WebRTC and Security Issues

Document Type:Thesis

Subject Area:Computer Security

Document 1

Though, this type of open-source technology may raise some concerns on potential raise in security issues to the users of the technology. This research proposal will discuss and elaborate in detail the security of WebRTC, with the aim of indicating the relative security of the technology (Rescorla et al 2014). As shown, WebRTC is an open-source web-based application technology which enables web and internet users to communicate in Real-Time without the need to download a special browser. Using a suitable browser can enable a user to call another party simply by browsing to the relevant webpage (Rescorl et al 2016).  WebRTC communications are directly controlled by some Web server, via a JavaScript (API). WebRTC technology can be used and applied in the following fields of internet: Real-time audio or video calls, web conferencing and direct data transfers (Rescorl et al 2015). The concept and architecture of WebRTC “This technology enables direct media-rich communication between two peers using a peer-to-peer (P2P) topology. WebRTC resides within the user's browser, and requires no additional software to operate. The actual communication between peers is prefaced by an exchange of metadata. This process is used to initiate and advertise calls, and facilitates connection establishment between unfamiliar parties. A signaling protocol is not specified within WebRTC, allowing developers to implement their own choice of protocol. This allows for a deeper degree of flexibility in adapting a WebRTC application for a specific use case or scenario. WebRTC relies on three APIs, each of which performs a specific function in order to enable real-time communication within a web application” (Rescorla et al 2014).

Sign up to view the full document!

They include the following: Getusermedia  HTML 5 enables various straight hardware access to various computer devices and creates JavaScript APIs which interface with a system's fundamental hardware performance. getUserMedia as an API, enables browser application to access user’s camera. “Although utilized by WebRTC, this API is actually offered as part of HTML 5” (Rescorla et al 2014). RTCpeerconnection An API which is one of the features of WebRTC technology. This API interface acts as one of WebRTC connection as is significant in streaming files and data between two devices that is peers. It can also be represented as real WebRTC (Perkins et al 2014). “When a caller wants to initiate a connection with a remote party, the browser starts by instantiating a RTCPeerConnection object” (Perkins et al 2014). For example, web socket and server sent events.

Sign up to view the full document!

These are designed to communicate with the server instead of communicating directly with the connected peer. RTCDataChannel is the same as web socket although it takes peer to peer style in the execution of customizable properties of transmission (Burnett et al 2014). Purpose of study This study will try to understand the technology and impact of WebRTC technology in user browsing performance by identifying its unique features as compared to other browser applications. This study will also investigate other existing underlying technologies used related to WebRTC technology through literature review. What are the policies and guidelines in terms of use of WebRTC? Significance of WebRTC WebRTC technology enables video and audio calling. It has also enabled real-time communication and processing but this technology was initially used by companies who specialized in it.

Sign up to view the full document!

WebRTC is now an open source technology (Barnes et al 2014). Furthermore, it provides a seamless integration of bidirectional media into web browsers, mobile or otherwise which enables developing websites, applications that include voice and video calling. Experts are able to develop WebRTC application without applying a third party Developers can create a WebRTC application without using any third-party structure (Zhao et al 2016). LITERATURE REVIEW This part of research reviews the necessary other underlying technologies related to WebRTC and the security issues. SDP It is a descriptive protocol used as a standard method in announcing and controlling session invitations. It also performs other activities such as initiation for multimedia Session (Presta et al 2014). It is also used in representing browser capabilities and preferences in text based format. The media capabilities include media capabilities such as video, audio, IP address, port number, point to point data transmission protocol, bandwidth used for communication, session attributes which include; name, identifier and time active.

Sign up to view the full document!

