SlideShare a Scribd company logo

Kranky geek15 - securing IoT with webrtc

Download as PPTX, PDF
Tim Panton
Tim Panton

Tim Panton builds a webRTC app that controls an IoT device from a chrome browser using a secure (QRcode based) proximity pairing protocol. (with added lego dog) https://www.youtube.com/watch?v=TLXmB2TZyZE

Internet
1 of 27
Building a different sort of WebRTC app Tim Panton - Protocol Droid - westhawk Ltd @steely_glint
@steely_glint - Westhawk Ltd
@steely_glint - Westhawk Ltd
@steely_glint - Westhawk Ltd
@steely_glint - Westhawk Ltd
@steely_glint - Westhawk Ltd
@steely_glint - Westhawk Ltd
Security isn’t what it was.
@steely_glint - Westhawk Ltd Ideal Internet of everything Protocol would be Standardized Secure Widely deployed Peer-to-Peer (NAT traversal) Realtime Strong on Identity management Mobile capable (and smaller) User-centric
@steely_glint - Westhawk Ltd RTCweb Protocol is Standardized Secure Widely deployed Peer-to-Peer (NAT traversal) Realtime Strong on Identity management Mobile capable (and smaller) ? User-centric
@steely_glint - Westhawk Ltd What we will build today Realtime Authenticated P2P communication Between a small device and a webRTC browser - using the DataChannel but no passwords.
@steely_glint - Westhawk Ltd Components we need WebRTC (datachannel) app in my smartphone WebRTC (datachannel) embedded in a device WebRTC service for rendevous Some sort of pairing
@steely_glint - Westhawk Ltd Components we will use Chrome on android (well Mac - for easy AV) Lightweight stack on device Simple websockets message hub (https://github.com/steely-glint/fingersmith) QRcode pairing
@steely_glint - Westhawk Ltd Duckling protocol Described by Ross Anderson in 1990s Device trusts first thing it sees We flip this and the device shows QRcode Smartphone then calls this address First to connect claims ownership https://www.flickr.com/photos/bunnygoth/14021732859/
Demo of QR using yoPet.us
Code walk through of Fingersmith
@steely_glint - Westhawk Ltd Which address token? WebRTC has no built in identity so … Random key Generated server side (like XMPP anon) Generated client side and asserted to service (As in Respoke, Twillio etc) Exchanged over QR code at ‘hatching’ Stored locally and reused for ‘life’
@steely_glint - Westhawk Ltd But wait… Full disclosure: this is such a good idea I filed a patent on it Whats this fingerprint thing ? Hash of the x509 cert used in DTLS exchange Can we use that as an address ? Yes - it means the duckling can tell that it is mommy calling and ignore all other distractions. More on this at IIT RTC conference in October…
@steely_glint - Westhawk Ltd Javascript walkthrough Dummy offer to find it at start-up Phono.sdp.js parse SDP to extract fingerprint (open source - thanks tropo) Ipseorama to set up DataChannel via Fingersmith generateCertificate + IndexDB to make firefox use stable identity
@steely_glint - Westhawk Ltd Device Code options Javascript Use google’s webrtc wrapped in node C/C++ Use Janus codebase etc…. Java DIY
@steely_glint - Westhawk Ltd Yep, you guessed it, I took the Java way. STUN/TURN/ICE Ice4j - Jitsi DTLS BouncyCastle - Tropo (now Cisco) SCTP/DCEP in progress….
@steely_glint - Westhawk Ltd Demo on Beaglebone Think of it as an American Pi :-) Typical of future devices Small footprint Low power Linux ARM (see Intel Edison)
@steely_glint - Westhawk Ltd What, that’s not small enough Arm 9 300Mhz 64 Mb Linux
@steely_glint - Westhawk Ltd Lego EV3 Lego EV3 Arm 9 300Mhz 64 Mb Linux LeJos Java ;-)
@steely_glint - Westhawk Ltd Demo
@steely_glint - Westhawk Ltd By using webRTC data channel we have Standardized Secure Widely deployed Peer-to-Peer (NAT traversal) Realtime Strong on Identity management Mobile capable (and smaller) User-centric
tldr; WebRTC isn’t just for video calls - it can solve Internet of Everything problems too. Tim Panton - Protocol Droid - Westhawk Ltd @steely_glint

Recommended

What's Next for WebRTC
What's Next for WebRTCWhat's Next for WebRTC
What's Next for WebRTCChad Hart
 
