SlideShare a Scribd company logo

Ice with that sir? Or what webRTC does once it has a UDP connection

Download as PPTX, PDF
Tim Panton, profile picture
Tim Panton

The document discusses establishing secure peer-to-peer media and data connections utilizing protocols such as SRTP, DTLS, SCTP, and RTCP. It highlights the importance of the Interactive Connectivity Establishment (ICE) for maintaining connections, and emphasizes the benefits of these protocols in creating a distributed, flexible, and secure communication system. The author suggests using these protocols to innovate and develop new applications over the existing internet infrastructure.

Technology
1 of 11
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
What to do now you have a hole in the ice Tim Panton - Protocol Droid Westhawk Ltd
https://www.flickr.com/photos/dougbrown47/
Make a secure P2P media + data connection? Use existing protocols: SRTP x2 - encrypted RTP for voice + video DTLS - secure set up SCTP - datagram protocol RTCP - channel stats and management
Multiplex all the things +----------------+ | 127 < B < 192 -+--> forward to RTP | | packet --> | 19 < B < 64 -+--> forward to DTLS | | | B < 2 -+--> forward to ICE +----------------+
Huh ? Why is ICE there ? Continuing consent to send: We are sending ~1mbit/s of video Imagine the user closes the receiving tab Signalling is gone ICE re-tests connection every 30s Can re-establish a session over different path
We know all about RTP Maybe not: SRTP - but uses DTLS to exchange the keys. Possibly multiple multiplexed streams RTCP too. Optional Headers (voice level etc)
DTLS - what is that? TLS (aka SSL) ’s UDP cousin: Uses Public key crypto to exchange session key Session key extracted and used for SRTP key Also carries datachannel messages Does not carry media
DTLS - not quite like SSL DTLS in webRTC has different requirements: Does not use PKI - no certs to buy Has heartbeat DTLS is client server Peers have to agree who is the client (rant)
Was all that worth it? Probably: Secure - selectable crypto suites No passwords No central authority Distributed system - but existing SRTP code used
You forgot STCP Oops: Originally designed to run alongside TCP webRTC uses it to provide Datachannel transport Run over DTLS (over UDP) Useful semantics - more flexible that TCP More widely used than you think (telcos)
A new layer? Perhaps: We have a modern set of secure peer to peer network protocols supported by > 1bn endpoints and counting. It runs well over the existing internet infrastructure Lets use it to build fun stuff.

More Related Content

PDF
Introduction to tcpdump
Lev Walkin
 
PPTX
Tcpdump
Sourav Roy
 
PDF
CNIT 50: 6. Command Line Packet Analysis Tools
Sam Bowne
 
PDF
Tcpdump
Mohamed Gamel
 
PPTX
Beyond TCP: The evolution of Internet transport protocols
Olivier Bonaventure
 
PPTX
TCPLS presentation @ietf 109
Olivier Bonaventure
 
PPTX
Part 6 : Internet applications
Olivier Bonaventure
 
PPTX
Netcat - A Swiss Army Tool
Chandrapal Badshah
 
Introduction to tcpdump
Lev Walkin
 
Tcpdump
Sourav Roy
 
CNIT 50: 6. Command Line Packet Analysis Tools
Sam Bowne
 
Tcpdump
Mohamed Gamel
 
Beyond TCP: The evolution of Internet transport protocols
Olivier Bonaventure
 
TCPLS presentation @ietf 109
Olivier Bonaventure
 
Part 6 : Internet applications
Olivier Bonaventure
 
Netcat - A Swiss Army Tool
Chandrapal Badshah
 

What's hot (20)

