Skip to main content
SpringerLink
Log in

A practical key agreement scheme for videoconferencing

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

    We’re sorry, something doesn't seem to be working properly.

    Please try refreshing the page. If that doesn't work, please contact support so we can address the problem.

Abstract

Recently, videoconferencing is becoming more and more pervasive as a consequence of new concerns about privacy and security. The media should be encrypted through the utilization of actual encryption algorithms and group key agreement schemes. In this study, a new key agreement scheme based on Java smart cards is proposed and applied on Web-based real-time communication (WebRTC)-based videoconferencing. In WebRTC, symmetric keys are generated using pseudorandom number generators and shared by two standard protocols, namely, Source Description RTCP Packet (SDES) and Datagram Transport Layer Security (DTLS), through a signaling server. In both methods, the key exchange is open to cryptanalytic attacks, and the administrator of the signaling server can compromise media. This qualitative study aims to investigate privacy during WebRTC-based videoconferencing with respect to symmetric encryption algorithm, randomness of the encryption key, overall security strength, key agreement scheme, and time required to start a conversation. Herein, a new key agreement scheme based on Java smart cards is proposed. The scheme utilizes AES-256 algorithm in GCM mode for media encryption. By means of this approach, the set-up time of a conference is reduced to 562 ms (compared to 1754 ms for the RSA-based approach) for 367 users, and the security strength is increased to 256-bit (as against 112-bit for RSA 2048-bit). A secure random key generator for smart cards is utilized for a key generation instead of pseudorandom number generators. The proposed approach also includes a safety mechanism for smart card failures. We utilize the AVISPA (The Automated Validation of Internet Security Protocols and Applications) tool to test the safety of the proposed scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Alexander AL, Wijesinha A L, Karne R (2009) An evaluation of Secure Real-Time Transport Protocol (SRTP) performance for VoIP. In: 2009 Third International Conference on Network and System Security; Australia; pp 95–101. https://doi.org/10.1109/NSS.2009.90

  2. AVISPA (2018) Automated Validation of Internet Security Protocols and Applications [Online]. Web Site: http://www.avispa-project.org [accessed 01 December 2018]

  3. Barnes R L, Thomson M (2014) Browser-to-browser security assurances for WebRTC. IEEE Internet Comput 18(6):11–17. https://doi.org/10.1109/MIC.2014.106

    Article  Google Scholar 

  4. Boorghany A, Sarmadi S B, Yousefi P, Gorji P, Jalili R (2014) Random data and key generation evaluation of some commercial tokens and smart cards. In: 11th international ISC conference on information security and cryptology; Tehran. https://doi.org/10.1109/ISCISC.2014.6994021, pp 49–54

  5. Candan O M, Levi A, Togay C (2018) Generating one-time keys for secure multimedia communication. In: IEEE international conference on communications workshops (ICC workshops); Kansas City. https://doi.org/10.1109/ICCW.2018.8403554

  6. Daldal B, Bilgin I, Başaran D, Metin S (2016) Using Web Services for WebRTC signaling interoperability. https://doi.org/10.1109/NOMS.2016.7502898, pp 780–783

  7. Diffie W, Hellman M (1976) New directions in cryptography. IEEE Trans Inf Theory 22(6):644–654. https://doi.org/10.1109/TIT.1976.1055638

    Article  MathSciNet  Google Scholar 

  8. Dzurenda P, Ricci S, Hajny J, Malina L (2017) Performance Analysis and Comparison of Different Elliptic Curves on Smart Cards. In: 15th annual conference on privacy, Security and trust (PST); Calgary, pp 365–374. https://doi.org/10.1109/PST.2017.00050

  9. Farah M A B, Farah A, Farah T (2020) An image encryption scheme based on a new hybrid chaotic map and optimized substitution box. Nonlinear Dyn 99:3041–3064. https://doi.org/10.1007/s11071-019-05413-8

    Article  Google Scholar 

  10. Farah MAB, Guesmi R, Kachouri A, Samet M (2020) A novel chaos based optical image encryption using fractional Fourier transform and DNA sequence operation, Optics & Laser Technology; 121. https://doi.org/10.1016/j.optlastec.2019.105777

  11. GitHub (2018) Open Source Secure RTP library from Cisco Systems (libSTRP) [Online]. Web Site: https://github.com/cisco/libsrtp [accessed 01 December 2018]

  12. Kelsey J, Schneier B, Wagner D, Hall C (1998) Cryptanalytic Attacks on Pseudorandom Number Generators. In: Fast Software Encryption; Berlin, pp 168–188

  13. Mayes K, Markantonakis K (2017) Smart cards, tokens, security and applications, 2nd edn. Springer International Publishing, Cham, p 226. ISBN-13: 978-3319504988

    Book  Google Scholar 

  14. NIST (2020) NIST Special Publication 800-57 rev 5 [Online]. Web Site: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf [accessed 09 May 2020]

