome 57+ libwertc and chromium implementation available (source code) • PRs against Chromium • Implement FrameMarking header extension support (2954503002) • Implement End to End media encryption (aka. PERC lite) (2960093003)
Credits Atlassian, Jitsi • Emil Ivov • Boris Grozev CoSMO Software and Medooze • Alexandre Gouaillard • Sergio Garcia Murillo Meetecho, Janus • Lorenzo Miniero
Questions? Privacy Enhanced RTP Conferencing Arnaud Budkiewicz Director of Collaboration, Symphony credit: Pete Souza
Procedures at the Media sender Payload (media)Header Extensions Padding Header’ Payload (media) Clone without - Extensions - Padding Header’ Encrypted Payload (media) SRTP tag SRTP Encrypt Header Extensions Padding Remove first byte (to reduce size) EPH Encrypted Payload (media) SRTP tag EPH Encrypted Payload (media) SRTP tag Replace RTP payload Continue normally: RTX/RED/FEC and DTLS/SRTP Original RTP media packet RTP packet with Media encrypted E2E credit: Sergio Garcia Murillo
Encrypted Payload Header Almost the same than an RTP Header without version, padding and extension bits. credit: Sergio Garcia Murillo
DTLS/SRTP and RTX/RED/FEC normal process Procedures at the Media Receiver Encrypted PayloadHeader Extensions Padding Clone payload and append 1 byte (0x80) to complete RTP Header Incoming RTP media packet 0x80 SRTPDecrypt Header’ Encrypted Payload (media) SRTP tag EPH Encrypted Payload (media) SRTP tag Which is the same as: Header’ Payload (media) Header Extensions PaddingPayload (media) Replace RTP payload credit: Sergio Garcia Murillo

Empfohlen

Welcome to JanusCon! -- Past, Present and Future of Janus
Welcome to JanusCon! -- Past, Present and Future of JanusWelcome to JanusCon! -- Past, Present and Future of Janus
Welcome to JanusCon! -- Past, Present and Future of JanusLorenzo Miniero
 
Open vSwitch Introduction
Open vSwitch IntroductionOpen vSwitch Introduction
Open vSwitch IntroductionHungWei Chiu
 
Token engineering presentation 5 13-18
Token engineering presentation 5 13-18Token engineering presentation 5 13-18
Token engineering presentation 5 13-18Michael Zargham
 
Istio Service Mesh for Developers and Platform Engineers
Istio Service Mesh for Developers and Platform EngineersIstio Service Mesh for Developers and Platform Engineers
Istio Service Mesh for Developers and Platform EngineersSaiLinnThu2
 
Deep Dive into Building a Secure & Multi-tenant SaaS Solution with NATS
Deep Dive into Building a Secure & Multi-tenant SaaS Solution with NATSDeep Dive into Building a Secure & Multi-tenant SaaS Solution with NATS
Deep Dive into Building a Secure & Multi-tenant SaaS Solution with NATSNATS
 
Dex and Uniswap
Dex and UniswapDex and Uniswap
Dex and UniswapGene Leybzon
 
Akka Actor presentation
Akka Actor presentationAkka Actor presentation
Akka Actor presentationGene Chang
 
NATS for Modern Messaging and Microservices
NATS for Modern Messaging and MicroservicesNATS for Modern Messaging and Microservices
NATS for Modern Messaging and MicroservicesApcera
 

Empfohlen

Welcome to JanusCon! -- Past, Present and Future of Janus
Welcome to JanusCon! -- Past, Present and Future of JanusWelcome to JanusCon! -- Past, Present and Future of Janus
Welcome to JanusCon! -- Past, Present and Future of JanusLorenzo Miniero
 
Open vSwitch Introduction
Open vSwitch IntroductionOpen vSwitch Introduction
Open vSwitch IntroductionHungWei Chiu
 
Token engineering presentation 5 13-18
Token engineering presentation 5 13-18Token engineering presentation 5 13-18
Token engineering presentation 5 13-18Michael Zargham
 
Istio Service Mesh for Developers and Platform Engineers
Istio Service Mesh for Developers and Platform EngineersIstio Service Mesh for Developers and Platform Engineers
Istio Service Mesh for Developers and Platform EngineersSaiLinnThu2
 
Deep Dive into Building a Secure & Multi-tenant SaaS Solution with NATS
Deep Dive into Building a Secure & Multi-tenant SaaS Solution with NATSDeep Dive into Building a Secure & Multi-tenant SaaS Solution with NATS
Deep Dive into Building a Secure & Multi-tenant SaaS Solution with NATSNATS
 