Developing appear.in for iOS and Android
Developing appear.in for iOS and AndroidDeveloping appear.in for iOS and Android
Developing appear.in for iOS and Androidsventy
 
Kranky geeklondon build an app
Kranky geeklondon build an appKranky geeklondon build an app
Kranky geeklondon build an appTim Panton
 
Kranky Geek - Virtual Collaboration - Igor Pavlov
Kranky Geek - Virtual Collaboration - Igor PavlovKranky Geek - Virtual Collaboration - Igor Pavlov
Kranky Geek - Virtual Collaboration - Igor PavlovIgor Pavlov
 
IoT and WebRTC
IoT and WebRTCIoT and WebRTC
IoT and WebRTCArin Sime
 
WebRTC applications for IoT
WebRTC applications for IoTWebRTC applications for IoT
WebRTC applications for IoTIvelin Ivanov
 
WebRTC - a History Lesson
WebRTC - a History LessonWebRTC - a History Lesson
WebRTC - a History LessonTsahi Levent-levi
 
Could Iot be WebRTC's greatest source of innovation? (The IIT RTC Conference ...
Could Iot be WebRTC's greatest source of innovation? (The IIT RTC Conference ...Could Iot be WebRTC's greatest source of innovation? (The IIT RTC Conference ...
Could Iot be WebRTC's greatest source of innovation? (The IIT RTC Conference ...Brian Pulito
 

Recommended

What's Next for WebRTC
What's Next for WebRTCWhat's Next for WebRTC
What's Next for WebRTCChad Hart
 
Developing appear.in for iOS and Android
Developing appear.in for iOS and AndroidDeveloping appear.in for iOS and Android
Developing appear.in for iOS and Androidsventy
 
Kranky geeklondon build an app
Kranky geeklondon build an appKranky geeklondon build an app
Kranky geeklondon build an appTim Panton
 
Kranky Geek - Virtual Collaboration - Igor Pavlov
Kranky Geek - Virtual Collaboration - Igor PavlovKranky Geek - Virtual Collaboration - Igor Pavlov
Kranky Geek - Virtual Collaboration - Igor PavlovIgor Pavlov
 
IoT and WebRTC
IoT and WebRTCIoT and WebRTC
IoT and WebRTCArin Sime
 
WebRTC applications for IoT
WebRTC applications for IoTWebRTC applications for IoT
WebRTC applications for IoTIvelin Ivanov
 
WebRTC - a History Lesson
WebRTC - a History LessonWebRTC - a History Lesson
WebRTC - a History LessonTsahi Levent-levi
 
Could Iot be WebRTC's greatest source of innovation? (The IIT RTC Conference ...
Could Iot be WebRTC's greatest source of innovation? (The IIT RTC Conference ...Could Iot be WebRTC's greatest source of innovation? (The IIT RTC Conference ...
Could Iot be WebRTC's greatest source of innovation? (The IIT RTC Conference ...Brian Pulito
 
10 voipmistakes
10 voipmistakes10 voipmistakes
10 voipmistakesTim Panton
 
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...JPCERT Coordination Center
 
HTTP/3 for everyone
HTTP/3 for everyoneHTTP/3 for everyone
HTTP/3 for everyoneDaniel Stenberg
 
Hello 1 2 3, can you see me now?
Hello 1 2 3, can you see me now?Hello 1 2 3, can you see me now?
Hello 1 2 3, can you see me now?Kundan Singh
 
WebRTC Tutorial by Dean Bubley of Disruptive Analysis & Tim Panton of Westhaw...
WebRTC Tutorial by Dean Bubley of Disruptive Analysis & Tim Panton of Westhaw...WebRTC Tutorial by Dean Bubley of Disruptive Analysis & Tim Panton of Westhaw...
WebRTC Tutorial by Dean Bubley of Disruptive Analysis & Tim Panton of Westhaw...Dean Bubley
 
D1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via smsD1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via smsqqlan
 
The year of the peer-to-peer web
The year of the peer-to-peer webThe year of the peer-to-peer web
The year of the peer-to-peer webThomas Gorissen
 
Architecture in Ajax Applications
Architecture in Ajax ApplicationsArchitecture in Ajax Applications
Architecture in Ajax ApplicationsAlois Reitbauer
 
Node summit workshop
Node summit workshopNode summit workshop
Node summit workshopShubhra Kar
 
Morecrypto in the world of SIP - the Session Initiation Protocol
Morecrypto in the world of SIP - the Session Initiation ProtocolMorecrypto in the world of SIP - the Session Initiation Protocol
Morecrypto in the world of SIP - the Session Initiation ProtocolOlle E Johansson
 
