SlideShare une entreprise Scribd logo

The Road to End-to-End Encryption in Jitsi Meet

Saúl Ibarra Corretgé
Saúl Ibarra Corretgé

Slides from my talk at FOSDEM 2021 on how we implemented End-to-End Encryption in Jitsi Meet. https://fosdem.org/2021/schedule/event/e2ee/

Technologie
1  sur  28
Télécharger pour lire hors ligne
Saúl Ibarra Corretgé (saghul) | FOSDEM 2021 The road to End-to-End Encryption in Jitsi Meet How we did it, and how you can do it too!
WebRTC Security model A quick look
WebRTC security refresher • Restricted to “safe origins” in browsers • DTLS-SRTP is mandatory (RFC8829, sec 5.1.1) • Encrypted by design
WebRTC with SFU architecture • Peer connections established with a server • More scalable architecture • The server has access to the media
SFU media processing Why access to the media is was necessary • Optimal video layer routing • Keyframe detection • Only the packet header is necessary
Wasn’t WebRTC end to end encrypted? Sort of
End-to-End Encrypted… Sort of • When media is flowing Peer-to-Peer • But SFUs are needed for scaling • Bad UX for certificate validation • No indication if the tracks are swapped out
type: answer, sdp: v=0 o=- 1611234728580 2 IN IP4 0.0.0.0 s=- t=0 0 a=group:BUNDLE audio video m=audio 1 RTP/SAVPF 111 103 104 9 0 8 106 105 13 110 112 113 126 c=IN IP4 0.0.0.0 a=rtpmap:111 opus/48000/2 a=rtpmap:103 ISAC/16000 a=rtpmap:104 ISAC/32000 a=rtpmap:9 G722/8000 a=rtpmap:0 PCMU/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:106 CN/32000 a=rtpmap:105 CN/16000 a=rtpmap:13 CN/8000 a=rtpmap:110 telephone-event/48000 a=rtpmap:112 telephone-event/32000 a=rtpmap:113 telephone-event/16000 a=rtpmap:126 telephone-event/8000 a=fmtp:111 minptime=10; useinbandfec=1 a=rtcp:1 IN IP4 0.0.0.0 a=rtcp-fb:111 transport-cc a=extmap:1 urn:ietf:params:rtp-hdrext:ssrc-audio-level a=extmap:2 http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time a=extmap:3 http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01 a=setup:active a=mid:audio a=sendrecv a=ice-ufrag:XAiV a=ice-pwd:RB7yTD33L6PFY83hjj0uSWjn a=fingerprint:sha-256 A6:A2:B6:E3:E0:9D:6D:8B:6B:C2:EE:6F:47:10:34:F4:3C:0C:11:EF:DD:B6:95:7E:2A:A7:C3:87:92:5E:C8:9E a=ssrc:1562203001 cname:PvTvS2sWMhUCiqO-2 a=ssrc:1562203001 msid:6ef4960a-88b6-4b7b-8303-944e11e0bc82-2 7742d881-027d-41bf-bc6a-7b67994769cc-2 a=ssrc:1562203001 mslabel:6ef4960a-88b6-4b7b-8303-944e11e0bc82-2 a=ssrc:1562203001 label:7742d881-027d-41bf-bc6a-7b67994769cc-2 a=rtcp-mux m=video 1 RTP/SAVPF 96 97 98 99 100 101 114 115 116 c=IN IP4 0.0.0.0 a=rtpmap:96 VP8/90000 a=rtpmap:97 rtx/90000 a=rtpmap:98 VP9/90000 a=rtpmap:99 rtx/90000 a=rtpmap:100 VP9/90000 a=rtpmap:101 rtx/90000 a=rtpmap:114 red/90000 a=rtpmap:115 rtx/90000 a=rtpmap:116 ulpfec/90000 a=fmtp:97 apt=96 a=fmtp:98 profile-id=0 a=fmtp:99 apt=98 a=fmtp:100 profile-id=2 a=fmtp:101 apt=100 a=fmtp:115 apt=114 a=rtcp:1 IN IP4 0.0.0.0 a=rtcp-fb:96 goog-remb a=rtcp-fb:96 transport-cc a=rtcp-fb:96 ccm fir a=rtcp-fb:96 nack a=rtcp-fb:96 nack pli a=rtcp-fb:98 goog-remb a=rtcp-fb:98 transport-cc a=rtcp-fb:98 ccm fir a=rtcp-fb:98 nack a=rtcp-fb:98 nack pli a=rtcp-fb:100 goog-remb a=rtcp-fb:100 transport-cc a=rtcp-fb:100 ccm fir a=rtcp-fb:100 nack a=rtcp-fb:100 nack pli a=extmap:14 urn:ietf:params:rtp-hdrext:toffset a=extmap:2 http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time a=extmap:13 urn:3gpp:video-orientation a=extmap:3 http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01 a=extmap:5 http://www.webrtc.org/experiments/rtp-hdrext/playout-delay a=extmap:6 http://www.webrtc.org/experiments/rtp-hdrext/video-content-type a=extmap:7 http://www.webrtc.org/experiments/rtp-hdrext/video-timing a=extmap:8 http://www.webrtc.org/experiments/rtp-hdrext/color-space a=setup:active a=mid:video a=sendrecv a=ice-ufrag:XAiV a=ice-pwd:RB7yTD33L6PFY83hjj0uSWjn a=fingerprint:sha-256 A6:A2:B6:E3:E0:9D:6D:8B:6B:C2:EE:6F:47:10:34:F4:3C:0C:11:EF:DD:B6:95:7E:2A:A7:C3:87:92:5E:C8:9E a=ssrc:4205491823 cname:PvTvS2sWMhUCiqO-2 a=ssrc:4205491823 msid:0700d112-9027-4538-a6c9-bf76656f764a-2 c7f3af91-73ca-4534-986e-c9139b0cafed-2 a=ssrc:4205491823 mslabel:0700d112-9027-4538-a6c9-bf76656f764a-2 a=ssrc:4205491823 label:c7f3af91-73ca-4534-986e-c9139b0cafed-2 a=ssrc:1810154588 cname:PvTvS2sWMhUCiqO-2 a=ssrc:1810154588 msid:0700d112-9027-4538-a6c9-bf76656f764a-2 c7f3af91-73ca-4534-986e-c9139b0cafed-2 a=ssrc:1810154588 mslabel:0700d112-9027-4538-a6c9-bf76656f764a-2 a=ssrc:1810154588 label:c7f3af91-73ca-4534-986e-c9139b0cafed-2 a=ssrc-group:FID 4205491823 1810154588 a=rtcp-mux
Building real E2EE for WebRTC
Why do we need E2EE? • Go check Emil Ivov’s “e2ee beyond buzzwords” talk • Eliminate the need to trust SFUs
Insertable Streams The API that unlocked it • JavaScript API for manipulating full frames • Data is mangled before transport encryption • WebCrypto APIs can be used for encryption • Worker friendly • Chromium only as of today
Insertable Streams
Insertable Streams Encrypting transform // Create a PeerConnection this.pc = new RTCPeerConnection({ encodedInsertableStreams: true });
 // Add the stream and encrypt it stream.getTracks().forEach((track) => {    const sender = this.pc.addTrack(track, stream);    const insertableStreams = sender.createEncodedStreams();    const transformer = new TransformStream({ transform: encrypt });
    insertableStreams.readableStream      .pipeThrough(transformer)      .pipeTo(insertableStreams.writableStream); }); function encrypt(chunk, controller) {     // AES encrypt with WebCrypto APIs ...     controller.enqueue(chunk); }
Insertable Streams Decrypting transform // Handle remote tracks and decrypt them peerConnection.ontrack = e => {
     const transformer = new TransformStream({ transform: decrypt });      const insertableStreams = e.receiver.createEncodedStreams();      insertableStreams.readableStream          .pipeThrough(transformer)          .pipeTo(insertableStreams.writableStream);  }; function decrypt(chunk, controller) {
 // AES decrypt with WebCrypto APIs...
 controller.enqueue(chunk);
 }
Don’t roll your own crypto Hello SFrame! +------------+------------------------------------------+^+ |S|LEN|X|KID | Frame Counter | | +^+------------+------------------------------------------+ | | | | | | | | | | | | | | | | | | | Encrypted Frame | | | | | | | | | | | | | | | | | | +^+-------------------------------------------------------+^+ | | Authentication Tag | | | +-------------------------------------------------------+ | | | | | +----+Encrypted Portion Authenticated Portion+---+
SFrame End-to-end encryption and authentication for media frames • draft-omara-sframe (early stages) • IETF WG formed • Apple experimenting with a native implementation • Bring your own key management (MLS, Signal, olm, other)
Insertable Streams in Jitsi Meet • Encryption keys • AES-CTR 256bit + HMAC SHA-256 (truncated) • Signing keys • ECDSA P-521 • “JFrame”, a slight variation of SFrame • All encryption happens in a Worker
Insertable Streams The Result
Key management The missing piece
Unmanaged Shared passphrase • Users type a shared passphrase obtained out-of-band • Encryption key is derived from the passphrase using PBKDF2 • The key never leaves the user machine
Managed Hello olm! • E2EE channel using Matrix’s libolm • Randomly generated per-participant keys • Automatic key rotation and ratcheting • Keys are exchanged using the olm channel • User verification using SAS
Implementation Show me the code! • Self-contained in lib-jitsi-meet • ~1000 lines of code • https://github.com/jitsi/lib-jitsi-meet/tree/master/modules/e2ee
Future What’s next?
• Finish SAS validation • Bring back unmanaged mode and make it configurable • Collaborate with the IETF SFrame WG • UI/UX polish
Thanks We didn’t do this alone
• Philipp Hancke, for working with us to make E2EE possible in Jitsi Meet • Matrix, for libolm and the help understanding how to use it properly • Google, for championing the insertable streams effort • Our community, for all the love and support
@jitsinews | @saghul

