Video Conferencing Encryption

Definition of Data Encryption

Encryption is a basic cybersecurity method where information is converted from a readable format into encoded form, so that only users with access to a secret key or password can decrypt it. In fact, data is converted into an unusable form, also known as ciphertext, and if intercepted, appears scrambled to malicious parties. This prevents stolen content from being used, since the hacker cannot see it as plaintext. 

Encryption schemes are developed with the software called encryption algorithm or cipher which can only be broken with a lot of computing power. There are two most common encryption methods — symmetric and asymmetric. The names refer to whether or not the same key is used for encryption and decryption.

History of  Cryptography

The history of cryptography is about 4,000 years old, starting with the simple replacement of letters in words with other letters or symbols. With the progress of human society, encryption gradually became more complicated: mathematical equations and special mechanical devices, rotor machines came to the aid.

So, what video conferencing services provide the most reliable privacy protection? What messaging apps don’t implement end-to-end encryption and stay out of the top? With so many tools for encrypted communication available, which features are the most crucial?

Video conferencing encryption is required to ensure confidentiality during online meetings, seminars and negotiations. Even if an intruder succeeds in intercepting the video stream, he will not be able to decrypt it.

Common Use Cases for Encryption

Today’s cryptography methods are used for safe data exchange between web servers and browsers, cash withdrawals from ATMs, computer networks and electronic document management, online data storage, messaging and video communications. Encryption use cases can be found throughout the private and public sectors as any organization needs to keep sensitive information private and secure. 

 

Web Browsing HTTPS stands for hypertext transfer protocol secure and is usually indicated by a closed padlock symbol to the left of the URL in the browser’s address bar.  This protocol ensures safe communication and data transfer between a user’s browser and a website via TLS (Transport Layer Security) or, formerly, SSL (Secure Sockets Layer). HTTPS verifies secure connection by requesting the public or private key to distribute a shared symmetric key for data encryption and authentication. However, unlike the end-to-end encryption, HTTPS protects personal information only in transit. In other words, this method doesn’t provide comprehensive privacy protection, but keeps sensitive information reliably safe when exchanging online. In this case, you may need a private browsing mode to further protect your data.	Secure messaging End-to-end encryption, also called E2EE, is a secure communication method where only the people sending and receiving a message can view its contents. It keeps personal information from being decrypted by an internet service provider (ISP), application service provider, hacker, or other unauthorized parties. E2EE is a perfect choice for security-conscious users and organizations. It’s difficult to claim that this cybersecurity method provides complete data safety, but its level is high enough. Many popular messaging services and email clients, such as Signal, WhatsApp, and Proton Mail, implement E2EE to secure data transmission.	Video Conferencing As most organizations have moved to a hybrid or remote working format, video conferencing has become the primary and most effective way to communicate between distributed teammates. Despite reliable encryption methods, there are still risks associated with ensuring cybersecurity of sensitive communications. The fact is that during video meetings, participants can discuss not only work issues, but also confidential matters, the leakage of which can damage both the company’s reputation and the personal life of employees. Therefore, it makes the scene to implement self-hosted video conferencing software that encrypts intra-corporate communications end-to-end, can operate in LAN/VPN, and is GDPR & HIPAA compliant.

Why do you need video conferencing encryption?

To save money and keep the company’s reputation. With the widespread use of computer systems, information has become a core value. That is why governments and private companies are paying more and more attention to information security. Despite the fact that properly selected and implemented cryptographic algorithms do not completely eliminate the threat of data compromise, they seriously reduce this risk.

While communicating in the corporate network via video conferencing systems, employees may talk not only about their business, but also discuss some sensitive matters.  For example, exposing an employee’s radical political or religious views and attitudes towards different minorities not only leads to personal reputational losses, but also to brand damage for the entire company. Stolen information can also be used for fraud or blackmail.

Stealing trade secret data is a frequent practice. Therefore, it makes sense to protect the company from such situations, making the process of accessing and decrypting data difficult and expensive, and therefore unprofitable for competitors.

Implementation of video conferencing encryption

Let us examine the encryption implementation in modern VC applications on the example of TrueConf Server. The product does not need an Internet connection for its operation; it is able to work in a closed network.

The latest version of the OpenSSL TLS protocol, encrypting data at the transport level, is used to transmit signaling information. The protocol works as follows:

1. The client sends a connection request to the server, providing a list of supported encryption algorithms and hash functions.
2. The server selects the most reliable algorithms from the received list, which are supported by the server itself, and informs the client about its choice.
3. The server sends a digital certificate to the client for its own authentication.
4. The client checks the validity of the received certificate with the root certificates of Certification Authorities before establishing the connection.
5. A secure connection between the client and the server is established. It is encrypted with a session key, which is generated using the Diffie–Hellman key exchange.

Support for DTLS and SRTP protocols is additionally implemented in WebRTC connections. For SIP/H.323 devices SRTP and H.235 are supported respectively.

• DTSL is a modified TLS protocol used to protect connections that support datagrams. It is often used on top of the UDP protocol, as it is mainly used to transmit media traffic. Inheriting the advantages of TLS, DTLS allows you to get rid of the original disadvantages of UDP: no guarantee of the integrity of the transmitted information and the inability to notify the sending party about the results of the transfer.
• SRTP protocol is used to encrypt voice traffic in VoIP. The main advantages: simplicity and performance, use of timestamps and packet numbering in the protocol for media stream synchronization, support for AES encryption, which is described below.
• H.235 is a specification describing the security features of H.323 protocol for multimedia data transmission. For user identification, H.235 supports the use of a password or digital certificates and public key encryption.

Security and encryption for H-Series (Source)

TrueConf Server uses modified VP8 codec with SVC support for video encoding. This custom solution makes it difficult to decrypt the video stream with standard means.

It is a proven practice to encrypt stream data using symmetric-key encryption algorithms. The practical implementation of this cryptographic approach, the AES algorithm, has been accepted as a standard by the US government and is one of the most common encryption algorithms.

The AES algorithm scheme (Source)

The AES working principle is quite simple: an input data block with a fixed size of 128 bits is converted to another block using a secret or encryption key. Its length varies depending on the required algorithm security level and is 128, 192 or 256 bits. The conversion operation is repeated several times or rounds. The number of rounds also differs and is equal to 10, 12 or 14, depending on the length of the key. To perform a sequence of mathematical operations over a block of source data, each round uses a different round key generated from the secret key. TrueConf Server uses the AES-256 algorithm with the longest key to encode media data. The AES hardware support is implemented in all modern Intel, AMD and ARMv8 processors, which significantly improves video communication security without any performance loss.

You can use VPN gateways with end-to-end encryption support for additional protection of connections between corporate network segments. In this case, protection is provided by the IPsec protocol family.