WebRTC Summit November 2013 - WebRTC Interoperability (and why it is important)
WebRTC Summit November 2013 - WebRTC Interoperability (and why it is important)WebRTC Summit November 2013 - WebRTC Interoperability (and why it is important)
WebRTC Summit November 2013 - WebRTC Interoperability (and why it is important)Crocodile WebRTC SDK and Cloud Signalling Network
 
WebRTC Reborn - Cloud Expo / WebRTC Summit
WebRTC Reborn - Cloud Expo / WebRTC SummitWebRTC Reborn - Cloud Expo / WebRTC Summit
WebRTC Reborn - Cloud Expo / WebRTC SummitDan Jenkins
 
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)Guy Podjarny
 
WebRTC Reborn Hackference
WebRTC Reborn HackferenceWebRTC Reborn Hackference
WebRTC Reborn HackferenceDan Jenkins
 
HTTP/3 is next generation HTTP
HTTP/3 is next generation HTTPHTTP/3 is next generation HTTP
HTTP/3 is next generation HTTPDaniel Stenberg
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Zoltan Balazs
 
Programming for the Internet of Things
Programming for the Internet of ThingsProgramming for the Internet of Things
Programming for the Internet of ThingsKinoma
 
Ethereum Devcon1 Report (summary writing)
Ethereum Devcon1 Report (summary writing)Ethereum Devcon1 Report (summary writing)
Ethereum Devcon1 Report (summary writing)Tomoaki Sato
 
WebRTC Integration from Tim Panton
WebRTC Integration from Tim PantonWebRTC Integration from Tim Panton
WebRTC Integration from Tim PantonAlan Quayle
 
WebRTC Reborn - Full Stack Toronto
WebRTC Reborn - Full Stack TorontoWebRTC Reborn - Full Stack Toronto
WebRTC Reborn - Full Stack TorontoDan Jenkins
 
Putting the 'web' into webRTC
Putting the 'web' into webRTCPutting the 'web' into webRTC
Putting the 'web' into webRTCTim Panton
 
Simple secure federated identity for webRTC (your new phone number)
Simple secure federated identity for webRTC (your new phone number)Simple secure federated identity for webRTC (your new phone number)
Simple secure federated identity for webRTC (your new phone number)Tim Panton
 

More Related Content

Similar to Kranky geek15 - securing IoT with webrtc

10 voipmistakes
10 voipmistakes10 voipmistakes
10 voipmistakesTim Panton
 
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...JPCERT Coordination Center
 
Hello 1 2 3, can you see me now?
Hello 1 2 3, can you see me now?Hello 1 2 3, can you see me now?
Hello 1 2 3, can you see me now?Kundan Singh
 
WebRTC Tutorial by Dean Bubley of Disruptive Analysis & Tim Panton of Westhaw...
WebRTC Tutorial by Dean Bubley of Disruptive Analysis & Tim Panton of Westhaw...WebRTC Tutorial by Dean Bubley of Disruptive Analysis & Tim Panton of Westhaw...
WebRTC Tutorial by Dean Bubley of Disruptive Analysis & Tim Panton of Westhaw...Dean Bubley
 
D1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via smsD1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via smsqqlan
 
The year of the peer-to-peer web
The year of the peer-to-peer webThe year of the peer-to-peer web
The year of the peer-to-peer webThomas Gorissen
 
Architecture in Ajax Applications
Architecture in Ajax ApplicationsArchitecture in Ajax Applications
Architecture in Ajax ApplicationsAlois Reitbauer
 
Node summit workshop
Node summit workshopNode summit workshop
Node summit workshopShubhra Kar
 
Morecrypto in the world of SIP - the Session Initiation Protocol
Morecrypto in the world of SIP - the Session Initiation ProtocolMorecrypto in the world of SIP - the Session Initiation Protocol
Morecrypto in the world of SIP - the Session Initiation ProtocolOlle E Johansson
 
WebRTC Reborn - Cloud Expo / WebRTC Summit
WebRTC Reborn - Cloud Expo / WebRTC SummitWebRTC Reborn - Cloud Expo / WebRTC Summit
WebRTC Reborn - Cloud Expo / WebRTC SummitDan Jenkins
 
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)Guy Podjarny
 
WebRTC Reborn Hackference
WebRTC Reborn HackferenceWebRTC Reborn Hackference
WebRTC Reborn HackferenceDan Jenkins
 
