SlideShare a Scribd company logo

The Road to End-to-End Encryption in Jitsi Meet

Saúl Ibarra Corretgé
Saúl Ibarra Corretgé

Slides from my talk at FOSDEM 2021 on how we implemented End-to-End Encryption in Jitsi Meet. https://fosdem.org/2021/schedule/event/e2ee/

Technology
1 of 28
Download to read offline
Saúl Ibarra Corretgé (saghul) | FOSDEM 2021 The road to End-to-End Encryption in Jitsi Meet How we did it, and how you can do it too!
WebRTC Security model A quick look
WebRTC security refresher • Restricted to “safe origins” in browsers • DTLS-SRTP is mandatory (RFC8829, sec 5.1.1) • Encrypted by design
WebRTC with SFU architecture • Peer connections established with a server • More scalable architecture • The server has access to the media
SFU media processing Why access to the media is was necessary • Optimal video layer routing • Keyframe detection • Only the packet header is necessary
Wasn’t WebRTC end to end encrypted? Sort of
End-to-End Encrypted… Sort of • When media is flowing Peer-to-Peer • But SFUs are needed for scaling • Bad UX for certificate validation • No indication if the tracks are swapped out
type: answer, sdp: v=0 o=- 1611234728580 2 IN IP4 0.0.0.0 s=- t=0 0 a=group:BUNDLE audio video m=audio 1 RTP/SAVPF 111 103 104 9 0 8 106 105 13 110 112 113 126 c=IN IP4 0.0.0.0 a=rtpmap:111 opus/48000/2 a=rtpmap:103 ISAC/16000 a=rtpmap:104 ISAC/32000 a=rtpmap:9 G722/8000 a=rtpmap:0 PCMU/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:106 CN/32000 a=rtpmap:105 CN/16000 a=rtpmap:13 CN/8000 a=rtpmap:110 telephone-event/48000 a=rtpmap:112 telephone-event/32000 a=rtpmap:113 telephone-event/16000 a=rtpmap:126 telephone-event/8000 a=fmtp:111 minptime=10; useinbandfec=1 a=rtcp:1 IN IP4 0.0.0.0 a=rtcp-fb:111 transport-cc a=extmap:1 urn:ietf:params:rtp-hdrext:ssrc-audio-level a=extmap:2 http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time a=extmap:3 http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01 a=setup:active a=mid:audio a=sendrecv a=ice-ufrag:XAiV a=ice-pwd:RB7yTD33L6PFY83hjj0uSWjn a=fingerprint:sha-256 A6:A2:B6:E3:E0:9D:6D:8B:6B:C2:EE:6F:47:10:34:F4:3C:0C:11:EF:DD:B6:95:7E:2A:A7:C3:87:92:5E:C8:9E a=ssrc:1562203001 cname:PvTvS2sWMhUCiqO-2 a=ssrc:1562203001 msid:6ef4960a-88b6-4b7b-8303-944e11e0bc82-2 7742d881-027d-41bf-bc6a-7b67994769cc-2 a=ssrc:1562203001 mslabel:6ef4960a-88b6-4b7b-8303-944e11e0bc82-2 a=ssrc:1562203001 label:7742d881-027d-41bf-bc6a-7b67994769cc-2 a=rtcp-mux m=video 1 RTP/SAVPF 96 97 98 99 100 101 114 115 116 c=IN IP4 0.0.0.0 a=rtpmap:96 VP8/90000 a=rtpmap:97 rtx/90000 a=rtpmap:98 VP9/90000 a=rtpmap:99 rtx/90000 a=rtpmap:100 VP9/90000 a=rtpmap:101 rtx/90000 a=rtpmap:114 red/90000 a=rtpmap:115 rtx/90000 a=rtpmap:116 ulpfec/90000 a=fmtp:97 apt=96 a=fmtp:98 profile-id=0 a=fmtp:99 apt=98 a=fmtp:100 profile-id=2 a=fmtp:101 apt=100 a=fmtp:115 apt=114 a=rtcp:1 IN IP4 0.0.0.0 a=rtcp-fb:96 goog-remb a=rtcp-fb:96 transport-cc a=rtcp-fb:96 ccm fir a=rtcp-fb:96 nack a=rtcp-fb:96 nack pli a=rtcp-fb:98 goog-remb a=rtcp-fb:98 transport-cc a=rtcp-fb:98 ccm fir a=rtcp-fb:98 nack a=rtcp-fb:98 nack pli a=rtcp-fb:100 goog-remb a=rtcp-fb:100 transport-cc a=rtcp-fb:100 ccm fir a=rtcp-fb:100 nack a=rtcp-fb:100 nack pli a=extmap:14 urn:ietf:params:rtp-hdrext:toffset a=extmap:2 http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time a=extmap:13 urn:3gpp:video-orientation a=extmap:3 http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01 a=extmap:5 http://www.webrtc.org/experiments/rtp-hdrext/playout-delay a=extmap:6 http://www.webrtc.org/experiments/rtp-hdrext/video-content-type a=extmap:7 http://www.webrtc.org/experiments/rtp-hdrext/video-timing a=extmap:8 http://www.webrtc.org/experiments/rtp-hdrext/color-space a=setup:active a=mid:video a=sendrecv a=ice-ufrag:XAiV a=ice-pwd:RB7yTD33L6PFY83hjj0uSWjn a=fingerprint:sha-256 A6:A2:B6:E3:E0:9D:6D:8B:6B:C2:EE:6F:47:10:34:F4:3C:0C:11:EF:DD:B6:95:7E:2A:A7:C3:87:92:5E:C8:9E a=ssrc:4205491823 cname:PvTvS2sWMhUCiqO-2 a=ssrc:4205491823 msid:0700d112-9027-4538-a6c9-bf76656f764a-2 c7f3af91-73ca-4534-986e-c9139b0cafed-2 a=ssrc:4205491823 mslabel:0700d112-9027-4538-a6c9-bf76656f764a-2 a=ssrc:4205491823 label:c7f3af91-73ca-4534-986e-c9139b0cafed-2 a=ssrc:1810154588 cname:PvTvS2sWMhUCiqO-2 a=ssrc:1810154588 msid:0700d112-9027-4538-a6c9-bf76656f764a-2 c7f3af91-73ca-4534-986e-c9139b0cafed-2 a=ssrc:1810154588 mslabel:0700d112-9027-4538-a6c9-bf76656f764a-2 a=ssrc:1810154588 label:c7f3af91-73ca-4534-986e-c9139b0cafed-2 a=ssrc-group:FID 4205491823 1810154588 a=rtcp-mux
