Nowadays the cloud made deploying RTP conferencing solutions easier than ever. Wether you manage your own instances in a public cloud, or you use a (C)PaaS, not having to deal with the underlying physical machines, Virtual Machines, Operating Systems, .... has lower the adoption bar. Unfortunately, it has also introduced some security concerns, since your data is now flowing through a third-party machine, possibly in clear. WebRTC is fully encrypted end-to-end, but only for p2p connection. In connections that go through a media server, it's only encrypted hop-by-hop, leaving the Media Server accessing the media in clear. Anybody who would compromise the media server (or issue a gag order to the operator) would have access to your data. For many, this is unacceptable, and for a few, this is actually against regulations (Banks, MPAA, HIPAA, EU Telco operators, ....). Privacy Enhanced RTP Conferencing, PERC in short, comes up with solutions to achieve true end-to-end encryption, solutions that prevent third-party Media Server for ever having access to the media in Clear. Active participants to the corresponding PERC Working Group at IETF, we have also implemented the first public solution in chrome (client-side) and Jitsi Media Server and Janus (server-side), in used by banks today. We will provide here some insight about how one can benefit from PERC, and which modifications are needed on client side and server side.
Privacy Enhanced RTP Conferencing with WebRTC - PERC
1. “Is this line secure?”
Privacy Enhanced RTP Conferencing
Arnaud Budkiewicz
Director of Collaboration, Symphony
credit: General Artists Corporation
2. About me
Telecom disrupter since 1998
• WebRTC Pioneer since 2010
• W3C Member
Joined Symphony Early 2016 to build Symphony Meetings
• Audio/Video Conferencing, Screen sharing
• Compliant
• End-to-end encrypted
3. What is Symphony?
SECURE ENTERPRISE COLLABORATION PLATFORM
• Trusted Global Directory
• Robust chat
• Apps, bots and integrations
• Compliant with global regulations
• Secure and open
Customers includes:
BlackRock, Citi, Goldman Sachs,
J.P. Morgan, Morgan Stanley, Wells Fargo
4. Symphony Customers environment
How do customers connect to Symphony
• Not RTC friendly:
• Mobile Solutions: MDM wrapping
• Desktop OS: Windows 7, Classic Mode
• Virtual Desktops: Citrix Xendesk, VMware
• Browsers: IE
• Proxies, Firewalls, SSL Termination
• + SLA, Compliance, E2E Encryption Intercom
Essential Trading Systems
Keyboard
Bloomberg Starboard
Deskset
Cisco 7900 series
+ Expansion units
Turret
BT IP Trade T4
OS
Windows 7 (classic mode)
VDI
Citrix XenDesktop
VMware Horizon
7. Cloud provider
Alice
Bob
Encryption Key are
generated in/by the
browser Application
Server
Javascript
Frontend
Javascript
Frontend
This is a true End-To-End encryption (E2E)
WebRTC Default Case - P2P
8. TURN
Server
Cloud provider
Alice
Bob
Encryption Key are
generated in/by the
browser Application
Server
Javascript
Frontend
Javascript
Frontend
TURN Server DOES NOT terminate the encryption, also a true E2E encryption
WebRTC Default Case - TURN
9. Cloud provider
Alice
Bob
Encryption Key are
generated in/by the
browser Application
Server
Media
Server
Hop-by-Hop
encryption (HBH)
RAW MEDIA / CONTENT
Javascript
Frontend
Javascript
Frontend
Media Server DOES terminate the encryption, content in clear on the server
WebRTC Default Case - Media Server
10. Enterprise
Internal Network
Cloud “Untrusted” provider
Alice
Bob
Encryption Keys
Application
Server
Javascript
Frontend
Javascript
Frontend
Media
Server
Media Server DOES terminate the encryption, content encrypted on the server
WebRTC Double Encryption – PERC lite
E2E encryption of the content
