A presentation about using webRTC's fingerprints in place of e164 phone numbers. Given at IIT's RTC conference 2015.

1. SIMPLE SECURE
FEDERATED IDENTITY
FOR WEBRTC
(YOUR NEW PHONE
NUMBER)
Tim Panton – Westhawk Ltd @steely_glint
Westhawk ltd - @steely_glint

2. Liars
Westhawk ltd - @steely_glint
https://www.flickr.com/photos/barbiefantasies/14395143510/

3. “Hello, I’m calling from
Windows”
CallerId has
failed.
 Caller id should alert us to this fraud
 It does not
 Originally geographically based
 No crypto strength
 Loosely federated
 Each hop can inject traffic
 It was good business
Westhawk ltd - @steely_glint

4. Security
Westhawk ltd - @steely_glint
https://www.flickr.com/photos/madaboutshanghai/184665954

5. “Let me take you through
security”
CallerId has
failed.
 Needless if CallerId worked
 It does not
 Already logged in on Web
 Used sensor to unlock phone
 Strong crypto in SIM
 Phone network strips other auth
 It was good business
Westhawk ltd - @steely_glint

6. Old Wisdom
Westhawk ltd - @steely_glint
https://www.flickr.com/photos/3059349393/3320930905/

7. “Hello this is Wormshill 280”
CallerId has
failed.
 Confirm number on answer
 Old wisdom?
Westhawk ltd - @steely_glint

8. What do ?
Nothing Ignore the problem
 Most communication is in context
 Assume the context will cover gap
 Except people hate robo-calls
 Landlines are for liars, cheats and
the elderly
Westhawk ltd - @steely_glint

9. What do ?
Whatsapp Whatsapp style
 Siloed service
 No number portability
 No federation
 Bootstrap from phone number
 Tight control on 3rd party apps
 Messaging and voice in same
channel
Westhawk ltd - @steely_glint

10. Can WebRTC help?
WebRTC  No signaling standard
 No identity standard
 Massive Silos (hangouts, facebook
etc)
 Niche apps (on-site apps)
Probably not.
Westhawk ltd - @steely_glint

11. Can WebRTC help?
WebRTC  Strong E2E crypto
 Wide standardization
 Integrated into web
 Easy to app-ify
 Fingerprints
Perhaps….
Westhawk ltd - @steely_glint

12. Webrtc crypto
Crypto  Uses DTLS (with PFS)
 TLS’s datagram sibling
 Self signed certificates
 Contain no id
 Containing x509 public keys
 Exchanged securely at media start
 NOT over the signaling channel
 Confirmation via fingerprint
Westhawk ltd - @steely_glint

13. Webrtc fingerprint
fingerprint  Hash over the cert containing public
key
 Maps uniquely to a public key
 Sent over signaling channel as
check
 32 bytes rendered in hex
 Hard to read
 Requires you trust the signaling
 Not ideal for federation
Westhawk ltd - @steely_glint

14. Fingerprints as phone
numbers.
fingerprint  Such a good idea I filed a patent on
it
 Replace e164 with fingerprints
 Calls are made between unique
32byte addresses
 Endpoints can verify each other
simply at media start
Westhawk ltd - @steely_glint

15. ‘Inbound’ example
fingerprint  I receive call from a fingerprint
 Fingerprint is in my address book
 I accept call
 Media start verifies fingerprint
 Drop call if they don’t match
Westhawk ltd - @steely_glint

16. ‘Outbound’ example
fingerprint  I call your fingerprint
 Signaling claims you answered
 On media start calculate fingerprint
 Drop call if they don’t match
 Continue call if they do
Westhawk ltd - @steely_glint

17. What do I have to trust ?
Trust  My OS
 My browser
 Javascript I’m running
 The site that provided the javascript
 How I got your fingerprint
I have (or can have) a legal contract
with each of these
Westhawk ltd - @steely_glint

18. What do I NOT have to trust ?
Trust  My signaling service
 Your signaling service
 Any federated hops along the way
 The verification is end-to-end over
the
media
All are parties I have no relation toWesthawk ltd - @steely_glint

19. Other Trust issues
Trust  Uses well established crypto
 Uses stock browsers
 Simple(ish) inspectable javascript
 Uses public webRTC apis – nothing
else
Westhawk ltd - @steely_glint

20. Certificate lifecycle API
Lifecycle  New Cert per site (per
peerConnection)
 So my poker club and church see
different numbers 
 All stored in my device
 Can be stored – or one-time
depending on the site
 Not exportable or transferable
Westhawk ltd - @steely_glint

21. I’m not learning a 32byte
number!
Numbers  You don’t have to
 I hardly recall any 10 digit numbers!
 All stored in my device
 Protected by my (physical)
fingerprint
Westhawk ltd - @steely_glint

22. How to transfer fingerprints
transfer  Visually with QR codes
 Show and tell demo 
 Use phone/web cams
 Requires proximity
 Intentional gesture
 Trusted introductions
 (other out of band ways)
Westhawk ltd - @steely_glint

23. An implementation
fingersmith  Proof of concept
 https://steely-
glint.github.io/fingersmith/phonefro
mhere/
 Public code from Github
can be trusted/inspected
 Signaling service untrusted
just passes messages
 All state at endpoints
Westhawk ltd - @steely_glint

24. Untrusted federation.
federation  This replaces the web of
(misplaced) trust in the current SS7
and IP
networks.
We can have trusted callerID without
trusting all the networks on the path
If we use webRTC fingerprints instead
of e164s
Westhawk ltd - @steely_glint

25. Sigh, I know it won’t happen
Stuck  Even with the OTT threats
 Telco business model is entrenched
 Depends on bulk calling
 More calls mean more leverage
 End users aren’t important enough
Unfortunately the necessary changes
won’t happen in telco-land.
Westhawk ltd - @steely_glint

26. Fortunately, across the hall in
IoT
Iot  Very similar problems
 Consequences even worse
 Nuisance calls to your Heating?!?
 No established standards (yet)
 Still fast moving space
 Same solution applies
 But use WebRTC DataChannel
I have hopes….
Westhawk ltd - @steely_glint

27. Fortunately, IoT
Iot
I have a Lego dog to prove it can be
done.
EV3 300Mhz Arm9 Linux 64Mb
Westhawk ltd - @steely_glint

28. thp@westhawk.co.uk
@steely_glint
Questions?
Westhawk ltd - @steely_glint