Building real E2EE for WebRTC
Why do we need E2EE? • Go check Emil Ivov’s “e2ee beyond buzzwords” talk • Eliminate the need to trust SFUs
Insertable Streams The API that unlocked it • JavaScript API for manipulating full frames • Data is mangled before transport encryption • WebCrypto APIs can be used for encryption • Worker friendly • Chromium only as of today
Insertable Streams
Insertable Streams Encrypting transform // Create a PeerConnection this.pc = new RTCPeerConnection({ encodedInsertableStreams: true });
 // Add the stream and encrypt it stream.getTracks().forEach((track) => {    const sender = this.pc.addTrack(track, stream);    const insertableStreams = sender.createEncodedStreams();    const transformer = new TransformStream({ transform: encrypt });
    insertableStreams.readableStream      .pipeThrough(transformer)      .pipeTo(insertableStreams.writableStream); }); function encrypt(chunk, controller) {     // AES encrypt with WebCrypto APIs ...     controller.enqueue(chunk); }
Insertable Streams Decrypting transform // Handle remote tracks and decrypt them peerConnection.ontrack = e => {
     const transformer = new TransformStream({ transform: decrypt });      const insertableStreams = e.receiver.createEncodedStreams();      insertableStreams.readableStream          .pipeThrough(transformer)          .pipeTo(insertableStreams.writableStream);  }; function decrypt(chunk, controller) {
 // AES decrypt with WebCrypto APIs...
 controller.enqueue(chunk);
 }
Don’t roll your own crypto Hello SFrame! +------------+------------------------------------------+^+ |S|LEN|X|KID | Frame Counter | | +^+------------+------------------------------------------+ | | | | | | | | | | | | | | | | | | | Encrypted Frame | | | | | | | | | | | | | | | | | | +^+-------------------------------------------------------+^+ | | Authentication Tag | | | +-------------------------------------------------------+ | | | | | +----+Encrypted Portion Authenticated Portion+---+
SFrame End-to-end encryption and authentication for media frames • draft-omara-sframe (early stages) • IETF WG formed • Apple experimenting with a native implementation • Bring your own key management (MLS, Signal, olm, other)
Insertable Streams in Jitsi Meet • Encryption keys • AES-CTR 256bit + HMAC SHA-256 (truncated) • Signing keys • ECDSA P-521 • “JFrame”, a slight variation of SFrame • All encryption happens in a Worker
Insertable Streams The Result
Key management The missing piece
Unmanaged Shared passphrase • Users type a shared passphrase obtained out-of-band • Encryption key is derived from the passphrase using PBKDF2 • The key never leaves the user machine
Managed Hello olm! • E2EE channel using Matrix’s libolm • Randomly generated per-participant keys • Automatic key rotation and ratcheting • Keys are exchanged using the olm channel • User verification using SAS
Implementation Show me the code! • Self-contained in lib-jitsi-meet • ~1000 lines of code • https://github.com/jitsi/lib-jitsi-meet/tree/master/modules/e2ee
Future What’s next?
• Finish SAS validation • Bring back unmanaged mode and make it configurable • Collaborate with the IETF SFrame WG • UI/UX polish
Thanks We didn’t do this alone
• Philipp Hancke, for working with us to make E2EE possible in Jitsi Meet • Matrix, for libolm and the help understanding how to use it properly • Google, for championing the insertable streams effort • Our community, for all the love and support
@jitsinews | @saghul