HTTP/3 is next generation HTTP
HTTP/3 is next generation HTTPHTTP/3 is next generation HTTP
HTTP/3 is next generation HTTPDaniel Stenberg
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Zoltan Balazs
 
Programming for the Internet of Things
Programming for the Internet of ThingsProgramming for the Internet of Things
Programming for the Internet of ThingsKinoma
 
Ethereum Devcon1 Report (summary writing)
Ethereum Devcon1 Report (summary writing)Ethereum Devcon1 Report (summary writing)
Ethereum Devcon1 Report (summary writing)Tomoaki Sato
 
WebRTC Integration from Tim Panton
WebRTC Integration from Tim PantonWebRTC Integration from Tim Panton
WebRTC Integration from Tim PantonAlan Quayle
 
WebRTC Reborn - Full Stack Toronto
WebRTC Reborn - Full Stack TorontoWebRTC Reborn - Full Stack Toronto
WebRTC Reborn - Full Stack TorontoDan Jenkins
 

Similar to Kranky geek15 - securing IoT with webrtc (20)

10 voipmistakes
10 voipmistakes10 voipmistakes
10 voipmistakes
 
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
 
HTTP/3 for everyone
HTTP/3 for everyoneHTTP/3 for everyone
HTTP/3 for everyone
 
Hello 1 2 3, can you see me now?
Hello 1 2 3, can you see me now?Hello 1 2 3, can you see me now?
Hello 1 2 3, can you see me now?
 
WebRTC Tutorial by Dean Bubley of Disruptive Analysis & Tim Panton of Westhaw...
WebRTC Tutorial by Dean Bubley of Disruptive Analysis & Tim Panton of Westhaw...WebRTC Tutorial by Dean Bubley of Disruptive Analysis & Tim Panton of Westhaw...
WebRTC Tutorial by Dean Bubley of Disruptive Analysis & Tim Panton of Westhaw...
 
D1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via smsD1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via sms
 
The year of the peer-to-peer web
The year of the peer-to-peer webThe year of the peer-to-peer web
The year of the peer-to-peer web
 
Architecture in Ajax Applications
Architecture in Ajax ApplicationsArchitecture in Ajax Applications
Architecture in Ajax Applications
 
Node summit workshop
Node summit workshopNode summit workshop
Node summit workshop
 
Morecrypto in the world of SIP - the Session Initiation Protocol
Morecrypto in the world of SIP - the Session Initiation ProtocolMorecrypto in the world of SIP - the Session Initiation Protocol
Morecrypto in the world of SIP - the Session Initiation Protocol
 
WebRTC Summit November 2013 - WebRTC Interoperability (and why it is important)
WebRTC Summit November 2013 - WebRTC Interoperability (and why it is important)WebRTC Summit November 2013 - WebRTC Interoperability (and why it is important)
WebRTC Summit November 2013 - WebRTC Interoperability (and why it is important)
 
WebRTC Reborn - Cloud Expo / WebRTC Summit
WebRTC Reborn - Cloud Expo / WebRTC SummitWebRTC Reborn - Cloud Expo / WebRTC Summit
WebRTC Reborn - Cloud Expo / WebRTC Summit
 
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
 
WebRTC Reborn Hackference
WebRTC Reborn HackferenceWebRTC Reborn Hackference
WebRTC Reborn Hackference
 
HTTP/3 is next generation HTTP
HTTP/3 is next generation HTTPHTTP/3 is next generation HTTP
HTTP/3 is next generation HTTP
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
 
Programming for the Internet of Things
Programming for the Internet of ThingsProgramming for the Internet of Things
Programming for the Internet of Things
 
Ethereum Devcon1 Report (summary writing)
Ethereum Devcon1 Report (summary writing)Ethereum Devcon1 Report (summary writing)
Ethereum Devcon1 Report (summary writing)
 
WebRTC Integration from Tim Panton
WebRTC Integration from Tim PantonWebRTC Integration from Tim Panton
WebRTC Integration from Tim Panton
 
WebRTC Reborn - Full Stack Toronto
WebRTC Reborn - Full Stack TorontoWebRTC Reborn - Full Stack Toronto
WebRTC Reborn - Full Stack Toronto
 

More from Tim Panton

Putting the 'web' into webRTC
Putting the 'web' into webRTCPutting the 'web' into webRTC
Putting the 'web' into webRTCTim Panton
 
