Ensuring endpoint authenticity in WebRTC peer-to-peer communication | Zendy

Willem De Groef | Zendy; Deepak Subramanian | Zendy; Martin Johns | Zendy; Frank Piessens | Zendy; Lieven Desmet | Zendy

AI Assistant Blog Pricing

Home ZAIA Blog

Open Access

Ensuring endpoint authenticity in WebRTC peer-to-peer communication

Author(s) -

Willem De Groef,

Deepak Subramanian,

Martin Johns,

Frank Piessens,

Lieven Desmet

Publication year - 2016

Publication title -

lirias (ku leuven)

Language(s) - English

Resource type - Conference proceedings

ISBN - 978-1-4503-3739-7

DOI - 10.1145/2851613.2851804

Subject(s) - webrtc , computer science , peer to peer , identity (music) , world wide web , flexibility (engineering) , multimedia , computer security , statistics , mathematics , physics , acoustics

WebRTC is one of the latest additions to the ever growing repository of Web browser technologies, which push the envelope of native Web application capabilities. WebRTC al- lows real-time peer-to-peer audio and video chat, that runs purely in the browser. Unlike existing video chat solutions, such as Skype, that operate in a closed identity ecosystem, WebRTC was designed to be highly flexible, especially in the domains of signaling and identity federation. This flexibility, however, opens avenues for identity fraud. In this paper, we explore the technical underpinnings of WebRTC’s identity management architecture. Based on this analysis, we identify three novel attacks against endpoint authenticity. To answer the identified threats, we propose and discuss defensive strategies, including security improvements for the WebRTC specifications and mitigation techniques for the identity and service providers.status: publishe

The content you want is available to Zendy users.

Already have an account? Click here to sign in.

Having issues? You can contact us here

Accelerating Research