SlideShare uma empresa Scribd logo

Ice with that sir? Or what webRTC does once it has a UDP connection

Transferir como PPTX, PDF
Tim Panton
Tim Panton

Second part of a talk given on the VUC (http://www.voipusersconference.org/2014/vuc506-turn-and-stun-the-ice/) with Emil Ivov about how WebRTC uses ICE to get through firewalls.

Tecnologia
1 de 11
What to do now you have a hole in the ice Tim Panton - Protocol Droid Westhawk Ltd
https://www.flickr.com/photos/dougbrown47/
Make a secure P2P media + data connection? Use existing protocols: SRTP x2 - encrypted RTP for voice + video DTLS - secure set up SCTP - datagram protocol RTCP - channel stats and management
Multiplex all the things +----------------+ | 127 < B < 192 -+--> forward to RTP | | packet --> | 19 < B < 64 -+--> forward to DTLS | | | B < 2 -+--> forward to ICE +----------------+
Huh ? Why is ICE there ? Continuing consent to send: We are sending ~1mbit/s of video Imagine the user closes the receiving tab Signalling is gone ICE re-tests connection every 30s Can re-establish a session over different path
We know all about RTP Maybe not: SRTP - but uses DTLS to exchange the keys. Possibly multiple multiplexed streams RTCP too. Optional Headers (voice level etc)
DTLS - what is that? TLS (aka SSL) ’s UDP cousin: Uses Public key crypto to exchange session key Session key extracted and used for SRTP key Also carries datachannel messages Does not carry media
DTLS - not quite like SSL DTLS in webRTC has different requirements: Does not use PKI - no certs to buy Has heartbeat DTLS is client server Peers have to agree who is the client (rant)
Was all that worth it? Probably: Secure - selectable crypto suites No passwords No central authority Distributed system - but existing SRTP code used
You forgot STCP Oops: Originally designed to run alongside TCP webRTC uses it to provide Datachannel transport Run over DTLS (over UDP) Useful semantics - more flexible that TCP More widely used than you think (telcos)
A new layer? Perhaps: We have a modern set of secure peer to peer network protocols supported by > 1bn endpoints and counting. It runs well over the existing internet infrastructure Lets use it to build fun stuff.

Recomendados

Introduction to tcpdump
Introduction to tcpdumpIntroduction to tcpdump
Introduction to tcpdumpLev Walkin
 
Tcpdump
TcpdumpTcpdump
TcpdumpSourav Roy
 
CNIT 50: 6. Command Line Packet Analysis Tools
CNIT 50: 6. Command Line Packet Analysis ToolsCNIT 50: 6. Command Line Packet Analysis Tools
CNIT 50: 6. Command Line Packet Analysis ToolsSam Bowne
 
Tcpdump
TcpdumpTcpdump
TcpdumpMohamed Gamel
 
Beyond TCP: The evolution of Internet transport protocols
Beyond TCP: The evolution of Internet transport protocolsBeyond TCP: The evolution of Internet transport protocols
Beyond TCP: The evolution of Internet transport protocolsOlivier Bonaventure
 
TCPLS presentation @ietf 109
TCPLS presentation @ietf 109TCPLS presentation @ietf 109
TCPLS presentation @ietf 109Olivier Bonaventure
 
Part 6 : Internet applications
Part 6 : Internet applicationsPart 6 : Internet applications
Part 6 : Internet applicationsOlivier Bonaventure
 
Netcat - A Swiss Army Tool
Netcat - A Swiss Army ToolNetcat - A Swiss Army Tool
Netcat - A Swiss Army ToolChandrapal Badshah
 

Recomendados

Introduction to tcpdump
Introduction to tcpdumpIntroduction to tcpdump
Introduction to tcpdumpLev Walkin
 
Tcpdump
TcpdumpTcpdump
TcpdumpSourav Roy
 
CNIT 50: 6. Command Line Packet Analysis Tools
CNIT 50: 6. Command Line Packet Analysis ToolsCNIT 50: 6. Command Line Packet Analysis Tools
CNIT 50: 6. Command Line Packet Analysis ToolsSam Bowne
 