Recommandé

Challenges running Jitsi Meet at scale during the pandemic
Challenges running Jitsi Meet at scale during the pandemicChallenges running Jitsi Meet at scale during the pandemic
Challenges running Jitsi Meet at scale during the pandemicSaúl Ibarra Corretgé
 
Jitsi: state-of-the-art video conferencing you can self-host
Jitsi: state-of-the-art video conferencing you can self-hostJitsi: state-of-the-art video conferencing you can self-host
Jitsi: state-of-the-art video conferencing you can self-hostSaúl Ibarra Corretgé
 
Flask, Redis, Retrofit을 이용한 Android 로그인 서비스 구현하기
Flask, Redis, Retrofit을 이용한 Android 로그인 서비스 구현하기Flask, Redis, Retrofit을 이용한 Android 로그인 서비스 구현하기
Flask, Redis, Retrofit을 이용한 Android 로그인 서비스 구현하기Manjong Han
 
Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Justin Richer
 
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry BuzdinModern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry BuzdinJava User Group Latvia
 
「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへFIDO Alliance
 
Michael Dewar: Cadia Valley Operations - Foreseeing the unforeseeable
Michael Dewar: Cadia Valley Operations - Foreseeing the unforeseeableMichael Dewar: Cadia Valley Operations - Foreseeing the unforeseeable
Michael Dewar: Cadia Valley Operations - Foreseeing the unforeseeableNSW Environment and Planning
 
OpenID Connect vs. OpenID 1 & 2
OpenID Connect vs. OpenID 1 & 2OpenID Connect vs. OpenID 1 & 2
OpenID Connect vs. OpenID 1 & 2Mike Schwartz
 

Recommandé

Challenges running Jitsi Meet at scale during the pandemic
Challenges running Jitsi Meet at scale during the pandemicChallenges running Jitsi Meet at scale during the pandemic
Challenges running Jitsi Meet at scale during the pandemicSaúl Ibarra Corretgé
 
