Secure,realtime,highqualitycommunicationacross

computerdevicesusingonlyawebbrowser

Problembeingaddressed:

Most existing VoIP applications( Skype, Google Hangouts ) either need to be downloaded and
installed or need additional plugins ( ex: Flash)tooperate.Theyfunctionbyroutingthedatastreams
through a server to the destination client. Hence the
server has to take the load for each
communication, this alsocausesa
latencyinthecommunication.Routingalsointroducestheissueof
security, since existing VoIP services do not offer endtoend encryption. Hence, an intruder can
snoop in and watch your video stream. This project will try to solve the three key issues of server
load,privacyandlatencybyenablingbrowsertobrowserrealtimecommunicationwithouttheneed
of any additional plugins or applications. We will furtherbuildawebapplicationthatcanbeusedfor
videoconferencing,filesharing,phonecallingusingabrowser.

Objectiveandscopeoftheproject:

The objective of this project is to harness the capabilities of

WebRTC,
which is a free, open source
technology that provides simple APIs to implement realtime
peer2peer communication at the
browserlevel.

List(tentative)functionalitiesthatweplantoincorporateinourapplication:
1.AbilitytohostvideoconferencesusingapresharedURLwithinthebrowser.
2.Endtoendencryptiononthecommunicationsusinganyencryptionalgorithm
3.Makecallstoamobilephonethroughthebrowser.
4.Peer2peerdatatransferwithoutroutingthroughaserver.
5.Abilitytosharescreenswithothers.
....

Processdescription:

Acompletedescriptionoftheapplicationisbeyondthescopeofthissynopsis,howeverabriefoutline
oftheapplicationcanbediscussedasfollows.

i)WebRTCarchitecture
WebRTCisinbuiltintoallmodernbrowsers(Google
Chrome,Firefox)withJavascriptenabled.Theactual
communicationisstartedbyasignallingserverthatsetsup
theconnectionbetweenthetwoclients.Afterwhichthe
browserscommunicateinisolationwithouttheneedofthe
signallingserver.

1
Dept.OfCSE,AIET

ii)Communicationsoverview
WebRTCreliesonthreeAPIs,eachofwhichperformsaspecificfunctioninordertoenablerealtime
communicationwithinawebapplication

1. getUserMedia:
getUserMedia is one such API, enabling a browser to access a user's camera and
microphone. Although utilised by WebRTC, this API is actually offered as part of
HTML5.

2.RTCPeerConnection:
ARTCPeerConnectioninterfacerepresentstheactualWebRTCconnection,
andisreliedupontohandletheefficientstreamingofdatabetweentwopeers.

3.RTCDataChannel:
RTCDataChannel

representsthemaincommunicationchannelthroughwhichthe
exchangeofarbitraryapplicationdataoccursbetweenpeers.Inotherwords,itisused
totransferdatadirectlyfromonepeertoanother.

iii)UnderlyingTechnologies
The three main APIs are the developerfacing aspects of WebRTC, but there are a number of
foundational technologies which are utilised in order to provide these protocols ( the
RTCPeerConnectionandRTCDataChannelAPIs).

ICE, STUN and TURN are necessary to establish and maintain a peertopeer connectionoverUDP.
DTLS is used to secure all data transfers between peers, as encryption is a mandatory feature of
WebRTC. Finally, SCTP and SRTP are the application protocols used to multiplex the different
streams, provide congestion and flow control and provide partially reliable delivery and other
additionalservicesontopofUDP.

2
Dept.OfCSE,AIET

iii)SecurityConsiderations:
There are a number of ways inthatarealtimecommunicationapplicationmayimposesecurityrisks.
One particularly notable one is the interception of unencrypted media or data during transmission.
This can occur between browserbrowser or browserserver communication, with an eavesdropping
thirdparty able to see all data sent. Encryption however, renders it effectively impossible for an
eavesdropper to determine the contents of communication streams. Only parties with access to the
secretencryptionkeycandecodethecommunicationstreams.
Encryption is a mandatory feature ofWebRTCandisenforcedonallcomponents,includingsignaling
mechanisms. Resultantly, all media streams sent over WebRTC are securely encrypted, enacted
through standardised and wellknown encryption protocols. Theencryptionprotocoluseddependson
the channel type data streams are encrypted using Datagram Transport Layer Security (DTLS) and
mediastreamsareencryptedusingSecureRealtimeTransportProtocol(SRTP).

