Desenvolvimento de uma aplicação colaborativa baseada em WebRTC

Mestrado em Sistemas de InformaçãoA comunicação desenrolou um papel fundamental na evolução do ser humano. Com o advento dos telefones tornou-se possível comunicar à distância, mas apenas a voz era transmitida. O desenvolvimento das tecnologias permitiu posteriormente a troca de vídeo entre dois pontos longínquos, mas as infra-estruturas eram limitadas. A Internet veio oferecer a permuta de informação de forma eficiente e adaptável, características apelativas para as comunicações em tempo real. A banalização deste conjunto de tecnologias permitiu às empresas baixar os seus custos ao integrar a telefonia com esse mesmo conjunto. Esta acção tornou-se uma necessidade proveniente da crise económica instalada nos últimos anos. Nesta mudança acrescenta-se o benefício das entidades empresariais poderem desenvolver interacções intrínsecas entre os seus serviços e a telefonia. Os aperfeiçoamentos aos conteúdos multimédia continuam actualmente a vários níveis, sejam equipamentos ou mecanismos dedicados à qualidade dos mesmos, tudo devido às implicações das comunicações em tempo-real. Uma parte interessante deste progresso é o uso da voz e vídeo em diversos ambientes colaborativos, como reuniões corporativas, jogos online ou actividades lúdicas. Para estes fins, a diversidade de aplicações é crescente mas ainda limitada, requerendo conhecimentos de instalação ou configuração que podem criar dificuldades de usabilidade ao utilizador típico da Internet. Neste documento é proposta uma solução capaz de minimizar os obstáculos que as soluções actuais apresentam aos seus utilizadores. Baseada em HTML5, esta aplicação oferece um serviço onde três ou mais intervenientes têm a habilidade de comunicar e colaborar entre si, com recurso exclusivo ao seu browser. Será realizado um estudo das tecnologias web emergentes para adquirir as bases tecnológicas essenciais a serem implementadas no sistema designado.Communication unrolled a key role in human evolution. With the advent of mobile communications it became possible to communicate at a distance, but only the voice was transmitted. Later technology development allowed the exchange of video between two distant points, but the infrastructure was limited. The Internet has to offer exchange information efficiently and adaptively, appealing features for real-time communications. The banality of this set of technologies enabled companies to lower their costs by integrating telephony for the same. This action has become a necessity installed from the economic crisis in recent years. This change builds up the benefit of the business entities that can conceive close interactions between its services and the media referred. The improvements to multimedia content currently continue at various levels, equipment or mechanisms are dedicated to the quality of them, all due to the implications of communications in real-time. An interesting part of this progress is the application of voice and video in multiple collaborative environments, such as business meetings, online games or play activities. For these purposes, the range of applications is growing but still limited, requiring knowledge of installation or configuration, creating difficulties to the typical Internet user. In this document it’s proposed a solution that would minimize the obstacles that current solutions present to its users. Based on HTML5, this application offers a service where three or more participants have the ability to communicate and collaborate requiring only their browser. A detailed study of emerging web technologies will be made to acquire the essential technological bases to be implemented on the target system

Analisi delle problematiche di sicurezza per lo sviluppo di applicazioni basate su WebRTC

WebRTC è una tecnologia open-source che permette lo scambio di dati multimediali in tempo reale direttamente all'interno del browser utilizzando canali peer-to-peer. Al momento è in fase di standardizzazione presso il W3C e l'IETF. Si tratta di un framework costruito per essere affidabile, flessibile, semplice e soprattutto, rispetto ai concorrenti, sicuro. Questa tesi analizza a tutti i livelli il funzionamento di WebRTC entrando nel dettaglio di come sia implementata la sicurezza. In particolare vengono studiati i protocolli utilizzati e il perchè sono stati scelti dal working group, come vengono implementate le diverse funzionalità nel browser tramite API sviluppate in Javascript, quali sono i suoi punti di forza e i suoi punti sensibili ad un attacco informatico di cui uno sviluppatore deve tenere conto quando decide di creare un'applicazione WebRTC e quali sono i possibili rischi a cui va incontro l'utente che utilizza un servizio di questo tipo, soprattutto dal punto di vista della privacy. Al termine della discussione WebRTC risulta sicuramente migliore rispetto alle possibilità che sono state utilizzate finora, candidandosi come uno standard destinato a durare a lungo nel mondo del Web

Implementation and Evaluation of Security on a Gateway for Web-based Real-Time Communication