Recommended

Ready player 2 Multiplayer Red Teaming Against macOS
Ready player 2 Multiplayer Red Teaming Against macOSReady player 2 Multiplayer Red Teaming Against macOS
Ready player 2 Multiplayer Red Teaming Against macOS
Cody Thomas
 
Jitsi: Open Source Video Conferencing
Jitsi: Open Source Video ConferencingJitsi: Open Source Video Conferencing
Jitsi: Open Source Video Conferencing
Saúl Ibarra Corretgé
 
iOS Security
iOS SecurityiOS Security
iOS Security
Bruno Rocha
 
mimikatz @ asfws
mimikatz @ asfwsmimikatz @ asfws
mimikatz @ asfws
Benjamin Delpy
 
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
Ganesh Kumar
 
OWASP Melbourne - Introduction to iOS Application Penetration Testing
OWASP Melbourne - Introduction to iOS Application Penetration TestingOWASP Melbourne - Introduction to iOS Application Penetration Testing
OWASP Melbourne - Introduction to iOS Application Penetration Testing
eightbit
 
SecurityFest-22-Fitzl-beyond.pdf
SecurityFest-22-Fitzl-beyond.pdfSecurityFest-22-Fitzl-beyond.pdf
SecurityFest-22-Fitzl-beyond.pdf
Csaba Fitzl
 
Challenges running Jitsi Meet at scale during the pandemic
Challenges running Jitsi Meet at scale during the pandemicChallenges running Jitsi Meet at scale during the pandemic
Challenges running Jitsi Meet at scale during the pandemic
Saúl Ibarra Corretgé
 

Recommended

Ready player 2 Multiplayer Red Teaming Against macOS
Ready player 2 Multiplayer Red Teaming Against macOSReady player 2 Multiplayer Red Teaming Against macOS
Ready player 2 Multiplayer Red Teaming Against macOS
Cody Thomas
 
Jitsi: Open Source Video Conferencing
Jitsi: Open Source Video ConferencingJitsi: Open Source Video Conferencing
Jitsi: Open Source Video Conferencing
Saúl Ibarra Corretgé
 
iOS Security
iOS SecurityiOS Security
iOS Security
Bruno Rocha
 
mimikatz @ asfws
mimikatz @ asfwsmimikatz @ asfws
mimikatz @ asfws
Benjamin Delpy
 
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
Ganesh Kumar
 
OWASP Melbourne - Introduction to iOS Application Penetration Testing
OWASP Melbourne - Introduction to iOS Application Penetration TestingOWASP Melbourne - Introduction to iOS Application Penetration Testing
OWASP Melbourne - Introduction to iOS Application Penetration Testing
eightbit
 
SecurityFest-22-Fitzl-beyond.pdf
SecurityFest-22-Fitzl-beyond.pdfSecurityFest-22-Fitzl-beyond.pdf
SecurityFest-22-Fitzl-beyond.pdf
Csaba Fitzl
 
Challenges running Jitsi Meet at scale during the pandemic
Challenges running Jitsi Meet at scale during the pandemicChallenges running Jitsi Meet at scale during the pandemic
Challenges running Jitsi Meet at scale during the pandemic
Saúl Ibarra Corretgé
 
SSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSSSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOS
Anant Shrivastava
 
Git github tortoise git
Git github tortoise gitGit github tortoise git
Git github tortoise git
maxrosan
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applications
Arash Ramez
 
JavaScript Roadmap - DOM Manipulation
JavaScript Roadmap - DOM ManipulationJavaScript Roadmap - DOM Manipulation
JavaScript Roadmap - DOM Manipulation
Aswin Barath
 
Mimikatz
MimikatzMimikatz
Mimikatz
Positive Hack Days
 
iOS Application Penetation Test
iOS Application Penetation TestiOS Application Penetation Test
iOS Application Penetation Test
JongWon Kim
 
IBM DataPower Gateway appliances feature & virtual edition comparison
IBM DataPower Gateway appliances feature & virtual edition comparisonIBM DataPower Gateway appliances feature & virtual edition comparison
IBM DataPower Gateway appliances feature & virtual edition comparison
IBM DataPower Gateway
 
Basics of Batch Scripting
Basics of Batch ScriptingBasics of Batch Scripting
Basics of Batch Scripting
Arik Fletcher
 
