It’s been just a few days since we talked about how we worked together on VP9 SVC, and yet here we are again with some more news!
The collaboration between the CoSMo Software and Meetecho teams has resulted in a new effort: a patch to Janus to implement support for End to End Media Encryption (PERC Lite).
PERC Lite? What’s PERC Lite?
For a couple of years, the IETF has been working on a standardization effort called PERC (Privacy Enhanced RTP Conferencing). Quoting the Working Group charter, the aim is finding “a solution that enables centralized SRTP-based conferencing, where the central device distributing the media is not required to be trusted with the keys to decrypt the participants’ media”. This means that, while you’d still benefit from the features a centralized media distributor can provide when compared to peer-to-peer deployments, media would still be encrypted end-to-end among all the participants.
That said, the standardization is still going on, and there have been different proposals to tackle this requirement. One of those has come from Alex Gouaillard and Sergio Garcia Murillo of CoSMo Software, who devised a simple mechanism implementating a double encryption in WebRTC based on documents from the PERC IETF effort. The implementation we made in Janus is of this proposal, and not PERC itself.
This mechanism, called “End to End Media Encryption”, or “PERC Lite” for short, is based on a few key points and assumptions, that came from an analysis of the target scenarios:
- there is no support for end-to-end extensions (as no use case was found that would need it);
- the second encryption is a media-payload only encryption, which allows support for FEC, RED, RTX and other quality mechanisms transparently;
- changes to existing WebRTC SFUs to support this approach are minimal (and this Janus integration is an additional proof of this);
- most of the double encryption itself is done on the client side.
More details on this effort can be found in these slides, which describe the process from a more general perspective, and a draft that explains how the whole mechanism works. A client side implementation of PERC Lite is also available as an open source patch to Chromium. The patch this blog post talks about implements the required changes to get this working on the server side in Janus instead, so you can refer to the technical description there for more insight.
How can I use this?
There are several ways this joint effort can be of use, especially if you’re particularly interested in the end-to-end encryption taking advantage of such a mechanism would entail.
As anticipated, CoSMo Software already made available an open source modification of Chromium as a working implementation of the client side. Besides that, there actually are many more building bricks available on client side, including a native stack and a QT client.
Now that Janus has support for PERC Lite as well, there are several different scenarios that can be realized on top of this, thanks to the modular nature of Janus itself and the several different features its plugins implement. While the VideoRoom SFU is the obvious reference, here, recordings can play a key role as well. In fact, even with PERC Lite involved, the Janus recordings can still be used, assuming the encryption key is available to the interested participants. This includes replaying previously recorded PeerConnections in a new WebRTC session later on, or converting these encrypted recordings to plain media files that can be watched with any player.
Enjoy!
About CoSMo
CoSMo was funded in 2015 by WebRTC experts with a goal to develop tools to make WebRTC easier to use, and help Businesses adopting it. Contributing to WebRTC code since the early days of 2012, leader of the webrtc-in-webkit project, Invited expert to the WebRTC working groups, co-chair of the IMTC WebRTC interoperability group, speakers and chairs of several RTC conferences, the CoSMo team is part of Real-Time Communications DNA, from standard to implementation. They provide a wide range of technical expertise on WebRTC, with a focus on system level design, technical due diligences, and Customisation/Integration of the WebRTC stack. More information at www.cosmosoftware.io
About Meetecho
Meetecho was born in 2009 as an official acamedic spin-off of the University of Napoli Federico II. Since Day One they’ve been working hard on real-time multimedia applications over the Internet, ranging from VoIP to more advanced applications based on top of the emerging WebRTC technology. Today’s Meetecho team is composed of world level experts in Real-Time Communication, proud authors of the Janus® WebRTC server! They provide design and implementation consulting services of WebRTC products on top of Janus®, ad-hoc solutions for streaming of live events to the world with remote participation, as well as Ready-to-use web based conferencing and collaboration services. Their website is listing the major companies already trusting them.
About the WebRTC A-Team
10 years ago, a crack student unit was sent to PhD by a European court for WebRTC, a technology they didn’t write. These men promptly graduated from maximum security universities to the Napoli and Singapore Underground. Today, still wanted by their government-paid past teachers, they survive as WebRTC consultants. If you have a WebRTC problem, if no one else can help, and if you can find them, maybe you can hire… the WebRTC A-Team.