Security Aspects of Role-Based Communication Using WebRTC
Abstract
Model-driven approaches offer an effective way for non-IT experts to create complex software in different domains. One such domain is real-time communication, in which a high level modeling language is used to define communication sessions with non-trivial structure and behavior. Security concerns emerge naturally when implementing such a language. First, it is necessary to keep basic security requirements, such as confidentiality, integrity, and authentication. Second, it is necessary to enforce the communication constraints specified in session models. This paper presents an analysis of the security threats in the context of a communication modeling language called RBCML, which introduces a user role management layer on top of communication systems based on WebRTC. This work highlights the main threats in an RBCML implementation using WebRTC and proposes solutions for the security concerns pointed above.References
Alvestrand, H. T. (2021). Overview: Real-Time Protocols for Browser-Based Applications. RFC 8825.
Correia, A.-P., Liu, C., and Xu, F. (2020). Evaluating videoconferencing systems for the quality of the educational experience. Distance Education, 41(4):429–452.
De Groef, W., Subramanian, D., Johns, M., Piessens, F., and Desmet, L. (2016). Ensuring endpoint authenticity in WebRTC peer-to-peer communication. In Proceedings of the 31st Annual ACM Symposium on Applied Computing, SAC 2016. ACM.
Deshmukh, R., Nand, N., Pawar, A., Wagh, D., and Kudale, A. (2023). Video conferencing using webrtc. In 2023 International Conference on Sustainable Computing and Data Communication Systems (ICSCDS). IEEE.
Feher, B., Sidi, L., Shabtai, A., and Puzis, R. (2016). The Security of WebRTC.
Kohnfelder, L. (2021). Designing secure software. No Starch Press, San Francisco, CA.
Rescorla, E. (2021a). Security Considerations for WebRTC. RFC 8826.
Rescorla, E. (2021b). WebRTC Security Architecture. RFC 8827.
Sandhu, R. K., Vasconcelos-Gomes, J., Thomas, M. A., and Oliveira, T. (2023). Unfolding the popularity of video conferencing apps – a privacy calculus perspective. International Journal of Information Management, 68:102569.
Venter, H. and Eloff, J. (2003). A taxonomy for information security technologies. Computers amp; Security, 22(4):299–307.
Vieira, M. B. d. A., Carvalho, S. T., Costa, F. M., and Bromberg, D. (2020). A model-driven approach for real-time role-based communication. In Anais XXXVIII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC 2020), SBRC. Sociedade Brasileira de Computação.
Correia, A.-P., Liu, C., and Xu, F. (2020). Evaluating videoconferencing systems for the quality of the educational experience. Distance Education, 41(4):429–452.
De Groef, W., Subramanian, D., Johns, M., Piessens, F., and Desmet, L. (2016). Ensuring endpoint authenticity in WebRTC peer-to-peer communication. In Proceedings of the 31st Annual ACM Symposium on Applied Computing, SAC 2016. ACM.
Deshmukh, R., Nand, N., Pawar, A., Wagh, D., and Kudale, A. (2023). Video conferencing using webrtc. In 2023 International Conference on Sustainable Computing and Data Communication Systems (ICSCDS). IEEE.
Feher, B., Sidi, L., Shabtai, A., and Puzis, R. (2016). The Security of WebRTC.
Kohnfelder, L. (2021). Designing secure software. No Starch Press, San Francisco, CA.
Rescorla, E. (2021a). Security Considerations for WebRTC. RFC 8826.
Rescorla, E. (2021b). WebRTC Security Architecture. RFC 8827.
Sandhu, R. K., Vasconcelos-Gomes, J., Thomas, M. A., and Oliveira, T. (2023). Unfolding the popularity of video conferencing apps – a privacy calculus perspective. International Journal of Information Management, 68:102569.
Venter, H. and Eloff, J. (2003). A taxonomy for information security technologies. Computers amp; Security, 22(4):299–307.
Vieira, M. B. d. A., Carvalho, S. T., Costa, F. M., and Bromberg, D. (2020). A model-driven approach for real-time role-based communication. In Anais XXXVIII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC 2020), SBRC. Sociedade Brasileira de Computação.
Published
2024-09-16
How to Cite
NETTO, Victor G.; COSTA, Fábio M..
Security Aspects of Role-Based Communication Using WebRTC. In: WORKSHOP ON SCIENTIFIC INITIATION AND UNDERGRADUATE ONGOING WORKS - BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 24. , 2024, São José dos Campos/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 335-340.
DOI: https://doi.org/10.5753/sbseg_estendido.2024.243403.
