WebRTC and Security Issues
Subject Area:Computer Security
RTCpeerconnection An API which is one of the features of WebRTC technology. This API interface acts as one of WebRTC connection as is significant in streaming files and data between two devices that is peers. It can also be represented as real WebRTC (Perkins et al 2014). “When a caller wants to initiate a connection with a remote party, the browser starts by instantiating a RTCPeerConnection object” (Perkins et al 2014). For example, web socket and server sent events. These are designed to communicate with the server instead of communicating directly with the connected peer. RTCDataChannel is the same as web socket although it takes peer to peer style in the execution of customizable properties of transmission (Burnett et al 2014). Purpose of study This study will try to understand the technology and impact of WebRTC technology in user browsing performance by identifying its unique features as compared to other browser applications.
LITERATURE REVIEW This part of research reviews the necessary other underlying technologies related to WebRTC and the security issues. SDP It is a descriptive protocol used as a standard method in announcing and controlling session invitations. It also performs other activities such as initiation for multimedia Session (Presta et al 2014). It is also used in representing browser capabilities and preferences in text based format. The media capabilities include media capabilities such as video, audio, IP address, port number, point to point data transmission protocol, bandwidth used for communication, session attributes which include; name, identifier and time active. “Resultantly, sharing a private IP is often not enough information to establish a connection to a peer. ICE attempts to overcome the difficulties posed by communicating via NAT to find the best path to connect peers.
By trying all possibilities in parallel, ICE is able to choose the most efficient option that works. ICE first tries to make a connection using the host address obtained from a device's operating system and network card; if that fails (which it inevitably will for devices behind NATs) ICE then obtains an external address using a STUN server. If that also fails, traffic falls back to routing via a TURN relay server. Use of Application of new software may lead to transfer of malware or other unnecessarily applications. This is because majority of end users do not have enough knowledge of the software and its origin (Presta et al 2014). People who impose malicious programs gain success in repackaging and installing malicious software.
“WebRTC however is not a plugin, nor is there any installation process for any of its components. All the underlying WebRTC technology is installed simply as part of downloading a suitable WebRTC-compatible browser, such as Chrome or Firefox. “If a future vulnerability were to be found in a browser's WebRTC implementation, a fix will likely be delivered rapidly. This can particularly be seen to be true in Chrome and Firefox's rapid development cycles. In fact, in the era of automatic updates, WebRTC components can be updated through a new browser version as soon as the patch is made available on servers. Most modern browsers have a good record of auto-updating themselves within 24 hours of the discovery of a serious vulnerability or threat.
As a side note: Although we have stated that WebRTC requires no plugins to be installed, it is possible that third-party WebRTC frameworks may offer plugins to enable support on currently unsupported browsers (such as Safari and IE). Data transport layer security(DTLS) “WebRTC encodes data using Datagram Transport Layer Security (DTLS). All files sent over RTCDataChannel is secured using DTLS. This is a standardized protocol which is built into all browsers that support WebRTC. It is also a protocol that is consistently used in web browsing, email, and VoIP platforms to encode information. Its feature ensures that no other prior set up is required or used. It is not well known how this technology will manage security and privacy of information.
The behavior will enable prediction of the system and may be it may lack encryption features. This should demand before implementation thorough research be carried out on security issues. • Integration Inhibitors: Its integration will cause problems especially through the change stage by the organizations. It is an assumption that it will solve all the problems. As previously stated, this research study proposes questions that start with “what” and based on their inquisition, it is advised to utilize an inductive and mixed methodology (Glesne et al 2016). Survey tools with both quantitative and qualitative questioning will be used appropriately. Both quantitative and qualitative methodologies are embedded in Likert-based and open-ended questions in two delivered surveys or questionnaires. This proposal supports that a mixed methodology is more robust in findings.
In quantitative research, theories are tested according to both (Glesne et al 2015) and (Flick et al 2015), as deductive approaches “qualitative generalization is a term that is used in a limited way. It describes the methods and procedures used in collecting and analyzing data (Glesne et al 2015). There are two research methods employed during data gathering for this project: Online interviews This is the main method used to gather information by asking questions online through video chat e. g. Skype). From this technique, interviewer gets immediate feedback from the interviewee. Unified communications as a service and WebRTC: An identity-centric perspective. Computer Communications, 68, 73-82. Burnett, R. D. Internet-Draft Aspect Software, Inc. Pearson. Jesup, R. Loreto, S. Tuexen, M. WebRTC Data Channel Establishment Protocol.
López, F. J. Authentication, authorization, and accounting in WebRTC PaaS infrastructures: The case of Kurento. IEEE Internet Computing, 18(6), 34-40. Mackey, A. Athanasaki, D. Malamos, A. Extension of the WebRTC Data Channel Towards Remote Collaboration and Control. In Proceedings of the Int. Symposium on Ambient Intelligence and Embedded Systems. WebRTC security architecture. Rescorla, R. E. Internet-Draft RTFM, Inc. Intended status: Standards Track February 14, 2014 Expires: August 18, 2014. Medhi, D. July). Low delay MPEG DASH streaming over the WebRTC data channel. In Multimedia & Expo Workshops (ICMEW), 2016 IEEE International Conference on (pp. IEEE.
From $10 to earn access
Only on Studyloop