Jitsi: state-of-the-art video conferencing you can self-host
Jitsi: state-of-the-art video conferencing you can self-hostJitsi: state-of-the-art video conferencing you can self-host
Jitsi: state-of-the-art video conferencing you can self-hostSaúl Ibarra Corretgé
 
Flask, Redis, Retrofit을 이용한 Android 로그인 서비스 구현하기
Flask, Redis, Retrofit을 이용한 Android 로그인 서비스 구현하기Flask, Redis, Retrofit을 이용한 Android 로그인 서비스 구현하기
Flask, Redis, Retrofit을 이용한 Android 로그인 서비스 구현하기Manjong Han
 
Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Justin Richer
 
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry BuzdinModern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry BuzdinJava User Group Latvia
 
「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへFIDO Alliance
 
Michael Dewar: Cadia Valley Operations - Foreseeing the unforeseeable
Michael Dewar: Cadia Valley Operations - Foreseeing the unforeseeableMichael Dewar: Cadia Valley Operations - Foreseeing the unforeseeable
Michael Dewar: Cadia Valley Operations - Foreseeing the unforeseeableNSW Environment and Planning
 
OpenID Connect vs. OpenID 1 & 2
OpenID Connect vs. OpenID 1 & 2OpenID Connect vs. OpenID 1 & 2
OpenID Connect vs. OpenID 1 & 2Mike Schwartz
 
XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015
XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015
XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015CODE BLUE
 
Spring security oauth2
Spring security oauth2Spring security oauth2
Spring security oauth2axykim00
 
2022's Most Popular Programming Languages for UI Test Automation
2022's Most Popular Programming Languages for UI Test Automation2022's Most Popular Programming Languages for UI Test Automation
2022's Most Popular Programming Languages for UI Test AutomationApplitools
 
Attacking thru HTTP Host header
Attacking thru HTTP Host headerAttacking thru HTTP Host header
Attacking thru HTTP Host headerSergey Belov
 
Ad(microsoftの方)のOpenId Connect対応
Ad(microsoftの方)のOpenId Connect対応Ad(microsoftの方)のOpenId Connect対応
Ad(microsoftの方)のOpenId Connect対応Naohiro Fujie
 
Gerenciando seu débito técnico, utilizando Sonarqube e Team Foundation Server...
Gerenciando seu débito técnico, utilizando Sonarqube e Team Foundation Server...Gerenciando seu débito técnico, utilizando Sonarqube e Team Foundation Server...
Gerenciando seu débito técnico, utilizando Sonarqube e Team Foundation Server...Jaqueline Ramos
 
Fully Automated Nagios (FAN)
Fully Automated Nagios (FAN)Fully Automated Nagios (FAN)
Fully Automated Nagios (FAN)Kaustubh Padwad
 
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteThe Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteIBM Security
 
Introduction to OAuth2.0
Introduction to OAuth2.0Introduction to OAuth2.0
Introduction to OAuth2.0Oracle Corporation
 
Gophercon 2023 - Nextron Energia.pptx
Gophercon 2023 - Nextron Energia.pptxGophercon 2023 - Nextron Energia.pptx
Gophercon 2023 - Nextron Energia.pptxRoberto Hashioka
 
NTT DATA Vertex Open2test Overview
NTT DATA Vertex Open2test OverviewNTT DATA Vertex Open2test Overview
NTT DATA Vertex Open2test OverviewJorrit26
 
[SC04] あなたのサービスを "ID" で守る! Azure Active Directory の条件付きアクセスの基礎と実装
[SC04] あなたのサービスを "ID" で守る! Azure Active Directory の条件付きアクセスの基礎と実装[SC04] あなたのサービスを "ID" で守る! Azure Active Directory の条件付きアクセスの基礎と実装
[SC04] あなたのサービスを "ID" で守る! Azure Active Directory の条件付きアクセスの基礎と実装de:code 2017
 
OpenID ConnectとSCIMの標準化動向
OpenID ConnectとSCIMの標準化動向OpenID ConnectとSCIMの標準化動向
OpenID ConnectとSCIMの標準化動向Tatsuo Kudo
 
LIFFとの連携でさらに強力に。こんなに使えるLINEログイン
LIFFとの連携でさらに強力に。こんなに使えるLINEログインLIFFとの連携でさらに強力に。こんなに使えるLINEログイン
LIFFとの連携でさらに強力に。こんなに使えるLINEログインNaohiro Fujie
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing TechniquesAvinash Thapa
 
Insight into Azure Active Directory #02 - Azure AD B2B Collaboration New Feat...
Insight into Azure Active Directory #02 - Azure AD B2B Collaboration New Feat...Insight into Azure Active Directory #02 - Azure AD B2B Collaboration New Feat...
Insight into Azure Active Directory #02 - Azure AD B2B Collaboration New Feat...Kazuki Takai
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
 
Comment se préparer pour les certifications Salesforce
Comment se préparer pour les certifications SalesforceComment se préparer pour les certifications Salesforce
Comment se préparer pour les certifications SalesforceDoria Hamelryk
 
Click jacking
Click jackingClick jacking
Click jackingRonan Dunne, CEH, SSCP
 
Unrestricted file upload
Unrestricted file uploadUnrestricted file upload
Unrestricted file uploadvikram vashisth
 
Building an Automated Behavioral Malware Analysis Environment using Free and ...
Building an Automated Behavioral Malware Analysis Environment using Free and ...Building an Automated Behavioral Malware Analysis Environment using Free and ...
Building an Automated Behavioral Malware Analysis Environment using Free and ...Jim Clausing
 
SDAccel Design Contest: Vivado HLS
SDAccel Design Contest: Vivado HLSSDAccel Design Contest: Vivado HLS
SDAccel Design Contest: Vivado HLSNECST Lab @ Politecnico di Milano
 

Contenu connexe

Tendances

XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015
XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015
XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015CODE BLUE
 
Spring security oauth2
Spring security oauth2Spring security oauth2
Spring security oauth2axykim00
 
