Definition of Data Encryption
Encryption is a basic cybersecurity method where information is converted from a readable format into encoded form, so that only users with access to a secret key or password can decrypt it. In fact, data is converted into an unusable form, also known as ciphertext, and if intercepted, appears scrambled to malicious parties. This prevents stolen content from being used, since the hacker cannot see it as plaintext.
Encryption schemes are developed with the software called encryption algorithm or cipher which can only be broken with a lot of computing power. There are two most common encryption methods — symmetric and asymmetric. The names refer to whether or not the same key is used for encryption and decryption.
History of Cryptography
The history of cryptography is about 4,000 years old, starting with the simple replacement of letters in words with other letters or symbols. With the progress of human society, encryption gradually became more complicated: mathematical equations and special mechanical devices, rotor machines came to the aid.
So, what video conferencing services provide the most reliable privacy protection? What messaging apps don’t implement end-to-end encryption and stay out of the top? With so many tools for encrypted communication available, which features are the most crucial?
Video conferencing encryption is required to ensure confidentiality during online meetings, seminars and negotiations. Even if an intruder succeeds in intercepting the video stream, he will not be able to decrypt it.
Common Use Cases for Encryption
Today’s cryptography methods are used for safe data exchange between web servers and browsers, cash withdrawals from ATMs, computer networks and electronic document management, online data storage, messaging and video communications. Encryption use cases can be found throughout the private and public sectors as any organization needs to keep sensitive information private and secure.
Why do you need video conferencing encryption?
To save money and keep the company’s reputation. With the widespread use of computer systems, information has become a core value. That is why governments and private companies are paying more and more attention to information security. Despite the fact that properly selected and implemented cryptographic algorithms do not completely eliminate the threat of data compromise, they seriously reduce this risk.
While communicating in the corporate network via video conferencing systems, employees may talk not only about their business, but also discuss some sensitive matters. For example, exposing an employee’s radical political or religious views and attitudes towards different minorities not only leads to personal reputational losses, but also to brand damage for the entire company. Stolen information can also be used for fraud or blackmail.
Stealing trade secret data is a frequent practice. Therefore, it makes sense to protect the company from such situations, making the process of accessing and decrypting data difficult and expensive, and therefore unprofitable for competitors.
Implementation of video conferencing encryption
Let us examine the encryption implementation in modern VC applications on the example of TrueConf Server. The product does not need an Internet connection for its operation; it is able to work in a closed network.
The latest version of the OpenSSL TLS protocol, encrypting data at the transport level, is used to transmit signaling information. The protocol works as follows:
- The client sends a connection request to the server, providing a list of supported encryption software, algorithms and hash functions.
- The server selects the most reliable algorithms from the received list, which are supported by the server itself, and informs the client about its choice.
- The server sends a digital certificate to the client for its own authentication.
- The client checks the validity of the received certificate with the root certificates of Certification Authorities before establishing the connection.
- A secure connection between the client and the server is established. It is encrypted with a session key, which is generated using the Diffie–Hellman key exchange.
Support for DTLS and SRTP protocols is additionally implemented in WebRTC connections. For SIP/H.323 devices SRTP and H.235 are supported respectively.
- DTSL is a modified TLS protocol used to protect connections that support datagrams. It is often used on top of the UDP protocol, as it is mainly used to transmit media traffic. Inheriting the advantages of TLS, DTLS allows you to get rid of the original disadvantages of UDP: no guarantee of the integrity of the transmitted information and the inability to notify the sending party about the results of the transfer.
- SRTP protocol is used to encrypt voice traffic in VoIP. The main advantages: simplicity and performance, use of timestamps and packet numbering in the protocol for media stream synchronization, support for AES encryption, which is described below.
- H.235 is a specification describing the security features of H.323 protocol for multimedia data transmission. For user identification, H.235 supports the use of a password or digital certificates and public key encryption.
Security and encryption for H-Series (Source)
TrueConf Server uses modified VP8 codec with SVC support for video encoding. This custom solution makes it difficult to decrypt the video stream with standard means.
It is a proven practice to encrypt stream data using symmetric-key encryption algorithms. The practical implementation of this cryptographic approach, the AES algorithm, has been accepted as a standard by the US government and is one of the most common encryption algorithms.
The AES algorithm scheme (Source)
The AES working principle is quite simple: an input data block with a fixed size of 128 bits is converted to another block using a secret or encryption key. Its length varies depending on the required algorithm security level and is 128, 192 or 256 bits. The conversion operation is repeated several times or rounds. The number of rounds also differs and is equal to 10, 12 or 14, depending on the length of the key. To perform a sequence of mathematical operations over a block of source data, each round uses a different round key generated from the secret key. TrueConf Server uses the AES-256 algorithm with the longest key to encode media data. The AES hardware support is implemented in all modern Intel, AMD and ARMv8 processors, which significantly improves video communication security without any performance loss.
You can use VPN gateways with end-to-end encryption support for additional protection of connections between corporate network segments. In this case, protection is provided by the IPsec protocol family.
TrueConf Server Free — Self-Hosted Video Conferencing
• 4K video conferencing and scalable SVC architecture
• 100% on-premises video conferencing software for Windows and Linux
• Cross-platform native apps for all major platforms
• Up to 50 users and 1 SIP/H.323 connection
• 1 guest connection for public web conferences
• Easy to set up and control