Kaleido Platform Overview and Full-stack Blockchain Services
Kaleido Platform Overview and Full-stack Blockchain ServicesKaleido Platform Overview and Full-stack Blockchain Services
Kaleido Platform Overview and Full-stack Blockchain Services
Peter Broadhurst
 
Bit Torrent presentation
Bit Torrent presentationBit Torrent presentation
Bit Torrent presentation
Avula Jagadeesh
 
FortiMail
FortiMailFortiMail
FortiMail
TestSpam1
 
Frida Android run time hooking - Bhargav Gajera & Vitthal Shinde
Frida Android run time hooking - Bhargav Gajera & Vitthal ShindeFrida Android run time hooking - Bhargav Gajera & Vitthal Shinde
Frida Android run time hooking - Bhargav Gajera & Vitthal Shinde
NSConclave
 
iOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for BeginnersiOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for Beginners
RyanISI
 
How to break SAML if I have paws?
How to break SAML if I have paws?How to break SAML if I have paws?
How to break SAML if I have paws?
GreenD0g
 
DataPower Security Hardening
DataPower Security HardeningDataPower Security Hardening
DataPower Security Hardening
Shiu-Fun Poon
 
Braavos Wallet Workshop.pdf
Braavos Wallet Workshop.pdfBraavos Wallet Workshop.pdf
Braavos Wallet Workshop.pdf
TinaBregovi
 
Understanding Active Directory Enumeration
Understanding Active Directory EnumerationUnderstanding Active Directory Enumeration
Understanding Active Directory Enumeration
Daniel López Jiménez
 
SIngle Sign On with Keycloak
SIngle Sign On with KeycloakSIngle Sign On with Keycloak
SIngle Sign On with Keycloak
Julien Pivotto
 
mastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdf
mastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdfmastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdf
mastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdf
ManiacH1
 
Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...
Internet Security Auditors
 
Building an Automated Behavioral Malware Analysis Environment using Free and ...
Building an Automated Behavioral Malware Analysis Environment using Free and ...Building an Automated Behavioral Malware Analysis Environment using Free and ...
Building an Automated Behavioral Malware Analysis Environment using Free and ...
Jim Clausing
 
SDAccel Design Contest: Vivado HLS
SDAccel Design Contest: Vivado HLSSDAccel Design Contest: Vivado HLS
SDAccel Design Contest: Vivado HLS
NECST Lab @ Politecnico di Milano
 

More Related Content

What's hot

iOS Application Penetation Test
iOS Application Penetation TestiOS Application Penetation Test
iOS Application Penetation Test
JongWon Kim
 
Basics of Batch Scripting
Basics of Batch ScriptingBasics of Batch Scripting
Basics of Batch Scripting
Arik Fletcher
 
Bit Torrent presentation
Bit Torrent presentationBit Torrent presentation
Bit Torrent presentation
Avula Jagadeesh
 
mastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdf
mastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdfmastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdf
mastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdf
ManiacH1
 

What's hot (20)

SSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSSSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOS
 
Git github tortoise git
Git github tortoise gitGit github tortoise git
Git github tortoise git
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applications
 
JavaScript Roadmap - DOM Manipulation
JavaScript Roadmap - DOM ManipulationJavaScript Roadmap - DOM Manipulation
JavaScript Roadmap - DOM Manipulation
 
Mimikatz
MimikatzMimikatz
Mimikatz
 
iOS Application Penetation Test
iOS Application Penetation TestiOS Application Penetation Test
iOS Application Penetation Test
 
IBM DataPower Gateway appliances feature & virtual edition comparison
IBM DataPower Gateway appliances feature & virtual edition comparisonIBM DataPower Gateway appliances feature & virtual edition comparison
IBM DataPower Gateway appliances feature & virtual edition comparison
 
Basics of Batch Scripting
Basics of Batch ScriptingBasics of Batch Scripting
Basics of Batch Scripting
 
Kaleido Platform Overview and Full-stack Blockchain Services
Kaleido Platform Overview and Full-stack Blockchain ServicesKaleido Platform Overview and Full-stack Blockchain Services
Kaleido Platform Overview and Full-stack Blockchain Services
 
Bit Torrent presentation
Bit Torrent presentationBit Torrent presentation
Bit Torrent presentation
 
FortiMail
FortiMailFortiMail
FortiMail
 
Frida Android run time hooking - Bhargav Gajera & Vitthal Shinde
Frida Android run time hooking - Bhargav Gajera & Vitthal ShindeFrida Android run time hooking - Bhargav Gajera & Vitthal Shinde
Frida Android run time hooking - Bhargav Gajera & Vitthal Shinde
 
iOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for BeginnersiOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for Beginners
 
How to break SAML if I have paws?
How to break SAML if I have paws?How to break SAML if I have paws?
How to break SAML if I have paws?
 