2022's Most Popular Programming Languages for UI Test Automation
2022's Most Popular Programming Languages for UI Test Automation2022's Most Popular Programming Languages for UI Test Automation
2022's Most Popular Programming Languages for UI Test AutomationApplitools
 
Attacking thru HTTP Host header
Attacking thru HTTP Host headerAttacking thru HTTP Host header
Attacking thru HTTP Host headerSergey Belov
 
Ad(microsoftの方)のOpenId Connect対応
Ad(microsoftの方)のOpenId Connect対応Ad(microsoftの方)のOpenId Connect対応
Ad(microsoftの方)のOpenId Connect対応Naohiro Fujie
 
Gerenciando seu débito técnico, utilizando Sonarqube e Team Foundation Server...
Gerenciando seu débito técnico, utilizando Sonarqube e Team Foundation Server...Gerenciando seu débito técnico, utilizando Sonarqube e Team Foundation Server...
Gerenciando seu débito técnico, utilizando Sonarqube e Team Foundation Server...Jaqueline Ramos
 
Fully Automated Nagios (FAN)
Fully Automated Nagios (FAN)Fully Automated Nagios (FAN)
Fully Automated Nagios (FAN)Kaustubh Padwad
 
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteThe Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteIBM Security
 
Gophercon 2023 - Nextron Energia.pptx
Gophercon 2023 - Nextron Energia.pptxGophercon 2023 - Nextron Energia.pptx
Gophercon 2023 - Nextron Energia.pptxRoberto Hashioka
 
NTT DATA Vertex Open2test Overview
NTT DATA Vertex Open2test OverviewNTT DATA Vertex Open2test Overview
NTT DATA Vertex Open2test OverviewJorrit26
 
[SC04] あなたのサービスを "ID" で守る! Azure Active Directory の条件付きアクセスの基礎と実装
[SC04] あなたのサービスを "ID" で守る! Azure Active Directory の条件付きアクセスの基礎と実装[SC04] あなたのサービスを "ID" で守る! Azure Active Directory の条件付きアクセスの基礎と実装
[SC04] あなたのサービスを "ID" で守る! Azure Active Directory の条件付きアクセスの基礎と実装de:code 2017
 
OpenID ConnectとSCIMの標準化動向
OpenID ConnectとSCIMの標準化動向OpenID ConnectとSCIMの標準化動向
OpenID ConnectとSCIMの標準化動向Tatsuo Kudo
 
LIFFとの連携でさらに強力に。こんなに使えるLINEログイン
LIFFとの連携でさらに強力に。こんなに使えるLINEログインLIFFとの連携でさらに強力に。こんなに使えるLINEログイン
LIFFとの連携でさらに強力に。こんなに使えるLINEログインNaohiro Fujie
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing TechniquesAvinash Thapa
 
Insight into Azure Active Directory #02 - Azure AD B2B Collaboration New Feat...
Insight into Azure Active Directory #02 - Azure AD B2B Collaboration New Feat...Insight into Azure Active Directory #02 - Azure AD B2B Collaboration New Feat...
Insight into Azure Active Directory #02 - Azure AD B2B Collaboration New Feat...Kazuki Takai
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
 
Comment se préparer pour les certifications Salesforce
Comment se préparer pour les certifications SalesforceComment se préparer pour les certifications Salesforce
Comment se préparer pour les certifications SalesforceDoria Hamelryk
 
Unrestricted file upload
Unrestricted file uploadUnrestricted file upload
Unrestricted file uploadvikram vashisth
 

Tendances (20)

XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015
XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015
XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015
 
Spring security oauth2
Spring security oauth2Spring security oauth2
Spring security oauth2
 
2022's Most Popular Programming Languages for UI Test Automation
2022's Most Popular Programming Languages for UI Test Automation2022's Most Popular Programming Languages for UI Test Automation
2022's Most Popular Programming Languages for UI Test Automation
 
Attacking thru HTTP Host header
Attacking thru HTTP Host headerAttacking thru HTTP Host header
Attacking thru HTTP Host header
 
Ad(microsoftの方)のOpenId Connect対応
Ad(microsoftの方)のOpenId Connect対応Ad(microsoftの方)のOpenId Connect対応
Ad(microsoftの方)のOpenId Connect対応
 
Gerenciando seu débito técnico, utilizando Sonarqube e Team Foundation Server...
Gerenciando seu débito técnico, utilizando Sonarqube e Team Foundation Server...Gerenciando seu débito técnico, utilizando Sonarqube e Team Foundation Server...
Gerenciando seu débito técnico, utilizando Sonarqube e Team Foundation Server...
 
Fully Automated Nagios (FAN)
Fully Automated Nagios (FAN)Fully Automated Nagios (FAN)
Fully Automated Nagios (FAN)
 
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteThe Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
 
Introduction to OAuth2.0
Introduction to OAuth2.0Introduction to OAuth2.0
Introduction to OAuth2.0
 
Gophercon 2023 - Nextron Energia.pptx
Gophercon 2023 - Nextron Energia.pptxGophercon 2023 - Nextron Energia.pptx
Gophercon 2023 - Nextron Energia.pptx
 
NTT DATA Vertex Open2test Overview
NTT DATA Vertex Open2test OverviewNTT DATA Vertex Open2test Overview
NTT DATA Vertex Open2test Overview
 
[SC04] あなたのサービスを "ID" で守る! Azure Active Directory の条件付きアクセスの基礎と実装
[SC04] あなたのサービスを "ID" で守る! Azure Active Directory の条件付きアクセスの基礎と実装[SC04] あなたのサービスを "ID" で守る! Azure Active Directory の条件付きアクセスの基礎と実装
[SC04] あなたのサービスを "ID" で守る! Azure Active Directory の条件付きアクセスの基礎と実装
 
OpenID ConnectとSCIMの標準化動向
OpenID ConnectとSCIMの標準化動向OpenID ConnectとSCIMの標準化動向
OpenID ConnectとSCIMの標準化動向
 