PPTX
Netcat
penetration Tester
 
PDF
Asfws2014 tproxy
Cyber Security Alliance
 
PPTX
Protocols
Kopi Maheswaran
 
PPT
Netcat
yogendra singh chahar
 
PPTX
NetCat - the suiss army knife of network
Mehdi Djoughi
 
PPT
Tomasz P from Poland
irenazd
 
PDF
Netcat 101 by-mahesh-beema
Raghunath G
 
PDF
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Pavel Odintsov
 
PPTX
#KPC #CST #Protocols
KEIKolkata
 
PDF
Header compression and multiplexing in LISP
Jose Saldana
 
PDF
DPDK Support for New HW Offloads
Netronome
 
PDF
TC Flower Offload
Netronome
 
PDF
Colt sp sec2014_appsec-nf-vfinal
Cyber Security Alliance
 
PPTX
Part 9 : Congestion control and IPv6
Olivier Bonaventure
 
PPTX
Part 12 : Local Area Networks
Olivier Bonaventure
 
PDF
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OpenvSwitch
 
PPTX
Part 7 : HTTP/2, UDP and TCP
Olivier Bonaventure
 
PPT
Tuning 17 march
Binan AL Halabi
 
PDF
Ds1307
Jackson Martins
 
PPTX
Dhcp Server Linux Server
muh kemal
 
Netcat
penetration Tester
 
Asfws2014 tproxy
Cyber Security Alliance
 
Protocols
Kopi Maheswaran
 
Netcat
yogendra singh chahar
 
NetCat - the suiss army knife of network
Mehdi Djoughi
 
Tomasz P from Poland
irenazd
 
Netcat 101 by-mahesh-beema
Raghunath G
 
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Pavel Odintsov
 
#KPC #CST #Protocols
KEIKolkata
 
Header compression and multiplexing in LISP
Jose Saldana
 
DPDK Support for New HW Offloads
Netronome
 
TC Flower Offload
Netronome
 
Colt sp sec2014_appsec-nf-vfinal
Cyber Security Alliance
 
Part 9 : Congestion control and IPv6
Olivier Bonaventure
 
Part 12 : Local Area Networks
Olivier Bonaventure
 
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OpenvSwitch
 
Part 7 : HTTP/2, UDP and TCP
Olivier Bonaventure
 
Tuning 17 march
Binan AL Halabi
 
Ds1307
Jackson Martins
 
Dhcp Server Linux Server
muh kemal
 
Ad

Similar to Ice with that sir? Or what webRTC does once it has a UDP connection (20)

PPTX
16.) layer 3 (basic tcp ip routing)
Jeff Green
 
PDF
Demuxed 2020
SeanDuBois3
 
PDF
Webrtc overview
Olle E Johansson
 
PPTX
Abandon Decades-Old TCPdump for Modern Troubleshooting
Avi Networks
 
PDF
class12_Networking2
T. J. Saotome
 
PPTX
Introduction to VOIP
Tausun Akhtary
 
ODP
sshuttle VPN (2011-04)
apenwarr
 
PPTX
Reconsider TCPdump for Modern Troubleshooting
Avi Networks
 
PPTX
Internet Internet Protocols.pptx( technology)
ujjawalr9027
 
PPT
Jingle: Cutting Edge VoIP
mattjive
 
PPT
Os Tucker
oscon2007
 
PPTX
Advancing IoT Communication Security with TLS and DTLS v1.3
Hannes Tschofenig
 
ODP
Intro tcpip-part1
Kit Ramsey
 
PPT
Training Day Slides
adam_merritt
 
PPT
TCP/IP Basics
SMC Networks Europe
 
PDF
UAV Data Link Design for Dependable Real-Time Communications
Gerardo Pardo-Castellote
 
PPTX
F5 tcpdump
alex wade
 
DOCX
Assignment on data network
Abhishek Kesharwani
 
DOCX
Assignment on data network
Abhishek Kesharwani
 
PDF
TCP and UDP.pdf55555555555555555555555555555
dramressawy
 
16.) layer 3 (basic tcp ip routing)
Jeff Green
 
Demuxed 2020
SeanDuBois3
 
Webrtc overview
Olle E Johansson
 
Abandon Decades-Old TCPdump for Modern Troubleshooting
Avi Networks
 
class12_Networking2
T. J. Saotome
 
Introduction to VOIP
Tausun Akhtary
 
sshuttle VPN (2011-04)
apenwarr
 
Reconsider TCPdump for Modern Troubleshooting
Avi Networks
 
Internet Internet Protocols.pptx( technology)
ujjawalr9027
 
Jingle: Cutting Edge VoIP
mattjive
 
Os Tucker
oscon2007
 
Advancing IoT Communication Security with TLS and DTLS v1.3
Hannes Tschofenig
 
Intro tcpip-part1
Kit Ramsey
 
Training Day Slides
adam_merritt
 
TCP/IP Basics
SMC Networks Europe
 
UAV Data Link Design for Dependable Real-Time Communications
Gerardo Pardo-Castellote
 
