WebRTC Communications Security protocols defined in WebRTC standards ensure communications between users cannot be intercepted by a third party. VOCAL’s libraries offer support for DTLS-SRTP and WebRTC. Please contact us for more information.
WebRTC endpoints must implement SRTP. DTLS-SRTP [RFC 5763 and 5764] is used as an SRTP keying establishment protocol. DTLS-SRTP is done using the media layer so the keys for SRTP do not need to be sent over the signaling path. This can protect the end-points from malicious SIP providers as well as prevent any signaling intermediaries from eavesdropping on a media session.
WebRTC uses DTLS [RFC 6347] as a key establishment protocol for SRTP [RFC 3711]. After the connection information is recovered from the signaling layer the browser can begin the media establishment. The first thing that it does is perform a normal DTLS handshake. After that is complete, both peers will extract the keying material from the DTLS session and use that to derive SRTP keys. From this point DTLS can be ignored until re-keying is necessary. This procedure combines the secure and well known keying establishment methods of DTLS with the media optimized cryptography of SRTP.
Fingerprinting is used during the media session establishment where each peer will send a cryptographic fingerprint of their SSL certificate using the signaling layer and that fingerprint will be verified against the certificate that was received during the DTLS handshake. This ensures that the device the user is communicating with in the signaling layer is indeed the same device in the media layer. This prevents illegitimate users from intercepting your communications by altering the media addresses received in the signaling process.
- DTLS-SRTP [RFC 5763 and RFC 5764]
- WebRTC Security Architecture [RFC 8827]
VOCAL’s solution is available for the above platforms. Please contact us for specific supported platforms.