LIFFとの連携でさらに強力に。こんなに使えるLINEログイン
LIFFとの連携でさらに強力に。こんなに使えるLINEログインLIFFとの連携でさらに強力に。こんなに使えるLINEログイン
LIFFとの連携でさらに強力に。こんなに使えるLINEログイン
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing Techniques
 
Insight into Azure Active Directory #02 - Azure AD B2B Collaboration New Feat...
Insight into Azure Active Directory #02 - Azure AD B2B Collaboration New Feat...Insight into Azure Active Directory #02 - Azure AD B2B Collaboration New Feat...
Insight into Azure Active Directory #02 - Azure AD B2B Collaboration New Feat...
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
 
Comment se préparer pour les certifications Salesforce
Comment se préparer pour les certifications SalesforceComment se préparer pour les certifications Salesforce
Comment se préparer pour les certifications Salesforce
 
Click jacking
Click jackingClick jacking
Click jacking
 
Unrestricted file upload
Unrestricted file uploadUnrestricted file upload
Unrestricted file upload
 

Similaire à The Road to End-to-End Encryption in Jitsi Meet

Building an Automated Behavioral Malware Analysis Environment using Free and ...
Building an Automated Behavioral Malware Analysis Environment using Free and ...Building an Automated Behavioral Malware Analysis Environment using Free and ...
Building an Automated Behavioral Malware Analysis Environment using Free and ...Jim Clausing
 
Plane Spotting
Plane SpottingPlane Spotting
Plane SpottingTed Coyle
 
[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법
[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법
[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법Open Source Consulting
 
Operating CloudStack: the easy way (automation!)
Operating CloudStack: the easy way (automation!)Operating CloudStack: the easy way (automation!)
Operating CloudStack: the easy way (automation!)Remi Bergsma
 
Uvm presentation dac2011_final
Uvm presentation dac2011_finalUvm presentation dac2011_final
Uvm presentation dac2011_finalsean chen
 
Modern Linux Tracing Landscape
Modern Linux Tracing LandscapeModern Linux Tracing Landscape
Modern Linux Tracing LandscapeSasha Goldshtein
 
L2 over l3 ecnaspsulations (english)
L2 over l3 ecnaspsulations (english)L2 over l3 ecnaspsulations (english)
L2 over l3 ecnaspsulations (english)Motonori Shindo
 
Training Slides: Advanced 301: Multi-Site/Multi-Master Tungsten Clustering De...
Training Slides: Advanced 301: Multi-Site/Multi-Master Tungsten Clustering De...Training Slides: Advanced 301: Multi-Site/Multi-Master Tungsten Clustering De...
Training Slides: Advanced 301: Multi-Site/Multi-Master Tungsten Clustering De...Continuent
 
PerfUG 3 - perfs système
PerfUG 3 - perfs systèmePerfUG 3 - perfs système
PerfUG 3 - perfs systèmeLudovic Piot
 
CCNP Data Center Centralized Management Automation
CCNP Data Center Centralized Management AutomationCCNP Data Center Centralized Management Automation
CCNP Data Center Centralized Management AutomationE.S.G. JR. Consulting, Inc.
 
L3HA-VRRP-20141201
L3HA-VRRP-20141201L3HA-VRRP-20141201
L3HA-VRRP-20141201Manabu Ori
 
The SaltStack Pub Crawl - Fosscomm 2016
The SaltStack Pub Crawl - Fosscomm 2016The SaltStack Pub Crawl - Fosscomm 2016
The SaltStack Pub Crawl - Fosscomm 2016effie mouzeli
 
[1C2]webrtc 개발, 현재와 미래
[1C2]webrtc 개발, 현재와 미래[1C2]webrtc 개발, 현재와 미래
[1C2]webrtc 개발, 현재와 미래NAVER D2
 
TGorman Collab16 UnixTools 20160411.pdf
TGorman Collab16 UnixTools 20160411.pdfTGorman Collab16 UnixTools 20160411.pdf
TGorman Collab16 UnixTools 20160411.pdfTricantinoLopezPerez
 
Webcast - Making kubernetes production ready
Webcast - Making kubernetes production readyWebcast - Making kubernetes production ready
Webcast - Making kubernetes production readyApplatix
 

Similaire à The Road to End-to-End Encryption in Jitsi Meet (20)

Building an Automated Behavioral Malware Analysis Environment using Free and ...
Building an Automated Behavioral Malware Analysis Environment using Free and ...Building an Automated Behavioral Malware Analysis Environment using Free and ...
Building an Automated Behavioral Malware Analysis Environment using Free and ...
 
SDAccel Design Contest: Vivado HLS
SDAccel Design Contest: Vivado HLSSDAccel Design Contest: Vivado HLS
SDAccel Design Contest: Vivado HLS
 
EvasionTechniques
EvasionTechniquesEvasionTechniques
EvasionTechniques
 
Plane Spotting
Plane SpottingPlane Spotting
Plane Spotting
 
[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법
[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법
[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법
 
8 congestion-ipv6
8 congestion-ipv68 congestion-ipv6
8 congestion-ipv6
 
Operating CloudStack: the easy way (automation!)
Operating CloudStack: the easy way (automation!)Operating CloudStack: the easy way (automation!)
Operating CloudStack: the easy way (automation!)
 
Networking
NetworkingNetworking
Networking
 
Uvm presentation dac2011_final
Uvm presentation dac2011_finalUvm presentation dac2011_final
Uvm presentation dac2011_final
 
Modern Linux Tracing Landscape
Modern Linux Tracing LandscapeModern Linux Tracing Landscape
Modern Linux Tracing Landscape
 
L2 over l3 ecnaspsulations (english)
L2 over l3 ecnaspsulations (english)L2 over l3 ecnaspsulations (english)
L2 over l3 ecnaspsulations (english)
 
Training Slides: Advanced 301: Multi-Site/Multi-Master Tungsten Clustering De...
Training Slides: Advanced 301: Multi-Site/Multi-Master Tungsten Clustering De...Training Slides: Advanced 301: Multi-Site/Multi-Master Tungsten Clustering De...
Training Slides: Advanced 301: Multi-Site/Multi-Master Tungsten Clustering De...
 