Tcpdump
TcpdumpTcpdump
TcpdumpMohamed Gamel
 
Beyond TCP: The evolution of Internet transport protocols
Beyond TCP: The evolution of Internet transport protocolsBeyond TCP: The evolution of Internet transport protocols
Beyond TCP: The evolution of Internet transport protocolsOlivier Bonaventure
 
TCPLS presentation @ietf 109
TCPLS presentation @ietf 109TCPLS presentation @ietf 109
TCPLS presentation @ietf 109Olivier Bonaventure
 
Part 6 : Internet applications
Part 6 : Internet applicationsPart 6 : Internet applications
Part 6 : Internet applicationsOlivier Bonaventure
 
Netcat - A Swiss Army Tool
Netcat - A Swiss Army ToolNetcat - A Swiss Army Tool
Netcat - A Swiss Army ToolChandrapal Badshah
 
Netcat
NetcatNetcat
Netcatpenetration Tester
 
Asfws2014 tproxy
Asfws2014 tproxyAsfws2014 tproxy
Asfws2014 tproxyCyber Security Alliance
 
Protocols
Protocols Protocols
Protocols Kopi Maheswaran
 
Netcat
NetcatNetcat
Netcatyogendra singh chahar
 
NetCat - the suiss army knife of network
NetCat - the suiss army knife of networkNetCat - the suiss army knife of network
NetCat - the suiss army knife of networkMehdi Djoughi
 
Tomasz P from Poland
Tomasz P from PolandTomasz P from Poland
Tomasz P from Polandirenazd
 
Netcat 101 by-mahesh-beema
Netcat 101 by-mahesh-beemaNetcat 101 by-mahesh-beema
Netcat 101 by-mahesh-beemaRaghunath G
 
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Pavel Odintsov
 
#KPC #CST #Protocols
#KPC #CST #Protocols #KPC #CST #Protocols
#KPC #CST #Protocols KEIKolkata
 
Header compression and multiplexing in LISP
Header compression and multiplexing in LISPHeader compression and multiplexing in LISP
Header compression and multiplexing in LISPJose Saldana
 
DPDK Support for New HW Offloads
DPDK Support for New HW OffloadsDPDK Support for New HW Offloads
DPDK Support for New HW OffloadsNetronome
 
TC Flower Offload
TC Flower OffloadTC Flower Offload
TC Flower OffloadNetronome
 
Colt sp sec2014_appsec-nf-vfinal
Colt sp sec2014_appsec-nf-vfinalColt sp sec2014_appsec-nf-vfinal
Colt sp sec2014_appsec-nf-vfinalCyber Security Alliance
 
Part 9 : Congestion control and IPv6
Part 9 : Congestion control and IPv6Part 9 : Congestion control and IPv6
Part 9 : Congestion control and IPv6Olivier Bonaventure
 
Part 12 : Local Area Networks
Part 12 : Local Area Networks Part 12 : Local Area Networks
Part 12 : Local Area Networks Olivier Bonaventure
 
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecasesLF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecasesLF_OpenvSwitch
 
Part 7 : HTTP/2, UDP and TCP
Part 7 : HTTP/2, UDP and TCPPart 7 : HTTP/2, UDP and TCP
Part 7 : HTTP/2, UDP and TCPOlivier Bonaventure
 
Tuning 17 march
Tuning 17 marchTuning 17 march
Tuning 17 marchBinan AL Halabi
 
Ds1307
Ds1307Ds1307
Ds1307Jackson Martins
 
Dhcp Server Linux Server
Dhcp Server Linux ServerDhcp Server Linux Server
Dhcp Server Linux Servermuh kemal
 
16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)Jeff Green
 
Demuxed 2020
Demuxed 2020Demuxed 2020
Demuxed 2020SeanDuBois3
 

Mais conteúdo relacionado

Mais procurados

NetCat - the suiss army knife of network
NetCat - the suiss army knife of networkNetCat - the suiss army knife of network
NetCat - the suiss army knife of networkMehdi Djoughi
 
Tomasz P from Poland
Tomasz P from PolandTomasz P from Poland
Tomasz P from Polandirenazd
 
Netcat 101 by-mahesh-beema
Netcat 101 by-mahesh-beemaNetcat 101 by-mahesh-beema
Netcat 101 by-mahesh-beemaRaghunath G
 