Implementingproposedfeatures:

1. Well be using
JavaScript to handle the client side implementation of our application to
makeAPIcallsinasession.

2. Two servers will play key roles in establishing the connection and ensuring smooth
operations:

a. STUN(SessionTraversalUtilitiesforNAT)
In order to perform P2P communication, both parties necessarily require at least the
knowledge of their peer's IP addressandtheassignedUDPport.Asaresult,acertain
amount of informationexchangeisnecessarybeforeWebRTCcommunicationcanbe
established.
ASTUNserverisusedbyeachpeertodeterminetheirpublicIPaddressandis
referencedbytheICEframeworkduringconnectionestablishment.STUNservers
aretypicallypublicallyaccessibleandcanbeusedfreelybyWebRTCapplications.

b.TURN:TraversalUsingRelaysaroundNAT
IntheeventualitythatestablishingaP2Pcommunicationfails,afallbackoptioncan
beprovidedviaaTURNserver.ByrelayingtrafficbetweenpeerstheWebRTC
communicationcanensured,butcansufferdegradationsinmediaqualityandlatency.

3. A suitable server (
Node.js / Apache
)willbeusedtohandlerequestsandgenerateURLsfor
newconnectionsonthevideoconferencingmodule.

4. The server side operations will be handled using a suitable scripting language preferably
Python.

5. A suitable database will be used to hold information about active connections on the
application.

3
Dept.OfCSE,AIET

6. For enhanced video quality on mobile devices with limited bandwidth, hardware accelerated
videoH.264coding
willbeused.

7. Phone calls can be made from the application using a service like
Twilio
. Twilio offers a
simpleAPIthatcanbeintegratedwithourapplication.

8. TheUI/UXwillbedesignedanddevelopedusing
HTML
and
responsiveCSS.

i)Aroughsketchoftheapplicationsarchitecture

4
Dept.OfCSE,AIET

HardwareandSoftwarerequirements:
i)Hardware:
AcomputerorasmartphonewhichiscapableofrunningGoogleChrome(>version23)or
MozillaFirefox(>22)withahighspeedinternetconnection:3Gonmobilephonesanda
minimumof512kbpsonacomputer.
Forvideoconferencing
:Amicrophone,avideocamera.

ii)Software:
Asstated,WebRTCisavailableonmodernbrowsers:GoogleChrome23,MozillaFirefox22
Opera18.
Thenecessarymodules/interfacesanddevicedriversofthemicrophoneandvideocamera
mustbepreinstalled.

Literaturesurvey:
Following references have been massively helpful in guiding us through the development and
understandingofWebRTCasatechnology.

i)OfficialWebRTCpage:
http://webrtc.org

ii)AStudyofWebRTCSecurity:
http://webrtcsecurity.github.io
ThiswebsiteanalysesthesecurityfeaturesandfallaciesofWebRTCinmeticulousdetail.
IthelpedusunderstandhowtheICE,STUNandTURNworktogetherandalsogavean
insightintotheclientsidesecurityconcernsthatmustbeaddressedwhilebuildingareal
timeapplication.

iii)OpenWebRTC:AmobilefirstWebRTCclientframeworkforbuildingnativeapps

http://www.openwebrtc.org

OpenWebRTCisbuiltonthebeliefthattheWebRTC
standard
wouldtranscendthepure
browserenvironmentandthatnativeapps,implementingthesameprotocolsandAPI's,
wouldbecomeanimportantpartoftheWebRTCecosystem.Thisisespeciallytrueon
mobileplatformswherenativeappdistributionisoftenpreferredoverpurewebapps..

OpenWebRTCishelpsusidentifythemobilecentricissuesthatoccurinrealtime
communication,morespecificallyaswehavetodealwithlimitedbandwidthandbattery
power,outapplicationmustbeoptimizedforsuchenvironments

5
Dept.OfCSE,AIET

Team:

PratikKanthi[
3AE12CS055]
VenkateshKakalwar[
3AE12CS055]
PoojaPatil
[3AE12CS051]
ShrutiKannur
[3AE12CS077]

6
Dept.OfCSE,AIET