PerfUG 3 - perfs système
PerfUG 3 - perfs systèmePerfUG 3 - perfs système
PerfUG 3 - perfs système
 
CCNP Data Center Centralized Management Automation
CCNP Data Center Centralized Management AutomationCCNP Data Center Centralized Management Automation
CCNP Data Center Centralized Management Automation
 
L3HA-VRRP-20141201
L3HA-VRRP-20141201L3HA-VRRP-20141201
L3HA-VRRP-20141201
 
The SaltStack Pub Crawl - Fosscomm 2016
The SaltStack Pub Crawl - Fosscomm 2016The SaltStack Pub Crawl - Fosscomm 2016
The SaltStack Pub Crawl - Fosscomm 2016
 
[1C2]webrtc 개발, 현재와 미래
[1C2]webrtc 개발, 현재와 미래[1C2]webrtc 개발, 현재와 미래
[1C2]webrtc 개발, 현재와 미래
 
RAZORPOINT TCP/UDP PORTS LIST
RAZORPOINT TCP/UDP PORTS LISTRAZORPOINT TCP/UDP PORTS LIST
RAZORPOINT TCP/UDP PORTS LIST
 
TGorman Collab16 UnixTools 20160411.pdf
TGorman Collab16 UnixTools 20160411.pdfTGorman Collab16 UnixTools 20160411.pdf
TGorman Collab16 UnixTools 20160411.pdf
 
Webcast - Making kubernetes production ready
Webcast - Making kubernetes production readyWebcast - Making kubernetes production ready
Webcast - Making kubernetes production ready
 

Plus de Saúl Ibarra Corretgé

JanusCon 2024: Mom there are robots in my meeting
JanusCon 2024: Mom there are robots in my meetingJanusCon 2024: Mom there are robots in my meeting
JanusCon 2024: Mom there are robots in my meetingSaúl Ibarra Corretgé
 
Jitsi Meet: our tale of blood, sweat, tears and love
Jitsi Meet: our tale of blood, sweat, tears and loveJitsi Meet: our tale of blood, sweat, tears and love
Jitsi Meet: our tale of blood, sweat, tears and loveSaúl Ibarra Corretgé
 
Jitsi Meet: Video conferencing for the privacy minded
Jitsi Meet: Video conferencing for the privacy mindedJitsi Meet: Video conferencing for the privacy minded
Jitsi Meet: Video conferencing for the privacy mindedSaúl Ibarra Corretgé
 
Get a room! Spot: the ultimate physical meeting room experience
Get a room! Spot: the ultimate physical meeting room experienceGet a room! Spot: the ultimate physical meeting room experience
Get a room! Spot: the ultimate physical meeting room experienceSaúl Ibarra Corretgé
 
Going Mobile with React Native and WebRTC
Going Mobile with React Native and WebRTCGoing Mobile with React Native and WebRTC
Going Mobile with React Native and WebRTCSaúl Ibarra Corretgé
 
Going Mobile with React Native and WebRTC
Going Mobile with React Native and WebRTCGoing Mobile with React Native and WebRTC
Going Mobile with React Native and WebRTCSaúl Ibarra Corretgé
 
WebRTC: El epicentro de la videoconferencia y IoT
WebRTC: El epicentro de la videoconferencia y IoTWebRTC: El epicentro de la videoconferencia y IoT
WebRTC: El epicentro de la videoconferencia y IoTSaúl Ibarra Corretgé
 
libuv: cross platform asynchronous i/o
libuv: cross platform asynchronous i/olibuv: cross platform asynchronous i/o
libuv: cross platform asynchronous i/oSaúl Ibarra Corretgé
 
Videoconferencias: el santo grial de WebRTC
Videoconferencias: el santo grial de WebRTCVideoconferencias: el santo grial de WebRTC
Videoconferencias: el santo grial de WebRTCSaúl Ibarra Corretgé
 
SylkServer: State of the art RTC application server
SylkServer: State of the art RTC application serverSylkServer: State of the art RTC application server
SylkServer: State of the art RTC application serverSaúl Ibarra Corretgé
 
Escalabilidad horizontal desde las trincheras
Escalabilidad horizontal desde las trincherasEscalabilidad horizontal desde las trincheras
Escalabilidad horizontal desde las trincherasSaúl Ibarra Corretgé
 
libuv, NodeJS and everything in between
libuv, NodeJS and everything in betweenlibuv, NodeJS and everything in between
libuv, NodeJS and everything in betweenSaúl Ibarra Corretgé
 

Plus de Saúl Ibarra Corretgé (20)

JanusCon 2024: Mom there are robots in my meeting
JanusCon 2024: Mom there are robots in my meetingJanusCon 2024: Mom there are robots in my meeting
JanusCon 2024: Mom there are robots in my meeting
 
Jitsi: State of the Union 2020
Jitsi: State of the Union 2020Jitsi: State of the Union 2020
Jitsi: State of the Union 2020
 
Jitsi Meet: our tale of blood, sweat, tears and love
Jitsi Meet: our tale of blood, sweat, tears and loveJitsi Meet: our tale of blood, sweat, tears and love
Jitsi Meet: our tale of blood, sweat, tears and love
 
Jitsi Meet: Video conferencing for the privacy minded
Jitsi Meet: Video conferencing for the privacy mindedJitsi Meet: Video conferencing for the privacy minded
Jitsi Meet: Video conferencing for the privacy minded
 
Jitsi - Estado de la unión 2019
Jitsi - Estado de la unión 2019Jitsi - Estado de la unión 2019
Jitsi - Estado de la unión 2019
 
Get a room! Spot: the ultimate physical meeting room experience
Get a room! Spot: the ultimate physical meeting room experienceGet a room! Spot: the ultimate physical meeting room experience
Get a room! Spot: the ultimate physical meeting room experience
 
Going Mobile with React Native and WebRTC
Going Mobile with React Native and WebRTCGoing Mobile with React Native and WebRTC
Going Mobile with React Native and WebRTC
 