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Pavel Odintsov
 
#KPC #CST #Protocols
#KPC #CST #Protocols #KPC #CST #Protocols
#KPC #CST #Protocols KEIKolkata
 
Header compression and multiplexing in LISP
Header compression and multiplexing in LISPHeader compression and multiplexing in LISP
Header compression and multiplexing in LISPJose Saldana
 
DPDK Support for New HW Offloads
DPDK Support for New HW OffloadsDPDK Support for New HW Offloads
DPDK Support for New HW OffloadsNetronome
 
TC Flower Offload
TC Flower OffloadTC Flower Offload
TC Flower OffloadNetronome
 
Part 9 : Congestion control and IPv6
Part 9 : Congestion control and IPv6Part 9 : Congestion control and IPv6
Part 9 : Congestion control and IPv6Olivier Bonaventure
 
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecasesLF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecasesLF_OpenvSwitch
 
Dhcp Server Linux Server
Dhcp Server Linux ServerDhcp Server Linux Server
Dhcp Server Linux Servermuh kemal
 

Mais procurados (20)

Netcat
NetcatNetcat
Netcat
 
Asfws2014 tproxy
Asfws2014 tproxyAsfws2014 tproxy
Asfws2014 tproxy
 
Protocols
Protocols Protocols
Protocols
 
Netcat
NetcatNetcat
Netcat
 
NetCat - the suiss army knife of network
NetCat - the suiss army knife of networkNetCat - the suiss army knife of network
NetCat - the suiss army knife of network
 
Tomasz P from Poland
Tomasz P from PolandTomasz P from Poland
Tomasz P from Poland
 
Netcat 101 by-mahesh-beema
Netcat 101 by-mahesh-beemaNetcat 101 by-mahesh-beema
Netcat 101 by-mahesh-beema
 
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
 
#KPC #CST #Protocols
#KPC #CST #Protocols #KPC #CST #Protocols
#KPC #CST #Protocols
 
Header compression and multiplexing in LISP
Header compression and multiplexing in LISPHeader compression and multiplexing in LISP
Header compression and multiplexing in LISP
 
DPDK Support for New HW Offloads
DPDK Support for New HW OffloadsDPDK Support for New HW Offloads
DPDK Support for New HW Offloads
 
TC Flower Offload
TC Flower OffloadTC Flower Offload
TC Flower Offload
 
Colt sp sec2014_appsec-nf-vfinal
Colt sp sec2014_appsec-nf-vfinalColt sp sec2014_appsec-nf-vfinal
Colt sp sec2014_appsec-nf-vfinal
 
Part 9 : Congestion control and IPv6
Part 9 : Congestion control and IPv6Part 9 : Congestion control and IPv6
Part 9 : Congestion control and IPv6
 
Part 12 : Local Area Networks
Part 12 : Local Area Networks Part 12 : Local Area Networks
Part 12 : Local Area Networks
 
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecasesLF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
 
Part 7 : HTTP/2, UDP and TCP
Part 7 : HTTP/2, UDP and TCPPart 7 : HTTP/2, UDP and TCP
Part 7 : HTTP/2, UDP and TCP
 
Tuning 17 march
Tuning 17 marchTuning 17 march
Tuning 17 march
 
Ds1307
Ds1307Ds1307
Ds1307
 
Dhcp Server Linux Server
Dhcp Server Linux ServerDhcp Server Linux Server
Dhcp Server Linux Server
 

Semelhante a Ice with that sir? Or what webRTC does once it has a UDP connection

16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)Jeff Green
 
Abandon Decades-Old TCPdump for Modern Troubleshooting
Abandon Decades-Old TCPdump for Modern TroubleshootingAbandon Decades-Old TCPdump for Modern Troubleshooting
Abandon Decades-Old TCPdump for Modern TroubleshootingAvi Networks
 
sshuttle VPN (2011-04)
sshuttle VPN (2011-04)sshuttle VPN (2011-04)
sshuttle VPN (2011-04)apenwarr
 
Reconsider TCPdump for Modern Troubleshooting
Reconsider TCPdump for Modern TroubleshootingReconsider TCPdump for Modern Troubleshooting
Reconsider TCPdump for Modern TroubleshootingAvi Networks
 