+ Hop-by-Hop encryption (HBH)
= Backward compatibility
11. Enterprise
Internal Network
Media
Server
Cloud “Untrusted” provider
Alice
Bob
Key
Manager
Encryption Keys
Application
Server
Media Server DOES terminate the encryption, content encrypted on the server
Symphony Use Case - Key Management
E2E encryption of the content
+ Hop-by-Hop encryption (HBH)
= Backward compatibility
Javascript
Frontend
Javascript
Frontend
12. RTP Packet structure
IP
Header
UDP
Header
RTP
Header
RTP Payload
Type of Service, Time to Live,
Source and Destination IP Address
Protocol Identifier
Source and destination ports,
Data lenght, Checksum…
RTP Payload Type, Sequence Number,
Timestamp…
Numerous Payload CODECS types exist,
Each with differing structural and encoding methods
13. RTP Packet structure : VP8
IP
Header
UDP
Header
RTP
Header
RTP Payload
VP8 Payload Descriptor
VP8 Encoded Media
14. SRTP Packet structure vs RTP
IP
Header
UDP
Header
RTP
Header
RTP Payload
RTP
IP
Header
UDP
Header
RTP
Header
RTP Payload Encrypted MKI AUTH
Encrypted Portion
Authenticated Portion
Master Key Identifier
Authentication Tag
for RTP Header
and Payload
SRTP
21. Minimum viable PERC implementation
• Minimal impact on both UA and Media Distributor
• E2E Keys are injected on UA side
• No RTC E2E Header Extensions, no use case was found
• Just support Frame Marking extension and use it to check for I frames,
start & end frame marks and SVC layer indexes.
• Original Header Block (OHB) carried in the RTP Payload (Encrypted
Payload Header)
• Second encryption is Media-Payload only, no changes required in RTP
Processing (transparent for FEC, RED, RTX and other quality mechanisms)
22. • Already available for Symphony Customers
• RFC PERC lite Draft is under construction (draft)
Status
• 3 Media Distributors
• Jitsi
• Medooze
• Janus
• Chrome 57+ libwertc and chromium implementation available (source code)
• PRs against Chromium
• Implement FrameMarking header extension support (2954503002)
• Implement End to End media encryption (aka. PERC lite) (2960093003)
23. Credits
Atlassian, Jitsi
• Emil Ivov
• Boris Grozev
CoSMO Software and Medooze
• Alexandre Gouaillard
• Sergio Garcia Murillo
Meetecho, Janus
• Lorenzo Miniero
25. Procedures at the Media sender
Payload (media)Header Extensions Padding Header’ Payload (media)
Clone without
- Extensions
- Padding
Header’
Encrypted Payload
(media)
SRTP tag
SRTP Encrypt
Header Extensions Padding
Remove first byte (to reduce size)
EPH
Encrypted Payload
(media)
SRTP tag
EPH
Encrypted Payload
(media)
SRTP tag
Replace RTP payload
Continue normally:
RTX/RED/FEC and DTLS/SRTP
Original RTP media packet
RTP packet with
Media encrypted E2E
credit: Sergio Garcia Murillo
26. Encrypted Payload Header
Almost the same than an RTP Header without version, padding and extension
bits.
credit: Sergio Garcia Murillo
27. DTLS/SRTP and RTX/RED/FEC
normal process
Procedures at the Media Receiver
Encrypted PayloadHeader Extensions Padding
Clone payload and append 1 byte (0x80)
to complete RTP Header
Incoming RTP media packet
0x80
SRTPDecrypt
Header’
Encrypted Payload
(media)
SRTP tag
EPH
Encrypted Payload
(media)
SRTP tag
Which is the same as:
Header’ Payload (media)
Header Extensions PaddingPayload (media)
Replace RTP payload
credit: Sergio Garcia Murillo
Hinweis der Redaktion
The key manager is separated from the browser UA. Browser/app are provided with two keys. One is used to encrypt the content itself, and not accessible to the media server. It acts as a guaranty of E2E encryption of the content. The other one is used for the normal SRTP encryption, an HBH encryption of the global stream. This allow backward compatibility with WebRTC while adding true E2E encryption.