DataPower Security Hardening
DataPower Security HardeningDataPower Security Hardening
DataPower Security Hardening
 
Braavos Wallet Workshop.pdf
Braavos Wallet Workshop.pdfBraavos Wallet Workshop.pdf
Braavos Wallet Workshop.pdf
 
Understanding Active Directory Enumeration
Understanding Active Directory EnumerationUnderstanding Active Directory Enumeration
Understanding Active Directory Enumeration
 
SIngle Sign On with Keycloak
SIngle Sign On with KeycloakSIngle Sign On with Keycloak
SIngle Sign On with Keycloak
 
mastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdf
mastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdfmastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdf
mastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdf
 
Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...
 

Similar to The Road to End-to-End Encryption in Jitsi Meet

Building an Automated Behavioral Malware Analysis Environment using Free and ...
Building an Automated Behavioral Malware Analysis Environment using Free and ...Building an Automated Behavioral Malware Analysis Environment using Free and ...
Building an Automated Behavioral Malware Analysis Environment using Free and ...
Jim Clausing
 
Uvm presentation dac2011_final
Uvm presentation dac2011_finalUvm presentation dac2011_final
Uvm presentation dac2011_final
sean chen
 
L2 over l3 ecnaspsulations (english)
L2 over l3 ecnaspsulations (english)L2 over l3 ecnaspsulations (english)
L2 over l3 ecnaspsulations (english)
Motonori Shindo
 
Training Slides: Advanced 301: Multi-Site/Multi-Master Tungsten Clustering De...
Training Slides: Advanced 301: Multi-Site/Multi-Master Tungsten Clustering De...Training Slides: Advanced 301: Multi-Site/Multi-Master Tungsten Clustering De...
Training Slides: Advanced 301: Multi-Site/Multi-Master Tungsten Clustering De...
Continuent
 
TGorman Collab16 UnixTools 20160411.pdf
TGorman Collab16 UnixTools 20160411.pdfTGorman Collab16 UnixTools 20160411.pdf
TGorman Collab16 UnixTools 20160411.pdf
TricantinoLopezPerez
 

Similar to The Road to End-to-End Encryption in Jitsi Meet (20)

Building an Automated Behavioral Malware Analysis Environment using Free and ...
Building an Automated Behavioral Malware Analysis Environment using Free and ...Building an Automated Behavioral Malware Analysis Environment using Free and ...
Building an Automated Behavioral Malware Analysis Environment using Free and ...
 
SDAccel Design Contest: Vivado HLS
SDAccel Design Contest: Vivado HLSSDAccel Design Contest: Vivado HLS
SDAccel Design Contest: Vivado HLS
 
EvasionTechniques
EvasionTechniquesEvasionTechniques
EvasionTechniques
 
Plane Spotting
Plane SpottingPlane Spotting
Plane Spotting
 
[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법
[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법
[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법
 
8 congestion-ipv6
8 congestion-ipv68 congestion-ipv6
8 congestion-ipv6
 
Operating CloudStack: the easy way (automation!)
Operating CloudStack: the easy way (automation!)Operating CloudStack: the easy way (automation!)
Operating CloudStack: the easy way (automation!)
 
Networking
NetworkingNetworking
Networking
 
Uvm presentation dac2011_final
Uvm presentation dac2011_finalUvm presentation dac2011_final
Uvm presentation dac2011_final
 
Modern Linux Tracing Landscape
Modern Linux Tracing LandscapeModern Linux Tracing Landscape
Modern Linux Tracing Landscape
 
L2 over l3 ecnaspsulations (english)
L2 over l3 ecnaspsulations (english)L2 over l3 ecnaspsulations (english)
L2 over l3 ecnaspsulations (english)
 
Training Slides: Advanced 301: Multi-Site/Multi-Master Tungsten Clustering De...
Training Slides: Advanced 301: Multi-Site/Multi-Master Tungsten Clustering De...Training Slides: Advanced 301: Multi-Site/Multi-Master Tungsten Clustering De...
Training Slides: Advanced 301: Multi-Site/Multi-Master Tungsten Clustering De...
 
PerfUG 3 - perfs système
PerfUG 3 - perfs systèmePerfUG 3 - perfs système
PerfUG 3 - perfs système
 
CCNP Data Center Centralized Management Automation
CCNP Data Center Centralized Management AutomationCCNP Data Center Centralized Management Automation
CCNP Data Center Centralized Management Automation
 
L3HA-VRRP-20141201
L3HA-VRRP-20141201L3HA-VRRP-20141201
L3HA-VRRP-20141201
 
The SaltStack Pub Crawl - Fosscomm 2016
The SaltStack Pub Crawl - Fosscomm 2016The SaltStack Pub Crawl - Fosscomm 2016
The SaltStack Pub Crawl - Fosscomm 2016
 