Jingle: Cutting Edge VoIP
Jingle: Cutting Edge VoIPJingle: Cutting Edge VoIP
Jingle: Cutting Edge VoIPmattjive
 
Advancing IoT Communication Security with TLS and DTLS v1.3
Advancing IoT Communication Security with TLS and DTLS v1.3Advancing IoT Communication Security with TLS and DTLS v1.3
Advancing IoT Communication Security with TLS and DTLS v1.3Hannes Tschofenig
 
Intro tcpip-part1
Intro tcpip-part1Intro tcpip-part1
Intro tcpip-part1Kit Ramsey
 
Training Day Slides
Training Day SlidesTraining Day Slides
Training Day Slidesadam_merritt
 
UAV Data Link Design for Dependable Real-Time Communications
UAV Data Link Design for Dependable Real-Time CommunicationsUAV Data Link Design for Dependable Real-Time Communications
UAV Data Link Design for Dependable Real-Time CommunicationsGerardo Pardo-Castellote
 
Encrypt what? - A lightning talk
Encrypt what? - A lightning talkEncrypt what? - A lightning talk
Encrypt what? - A lightning talkJisc
 
14 network tools
14 network tools14 network tools
14 network toolsShay Cohen
 

Semelhante a Ice with that sir? Or what webRTC does once it has a UDP connection (20)

16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)
 
Demuxed 2020
Demuxed 2020Demuxed 2020
Demuxed 2020
 
Webrtc overview
Webrtc overviewWebrtc overview
Webrtc overview
 
Abandon Decades-Old TCPdump for Modern Troubleshooting
Abandon Decades-Old TCPdump for Modern TroubleshootingAbandon Decades-Old TCPdump for Modern Troubleshooting
Abandon Decades-Old TCPdump for Modern Troubleshooting
 
class12_Networking2
class12_Networking2class12_Networking2
class12_Networking2
 
Introduction to VOIP
Introduction to VOIPIntroduction to VOIP
Introduction to VOIP
 
sshuttle VPN (2011-04)
sshuttle VPN (2011-04)sshuttle VPN (2011-04)
sshuttle VPN (2011-04)
 
Reconsider TCPdump for Modern Troubleshooting
Reconsider TCPdump for Modern TroubleshootingReconsider TCPdump for Modern Troubleshooting
Reconsider TCPdump for Modern Troubleshooting
 
Jingle: Cutting Edge VoIP
Jingle: Cutting Edge VoIPJingle: Cutting Edge VoIP
Jingle: Cutting Edge VoIP
 
Os Tucker
Os TuckerOs Tucker
Os Tucker
 
Advancing IoT Communication Security with TLS and DTLS v1.3
Advancing IoT Communication Security with TLS and DTLS v1.3Advancing IoT Communication Security with TLS and DTLS v1.3
Advancing IoT Communication Security with TLS and DTLS v1.3
 
Intro tcpip-part1
Intro tcpip-part1Intro tcpip-part1
Intro tcpip-part1
 
Training Day Slides
Training Day SlidesTraining Day Slides
Training Day Slides
 
TCP/IP Basics
TCP/IP BasicsTCP/IP Basics
TCP/IP Basics
 
UAV Data Link Design for Dependable Real-Time Communications
UAV Data Link Design for Dependable Real-Time CommunicationsUAV Data Link Design for Dependable Real-Time Communications
UAV Data Link Design for Dependable Real-Time Communications
 
F5 tcpdump
F5 tcpdumpF5 tcpdump
F5 tcpdump
 
Assignment on data network
Assignment on data networkAssignment on data network
Assignment on data network
 
Assignment on data network
Assignment on data networkAssignment on data network
Assignment on data network
 
Encrypt what? - A lightning talk
Encrypt what? - A lightning talkEncrypt what? - A lightning talk
Encrypt what? - A lightning talk
 
14 network tools
14 network tools14 network tools
14 network tools
 

Mais de Tim Panton

10 voipmistakes
10 voipmistakes10 voipmistakes
10 voipmistakesTim Panton
 
Putting the 'web' into webRTC
Putting the 'web' into webRTCPutting the 'web' into webRTC
Putting the 'web' into webRTCTim Panton
 