Dex and Uniswap
Dex and UniswapDex and Uniswap
Dex and UniswapGene Leybzon
 
Akka Actor presentation
Akka Actor presentationAkka Actor presentation
Akka Actor presentationGene Chang
 
NATS for Modern Messaging and Microservices
NATS for Modern Messaging and MicroservicesNATS for Modern Messaging and Microservices
NATS for Modern Messaging and MicroservicesApcera
 
Delivering Agile Data Science on Openshift - Red Hat Summit 2019
Delivering Agile Data Science on Openshift - Red Hat Summit 2019Delivering Agile Data Science on Openshift - Red Hat Summit 2019
Delivering Agile Data Science on Openshift - Red Hat Summit 2019John Archer
 
Architecting for the Cloud using NetflixOSS - Codemash Workshop
Architecting for the Cloud using NetflixOSS - Codemash WorkshopArchitecting for the Cloud using NetflixOSS - Codemash Workshop
Architecting for the Cloud using NetflixOSS - Codemash WorkshopSudhir Tonse
 
Kafka Streams State Stores Being Persistent
Kafka Streams State Stores Being PersistentKafka Streams State Stores Being Persistent
Kafka Streams State Stores Being Persistentconfluent
 
Continuous Lifecycle London 2018 Event Keynote
Continuous Lifecycle London 2018 Event KeynoteContinuous Lifecycle London 2018 Event Keynote
Continuous Lifecycle London 2018 Event KeynoteWeaveworks
 
Microservices Part 3 Service Mesh and Kafka
Microservices Part 3 Service Mesh and KafkaMicroservices Part 3 Service Mesh and Kafka
Microservices Part 3 Service Mesh and KafkaAraf Karsh Hamid
 
Institutional DeFi Architecture
Institutional DeFi ArchitectureInstitutional DeFi Architecture
Institutional DeFi ArchitectureFloyd DCosta
 
Ethereum in a nutshell
Ethereum in a nutshellEthereum in a nutshell
Ethereum in a nutshellDaniel Chan
 
Actor model : A Different Concurrency Approach
Actor model : A Different Concurrency ApproachActor model : A Different Concurrency Approach
Actor model : A Different Concurrency ApproachEmre Akış
 
[MeetUp][1st] 오리뎅이의_쿠버네티스_네트워킹
[MeetUp][1st] 오리뎅이의_쿠버네티스_네트워킹[MeetUp][1st] 오리뎅이의_쿠버네티스_네트워킹
[MeetUp][1st] 오리뎅이의_쿠버네티스_네트워킹InfraEngineer
 
Polygon Presents "DeFi For All: Build DeFi For Mass Adoption"
Polygon Presents "DeFi For All: Build DeFi For Mass Adoption"Polygon Presents "DeFi For All: Build DeFi For Mass Adoption"
Polygon Presents "DeFi For All: Build DeFi For Mass Adoption"XendFinance
 
Docker & kubernetes
Docker & kubernetesDocker & kubernetes
Docker & kubernetesNexThoughts Technologies
 
Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Jen Andre
 
Kubernetes Summit 2023: Head First Kubernetes
Kubernetes Summit 2023: Head First Kubernetes Kubernetes Summit 2023: Head First Kubernetes
Kubernetes Summit 2023: Head First Kubernetes smalltown
 
Open vSwitch와 Mininet을 이용한 가상 네트워크 생성과 OpenDaylight를 사용한 네트워크 제어실험
Open vSwitch와 Mininet을 이용한 가상 네트워크 생성과 OpenDaylight를 사용한 네트워크 제어실험Open vSwitch와 Mininet을 이용한 가상 네트워크 생성과 OpenDaylight를 사용한 네트워크 제어실험
Open vSwitch와 Mininet을 이용한 가상 네트워크 생성과 OpenDaylight를 사용한 네트워크 제어실험Seung-Hoon Baek
 
An Investor's Guide to Web3 / Crypto / Blockchain
An Investor's Guide to Web3 / Crypto / BlockchainAn Investor's Guide to Web3 / Crypto / Blockchain
An Investor's Guide to Web3 / Crypto / BlockchainBernard Leong
 
Microservices with Docker, Kubernetes, and Jenkins
Microservices with Docker, Kubernetes, and JenkinsMicroservices with Docker, Kubernetes, and Jenkins
Microservices with Docker, Kubernetes, and JenkinsRed Hat Developers
 
KubeCon EU 2022: From Kubernetes to PaaS to Err What's Next
KubeCon EU 2022: From Kubernetes to PaaS to Err What's NextKubeCon EU 2022: From Kubernetes to PaaS to Err What's Next
KubeCon EU 2022: From Kubernetes to PaaS to Err What's NextDaniel Bryant
 
reveal.js 3.0.0
reveal.js 3.0.0reveal.js 3.0.0
reveal.js 3.0.0Hakim El Hattab
 
Deep dive into Kubernetes Networking
Deep dive into Kubernetes NetworkingDeep dive into Kubernetes Networking
Deep dive into Kubernetes NetworkingSreenivas Makam
 
