Video conferencing encryption

Encryption is a process of encoding information in order to hide it from unauthorized persons. The science of encryption methods is called cryptography.

The history of cryptography is about 4,000 years old, starting with the simple replacement of letters in words with other letters or symbols. With the progress of human society, encryption gradually became more complicated: mathematical equations and special mechanical devices, rotor machines came to the aid.

Video conferencing encryption 1German cipher machine Lorenz SZ42 (Source)

Modern cryptography is characterized by the widespread use of encryption algorithms in a variety of areas: digital television, telephony, computer networks, banking and electronic document management.

Video conferencing encryption is required to ensure confidentiality during online meetings, seminars and negotiations. Even if an intruder succeeds in intercepting the video stream, he will not be able to decrypt it.

Why do you need video conferencing encryption?

To save money and keep the company’s reputation. With the widespread use of computer systems, information has become a core value. That is why governments and private companies are paying more and more attention to information security. Despite the fact that properly selected and implemented cryptographic algorithms do not completely eliminate the threat of data compromise, they seriously reduce this risk.

While communicating in the corporate network via video conferencing systems, employees may talk not only about their business, but also discuss some sensitive matters.  For example, exposing an employee’s radical political or religious views and attitudes towards different minorities not only leads to personal reputational losses, but also to brand damage for the entire company. Stolen information can also be used for fraud or blackmail.

Stealing trade secret data is a frequent practice. Therefore, it makes sense to protect the company from such situations, making the process of accessing and decrypting data difficult and expensive, and therefore unprofitable for competitors.

Implementation of video conferencing encryption

Let us examine the encryption implementation in modern VC applications on the example of TrueConf Server. The product does not need an Internet connection for its operation; it is able to work in a closed network. As a result, intruders will not penetrate from the outside.

Login and password are used for authorization. They can be set manually by an administrator or imported from Active Directory.

The latest version of the OpenSSL TLS protocol, encrypting data at the transport level, is used to transmit signaling information. The protocol works as follows:

  1. The client sends a connection request to the server, providing a list of supported encryption algorithms and hash functions.
  2. The server selects the most reliable algorithms from the received list, which are supported by the server itself, and informs the client about its choice.
  3. The server sends a digital certificate to the client for its own authentication.
  4. The client checks the validity of the received certificate with the root certificates of Certification Authorities before establishing the connection.
  5. A secure connection between the client and the server is established. It is encrypted with a session key, which is generated using the Diffie–Hellman key exchange.

Support for DTLS and SRTP protocols is additionally implemented in WebRTC connections. For SIP/H.323 devices SRTP and H.235 are supported respectively.

DTSL is a modified TLS protocol used to protect connections that support datagrams. It is often used on top of the UDP protocol, as it is mainly used to transmit media traffic. Inheriting the advantages of TLS, DTLS allows you to get rid of the original disadvantages of UDP: no guarantee of the integrity of the transmitted information and the inability to notify the sending party about the results of the transfer.

SRTP protocol is used to encrypt voice traffic in VoIP. The main advantages: simplicity and performance, use of timestamps and packet numbering in the protocol for media stream synchronization, support for AES encryption, which is described below.

H.235 is a specification describing the security features of H.323 protocol for multimedia data transmission. For user identification, H.235 supports the use of a password or digital certificates and public key encryption.

Video conferencing encryption 2Security and encryption for H-Series (Source)

TrueConf Server uses modified VP8 codec with SVC support for video encoding. This custom solution makes it difficult to decrypt the video stream with standard means.

Learn more

It is a proven practice to encrypt stream data using symmetric-key encryption algorithms. The practical implementation of this cryptographic approach, the AES algorithm, has been accepted as a standard by the US government and is one of the most common encryption algorithms.

Video conferencing encryption 3The AES algorithm scheme (Source)

The AES working principle is quite simple: an input data block with a fixed size of 128 bits is converted to another block using a secret or encryption key. Its length varies depending on the required algorithm security level and is 128, 192 or 256 bits. The conversion operation is repeated several times or rounds. The number of rounds also differs and is equal to 10, 12 or 14, depending on the length of the key. To perform a sequence of mathematical operations over a block of source data, each round uses a different round key generated from the secret key. TrueConf Server uses the AES-256 algorithm with the longest key to encode media data. The AES hardware support is implemented in all modern Intel, AMD and ARMv8 processors, which significantly improves video communication security without any performance loss.

You can use VPN gateways with end-to-end encryption support for additional protection of connections between corporate network segments. In this case, protection is provided by the IPsec protocol family.

Author:
Source: trueconf.com