Verkkopohjainen reaaliaikainen kommunikointi (WebRTC) on joukko uusia standardeja, jotka mahdollistavat selainten välisen multimediakommunikoinnin. Nämä standardit määrittelevät vaatimukset selaimille, sisältäen JavaScriptohjelmointirajapinnan sovelluskehittäjille, kuin myös mediatason protokollat, joita käytetään yhteyden muodostamiseen, median välittämiseen sekä tiedon salaukseen. Tuki interaktiiviselle yhteyden luomiselle (ICE) ja tiedon salaukselle toteutettiin olemassaolevalle yhdyskäytäväprototyypille. Kyseinen yhdyskäytävä oli alunperin luotu yhdistämään WebRTC-mahdollisuudet olemassaolevaan IP-pohjaiseen multimediaverkkoon, mutta siitä puuttui tarvittavat tietoturvaominaisuudet. Yhdyskäytävän suorituskyky mitattiin ja analysoitiin eri puhelutyypeillä WebRTC-käyttäjien välillä. Analyysi keskittyi kahteen suureeseen: yhdyskäytävän prosessointikuorma sekä pakettien viive. Yksittäisten puheluiden lisäksi yhdyskäytävää kuormitettiin kymmenellä HD videopuhelulla ja kymmenellä audiopuhelulla. Mittausten perusteella tehtyjen arvioiden mukaan kahden WebRTC-käyttäjän välillä olevan yksittäisen yhdyskäytävän suorituskyky yltää 14:stä yhtäaikaisesta HD videopuhelusta 74:ään yhtäaikaiseen audiopuheluun. Mediaaniviive pysyi kaikissa testeissä alle 0.2 millisekunnissa.Web Real-Time Communication (WebRTC) is a set of standards that are being developed, aiming to provide native peer-to-peer multimedia communication between browsers. The standards specify the requirements for browsers, including a JavaScript Application Programming Interface (API) for web developers, as well as the media plane protocols to be used for connection establishment, media transportation and data encryption. In this thesis, support for Interactive Connectivity Establishment (ICE) and media encryption was implemented to an existing gateway prototype. The gateway was originally developed to connect the novel WebRTC possibilities with existing IP Multimedia Subsystem (IMS) services, but it was lacking the necessary security functionalities. The performance of the gateway was measured and analyzed in different call scenarios between WebRTC clients. Two key elements, CPU load of the gateway and packet delay, were considered in the analysis. In addition to single call scenarios, the tests included relaying of ten simultaneous HD video calls, and relaying of ten simultaneous audio calls. Estimates based on the measurements suggest, that the overall capacity of a single gateway between two WebRTC clients ranges from 14 simultaneous HD video calls to 74 simultaneous audio calls. The median delay in the gateway remained under 0.2 milliseconds throughout the testing

Security in peer-to-peer communication systems

P2PSIP (Peer-to-Peer Session Initiation Protocol) is a protocol developed by the IETF (Internet Engineering Task Force) for the establishment, completion and modi¿cation of communication sessions that emerges as a complement to SIP (Session Initiation Protocol) in environments where the original SIP protocol may fail for technical, ¿nancial, security, or social reasons. In order to do so, P2PSIP systems replace all the architecture of servers of the original SIP systems used for the registration and location of users, by a structured P2P network that distributes these functions among all the user agents that are part of the system. This new architecture, as with any emerging system, presents a completely new security problematic which analysis, subject of this thesis, is of crucial importance for its secure development and future standardization. Starting with a study of the state of the art in network security and continuing with more speci¿c systems such as SIP and P2P, we identify the most important security services within the architecture of a P2PSIP communication system: access control, bootstrap, routing, storage and communication. Once the security services have been identi¿ed, we conduct an analysis of the attacks that can a¿ect each of them, as well as a study of the existing countermeasures that can be used to prevent or mitigate these attacks. Based on the presented attacks and the weaknesses found in the existing measures to prevent them, we design speci¿c solutions to improve the security of P2PSIP communication systems. To this end, we focus on the service that stands as the cornerstone of P2PSIP communication systems¿ security: access control. Among the new designed solutions stand out: a certi¿cation model based on the segregation of the identity of users and nodes, a model for secure access control for on-the-¿y P2PSIP systems and an authorization framework for P2PSIP systems built on the recently published Internet Attribute Certi¿cate Pro¿le for Authorization. Finally, based on the existing measures and the new solutions designed, we de¿ne a set of security recommendations that should be considered for the design, implementation and maintenance of P2PSIP communication systems.Postprint (published version