ERC20 Step-by-Step - Creating Your First Ethereum Token
ERC20 Step-by-Step - Creating Your First Ethereum TokenERC20 Step-by-Step - Creating Your First Ethereum Token
ERC20 Step-by-Step - Creating Your First Ethereum TokenCodeOps Technologies LLP
 
WebRTC Standards from Tim Panton
WebRTC Standards from Tim PantonWebRTC Standards from Tim Panton
WebRTC Standards from Tim PantonAlan Quayle
 
Rebaca's Video Delivery Expertise Overview
Rebaca's Video Delivery Expertise OverviewRebaca's Video Delivery Expertise Overview
Rebaca's Video Delivery Expertise OverviewArshad Mahmood
 

Weitere ähnliche Inhalte

Was ist angesagt?

Delivering Agile Data Science on Openshift - Red Hat Summit 2019
Delivering Agile Data Science on Openshift - Red Hat Summit 2019Delivering Agile Data Science on Openshift - Red Hat Summit 2019
Delivering Agile Data Science on Openshift - Red Hat Summit 2019John Archer
 
Architecting for the Cloud using NetflixOSS - Codemash Workshop
Architecting for the Cloud using NetflixOSS - Codemash WorkshopArchitecting for the Cloud using NetflixOSS - Codemash Workshop
Architecting for the Cloud using NetflixOSS - Codemash WorkshopSudhir Tonse
 
Kafka Streams State Stores Being Persistent
Kafka Streams State Stores Being PersistentKafka Streams State Stores Being Persistent
Kafka Streams State Stores Being Persistentconfluent
 
Continuous Lifecycle London 2018 Event Keynote
Continuous Lifecycle London 2018 Event KeynoteContinuous Lifecycle London 2018 Event Keynote
Continuous Lifecycle London 2018 Event KeynoteWeaveworks
 
Microservices Part 3 Service Mesh and Kafka
Microservices Part 3 Service Mesh and KafkaMicroservices Part 3 Service Mesh and Kafka
Microservices Part 3 Service Mesh and KafkaAraf Karsh Hamid
 
Institutional DeFi Architecture
Institutional DeFi ArchitectureInstitutional DeFi Architecture
Institutional DeFi ArchitectureFloyd DCosta
 
Ethereum in a nutshell
Ethereum in a nutshellEthereum in a nutshell
Ethereum in a nutshellDaniel Chan
 
Actor model : A Different Concurrency Approach
Actor model : A Different Concurrency ApproachActor model : A Different Concurrency Approach
Actor model : A Different Concurrency ApproachEmre Akış
 
[MeetUp][1st] 오리뎅이의_쿠버네티스_네트워킹
[MeetUp][1st] 오리뎅이의_쿠버네티스_네트워킹[MeetUp][1st] 오리뎅이의_쿠버네티스_네트워킹
[MeetUp][1st] 오리뎅이의_쿠버네티스_네트워킹InfraEngineer
 
Polygon Presents "DeFi For All: Build DeFi For Mass Adoption"
Polygon Presents "DeFi For All: Build DeFi For Mass Adoption"Polygon Presents "DeFi For All: Build DeFi For Mass Adoption"
Polygon Presents "DeFi For All: Build DeFi For Mass Adoption"XendFinance
 
Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Jen Andre
 
Kubernetes Summit 2023: Head First Kubernetes
Kubernetes Summit 2023: Head First Kubernetes Kubernetes Summit 2023: Head First Kubernetes
Kubernetes Summit 2023: Head First Kubernetes smalltown
 
Open vSwitch와 Mininet을 이용한 가상 네트워크 생성과 OpenDaylight를 사용한 네트워크 제어실험
Open vSwitch와 Mininet을 이용한 가상 네트워크 생성과 OpenDaylight를 사용한 네트워크 제어실험Open vSwitch와 Mininet을 이용한 가상 네트워크 생성과 OpenDaylight를 사용한 네트워크 제어실험
Open vSwitch와 Mininet을 이용한 가상 네트워크 생성과 OpenDaylight를 사용한 네트워크 제어실험Seung-Hoon Baek
 
An Investor's Guide to Web3 / Crypto / Blockchain
An Investor's Guide to Web3 / Crypto / BlockchainAn Investor's Guide to Web3 / Crypto / Blockchain
An Investor's Guide to Web3 / Crypto / BlockchainBernard Leong
 