Simple secure federated identity for webRTC (your new phone number)
Simple secure federated identity for webRTC (your new phone number)Simple secure federated identity for webRTC (your new phone number)
Simple secure federated identity for webRTC (your new phone number)Tim Panton
 
Kranky geek15 - securing IoT with webrtc
Kranky geek15 - securing IoT with webrtcKranky geek15 - securing IoT with webrtc
Kranky geek15 - securing IoT with webrtcTim Panton
 
Kranky geeklondon build an app
Kranky geeklondon build an appKranky geeklondon build an app
Kranky geeklondon build an appTim Panton
 
Yo pet - building a webRTC app in 20 mins
Yo pet - building a webRTC app in 20 minsYo pet - building a webRTC app in 20 mins
Yo pet - building a webRTC app in 20 minsTim Panton
 
Westhawk integration
Westhawk integrationWesthawk integration
Westhawk integrationTim Panton
 
WebRTC Standards overview.
WebRTC Standards overview.WebRTC Standards overview.
WebRTC Standards overview.Tim Panton
 

Mais de Tim Panton (8)

10 voipmistakes
10 voipmistakes10 voipmistakes
10 voipmistakes
 
Putting the 'web' into webRTC
Putting the 'web' into webRTCPutting the 'web' into webRTC
Putting the 'web' into webRTC
 
Simple secure federated identity for webRTC (your new phone number)
Simple secure federated identity for webRTC (your new phone number)Simple secure federated identity for webRTC (your new phone number)
Simple secure federated identity for webRTC (your new phone number)
 
Kranky geek15 - securing IoT with webrtc
Kranky geek15 - securing IoT with webrtcKranky geek15 - securing IoT with webrtc
Kranky geek15 - securing IoT with webrtc
 
Kranky geeklondon build an app
Kranky geeklondon build an appKranky geeklondon build an app
Kranky geeklondon build an app
 
Yo pet - building a webRTC app in 20 mins
Yo pet - building a webRTC app in 20 minsYo pet - building a webRTC app in 20 mins
Yo pet - building a webRTC app in 20 mins
 
Westhawk integration
Westhawk integrationWesthawk integration
Westhawk integration
 
WebRTC Standards overview.
WebRTC Standards overview.WebRTC Standards overview.
WebRTC Standards overview.
 

Último

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Último (20)

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

Ice with that sir? Or what webRTC does once it has a UDP connection

  • 1. What to do now you have a hole in the ice Tim Panton - Protocol Droid Westhawk Ltd
  • 3. Make a secure P2P media + data connection? Use existing protocols: SRTP x2 - encrypted RTP for voice + video DTLS - secure set up SCTP - datagram protocol RTCP - channel stats and management
  • 4. Multiplex all the things +----------------+ | 127 < B < 192 -+--> forward to RTP | | packet --> | 19 < B < 64 -+--> forward to DTLS | | | B < 2 -+--> forward to ICE +----------------+
  • 5. Huh ? Why is ICE there ? Continuing consent to send: We are sending ~1mbit/s of video Imagine the user closes the receiving tab Signalling is gone ICE re-tests connection every 30s Can re-establish a session over different path
  • 6. We know all about RTP Maybe not: SRTP - but uses DTLS to exchange the keys. Possibly multiple multiplexed streams RTCP too. Optional Headers (voice level etc)
  • 7. DTLS - what is that? TLS (aka SSL) ’s UDP cousin: Uses Public key crypto to exchange session key Session key extracted and used for SRTP key Also carries datachannel messages Does not carry media
  • 8. DTLS - not quite like SSL DTLS in webRTC has different requirements: Does not use PKI - no certs to buy Has heartbeat DTLS is client server Peers have to agree who is the client (rant)
  • 9. Was all that worth it? Probably: Secure - selectable crypto suites No passwords No central authority Distributed system - but existing SRTP code used
  • 10. You forgot STCP Oops: Originally designed to run alongside TCP webRTC uses it to provide Datachannel transport Run over DTLS (over UDP) Useful semantics - more flexible that TCP More widely used than you think (telcos)
  • 11. A new layer? Perhaps: We have a modern set of secure peer to peer network protocols supported by > 1bn endpoints and counting. It runs well over the existing internet infrastructure Lets use it to build fun stuff.