Going Mobile with React Native and WebRTC
Going Mobile with React Native and WebRTCGoing Mobile with React Native and WebRTC
Going Mobile with React Native and WebRTC
 
Jitsi: Estado de la Unión (2018)
Jitsi: Estado de la Unión (2018)Jitsi: Estado de la Unión (2018)
Jitsi: Estado de la Unión (2018)
 
WebRTC: El epicentro de la videoconferencia y IoT
WebRTC: El epicentro de la videoconferencia y IoTWebRTC: El epicentro de la videoconferencia y IoT
WebRTC: El epicentro de la videoconferencia y IoT
 
Jitsi: Open Source Video Conferencing
Jitsi: Open Source Video ConferencingJitsi: Open Source Video Conferencing
Jitsi: Open Source Video Conferencing
 
Jitsi: State of the Union
Jitsi: State of the UnionJitsi: State of the Union
Jitsi: State of the Union
 
libuv: cross platform asynchronous i/o
libuv: cross platform asynchronous i/olibuv: cross platform asynchronous i/o
libuv: cross platform asynchronous i/o
 
Videoconferencias: el santo grial de WebRTC
Videoconferencias: el santo grial de WebRTCVideoconferencias: el santo grial de WebRTC
Videoconferencias: el santo grial de WebRTC
 
SylkServer: State of the art RTC application server
SylkServer: State of the art RTC application serverSylkServer: State of the art RTC application server
SylkServer: State of the art RTC application server
 
Escalabilidad horizontal desde las trincheras
Escalabilidad horizontal desde las trincherasEscalabilidad horizontal desde las trincheras
Escalabilidad horizontal desde las trincheras
 
A deep dive into libuv
A deep dive into libuvA deep dive into libuv
A deep dive into libuv
 
Planning libuv v2
Planning libuv v2Planning libuv v2
Planning libuv v2
 
libuv, NodeJS and everything in between
libuv, NodeJS and everything in betweenlibuv, NodeJS and everything in between
libuv, NodeJS and everything in between
 
From SIP to WebRTC and vice versa
From SIP to WebRTC and vice versaFrom SIP to WebRTC and vice versa
From SIP to WebRTC and vice versa
 

Dernier

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 

Dernier (20)

