Date post: | 15-Apr-2017 |
Category: |
Internet |
Upload: | tim-panton |
View: | 221 times |
Download: | 0 times |
SIMPLE SECURE FEDERATED IDENTITY FOR WEBRTC (YOUR NEW PHONE NUMBER)
Tim Panton – Westhawk Ltd @steely_glint
Westhawk ltd - @steely_glint
Liars
Westhawk ltd - @steely_glint https://www.flickr.com/photos/barbiefantasies/14395143510/
“Hello, I’m calling from Windows”CallerId has failed.
Caller id should alert us to this fraud
It does not
Originally geographically based No crypto strength Loosely federated Each hop can inject traffic It was good business
Westhawk ltd - @steely_glint
Security
Westhawk ltd - @steely_glint https://www.flickr.com/photos/madaboutshanghai/184665954
“Let me take you through security”CallerId has failed.
Needless if CallerId worked It does not
Already logged in on Web Used sensor to unlock phone Strong crypto in SIM Phone network strips other
auth It was good business
Westhawk ltd - @steely_glint
Old Wisdom
Westhawk ltd - @steely_glint https://www.flickr.com/photos/3059349393/3320930905/
“Hello this is Wormshill 280”CallerId has failed.
Confirm number on answer
Old wisdom?
Westhawk ltd - @steely_glint
What do ?
Nothing Ignore the problem Most communication is in
context Assume the context will cover
gap
Except people hate robo-calls Landlines are for liars, cheats
and the elderlyWesthawk ltd - @steely_glint
What do ?
Whatsapp Whatsapp style Siloed service No number portability No federation Bootstrap from phone number Tight control on 3rd party apps Messaging and voice in same
channelWesthawk ltd - @steely_glint
Can WebRTC help?
WebRTC No signaling standard No identity standard Massive Silos (hangouts,
facebook etc) Niche apps (on-site apps)Probably not.
Westhawk ltd - @steely_glint
Can WebRTC help?
WebRTC Strong E2E crypto Wide standardization Integrated into web Easy to app-ify Fingerprints
Perhaps….
Westhawk ltd - @steely_glint
Webrtc crypto
Crypto Uses DTLS (with PFS) TLS’s datagram sibling Self signed certificates Contain no id Containing x509 public keys Exchanged securely at media
start NOT over the signaling channel Confirmation via fingerprint
Westhawk ltd - @steely_glint
Webrtc fingerprint
fingerprint Hash over the cert containing public key
Maps uniquely to a public key Sent over signaling channel as
check 32 bytes rendered in hex Hard to read Requires you trust the signaling Not ideal for federation
Westhawk ltd - @steely_glint
Fingerprints as phone numbers.fingerprint Such a good idea I filed a
patent on it
Replace e164 with fingerprints Calls are made between unique
32byte addresses Endpoints can verify each other
simply at media start
Westhawk ltd - @steely_glint
‘Inbound’ example
fingerprint I receive call from a fingerprint Fingerprint is in my address
book I accept call Media start verifies fingerprint Drop call if they don’t match
Westhawk ltd - @steely_glint
‘Outbound’ example
fingerprint I call your fingerprint Signaling claims you answered On media start calculate
fingerprint Drop call if they don’t match Continue call if they do
Westhawk ltd - @steely_glint
What do I have to trust ?
Trust My OS My browser Javascript I’m running The site that provided the
javascript How I got your fingerprintI have (or can have) a legal contract with each of these
Westhawk ltd - @steely_glint
What do I NOT have to trust ?Trust My signaling service
Your signaling service Any federated hops along the way
The verification is end-to-end over the
media
All are parties I have no relation toWesthawk ltd - @steely_glint
Other Trust issues
Trust Uses well established crypto Uses stock browsers Simple(ish) inspectable
javascript Uses public webRTC apis –
nothing else
Westhawk ltd - @steely_glint
Certificate lifecycle API
Lifecycle New Cert per site (per peerConnection)
So my poker club and church see different numbers
All stored in my device Can be stored – or one-time
depending on the site Not exportable or transferable
Westhawk ltd - @steely_glint
I’m not learning a 32byte number!
Numbers You don’t have to I hardly recall any 10 digit
numbers! All stored in my device Protected by my (physical)
fingerprint
Westhawk ltd - @steely_glint
How to transfer fingerprints
transfer Visually with QR codes Show and tell demo Use phone/web cams Requires proximity Intentional gesture Trusted introductions (other out of band ways)
Westhawk ltd - @steely_glint
An implementation
fingersmith Proof of concept https://steely-glint.github.io/
fingersmith/phonefromhere/ Public code from Github
can be trusted/inspected Signaling service untrusted
just passes messages All state at endpoints
Westhawk ltd - @steely_glint
Untrusted federation.
federation This replaces the web of (misplaced) trust in the current SS7 and IPnetworks.
We can have trusted callerID without trusting all the networks on the path If we use webRTC fingerprints instead of e164s
Westhawk ltd - @steely_glint
Sigh, I know it won’t happen
Stuck Even with the OTT threats Telco business model is entrenched Depends on bulk calling More calls mean more leverage End users aren’t important enough
Unfortunately the necessary changes won’t happen in telco-land.
Westhawk ltd - @steely_glint
Fortunately, across the hall in IoT
Iot Very similar problems Consequences even worse Nuisance calls to your Heating?!? No established standards (yet) Still fast moving space Same solution applies But use WebRTC DataChannel
I have hopes….Westhawk ltd - @steely_glint
Fortunately, IoT
Iot
I have a Lego dog to prove it can be done.
EV3 300Mhz Arm9 Linux 64Mb
Westhawk ltd - @steely_glint