[1C2]webrtc 개발, 현재와 미래
[1C2]webrtc 개발, 현재와 미래[1C2]webrtc 개발, 현재와 미래
[1C2]webrtc 개발, 현재와 미래
 
RAZORPOINT TCP/UDP PORTS LIST
RAZORPOINT TCP/UDP PORTS LISTRAZORPOINT TCP/UDP PORTS LIST
RAZORPOINT TCP/UDP PORTS LIST
 
TGorman Collab16 UnixTools 20160411.pdf
TGorman Collab16 UnixTools 20160411.pdfTGorman Collab16 UnixTools 20160411.pdf
TGorman Collab16 UnixTools 20160411.pdf
 
Webcast - Making kubernetes production ready
Webcast - Making kubernetes production readyWebcast - Making kubernetes production ready
Webcast - Making kubernetes production ready
 

More from Saúl Ibarra Corretgé

More from Saúl Ibarra Corretgé (20)

JanusCon 2024: Mom there are robots in my meeting
JanusCon 2024: Mom there are robots in my meetingJanusCon 2024: Mom there are robots in my meeting
JanusCon 2024: Mom there are robots in my meeting
 
Jitsi: State of the Union 2020
Jitsi: State of the Union 2020Jitsi: State of the Union 2020
Jitsi: State of the Union 2020
 
Jitsi Meet: our tale of blood, sweat, tears and love
Jitsi Meet: our tale of blood, sweat, tears and loveJitsi Meet: our tale of blood, sweat, tears and love
Jitsi Meet: our tale of blood, sweat, tears and love
 
Jitsi Meet: Video conferencing for the privacy minded
Jitsi Meet: Video conferencing for the privacy mindedJitsi Meet: Video conferencing for the privacy minded
Jitsi Meet: Video conferencing for the privacy minded
 
Jitsi - Estado de la unión 2019
Jitsi - Estado de la unión 2019Jitsi - Estado de la unión 2019
Jitsi - Estado de la unión 2019
 
Get a room! Spot: the ultimate physical meeting room experience
Get a room! Spot: the ultimate physical meeting room experienceGet a room! Spot: the ultimate physical meeting room experience
Get a room! Spot: the ultimate physical meeting room experience
 
Going Mobile with React Native and WebRTC
Going Mobile with React Native and WebRTCGoing Mobile with React Native and WebRTC
Going Mobile with React Native and WebRTC
 
Going Mobile with React Native and WebRTC
Going Mobile with React Native and WebRTCGoing Mobile with React Native and WebRTC
Going Mobile with React Native and WebRTC
 
Jitsi: Estado de la Unión (2018)
Jitsi: Estado de la Unión (2018)Jitsi: Estado de la Unión (2018)
Jitsi: Estado de la Unión (2018)
 
Jitsi: state-of-the-art video conferencing you can self-host
Jitsi: state-of-the-art video conferencing you can self-hostJitsi: state-of-the-art video conferencing you can self-host
Jitsi: state-of-the-art video conferencing you can self-host
 
WebRTC: El epicentro de la videoconferencia y IoT
WebRTC: El epicentro de la videoconferencia y IoTWebRTC: El epicentro de la videoconferencia y IoT
WebRTC: El epicentro de la videoconferencia y IoT
 
Jitsi: State of the Union
Jitsi: State of the UnionJitsi: State of the Union
Jitsi: State of the Union
 
libuv: cross platform asynchronous i/o
libuv: cross platform asynchronous i/olibuv: cross platform asynchronous i/o
libuv: cross platform asynchronous i/o
 
Videoconferencias: el santo grial de WebRTC
Videoconferencias: el santo grial de WebRTCVideoconferencias: el santo grial de WebRTC
Videoconferencias: el santo grial de WebRTC
 
SylkServer: State of the art RTC application server
SylkServer: State of the art RTC application serverSylkServer: State of the art RTC application server
SylkServer: State of the art RTC application server
 
Escalabilidad horizontal desde las trincheras
Escalabilidad horizontal desde las trincherasEscalabilidad horizontal desde las trincheras
Escalabilidad horizontal desde las trincheras
 
A deep dive into libuv
A deep dive into libuvA deep dive into libuv
A deep dive into libuv
 
Planning libuv v2
Planning libuv v2Planning libuv v2
Planning libuv v2
 
libuv, NodeJS and everything in between
libuv, NodeJS and everything in betweenlibuv, NodeJS and everything in between
libuv, NodeJS and everything in between
 
From SIP to WebRTC and vice versa
From SIP to WebRTC and vice versaFrom SIP to WebRTC and vice versa
From SIP to WebRTC and vice versa
 

Recently uploaded

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Recently uploaded (20)