Microservices with Docker, Kubernetes, and Jenkins
Microservices with Docker, Kubernetes, and JenkinsMicroservices with Docker, Kubernetes, and Jenkins
Microservices with Docker, Kubernetes, and JenkinsRed Hat Developers
 
KubeCon EU 2022: From Kubernetes to PaaS to Err What's Next
KubeCon EU 2022: From Kubernetes to PaaS to Err What's NextKubeCon EU 2022: From Kubernetes to PaaS to Err What's Next
KubeCon EU 2022: From Kubernetes to PaaS to Err What's NextDaniel Bryant
 
Deep dive into Kubernetes Networking
Deep dive into Kubernetes NetworkingDeep dive into Kubernetes Networking
Deep dive into Kubernetes NetworkingSreenivas Makam
 
ERC20 Step-by-Step - Creating Your First Ethereum Token
ERC20 Step-by-Step - Creating Your First Ethereum TokenERC20 Step-by-Step - Creating Your First Ethereum Token
ERC20 Step-by-Step - Creating Your First Ethereum TokenCodeOps Technologies LLP
 

Was ist angesagt? (20)

Delivering Agile Data Science on Openshift - Red Hat Summit 2019
Delivering Agile Data Science on Openshift - Red Hat Summit 2019Delivering Agile Data Science on Openshift - Red Hat Summit 2019
Delivering Agile Data Science on Openshift - Red Hat Summit 2019
 
Architecting for the Cloud using NetflixOSS - Codemash Workshop
Architecting for the Cloud using NetflixOSS - Codemash WorkshopArchitecting for the Cloud using NetflixOSS - Codemash Workshop
Architecting for the Cloud using NetflixOSS - Codemash Workshop
 
Kafka Streams State Stores Being Persistent
Kafka Streams State Stores Being PersistentKafka Streams State Stores Being Persistent
Kafka Streams State Stores Being Persistent
 
Continuous Lifecycle London 2018 Event Keynote
Continuous Lifecycle London 2018 Event KeynoteContinuous Lifecycle London 2018 Event Keynote
Continuous Lifecycle London 2018 Event Keynote
 
Microservices Part 3 Service Mesh and Kafka
Microservices Part 3 Service Mesh and KafkaMicroservices Part 3 Service Mesh and Kafka
Microservices Part 3 Service Mesh and Kafka
 
Institutional DeFi Architecture
Institutional DeFi ArchitectureInstitutional DeFi Architecture
Institutional DeFi Architecture
 
Ethereum in a nutshell
Ethereum in a nutshellEthereum in a nutshell
Ethereum in a nutshell
 
Actor model : A Different Concurrency Approach
Actor model : A Different Concurrency ApproachActor model : A Different Concurrency Approach
Actor model : A Different Concurrency Approach
 
[MeetUp][1st] 오리뎅이의_쿠버네티스_네트워킹
[MeetUp][1st] 오리뎅이의_쿠버네티스_네트워킹[MeetUp][1st] 오리뎅이의_쿠버네티스_네트워킹
[MeetUp][1st] 오리뎅이의_쿠버네티스_네트워킹
 
Polygon Presents "DeFi For All: Build DeFi For Mass Adoption"
Polygon Presents "DeFi For All: Build DeFi For Mass Adoption"Polygon Presents "DeFi For All: Build DeFi For Mass Adoption"
Polygon Presents "DeFi For All: Build DeFi For Mass Adoption"
 
Docker & kubernetes
Docker & kubernetesDocker & kubernetes
Docker & kubernetes
 
Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'
 
Kubernetes Summit 2023: Head First Kubernetes
Kubernetes Summit 2023: Head First Kubernetes Kubernetes Summit 2023: Head First Kubernetes
Kubernetes Summit 2023: Head First Kubernetes
 
Open vSwitch와 Mininet을 이용한 가상 네트워크 생성과 OpenDaylight를 사용한 네트워크 제어실험
Open vSwitch와 Mininet을 이용한 가상 네트워크 생성과 OpenDaylight를 사용한 네트워크 제어실험Open vSwitch와 Mininet을 이용한 가상 네트워크 생성과 OpenDaylight를 사용한 네트워크 제어실험
Open vSwitch와 Mininet을 이용한 가상 네트워크 생성과 OpenDaylight를 사용한 네트워크 제어실험
 
An Investor's Guide to Web3 / Crypto / Blockchain
An Investor's Guide to Web3 / Crypto / BlockchainAn Investor's Guide to Web3 / Crypto / Blockchain
An Investor's Guide to Web3 / Crypto / Blockchain
 
Microservices with Docker, Kubernetes, and Jenkins
Microservices with Docker, Kubernetes, and JenkinsMicroservices with Docker, Kubernetes, and Jenkins
Microservices with Docker, Kubernetes, and Jenkins
 
