3. âHello, Iâm calling from
Windowsâ
CallerId has
failed.
ď¨ Caller id should alert us to this fraud
ď¨ It does not
ď¨ Originally geographically based
ď¨ No crypto strength
ď¨ Loosely federated
ď¨ Each hop can inject traffic
ď¨ It was good business
Westhawk ltd - @steely_glint
5. âLet me take you through
securityâ
CallerId has
failed.
ď¨ Needless if CallerId worked
ď¨ It does not
ď¨ Already logged in on Web
ď¨ Used sensor to unlock phone
ď¨ Strong crypto in SIM
ď¨ Phone network strips other auth
ď¨ It was good business
Westhawk ltd - @steely_glint
7. âHello this is Wormshill 280â
CallerId has
failed.
ď¨ Confirm number on answer
ď¨ Old wisdom?
Westhawk ltd - @steely_glint
8. What do ?
Nothing Ignore the problem
ď¨ Most communication is in context
ď¨ Assume the context will cover gap
ď¨ Except people hate robo-calls
ď¨ Landlines are for liars, cheats and
the elderly
Westhawk ltd - @steely_glint
9. What do ?
Whatsapp Whatsapp style
ď¨ Siloed service
ď¨ No number portability
ď¨ No federation
ď¨ Bootstrap from phone number
ď¨ Tight control on 3rd party apps
ď¨ Messaging and voice in same
channel
Westhawk ltd - @steely_glint
10. Can WebRTC help?
WebRTC ď¨ No signaling standard
ď¨ No identity standard
ď¨ Massive Silos (hangouts, facebook
etc)
ď¨ Niche apps (on-site apps)
Probably not.
Westhawk ltd - @steely_glint
11. Can WebRTC help?
WebRTC ď¨ Strong E2E crypto
ď¨ Wide standardization
ď¨ Integrated into web
ď¨ Easy to app-ify
ď¨ Fingerprints
PerhapsâŚ.
Westhawk ltd - @steely_glint
12. Webrtc crypto
Crypto ď¨ Uses DTLS (with PFS)
ď¨ TLSâs datagram sibling
ď¨ Self signed certificates
ď¨ Contain no id
ď¨ Containing x509 public keys
ď¨ Exchanged securely at media start
ď¨ NOT over the signaling channel
ď¨ Confirmation via fingerprint
Westhawk ltd - @steely_glint
13. Webrtc fingerprint
fingerprint ď¨ Hash over the cert containing public
key
ď¨ Maps uniquely to a public key
ď¨ Sent over signaling channel as
check
ď¨ 32 bytes rendered in hex
ď¨ Hard to read
ď¨ Requires you trust the signaling
ď¨ Not ideal for federation
Westhawk ltd - @steely_glint
14. Fingerprints as phone
numbers.
fingerprint ď¨ Such a good idea I filed a patent on
it
ď¨ Replace e164 with fingerprints
ď¨ Calls are made between unique
32byte addresses
ď¨ Endpoints can verify each other
simply at media start
Westhawk ltd - @steely_glint
15. âInboundâ example
fingerprint ď¨ I receive call from a fingerprint
ď¨ Fingerprint is in my address book
ď¨ I accept call
ď¨ Media start verifies fingerprint
ď¨ Drop call if they donât match
Westhawk ltd - @steely_glint
16. âOutboundâ example
fingerprint ď¨ I call your fingerprint
ď¨ Signaling claims you answered
ď¨ On media start calculate fingerprint
ď¨ Drop call if they donât match
ď¨ Continue call if they do
Westhawk ltd - @steely_glint
17. What do I have to trust ?
Trust ď¨ My OS
ď¨ My browser
ď¨ Javascript Iâm running
ď¨ The site that provided the javascript
ď¨ How I got your fingerprint
I have (or can have) a legal contract
with each of these
Westhawk ltd - @steely_glint
18. What do I NOT have to trust ?
Trust ď¨ My signaling service
ď¨ Your signaling service
ď¨ Any federated hops along the way
ď¨ The verification is end-to-end over
the
media
All are parties I have no relation toWesthawk ltd - @steely_glint
19. Other Trust issues
Trust ď¨ Uses well established crypto
ď¨ Uses stock browsers
ď¨ Simple(ish) inspectable javascript
ď¨ Uses public webRTC apis â nothing
else
Westhawk ltd - @steely_glint
20. Certificate lifecycle API
Lifecycle ď¨ New Cert per site (per
peerConnection)
ď¨ So my poker club and church see
different numbers ď
ď¨ All stored in my device
ď¨ Can be stored â or one-time
depending on the site
ď¨ Not exportable or transferable
Westhawk ltd - @steely_glint
21. Iâm not learning a 32byte
number!
Numbers ď¨ You donât have to
ď¨ I hardly recall any 10 digit numbers!
ď¨ All stored in my device
ď¨ Protected by my (physical)
fingerprint
Westhawk ltd - @steely_glint
22. How to transfer fingerprints
transfer ď¨ Visually with QR codes
ď¨ Show and tell demo ď
ď¨ Use phone/web cams
ď¨ Requires proximity
ď¨ Intentional gesture
ď¨ Trusted introductions
ď¨ (other out of band ways)
Westhawk ltd - @steely_glint
23. An implementation
fingersmith ď¨ Proof of concept
ď¨ https://steely-
glint.github.io/fingersmith/phonefro
mhere/
ď¨ Public code from Github
can be trusted/inspected
ď¨ Signaling service untrusted
just passes messages
ď¨ All state at endpoints
Westhawk ltd - @steely_glint
24. Untrusted federation.
federation ď¨ This replaces the web of
(misplaced) trust in the current SS7
and IP
networks.
We can have trusted callerID without
trusting all the networks on the path
If we use webRTC fingerprints instead
of e164s
Westhawk ltd - @steely_glint
25. Sigh, I know it wonât happen
Stuck ď¨ Even with the OTT threats
ď¨ Telco business model is entrenched
ď¨ Depends on bulk calling
ď¨ More calls mean more leverage
ď¨ End users arenât important enough
Unfortunately the necessary changes
wonât happen in telco-land.
Westhawk ltd - @steely_glint
26. Fortunately, across the hall in
IoT
Iot ď¨ Very similar problems
ď¨ Consequences even worse
ď¨ Nuisance calls to your Heating?!?
ď¨ No established standards (yet)
ď¨ Still fast moving space
ď¨ Same solution applies
ď¨ But use WebRTC DataChannel
I have hopesâŚ.
Westhawk ltd - @steely_glint
27. Fortunately, IoT
Iot
I have a Lego dog to prove it can be
done.
EV3 300Mhz Arm9 Linux 64Mb
Westhawk ltd - @steely_glint