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 

The Road to End-to-End Encryption in Jitsi Meet

  • 1. Saúl Ibarra Corretgé (saghul) | FOSDEM 2021 The road to End-to-End Encryption in Jitsi Meet How we did it, and how you can do it too!
  • 3. WebRTC security refresher • Restricted to “safe origins” in browsers • DTLS-SRTP is mandatory (RFC8829, sec 5.1.1) • Encrypted by design
  • 4. WebRTC with SFU architecture • Peer connections established with a server • More scalable architecture • The server has access to the media
  • 5. SFU media processing Why access to the media is was necessary • Optimal video layer routing • Keyframe detection • Only the packet header is necessary
  • 6. Wasn’t WebRTC end to end encrypted? Sort of
  • 7. End-to-End Encrypted… Sort of • When media is flowing Peer-to-Peer • But SFUs are needed for scaling • Bad UX for certificate validation • No indication if the tracks are swapped out
  • 8. type: answer, sdp: v=0 o=- 1611234728580 2 IN IP4 0.0.0.0 s=- t=0 0 a=group:BUNDLE audio video m=audio 1 RTP/SAVPF 111 103 104 9 0 8 106 105 13 110 112 113 126 c=IN IP4 0.0.0.0 a=rtpmap:111 opus/48000/2 a=rtpmap:103 ISAC/16000 a=rtpmap:104 ISAC/32000 a=rtpmap:9 G722/8000 a=rtpmap:0 PCMU/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:106 CN/32000 a=rtpmap:105 CN/16000 a=rtpmap:13 CN/8000 a=rtpmap:110 telephone-event/48000 a=rtpmap:112 telephone-event/32000 a=rtpmap:113 telephone-event/16000 a=rtpmap:126 telephone-event/8000 a=fmtp:111 minptime=10; useinbandfec=1 a=rtcp:1 IN IP4 0.0.0.0 a=rtcp-fb:111 transport-cc a=extmap:1 urn:ietf:params:rtp-hdrext:ssrc-audio-level a=extmap:2 http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time a=extmap:3 http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01 a=setup:active a=mid:audio a=sendrecv a=ice-ufrag:XAiV a=ice-pwd:RB7yTD33L6PFY83hjj0uSWjn a=fingerprint:sha-256 A6:A2:B6:E3:E0:9D:6D:8B:6B:C2:EE:6F:47:10:34:F4:3C:0C:11:EF:DD:B6:95:7E:2A:A7:C3:87:92:5E:C8:9E a=ssrc:1562203001 cname:PvTvS2sWMhUCiqO-2 a=ssrc:1562203001 msid:6ef4960a-88b6-4b7b-8303-944e11e0bc82-2 7742d881-027d-41bf-bc6a-7b67994769cc-2 a=ssrc:1562203001 mslabel:6ef4960a-88b6-4b7b-8303-944e11e0bc82-2 a=ssrc:1562203001 label:7742d881-027d-41bf-bc6a-7b67994769cc-2 a=rtcp-mux m=video 1 RTP/SAVPF 96 97 98 99 100 101 114 115 116 c=IN IP4 0.0.0.0 a=rtpmap:96 VP8/90000 a=rtpmap:97 rtx/90000 a=rtpmap:98 VP9/90000 a=rtpmap:99 rtx/90000 a=rtpmap:100 VP9/90000 a=rtpmap:101 rtx/90000 a=rtpmap:114 red/90000 a=rtpmap:115 rtx/90000 a=rtpmap:116 ulpfec/90000 a=fmtp:97 apt=96 a=fmtp:98 profile-id=0 a=fmtp:99 apt=98 a=fmtp:100 profile-id=2 a=fmtp:101 apt=100 a=fmtp:115 apt=114 a=rtcp:1 IN IP4 0.0.0.0 a=rtcp-fb:96 goog-remb a=rtcp-fb:96 transport-cc a=rtcp-fb:96 ccm fir a=rtcp-fb:96 nack a=rtcp-fb:96 nack pli a=rtcp-fb:98 goog-remb a=rtcp-fb:98 transport-cc a=rtcp-fb:98 ccm fir a=rtcp-fb:98 nack a=rtcp-fb:98 nack pli a=rtcp-fb:100 goog-remb a=rtcp-fb:100 transport-cc a=rtcp-fb:100 ccm fir a=rtcp-fb:100 nack a=rtcp-fb:100 nack pli a=extmap:14 urn:ietf:params:rtp-hdrext:toffset a=extmap:2 http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time a=extmap:13 urn:3gpp:video-orientation a=extmap:3 http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01 a=extmap:5 http://www.webrtc.org/experiments/rtp-hdrext/playout-delay a=extmap:6 http://www.webrtc.org/experiments/rtp-hdrext/video-content-type a=extmap:7 http://www.webrtc.org/experiments/rtp-hdrext/video-timing a=extmap:8 http://www.webrtc.org/experiments/rtp-hdrext/color-space a=setup:active a=mid:video a=sendrecv a=ice-ufrag:XAiV a=ice-pwd:RB7yTD33L6PFY83hjj0uSWjn a=fingerprint:sha-256 A6:A2:B6:E3:E0:9D:6D:8B:6B:C2:EE:6F:47:10:34:F4:3C:0C:11:EF:DD:B6:95:7E:2A:A7:C3:87:92:5E:C8:9E a=ssrc:4205491823 cname:PvTvS2sWMhUCiqO-2 a=ssrc:4205491823 msid:0700d112-9027-4538-a6c9-bf76656f764a-2 c7f3af91-73ca-4534-986e-c9139b0cafed-2 a=ssrc:4205491823 mslabel:0700d112-9027-4538-a6c9-bf76656f764a-2 a=ssrc:4205491823 label:c7f3af91-73ca-4534-986e-c9139b0cafed-2 a=ssrc:1810154588 cname:PvTvS2sWMhUCiqO-2 a=ssrc:1810154588 msid:0700d112-9027-4538-a6c9-bf76656f764a-2 c7f3af91-73ca-4534-986e-c9139b0cafed-2 a=ssrc:1810154588 mslabel:0700d112-9027-4538-a6c9-bf76656f764a-2 a=ssrc:1810154588 label:c7f3af91-73ca-4534-986e-c9139b0cafed-2 a=ssrc-group:FID 4205491823 1810154588 a=rtcp-mux
