Title: Ensuring endpoint authenticity in WebRTC peer-to-peer communication
Authors: De Groef, Willem
Subramanian, Deepak
Johns, Martin
Piessens, Frank
Desmet, Lieven
Issue Date: 4-Apr-2016
Publisher: ACM
Host Document: Proceedings of the 31st Annual ACM Symposium on Applied Computing pages:2103-2110
Conference: Annual ACM Symposium on Applied Computing edition:31 location:Pisa date:4-8 April 2016
Abstract: WebRTC is one of the latest additions to the ever growing repository of Web browser technologies, which push the envelope of native Web application capabilities. WebRTC al- lows real-time peer-to-peer audio and video chat, that runs purely in the browser. Unlike existing video chat solutions, such as Skype, that operate in a closed identity ecosystem, WebRTC was designed to be highly flexible, especially in the domains of signaling and identity federation. This flexibility, however, opens avenues for identity fraud. In this paper, we explore the technical underpinnings of WebRTC’s identity management architecture. Based on this analysis, we identify three novel attacks against endpoint authenticity. To answer the identified threats, we propose and discuss defensive strategies, including security improvements for the WebRTC specifications and mitigation techniques for the identity and service providers.
Publication status: published
KU Leuven publication type: IC
Appears in Collections:Informatics Section

Files in This Item:
File Description Status SizeFormat
paper.pdf Published 433KbAdobe PDFView/Open


All items in Lirias are protected by copyright, with all rights reserved.