[liberationtech] WebRTC security

Aymeric Vitte vitteaymeric at gmail.com
Tue Oct 7 02:34:07 PDT 2014 

Le 06/10/2014 22:11, Francisco Ruiz a écrit :
> I am in the process if adding WebRTC capabilities to my PassLok 
> privacy app. In its current incarnation, PassLok's public key 
> functions are used to generate an encrypted "chat invite" that only 
> the intended recipients would be able to decrypt. Once decrypted, the 
> invite contains the URL of a simple WebRTC webpage (based on Muaz 
> Khan's demos on Github)

The url of a WebRTC page???

> , including a 256-bit token generated by a cryptographically secure 
> RNG. Users then start or join a WebRTC session, with signaling 
> facilitated by Firebase and XirSys

Firebase and XirSys???

> , with no further involvement of PassLok other than providing an 
> iframe for the WebRTC to run.

an iframe!!!

>
> But I have some doubts about the security of this scheme:

You are right to have some doubts, your scheme looks completely 
insecure, you should not be using a "WebRTC page" and an iframe but host 
directly the js webrtc code in your page, signaling servers are only 
used to exchange the SDP information between peers, they are indeed in a 
perfect position to be the MITMs, the STUN servers know about the peers 
too, you can take a look at [1] where I tried to describe simply on a 
drawing how it's working, or how it would work in the context of an 
anonymizer network, at that time the conclusion was that WebRTC could 
not  be used, but it's wrong, then I wrote [2] for serverless Peersm 
anonymous P2P with WebRTC.

>
> 1. In order to find each other, participants contact Firebase.io so 
> their external IP numbers can be relayed back to them. There is also a 
> connection via XirSys with pretty much the same goal. I don't 
> understand WebRTC (or Muaz Khan's implementation of it) to understand 
> precisely what is sent back and forth, but it seems that the 
> connection with these servers is only needed in order to get around 
> firewalls, and after the connection is established they are out of the 
> loop. Still, it bothers me that any kind of servers must be involved 
> to initiate each connection, since they might leak some information 
> about the clients that might enable malicious listeners to obtain 
> credentials that would enable them to establish unwanted connections.

Please look at [3], some signaling servers are necessary to bootstrap 
the process (usually websockets are used with simple servers) but they 
are not mandatory any longer when peers can introduce each others 
(WebRTC DHT).

>
> 2. Once a connection starts, it seems that the browser (Firefox, 
> Chrome, Opera) deals with it very much as if a TLS connection had been 
> established with a server, except that it is between clients. I wonder 
> if this kind of connection can be trusted to be secure enough, though.

Alone it can not, WebRTC is using DTLS with self-signed certificates, so 
another mechanism should be used to secure this, this is addessed in 
[2], [3] and [4], see the link to the paper in [4] the idea is to use a 
third party (like your Google account!!) to validate the fingerprint of 
the certificates, which I don't like a lot, [2] is reusing the Tor 
protocol CERT cells mechanism to do the same.


>
> 3. A third worry is about the scheme I'm using to ensure that the 
> chatroom is indeed private, which is to add a random token to the chat 
> URL itself. That URL is never displayed in my program, but I am 
> wondering if it needs to be relayed to the signaling server in order 
> to establish a WebRTC connection, in which case it might be compromised.
>
> Any help will be appreciated.
>
> Thanks!

[1] http://www.peersm.com/img/webrtc.png
[2] 
https://github.com/Ayms/node-Tor#anonymous-serverless-p2p-inside-browsers---peersm-specs
[3] 
http://librelist.com/browser//webp2p/2014/2/20/serverless-peersm-and-webrtc/#06192bfbc220d2a20c60d41c5b94f5f4
[4] http://lists.w3.org/Archives/Public/public-webcrypto/2013Nov/0057.html

>
> -- 
> Francisco Ruiz
> Associate Professor
> MMAE department
> Illinois Institute of Technology
>
> PL20ezLok=1y2z7_6qg8r_wqv3n_7886/_tj4i1_11i3w_x92wj_2p6e1_co32z_uxz0t_qLrqh_fgz++_2km/d_k6bg/_2t3q9_75xjj_w581g_bfpzx_bjxde_jnd0j=PL20ezLok
> https://www.youtube.com/watch?v=YnPCfP7uPpw <https://www.youtube.com>
>
> get the PassLok privacy app at: https://passlok.com <http://passlok.com>
>
>

-- 
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20141007/5aab2e73/attachment.html>

More information about the liberationtech mailing list