  • 9.
  • 11. Why do we need E2EE? • Go check Emil Ivov’s “e2ee beyond buzzwords” talk • Eliminate the need to trust SFUs
  • 12. Insertable Streams The API that unlocked it • JavaScript API for manipulating full frames • Data is mangled before transport encryption • WebCrypto APIs can be used for encryption • Worker friendly • Chromium only as of today
  • 14. Insertable Streams Encrypting transform // Create a PeerConnection this.pc = new RTCPeerConnection({ encodedInsertableStreams: true });
 // Add the stream and encrypt it stream.getTracks().forEach((track) => {    const sender = this.pc.addTrack(track, stream);    const insertableStreams = sender.createEncodedStreams();    const transformer = new TransformStream({ transform: encrypt });
    insertableStreams.readableStream      .pipeThrough(transformer)      .pipeTo(insertableStreams.writableStream); }); function encrypt(chunk, controller) {     // AES encrypt with WebCrypto APIs ...     controller.enqueue(chunk); }
  • 15. Insertable Streams Decrypting transform // Handle remote tracks and decrypt them peerConnection.ontrack = e => {
     const transformer = new TransformStream({ transform: decrypt });      const insertableStreams = e.receiver.createEncodedStreams();      insertableStreams.readableStream          .pipeThrough(transformer)          .pipeTo(insertableStreams.writableStream);  }; function decrypt(chunk, controller) {
 // AES decrypt with WebCrypto APIs...
 controller.enqueue(chunk);
 }
  • 16. Don’t roll your own crypto Hello SFrame! +------------+------------------------------------------+^+ |S|LEN|X|KID | Frame Counter | | +^+------------+------------------------------------------+ | | | | | | | | | | | | | | | | | | | Encrypted Frame | | | | | | | | | | | | | | | | | | +^+-------------------------------------------------------+^+ | | Authentication Tag | | | +-------------------------------------------------------+ | | | | | +----+Encrypted Portion Authenticated Portion+---+
  • 17. SFrame End-to-end encryption and authentication for media frames • draft-omara-sframe (early stages) • IETF WG formed • Apple experimenting with a native implementation • Bring your own key management (MLS, Signal, olm, other)
  • 18. Insertable Streams in Jitsi Meet • Encryption keys • AES-CTR 256bit + HMAC SHA-256 (truncated) • Signing keys • ECDSA P-521 • “JFrame”, a slight variation of SFrame • All encryption happens in a Worker
  • 21. Unmanaged Shared passphrase • Users type a shared passphrase obtained out-of-band • Encryption key is derived from the passphrase using PBKDF2 • The key never leaves the user machine
  • 22. Managed Hello olm! • E2EE channel using Matrix’s libolm • Randomly generated per-participant keys • Automatic key rotation and ratcheting • Keys are exchanged using the olm channel • User verification using SAS
  • 23. Implementation Show me the code! • Self-contained in lib-jitsi-meet • ~1000 lines of code • https://github.com/jitsi/lib-jitsi-meet/tree/master/modules/e2ee
  • 25. • Finish SAS validation • Bring back unmanaged mode and make it configurable • Collaborate with the IETF SFrame WG • UI/UX polish
  • 26. Thanks We didn’t do this alone
  • 27. • Philipp Hancke, for working with us to make E2EE possible in Jitsi Meet • Matrix, for libolm and the help understanding how to use it properly • Google, for championing the insertable streams effort • Our community, for all the love and support