Wednesday, May 28, 2014

[WebRTC] Overview and analysis of webRTC media transmission and security with DTLS-SRTP Part - 1

What is webRTC?

WebRTC is an API definition being drafted by the World Wide Web Consortium to enable browser-to-browser applications for voice calling, video chat, and P2P file sharing without plugins.

In short webRTC make you independent from any messenger type application/plug-in that you need to use for a audio/video call.


Call Mechanism in WebRTC:  


Call Attributes:
  • Signaling (SIP/XMPP/Other)
  • ICE (ICE LITE rfc5245)
  • DTLS
  • SRTP
  • PCMU/OPUS for Audio
  • VP8 for Video
Signaling:

This  attribute is necessary for advertising someones' SDP or ICE-Candidate to remote buddy for a call. This can be done by many IETF standard protocol such as - SIP, XMPP or any other protocol.

ICE:

Lite ice is a must for webRTC. Because lite ice support aggressive nomination of ice candidate selection. Which enable a call more faster then any other call. Because the endpoint doesn't need to wait for all the ICE check completion before sending any media. This enables less handshake and early media technique.

DTLS:

DTLS is a transport layer security over datagram (UDP). Its' basically used for SRTP key and certificate negotiation between 2 clients. It is specified on webRTC standard that the SRTP SDES key that are transmitted over websocket is less secure then DTLS SRTP key negotiation. Because in DTLS negotiation SRTP keying material is collected in the time of negotiation and after a certificate fingerprint verification.     

In webRTC call mechanism with SDP a certain other attribute called a=fingerprint: is negotiated with SDP.

v=0
o=Mozilla-SIPUA-27.0.1 25262 1 IN IP4 0.0.0.0
s=Robel Sharma - firefox
t=0 0
a=ice-ufrag:89560a2d
a=ice-pwd:8d80078c1cb16007ee92a607c8f42006
a=fingerprint:sha-256 28:99:57:E4:CE:6F:C6:E4:A2:21:A6:9E:9C:52:EA:A3:FE:99:01:8C:68:31:8B:C3:83:16:3A:92:37:C8:5B:24
m=audio 52345 UDP/TLS/RTP/SAVPF 109 101


This finger print  attribute contain the sha-256 fingerprint value of a valid certificate. Later this value is used for verification.

How to Generate and use the ssh key on Gerrit, github.io, gitlab, and bitbucket.

 Details can be found here -