KubeCon EU 2022: From Kubernetes to PaaS to Err What's Next
KubeCon EU 2022: From Kubernetes to PaaS to Err What's NextKubeCon EU 2022: From Kubernetes to PaaS to Err What's Next
KubeCon EU 2022: From Kubernetes to PaaS to Err What's Next
 
reveal.js 3.0.0
reveal.js 3.0.0reveal.js 3.0.0
reveal.js 3.0.0
 
Deep dive into Kubernetes Networking
Deep dive into Kubernetes NetworkingDeep dive into Kubernetes Networking
Deep dive into Kubernetes Networking
 
ERC20 Step-by-Step - Creating Your First Ethereum Token
ERC20 Step-by-Step - Creating Your First Ethereum TokenERC20 Step-by-Step - Creating Your First Ethereum Token
ERC20 Step-by-Step - Creating Your First Ethereum Token
 

Ähnlich wie Privacy Enhanced RTP Conferencing with WebRTC - PERC

WebRTC Standards from Tim Panton
WebRTC Standards from Tim PantonWebRTC Standards from Tim Panton
WebRTC Standards from Tim PantonAlan Quayle
 
Rebaca's Video Delivery Expertise Overview
Rebaca's Video Delivery Expertise OverviewRebaca's Video Delivery Expertise Overview
Rebaca's Video Delivery Expertise OverviewArshad Mahmood
 
“What Every Digital TV Executive Needs to Know About Adaptive Rate Streaming...
“What Every Digital TV Executive Needs to Know About Adaptive Rate Streaming... “What Every Digital TV Executive Needs to Know About Adaptive Rate Streaming...
“What Every Digital TV Executive Needs to Know About Adaptive Rate Streaming...Verimatrix
 
Converging IPTV and OTT: Building an Enhanced Value Proposition for Consumers
Converging IPTV and OTT: Building an Enhanced Value Proposition for ConsumersConverging IPTV and OTT: Building an Enhanced Value Proposition for Consumers
Converging IPTV and OTT: Building an Enhanced Value Proposition for ConsumersVerimatrix
 
Building Voice
Building Voice Building Voice
Building Voice Videoguy
 
Flash and HTML5 Video
Flash and HTML5 VideoFlash and HTML5 Video
Flash and HTML5 VideoYoss Cohen
 
WebRTC Videobroadcasting
WebRTC VideobroadcastingWebRTC Videobroadcasting
WebRTC VideobroadcastingRavi Kuril
 
WebRTC overview
WebRTC overviewWebRTC overview
WebRTC overviewRouyun Pan
 
Webrtc - rich communication - quobis - victor pascual
Webrtc - rich communication - quobis - victor pascualWebrtc - rich communication - quobis - victor pascual
Webrtc - rich communication - quobis - victor pascualAlan Quayle
 
WebRTC Standards & Implementation Q&A - The Internals of WebRTC Browsers Impl...
WebRTC Standards & Implementation Q&A - The Internals of WebRTC Browsers Impl...WebRTC Standards & Implementation Q&A - The Internals of WebRTC Browsers Impl...
WebRTC Standards & Implementation Q&A - The Internals of WebRTC Browsers Impl...Amir Zmora
 
The FRAFOS ABC SBC WebRTC gateway
The FRAFOS ABC SBC WebRTC gateway The FRAFOS ABC SBC WebRTC gateway
The FRAFOS ABC SBC WebRTC gateway stefansayer
 
Insertable Streams and E2EE @ ClueCon2020
Insertable Streams and E2EE @ ClueCon2020Insertable Streams and E2EE @ ClueCon2020
Insertable Streams and E2EE @ ClueCon2020Lorenzo Miniero
 
FIWARE Global Summit - Real-time Media Stream Processing Using Kurento
FIWARE Global Summit - Real-time Media Stream Processing Using KurentoFIWARE Global Summit - Real-time Media Stream Processing Using Kurento
FIWARE Global Summit - Real-time Media Stream Processing Using KurentoFIWARE
 

Ähnlich wie Privacy Enhanced RTP Conferencing with WebRTC - PERC (20)

WebRTC Standards from Tim Panton
WebRTC Standards from Tim PantonWebRTC Standards from Tim Panton
WebRTC Standards from Tim Panton
 
Rebaca's Video Delivery Expertise Overview
Rebaca's Video Delivery Expertise OverviewRebaca's Video Delivery Expertise Overview
Rebaca's Video Delivery Expertise Overview
 
Slide
SlideSlide
Slide
 
“What Every Digital TV Executive Needs to Know About Adaptive Rate Streaming...
“What Every Digital TV Executive Needs to Know About Adaptive Rate Streaming... “What Every Digital TV Executive Needs to Know About Adaptive Rate Streaming...
“What Every Digital TV Executive Needs to Know About Adaptive Rate Streaming...
 
