Essential Guide

Understand WebRTC basics to maximize deployment and adoption

A comprehensive collection of articles, videos and more, hand-picked by our editors
Q
Manage Learn to apply best practices and optimize your operations.

Why should you enhance WebRTC security?

If WebRTC is natively encrypted, why would anyone need to improve on WebRTC security? Expert Carrie Higbie explains why it's smart to complement WebRTC with additional security measures.

It is true that Web Real-Time Communications (WebRTC) is encrypted, but additional security measures are still...

needed. The Internet Engineering Task Force (IETF) defines WebRTC as a "set of protocols and APIs used to enable Web developers to add real-time communications into their web pages and applications with a few lines of JavaScript." WebRTC media flows are encrypted and authenticated by the Secure Real-Time Transport Protocol (SRTP), while the encryption key agreement is provided by the Datagram Transport Layer Security protocol for SRTP.

Without some third-party identity service or certificate authority, however, WebRTC media flows are vulnerable against attacks like a man-in-the-middle (MitM) attack, where an intruder intercepts communication between a user and a website. For example, ZRTP: Media Path Key Agreement for Unicast Secure RTP provides protection against MitM attackers using key continuity augmented with a Short Authentication String, in which two users verify that there is no MitM by verbally comparing two strings. An IETF memo describes how ZRTP can be used over the WebRTC data channel to provide MitM protection for WebRTC media flows keyed using DTLS-SRTP. This provides users protection against MitM attackers without requiring browsers to support ZRTP or requiring users to download a plugin or extension to implement ZRTP.

Further, I would argue that security should be applied to any source that contains embedded code to further guard against denial-of-service attacks and other attacks that could make the transmission unavailable. As with all things Internet, you have to secure transmissions of any kind to protect them from vulnerabilities.

Next Steps

How WebRTC can pose security threats

E-SBCs take on WebRTC security

New WebRTC apps focus on user experience

This was last published in October 2014

PRO+

Content

Find more PRO+ content and other member only offers, here.

Essential Guide

Understand WebRTC basics to maximize deployment and adoption

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCRM

SearchNetworking

SearchTelecom

SearchITChannel

Close