WebRTC communications security protocols defined in WebRTC standards ensure communications between users cannot be intercepted by a third party. Contact us to discuss your WebRTC application security requirements.

WebRTC endpoints must implement SRTP. DTLS-SRTP [RFC 5763 and 5764] is used as an SRTP keying establishment protocol. DTLS-SRTP is done using the media layer so the keys for SRTP do not need to be sent over the signaling path. This can protect the end-points from malicious SIP providers as well as prevent any signaling intermediaries from eavesdropping on a media session.

WebRTC uses DTLS [RFC 6347] as a key establishment protocol for SRTP [RFC 3711]. After the connection information is recovered from the signaling layer the browser can begin the media establishment. The first thing that it does is perform a normal DTLS handshake. After that is complete, both peers will extract the keying material from the DTLS session and use that to derive SRTP keys. From this point DTLS can be ignored until re-keying is necessary. This procedure combines the secure and well known keying establishment methods of DTLS with the media optimized cryptography of SRTP.

WebRTC Communications Security
Fig 1: Fingerprints sent over the signaling channel are used to verify certificates in the media channel

Fingerprinting is used during the media session establishment where each peer will send a cryptographic fingerprint of their SSL certificate using the signaling layer and that fingerprint will be verified against the certificate that was received during the DTLS handshake. This ensures that the device the user is communicating with in the signaling layer is indeed the same device in the media layer. This prevents illegitimate users from intercepting your communications by altering the media addresses received in the signaling process.

More Information