Web rtc.intro
Web rtc.introWeb rtc.intro
Web rtc.intro
 
Converging IPTV and OTT: Building an Enhanced Value Proposition for Consumers
Converging IPTV and OTT: Building an Enhanced Value Proposition for ConsumersConverging IPTV and OTT: Building an Enhanced Value Proposition for Consumers
Converging IPTV and OTT: Building an Enhanced Value Proposition for Consumers
 
WebRTC: an introduction
WebRTC: an introductionWebRTC: an introduction
WebRTC: an introduction
 
Building Voice
Building Voice Building Voice
Building Voice
 
Flash and HTML5 Video
Flash and HTML5 VideoFlash and HTML5 Video
Flash and HTML5 Video
 
WebRTC Videobroadcasting
WebRTC VideobroadcastingWebRTC Videobroadcasting
WebRTC Videobroadcasting
 
WebRTC overview
WebRTC overviewWebRTC overview
WebRTC overview
 
Webrtc - rich communication - quobis - victor pascual
Webrtc - rich communication - quobis - victor pascualWebrtc - rich communication - quobis - victor pascual
Webrtc - rich communication - quobis - victor pascual
 
WebRTC Standards & Implementation Q&A - The Internals of WebRTC Browsers Impl...
WebRTC Standards & Implementation Q&A - The Internals of WebRTC Browsers Impl...WebRTC Standards & Implementation Q&A - The Internals of WebRTC Browsers Impl...
WebRTC Standards & Implementation Q&A - The Internals of WebRTC Browsers Impl...
 
Iptv
IptvIptv
Iptv
 
The FRAFOS ABC SBC WebRTC gateway
The FRAFOS ABC SBC WebRTC gateway The FRAFOS ABC SBC WebRTC gateway
The FRAFOS ABC SBC WebRTC gateway
 
Workshop oracle
Workshop oracleWorkshop oracle
Workshop oracle
 
Surf Communication Solutions - Surf General
Surf Communication Solutions - Surf GeneralSurf Communication Solutions - Surf General
Surf Communication Solutions - Surf General
 
Insertable Streams and E2EE @ ClueCon2020
Insertable Streams and E2EE @ ClueCon2020Insertable Streams and E2EE @ ClueCon2020
Insertable Streams and E2EE @ ClueCon2020
 
Rtsp
RtspRtsp
Rtsp
 
FIWARE Global Summit - Real-time Media Stream Processing Using Kurento
FIWARE Global Summit - Real-time Media Stream Processing Using KurentoFIWARE Global Summit - Real-time Media Stream Processing Using Kurento
FIWARE Global Summit - Real-time Media Stream Processing Using Kurento
 

Kürzlich hochgeladen

CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordAsst.prof M.Gokilavani
 
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTINGMANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTINGSIVASHANKAR N
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Call Girls in Nagpur High Profile
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfankushspencer015
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdfKamal Acharya
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingrknatarajan
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...ranjana rawat
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISrknatarajan
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...ranjana rawat
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Christo Ananth
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSSIVASHANKAR N
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlysanyuktamishra911
 

Kürzlich hochgeladen (20)

CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTINGMANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdf
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSIS
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
 