“Resultantly, sharing a private IP is often not enough information to establish a connection to a peer. ICE attempts to overcome the difficulties posed by communicating via NAT to find the best path to connect peers. By trying all possibilities in parallel, ICE is able to choose the most efficient option that works. ICE first tries to make a connection using the host address obtained from a device's operating system and network card; if that fails (which it inevitably will for devices behind NATs) ICE then obtains an external address using a STUN server. If that also fails, traffic falls back to routing via a TURN relay server. Use of Application of new software may lead to transfer of malware or other unnecessarily applications. This is because majority of end users do not have enough knowledge of the software and its origin (Presta et al 2014).

Sign up to view the full document!

People who impose malicious programs gain success in repackaging and installing malicious software. “WebRTC however is not a plugin, nor is there any installation process for any of its components. All the underlying WebRTC technology is installed simply as part of downloading a suitable WebRTC-compatible browser, such as Chrome or Firefox. “If a future vulnerability were to be found in a browser's WebRTC implementation, a fix will likely be delivered rapidly. This can particularly be seen to be true in Chrome and Firefox's rapid development cycles. In fact, in the era of automatic updates, WebRTC components can be updated through a new browser version as soon as the patch is made available on servers. Most modern browsers have a good record of auto-updating themselves within 24 hours of the discovery of a serious vulnerability or threat.

Sign up to view the full document!

As a side note: Although we have stated that WebRTC requires no plugins to be installed, it is possible that third-party WebRTC frameworks may offer plugins to enable support on currently unsupported browsers (such as Safari and IE). Data transport layer security(DTLS) “WebRTC encodes data using Datagram Transport Layer Security (DTLS). All files sent over RTCDataChannel is secured using DTLS. This is a standardized protocol which is built into all browsers that support WebRTC. It is also a protocol that is consistently used in web browsing, email, and VoIP platforms to encode information. Its feature ensures that no other prior set up is required or used. It is not well known how this technology will manage security and privacy of information. The behavior will enable prediction of the system and may be it may lack encryption features.

Sign up to view the full document!

This should demand before implementation thorough research be carried out on security issues.   • Integration Inhibitors: Its integration will cause problems especially through the change stage by the organizations. It is an assumption that it will solve all the problems. As previously stated, this research study proposes questions that start with “what” and based on their inquisition, it is advised to utilize an inductive and mixed methodology (Glesne et al 2016). Survey tools with both quantitative and qualitative questioning will be used appropriately. Both quantitative and qualitative methodologies are embedded in Likert-based and open-ended questions in two delivered surveys or questionnaires. This proposal supports that a mixed methodology is more robust in findings. In quantitative research, theories are tested according to both (Glesne et al 2015) and (Flick et al 2015), as deductive approaches “qualitative generalization is a term that is used in a limited way.

Sign up to view the full document!

It describes the methods and procedures used in collecting and analyzing data (Glesne et al 2015). There are two research methods employed during data gathering for this project: Online interviews This is the main method used to gather information by asking questions online through video chat e. g. Skype). From this technique, interviewer gets immediate feedback from the interviewee. Unified communications as a service and WebRTC: An identity-centric perspective.  Computer Communications, 68, 73-82. Burnett, R. D. Internet-Draft Aspect Software, Inc. Pearson. Jesup, R. Loreto, S. Tuexen, M.  WebRTC Data Channel Establishment Protocol. López, F. J. Authentication, authorization, and accounting in WebRTC PaaS infrastructures: The case of Kurento.  IEEE Internet Computing, 18(6), 34-40. Mackey, A. Athanasaki, D. Malamos, A. Extension of the WebRTC Data Channel Towards Remote Collaboration and Control. In Proceedings of the Int.

Sign up to view the full document!

Symposium on Ambient Intelligence and Embedded Systems. WebRTC security architecture. Rescorla, R. E. Internet-Draft RTFM, Inc. Intended status: Standards Track February 14, 2014 Expires: August 18, 2014. Medhi, D. July). Low delay MPEG DASH streaming over the WebRTC data channel. In Multimedia & Expo Workshops (ICMEW), 2016 IEEE International Conference on (pp. IEEE.

Sign up to view the full document!

From $10 to earn access

Only on Studyloop

Original template

Downloadable