Simple secure federated identity for webRTC (your new phone number)

SIMPLE SECURE FEDERATED IDENTITY FOR WEBRTC (YOUR NEW PHONE NUMBER)

Tim Panton – Westhawk Ltd @steely_glint

Westhawk ltd - @steely_glint

Liars

Westhawk ltd - @steely_glint https://www.flickr.com/photos/barbiefantasies/14395143510/

“Hello, I’m calling from Windows”CallerId has failed.

Caller id should alert us to this fraud

It does not

Originally geographically based No crypto strength Loosely federated Each hop can inject traffic It was good business


Security

Westhawk ltd - @steely_glint https://www.flickr.com/photos/madaboutshanghai/184665954

“Let me take you through security”CallerId has failed.

Needless if CallerId worked It does not

Already logged in on Web Used sensor to unlock phone Strong crypto in SIM Phone network strips other

auth It was good business


Old Wisdom

Westhawk ltd - @steely_glint https://www.flickr.com/photos/3059349393/3320930905/

“Hello this is Wormshill 280”CallerId has failed.

Confirm number on answer

Old wisdom?


What do ?

Nothing Ignore the problem Most communication is in

context Assume the context will cover

gap

Except people hate robo-calls Landlines are for liars, cheats

and the elderlyWesthawk ltd - @steely_glint

What do ?

Whatsapp Whatsapp style Siloed service No number portability No federation Bootstrap from phone number Tight control on 3rd party apps Messaging and voice in same

channelWesthawk ltd - @steely_glint

Can WebRTC help?

WebRTC No signaling standard No identity standard Massive Silos (hangouts,

facebook etc) Niche apps (on-site apps)Probably not.


Can WebRTC help?

WebRTC Strong E2E crypto Wide standardization Integrated into web Easy to app-ify Fingerprints

Perhaps….


Webrtc crypto

Crypto Uses DTLS (with PFS) TLS’s datagram sibling Self signed certificates Contain no id Containing x509 public keys Exchanged securely at media

start NOT over the signaling channel Confirmation via fingerprint


Webrtc fingerprint

fingerprint Hash over the cert containing public key

Maps uniquely to a public key Sent over signaling channel as

check 32 bytes rendered in hex Hard to read Requires you trust the signaling Not ideal for federation


Fingerprints as phone numbers.fingerprint Such a good idea I filed a

patent on it

Replace e164 with fingerprints Calls are made between unique

32byte addresses Endpoints can verify each other

simply at media start


‘Inbound’ example

fingerprint I receive call from a fingerprint Fingerprint is in my address

book I accept call Media start verifies fingerprint Drop call if they don’t match


‘Outbound’ example

fingerprint I call your fingerprint Signaling claims you answered On media start calculate

fingerprint Drop call if they don’t match Continue call if they do


What do I have to trust ?

Trust My OS My browser Javascript I’m running The site that provided the

javascript How I got your fingerprintI have (or can have) a legal contract with each of these


What do I NOT have to trust ?Trust My signaling service

Your signaling service Any federated hops along the way

The verification is end-to-end over the

media

All are parties I have no relation toWesthawk ltd - @steely_glint

Other Trust issues

Trust Uses well established crypto Uses stock browsers Simple(ish) inspectable

javascript Uses public webRTC apis –

nothing else


Certificate lifecycle API

Lifecycle New Cert per site (per peerConnection)

So my poker club and church see different numbers

All stored in my device Can be stored – or one-time

depending on the site Not exportable or transferable


I’m not learning a 32byte number!

Numbers You don’t have to I hardly recall any 10 digit

numbers! All stored in my device Protected by my (physical)

fingerprint


How to transfer fingerprints

transfer Visually with QR codes Show and tell demo Use phone/web cams Requires proximity Intentional gesture Trusted introductions (other out of band ways)


An implementation

fingersmith Proof of concept https://steely-glint.github.io/

fingersmith/phonefromhere/ Public code from Github

can be trusted/inspected Signaling service untrusted

just passes messages All state at endpoints


https://steely-glint.github.io/fingersmith/phonefromhere/








Untrusted federation.

federation This replaces the web of (misplaced) trust in the current SS7 and IPnetworks.

We can have trusted callerID without trusting all the networks on the path If we use webRTC fingerprints instead of e164s


Sigh, I know it won’t happen

Stuck Even with the OTT threats Telco business model is entrenched Depends on bulk calling More calls mean more leverage End users aren’t important enough

Unfortunately the necessary changes won’t happen in telco-land.


Fortunately, across the hall in IoT

Iot Very similar problems Consequences even worse Nuisance calls to your Heating?!? No established standards (yet) Still fast moving space Same solution applies But use WebRTC DataChannel

I have hopes….Westhawk ltd - @steely_glint

Fortunately, IoT

Iot

I have a Lego dog to prove it can be done.

EV3 300Mhz Arm9 Linux 64Mb


[email protected]@steely_glint

Questions?


mailto:[email protected]

Internet

Simple secure federated identity for webRTC (your new phone number)