  15. Pietilainen H (1997) Elliptic curve cryptography on smart cards. Master Thesis, Helsinki Technology Universities

    Google Scholar 

  16. RFC4568 (2006) Session description protocol (SDP) security descriptions for media streams [Online]. Web Site https://tools.ietf.org/html/rfc4568 [accessed 01 December 2018]

  17. RFC5245 (2010) Interactive connectivity establishment (ICE): A protocol for network address translator (NAT) traversal for offer/answer protocols [Online]. Web Site https://tools.ietf.org/html/rfc5245 [accessed 01 December 2018]

  18. RFC5389 (2019) Petit-Huguenin, M., Salgueiro, G., Rosenberg, J., Wing, D., Mahy, R., Matthews, P. Session traversal Utilities for NAT (STUN) [Online] tools.ietf.org/id/draft-ietf-tram-stunbis-13.htm [accessed 01]

  19. RFC5766 (2010) Traversal using relays around NAT (TURN): Relay extensions to session traversal utilities for NAT (STUN) [Online]. Web Site http://www.rfc-editor.org/rfc/rfc5766.txt [accessed 01 December 2018]

  20. RFC6347 (2012) Datagram transport layer security version 1.2. [Online]. Web Site https://tools.ietf.org/html/rfc6347 [accessed 01 December 2018]

  21. RFC6904 (2013) Encryption of header extensions in the secure real-time transport protocol [Online]. Web Site https://tools.ietf.org/html/rfc6904 [accessed 01 December 2018]

  22. RFC7622 (2015) Extensible messaging and presence protocol (XMPP): Address format [Online]. Web Site: www.rfc-editor.org/info/rfc7622 [accessed 01 December 2018]

  23. Rivest R L, Shamir A, Adleman L (1978) A method for obtaining digital signatures and public-key cryptosystems. Commun ACM 21 (2):120–126. https://doi.org/10.1145/359340.359342

    Article  MathSciNet  Google Scholar 

  24. Romain C (2013) Some WebRTC opportunities for RCS: And some inner challenges to overcome. In: 17th international conference on intelligence in next generation networks (ICIN); Venice; pp 31–38. https://doi.org/10.1109/ICIN.2013.6670891

  25. Savari M, Montazerolzohour M, Thiam Y E (2012) Comparison of ECC and RSA algorithm in multipurpose smart card application. In: Proceedings 2012 international conference on cyber security, Cyber Warfare and Digital Forensic; Kuala Lumpur, pp 49–53. https://doi.org/10.1109/CyberSec.2012.6246121

  26. Symantec (2013) SA73:TURKTRUST mis-issued intermediate certificate authorities [Online]. Web Site: https://support.symantec.com/en_US/article.SYMSA1268.html [accessed 01 December 2018]

  27. Sýs M, Klinec D, Kubíček K, Švenda P (2017) BoolTest: The fast randomness testing strategy based on boolean functions with application to DES, 3-DES, MD5, MD6 and SHA-256. In: Obaidat M, Cabello E (eds) E-business and telecommunications. ICETE 2017. Communications in computer and information science. https://doi.org/10.1007/978-3-030-11039-0_7, pp 123–149

  28. THAWTE (2018) Spoofing server-server communication: How you can prevent it [Online]. Web Site: https://www.thawte.com/assets/documents/partner-programs/spoof_server_comm.pdf [accessed 01 December 2018]

  29. Togay C (2014) WebRTC technology for mobile devices. In: 22nd signal processing and communications applications conference (SIU); Trabzon; pp 256–259. https://doi.org/10.1109/SIU.2014.6830214

  30. Togay C, Levi A (2016) WebRTC based augmented secure communication. In: 24th signal processing and communication application conference (SIU). https://doi.org/10.1109/SIU.2016.7496066, pp 1621–1624

  31. Togay C, Odaci F (2016) PCT/TR2015/000241 Encrypted-bypass webrtc-based voice and/or video communication method [Online]. Web Site:https://patentscope.wipo.int/search/en/detail.jsf?docId=WO2016111654 [accessed 01 December 2018]

  32. WebRTC (2018) [online]. Web Site https://webrtc.org/ [accessed 01 December 2018]

  33. W3 1.0 (2018) Real-time Communication Between Browsers [online]. Web Site https://www.w3.org/TR/webrtc [accessed 01 December 2018]

Download references

Author information

Authors and Affiliations

  1. Computer Engineering Department, Engineering Faculty, Uludag University, Bursa, Turkey

    Cengiz Toğay

Authors
  1. Cengiz Toğay
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Cengiz Toğay.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Toğay, C. A practical key agreement scheme for videoconferencing. Multimed Tools Appl 79, 23711–23728 (2020). https://doi.org/10.1007/s11042-020-09136-6

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-020-09136-6

Keywords

Search

Navigation