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 

The Road to End-to-End Encryption in Jitsi Meet

  • 1. Saúl Ibarra Corretgé (saghul) | FOSDEM 2021 The road to End-to-End Encryption in Jitsi Meet How we did it, and how you can do it too!
  • 3. WebRTC security refresher • Restricted to “safe origins” in browsers • DTLS-SRTP is mandatory (RFC8829, sec 5.1.1) • Encrypted by design
  • 4. WebRTC with SFU architecture • Peer connections established with a server • More scalable architecture • The server has access to the media
  • 5. SFU media processing Why access to the media is was necessary • Optimal video layer routing • Keyframe detection • Only the packet header is necessary
  • 6. Wasn’t WebRTC end to end encrypted? Sort of
  • 7. End-to-End Encrypted… Sort of • When media is flowing Peer-to-Peer • But SFUs are needed for scaling • Bad UX for certificate validation • No indication if the tracks are swapped out
  • 8. type: answer, sdp: v=0 o=- 1611234728580 2 IN IP4 0.0.0.0 s=- t=0 0 a=group:BUNDLE audio video m=audio 1 RTP/SAVPF 111 103 104 9 0 8 106 105 13 110 112 113 126 c=IN IP4 0.0.0.0 a=rtpmap:111 opus/48000/2 a=rtpmap:103 ISAC/16000 a=rtpmap:104 ISAC/32000 a=rtpmap:9 G722/8000 a=rtpmap:0 PCMU/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:106 CN/32000 a=rtpmap:105 CN/16000 a=rtpmap:13 CN/8000 a=rtpmap:110 telephone-event/48000 a=rtpmap:112 telephone-event/32000 a=rtpmap:113 telephone-event/16000 a=rtpmap:126 telephone-event/8000 a=fmtp:111 minptime=10; useinbandfec=1 a=rtcp:1 IN IP4 0.0.0.0 a=rtcp-fb:111 transport-cc a=extmap:1 urn:ietf:params:rtp-hdrext:ssrc-audio-level a=extmap:2 http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time a=extmap:3 http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01 a=setup:active a=mid:audio a=sendrecv a=ice-ufrag:XAiV a=ice-pwd:RB7yTD33L6PFY83hjj0uSWjn a=fingerprint:sha-256 A6:A2:B6:E3:E0:9D:6D:8B:6B:C2:EE:6F:47:10:34:F4:3C:0C:11:EF:DD:B6:95:7E:2A:A7:C3:87:92:5E:C8:9E a=ssrc:1562203001 cname:PvTvS2sWMhUCiqO-2 a=ssrc:1562203001 msid:6ef4960a-88b6-4b7b-8303-944e11e0bc82-2 7742d881-027d-41bf-bc6a-7b67994769cc-2 a=ssrc:1562203001 mslabel:6ef4960a-88b6-4b7b-8303-944e11e0bc82-2 a=ssrc:1562203001 label:7742d881-027d-41bf-bc6a-7b67994769cc-2 a=rtcp-mux m=video 1 RTP/SAVPF 96 97 98 99 100 101 114 115 116 c=IN IP4 0.0.0.0 a=rtpmap:96 VP8/90000 a=rtpmap:97 rtx/90000 a=rtpmap:98 VP9/90000 a=rtpmap:99 rtx/90000 a=rtpmap:100 VP9/90000 a=rtpmap:101 rtx/90000 a=rtpmap:114 red/90000 a=rtpmap:115 rtx/90000 a=rtpmap:116 ulpfec/90000 a=fmtp:97 apt=96 a=fmtp:98 profile-id=0 a=fmtp:99 apt=98 a=fmtp:100 profile-id=2 a=fmtp:101 apt=100 a=fmtp:115 apt=114 a=rtcp:1 IN IP4 0.0.0.0 a=rtcp-fb:96 goog-remb a=rtcp-fb:96 transport-cc a=rtcp-fb:96 ccm fir a=rtcp-fb:96 nack a=rtcp-fb:96 nack pli a=rtcp-fb:98 goog-remb a=rtcp-fb:98 transport-cc a=rtcp-fb:98 ccm fir a=rtcp-fb:98 nack a=rtcp-fb:98 nack pli a=rtcp-fb:100 goog-remb a=rtcp-fb:100 transport-cc a=rtcp-fb:100 ccm fir a=rtcp-fb:100 nack a=rtcp-fb:100 nack pli a=extmap:14 urn:ietf:params:rtp-hdrext:toffset a=extmap:2 http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time a=extmap:13 urn:3gpp:video-orientation a=extmap:3 http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01 a=extmap:5 http://www.webrtc.org/experiments/rtp-hdrext/playout-delay a=extmap:6 http://www.webrtc.org/experiments/rtp-hdrext/video-content-type a=extmap:7 http://www.webrtc.org/experiments/rtp-hdrext/video-timing a=extmap:8 http://www.webrtc.org/experiments/rtp-hdrext/color-space a=setup:active a=mid:video a=sendrecv a=ice-ufrag:XAiV a=ice-pwd:RB7yTD33L6PFY83hjj0uSWjn a=fingerprint:sha-256 A6:A2:B6:E3:E0:9D:6D:8B:6B:C2:EE:6F:47:10:34:F4:3C:0C:11:EF:DD:B6:95:7E:2A:A7:C3:87:92:5E:C8:9E a=ssrc:4205491823 cname:PvTvS2sWMhUCiqO-2 a=ssrc:4205491823 msid:0700d112-9027-4538-a6c9-bf76656f764a-2 c7f3af91-73ca-4534-986e-c9139b0cafed-2 a=ssrc:4205491823 mslabel:0700d112-9027-4538-a6c9-bf76656f764a-2 a=ssrc:4205491823 label:c7f3af91-73ca-4534-986e-c9139b0cafed-2 a=ssrc:1810154588 cname:PvTvS2sWMhUCiqO-2 a=ssrc:1810154588 msid:0700d112-9027-4538-a6c9-bf76656f764a-2 c7f3af91-73ca-4534-986e-c9139b0cafed-2 a=ssrc:1810154588 mslabel:0700d112-9027-4538-a6c9-bf76656f764a-2 a=ssrc:1810154588 label:c7f3af91-73ca-4534-986e-c9139b0cafed-2 a=ssrc-group:FID 4205491823 1810154588 a=rtcp-mux
  • 9.
  • 11. Why do we need E2EE? • Go check Emil Ivov’s “e2ee beyond buzzwords” talk • Eliminate the need to trust SFUs
  • 12. Insertable Streams The API that unlocked it • JavaScript API for manipulating full frames • Data is mangled before transport encryption • WebCrypto APIs can be used for encryption • Worker friendly • Chromium only as of today
  • 14. Insertable Streams Encrypting transform // Create a PeerConnection this.pc = new RTCPeerConnection({ encodedInsertableStreams: true });
 // Add the stream and encrypt it stream.getTracks().forEach((track) => {    const sender = this.pc.addTrack(track, stream);    const insertableStreams = sender.createEncodedStreams();    const transformer = new TransformStream({ transform: encrypt });
    insertableStreams.readableStream      .pipeThrough(transformer)      .pipeTo(insertableStreams.writableStream); }); function encrypt(chunk, controller) {     // AES encrypt with WebCrypto APIs ...     controller.enqueue(chunk); }
  • 15. Insertable Streams Decrypting transform // Handle remote tracks and decrypt them peerConnection.ontrack = e => {
     const transformer = new TransformStream({ transform: decrypt });      const insertableStreams = e.receiver.createEncodedStreams();      insertableStreams.readableStream          .pipeThrough(transformer)          .pipeTo(insertableStreams.writableStream);  }; function decrypt(chunk, controller) {
 // AES decrypt with WebCrypto APIs...
 controller.enqueue(chunk);
 }
  • 16. Don’t roll your own crypto Hello SFrame! +------------+------------------------------------------+^+ |S|LEN|X|KID | Frame Counter | | +^+------------+------------------------------------------+ | | | | | | | | | | | | | | | | | | | Encrypted Frame | | | | | | | | | | | | | | | | | | +^+-------------------------------------------------------+^+ | | Authentication Tag | | | +-------------------------------------------------------+ | | | | | +----+Encrypted Portion Authenticated Portion+---+
  • 17. SFrame End-to-end encryption and authentication for media frames • draft-omara-sframe (early stages) • IETF WG formed • Apple experimenting with a native implementation • Bring your own key management (MLS, Signal, olm, other)
  • 18. Insertable Streams in Jitsi Meet • Encryption keys • AES-CTR 256bit + HMAC SHA-256 (truncated) • Signing keys • ECDSA P-521 • “JFrame”, a slight variation of SFrame • All encryption happens in a Worker
  • 21. Unmanaged Shared passphrase • Users type a shared passphrase obtained out-of-band • Encryption key is derived from the passphrase using PBKDF2 • The key never leaves the user machine
  • 22. Managed Hello olm! • E2EE channel using Matrix’s libolm • Randomly generated per-participant keys • Automatic key rotation and ratcheting • Keys are exchanged using the olm channel • User verification using SAS
  • 23. Implementation Show me the code! • Self-contained in lib-jitsi-meet • ~1000 lines of code • https://github.com/jitsi/lib-jitsi-meet/tree/master/modules/e2ee
  • 25. • Finish SAS validation • Bring back unmanaged mode and make it configurable • Collaborate with the IETF SFrame WG • UI/UX polish
  • 26. Thanks We didn’t do this alone
  • 27. • Philipp Hancke, for working with us to make E2EE possible in Jitsi Meet • Matrix, for libolm and the help understanding how to use it properly • Google, for championing the insertable streams effort • Our community, for all the love and support