Privacy Enhanced RTP Conferencing with WebRTC - PERC

  • 1. “Is this line secure?” Privacy Enhanced RTP Conferencing Arnaud Budkiewicz Director of Collaboration, Symphony credit: General Artists Corporation
  • 2. About me Telecom disrupter since 1998 • WebRTC Pioneer since 2010 • W3C Member Joined Symphony Early 2016 to build Symphony Meetings • Audio/Video Conferencing, Screen sharing • Compliant • End-to-end encrypted
  • 3. What is Symphony? SECURE ENTERPRISE COLLABORATION PLATFORM • Trusted Global Directory • Robust chat • Apps, bots and integrations • Compliant with global regulations • Secure and open Customers includes: BlackRock, Citi, Goldman Sachs, J.P. Morgan, Morgan Stanley, Wells Fargo
  • 4. Symphony Customers environment How do customers connect to Symphony • Not RTC friendly: • Mobile Solutions: MDM wrapping • Desktop OS: Windows 7, Classic Mode • Virtual Desktops: Citrix Xendesk, VMware • Browsers: IE • Proxies, Firewalls, SSL Termination • + SLA, Compliance, E2E Encryption Intercom Essential Trading Systems Keyboard Bloomberg Starboard Deskset Cisco 7900 series + Expansion units Turret BT IP Trade T4 OS Windows 7 (classic mode) VDI Citrix XenDesktop VMware Horizon
  • 5. DC/VPN Customer Pod Shared Infrastructure Key Manager Key Manager Customer Premises How do customers connect to Symphony Symphony Customers environment • Content fully recorded • End-to-end Encrypted • With Customer Keys • Managed on premises
  • 6. Does WebRTC offer End-to-end Media Encryption?
  • 7. Cloud provider Alice Bob Encryption Key are generated in/by the browser Application Server Javascript Frontend Javascript Frontend This is a true End-To-End encryption (E2E) WebRTC Default Case - P2P
  • 8. TURN Server Cloud provider Alice Bob Encryption Key are generated in/by the browser Application Server Javascript Frontend Javascript Frontend TURN Server DOES NOT terminate the encryption, also a true E2E encryption WebRTC Default Case - TURN
  • 9. Cloud provider Alice Bob Encryption Key are generated in/by the browser Application Server Media Server Hop-by-Hop encryption (HBH) RAW MEDIA / CONTENT Javascript Frontend Javascript Frontend Media Server DOES terminate the encryption, content in clear on the server WebRTC Default Case - Media Server
  • 10. Enterprise Internal Network Cloud “Untrusted” provider Alice Bob Encryption Keys Application Server Javascript Frontend Javascript Frontend Media Server Media Server DOES terminate the encryption, content encrypted on the server WebRTC Double Encryption – PERC lite E2E encryption of the content + Hop-by-Hop encryption (HBH) = Backward compatibility
  • 11. Enterprise Internal Network Media Server Cloud “Untrusted” provider Alice Bob Key Manager Encryption Keys Application Server Media Server DOES terminate the encryption, content encrypted on the server Symphony Use Case - Key Management E2E encryption of the content + Hop-by-Hop encryption (HBH) = Backward compatibility Javascript Frontend Javascript Frontend
  • 12. RTP Packet structure IP Header UDP Header RTP Header RTP Payload Type of Service, Time to Live, Source and Destination IP Address Protocol Identifier Source and destination ports, Data lenght, Checksum… RTP Payload Type, Sequence Number, Timestamp… Numerous Payload CODECS types exist, Each with differing structural and encoding methods
  • 13. RTP Packet structure : VP8 IP Header UDP Header RTP Header RTP Payload VP8 Payload Descriptor VP8 Encoded Media
  • 14. SRTP Packet structure vs RTP IP Header UDP Header RTP Header RTP Payload RTP IP Header UDP Header RTP Header RTP Payload Encrypted MKI AUTH Encrypted Portion Authenticated Portion Master Key Identifier Authentication Tag for RTP Header and Payload SRTP
  • 15. RTP Header SRTP Packet structure vs RTP : VP8 RTP Header VP8 Encoded Media VP8 Payload Descriptor VP8 Encoded Media Signature VP8 Payload Descriptor RTP Header RTP packet SRTP packet Encrypted
  • 16. SRTP Encrypted Media Transfer: SFU RTP Header VP8 Payload Descriptor VP8 Encoded Media Signature RTP Header SRTP packet Encrypted VP8 Payload Descriptor VP8 Encoded Media RTP Header RTP packet VP8 Payload Descriptor MODIFIED VP8 Encoded Media RTP Header VP8 Payload Descriptor MODIFIED VP8 Encoded Media RTP Header Packet are routed depending on Payload Headers HBH RTP Header VP8 Payload Descriptor MODIFIED VP8 Encoded Media Signature RTP Header Encrypted RTP Header VP8 Payload Descriptor MODIFED VP8 Encoded Media Signature RTP Header Encrypted HBH HBH
  • 17. Double-Encrypted Media Transfer: PERC VP8 Payload Descriptor MODIFIED VP8 Encoded Media RTP Header RTP packet RTP Header VP8 Payload Descriptor VP8 Encoded Media Signature E2E RTP Header SRTP packet Encrypted E2E E2E RTP Header Encrypted HBH RTP Header PERC packet RTP Header VP8 Payload Descriptor VP8 Encoded Media Signature E2E Encrypted E2E HBH Signature HBH