F5 tcpdump
alex wade
 
Assignment on data network
Abhishek Kesharwani
 
Assignment on data network
Abhishek Kesharwani
 
TCP and UDP.pdf55555555555555555555555555555
dramressawy
 
Ad

More from Tim Panton (8)

PDF
10 voipmistakes
Tim Panton
 
PPTX
Putting the 'web' into webRTC
Tim Panton
 
PPTX
Simple secure federated identity for webRTC (your new phone number)
Tim Panton
 
PPTX
Kranky geek15 - securing IoT with webrtc
Tim Panton
 
PPTX
Kranky geeklondon build an app
Tim Panton
 
PDF
Yo pet - building a webRTC app in 20 mins
Tim Panton
 
PPT
Westhawk integration
Tim Panton
 
PPTX
WebRTC Standards overview.
Tim Panton
 
10 voipmistakes
Tim Panton
 
Putting the 'web' into webRTC
Tim Panton
 
Simple secure federated identity for webRTC (your new phone number)
Tim Panton
 
Kranky geek15 - securing IoT with webrtc
Tim Panton
 
Kranky geeklondon build an app
Tim Panton
 
Yo pet - building a webRTC app in 20 mins
Tim Panton
 
Westhawk integration
Tim Panton
 
WebRTC Standards overview.
Tim Panton
 

Recently uploaded (20)

PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PPT
Teaching material agriculture food technology
LiaRayya
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Encapsulation theory and applications.pdf
gurumoop
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Teaching material agriculture food technology
LiaRayya
 

Ice with that sir? Or what webRTC does once it has a UDP connection

  • 1. What to do now you have a hole in the ice Tim Panton - Protocol Droid Westhawk Ltd
  • 3. Make a secure P2P media + data connection? Use existing protocols: SRTP x2 - encrypted RTP for voice + video DTLS - secure set up SCTP - datagram protocol RTCP - channel stats and management
  • 4. Multiplex all the things +----------------+ | 127 < B < 192 -+--> forward to RTP | | packet --> | 19 < B < 64 -+--> forward to DTLS | | | B < 2 -+--> forward to ICE +----------------+
  • 5. Huh ? Why is ICE there ? Continuing consent to send: We are sending ~1mbit/s of video Imagine the user closes the receiving tab Signalling is gone ICE re-tests connection every 30s Can re-establish a session over different path
  • 6. We know all about RTP Maybe not: SRTP - but uses DTLS to exchange the keys. Possibly multiple multiplexed streams RTCP too. Optional Headers (voice level etc)
  • 7. DTLS - what is that? TLS (aka SSL) ’s UDP cousin: Uses Public key crypto to exchange session key Session key extracted and used for SRTP key Also carries datachannel messages Does not carry media
  • 8. DTLS - not quite like SSL DTLS in webRTC has different requirements: Does not use PKI - no certs to buy Has heartbeat DTLS is client server Peers have to agree who is the client (rant)
  • 9. Was all that worth it? Probably: Secure - selectable crypto suites No passwords No central authority Distributed system - but existing SRTP code used
  • 10. You forgot STCP Oops: Originally designed to run alongside TCP webRTC uses it to provide Datachannel transport Run over DTLS (over UDP) Useful semantics - more flexible that TCP More widely used than you think (telcos)
  • 11. A new layer? Perhaps: We have a modern set of secure peer to peer network protocols supported by > 1bn endpoints and counting. It runs well over the existing internet infrastructure Lets use it to build fun stuff.