  • 18. Double-Encrypted Media Transfer within SFU RTP Header Encrypted HBH RTP Header PERC packet RTP Header VP8 Payload Descriptor VP8 Encoded Media Signature E2E Encrypted E2E Signature HBH RTP Header VP8 Payload Descriptor VP8 Encoded Media Signature E2E RTP Header SRTP packet Encrypted E2E HBH Packet are routed depending on Payload headers VP8 Payload Descriptor MODIFIED VP8 Encoded Media RTP Header VP8 Payload Descriptor MODIFIED VP8 Encoded Media RTP Header SFU CAN NOT read the VP8 Payload Descriptor
  • 19. Solution: Frame Marking VP8 Payload Descriptor MODIFIED VP8 Encoded Media RTP Header RTP packet Part of Payload descriptor is copied over in RTC Header as an Extension RTP Header VP8 Payload Descriptor VP8 Encoded Media Signature E2E RTP Header SRTP packet RTC Header Extension Encrypted E2E E2E HBH RTP Header PERC packet RTP Header Encrypted HBH RTP Header VP8 Payload Descriptor VP8 Encoded Media Signature E2E Encrypted E2E Signature HBH RTC Header Extension
  • 20. Packet are routed depending on Frame Marking Header Extension instead of regular Payload Headers PERC Encrypted Media Transfer: smartSFU Encrypted HBH RTP Header PERC packet RTP Header Encrypted HBH RTP Header VP8 Payload Descriptor VP8 Encoded Media Signature E2E Encrypted E2E Signature HBH RTC Header Extension RTP Header VP8 Payload Descriptor VP8 Encoded Media Signature E2E RTP Header SRTP packet RTC Header Extension Encrypted E2E HBH HBH RTP Header RTP Header Encrypted HBH RTP Header VP8 Payload Descriptor VP8 Encoded Media Signature E2E Encrypted E2E Signature HBH RTC Header Extension RTP Header RTP Header Encrypted HBH RTP Header VP8 Payload Descriptor VP8 Encoded Media Signature E2E Encrypted E2E Signature HBH RTC Header Extension RTP Header VP8 Payload Descriptor VP8 Encoded Media Signature E2E RTP Header RTC Header Extension Encrypted E2E RTP Header VP8 Payload Descriptor VP8 Encoded Media Signature E2E RTP Header RTC Header Extension Encrypted E2E
  • 21. Minimum viable PERC implementation • Minimal impact on both UA and Media Distributor • E2E Keys are injected on UA side • No RTC E2E Header Extensions, no use case was found • Just support Frame Marking extension and use it to check for I frames, start & end frame marks and SVC layer indexes. • Original Header Block (OHB) carried in the RTP Payload (Encrypted Payload Header) • Second encryption is Media-Payload only, no changes required in RTP Processing (transparent for FEC, RED, RTX and other quality mechanisms)
  • 22. • Already available for Symphony Customers • RFC PERC lite Draft is under construction (draft) Status • 3 Media Distributors • Jitsi • Medooze • Janus • Chrome 57+ libwertc and chromium implementation available (source code) • PRs against Chromium • Implement FrameMarking header extension support (2954503002) • Implement End to End media encryption (aka. PERC lite) (2960093003)
  • 23. Credits Atlassian, Jitsi • Emil Ivov • Boris Grozev CoSMO Software and Medooze • Alexandre Gouaillard • Sergio Garcia Murillo Meetecho, Janus • Lorenzo Miniero
  • 24. Questions? Privacy Enhanced RTP Conferencing Arnaud Budkiewicz Director of Collaboration, Symphony credit: Pete Souza
  • 25. Procedures at the Media sender Payload (media)Header Extensions Padding Header’ Payload (media) Clone without - Extensions - Padding Header’ Encrypted Payload (media) SRTP tag SRTP Encrypt Header Extensions Padding Remove first byte (to reduce size) EPH Encrypted Payload (media) SRTP tag EPH Encrypted Payload (media) SRTP tag Replace RTP payload Continue normally: RTX/RED/FEC and DTLS/SRTP Original RTP media packet RTP packet with Media encrypted E2E credit: Sergio Garcia Murillo
  • 26. Encrypted Payload Header Almost the same than an RTP Header without version, padding and extension bits. credit: Sergio Garcia Murillo
  • 27. DTLS/SRTP and RTX/RED/FEC normal process Procedures at the Media Receiver Encrypted PayloadHeader Extensions Padding Clone payload and append 1 byte (0x80) to complete RTP Header Incoming RTP media packet 0x80 SRTPDecrypt Header’ Encrypted Payload (media) SRTP tag EPH Encrypted Payload (media) SRTP tag Which is the same as: Header’ Payload (media) Header Extensions PaddingPayload (media) Replace RTP payload credit: Sergio Garcia Murillo

Hinweis der Redaktion

  1. The key manager is separated from the browser UA. Browser/app are provided with two keys. One is used to encrypt the content itself, and not accessible to the media server. It acts as a guaranty of E2E encryption of the content. The other one is used for the normal SRTP encryption, an HBH encryption of the global stream. This allow backward compatibility with WebRTC while adding true E2E encryption.