Simple secure federated identity for webRTC (your new phone number)
Simple secure federated identity for webRTC (your new phone number)Simple secure federated identity for webRTC (your new phone number)
Simple secure federated identity for webRTC (your new phone number)Tim Panton
 
Ice with that sir? Or what webRTC does once it has a UDP connection
Ice with that sir? Or what webRTC does once it has a UDP connectionIce with that sir? Or what webRTC does once it has a UDP connection
Ice with that sir? Or what webRTC does once it has a UDP connectionTim Panton
 
Yo pet - building a webRTC app in 20 mins
Yo pet - building a webRTC app in 20 minsYo pet - building a webRTC app in 20 mins
Yo pet - building a webRTC app in 20 minsTim Panton
 
Westhawk integration
Westhawk integrationWesthawk integration
Westhawk integrationTim Panton
 
WebRTC Standards overview.
WebRTC Standards overview.WebRTC Standards overview.
WebRTC Standards overview.Tim Panton
 

More from Tim Panton (6)

Putting the 'web' into webRTC
Putting the 'web' into webRTCPutting the 'web' into webRTC
Putting the 'web' into webRTC
 
Simple secure federated identity for webRTC (your new phone number)
Simple secure federated identity for webRTC (your new phone number)Simple secure federated identity for webRTC (your new phone number)
Simple secure federated identity for webRTC (your new phone number)
 
Ice with that sir? Or what webRTC does once it has a UDP connection
Ice with that sir? Or what webRTC does once it has a UDP connectionIce with that sir? Or what webRTC does once it has a UDP connection
Ice with that sir? Or what webRTC does once it has a UDP connection
 
Yo pet - building a webRTC app in 20 mins
Yo pet - building a webRTC app in 20 minsYo pet - building a webRTC app in 20 mins
Yo pet - building a webRTC app in 20 mins
 
Westhawk integration
Westhawk integrationWesthawk integration
Westhawk integration
 
WebRTC Standards overview.
WebRTC Standards overview.WebRTC Standards overview.
WebRTC Standards overview.
 

Recently uploaded

DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceDelhi Call girls
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts servicesonalikaur4
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsstephieert
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Roomgirls4nights
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Roomdivyansh0kumar0
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaimessage0108
 

Recently uploaded (20)

DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girls
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of india
 

Kranky geek15 - securing IoT with webrtc

  • 1. Building a different sort of WebRTC app Tim Panton - Protocol Droid - westhawk Ltd @steely_glint
  • 9. @steely_glint - Westhawk Ltd Ideal Internet of everything Protocol would be Standardized Secure Widely deployed Peer-to-Peer (NAT traversal) Realtime Strong on Identity management Mobile capable (and smaller) User-centric
  • 10. @steely_glint - Westhawk Ltd RTCweb Protocol is Standardized Secure Widely deployed Peer-to-Peer (NAT traversal) Realtime Strong on Identity management Mobile capable (and smaller) ? User-centric
  • 11. @steely_glint - Westhawk Ltd What we will build today Realtime Authenticated P2P communication Between a small device and a webRTC browser - using the DataChannel but no passwords.
  • 12. @steely_glint - Westhawk Ltd Components we need WebRTC (datachannel) app in my smartphone WebRTC (datachannel) embedded in a device WebRTC service for rendevous Some sort of pairing
  • 13. @steely_glint - Westhawk Ltd Components we will use Chrome on android (well Mac - for easy AV) Lightweight stack on device Simple websockets message hub (https://github.com/steely-glint/fingersmith) QRcode pairing
  • 14. @steely_glint - Westhawk Ltd Duckling protocol Described by Ross Anderson in 1990s Device trusts first thing it sees We flip this and the device shows QRcode Smartphone then calls this address First to connect claims ownership https://www.flickr.com/photos/bunnygoth/14021732859/
  • 15. Demo of QR using yoPet.us
  • 16. Code walk through of Fingersmith
  • 17. @steely_glint - Westhawk Ltd Which address token? WebRTC has no built in identity so … Random key Generated server side (like XMPP anon) Generated client side and asserted to service (As in Respoke, Twillio etc) Exchanged over QR code at ‘hatching’ Stored locally and reused for ‘life’
  • 18. @steely_glint - Westhawk Ltd But wait… Full disclosure: this is such a good idea I filed a patent on it Whats this fingerprint thing ? Hash of the x509 cert used in DTLS exchange Can we use that as an address ? Yes - it means the duckling can tell that it is mommy calling and ignore all other distractions. More on this at IIT RTC conference in October…
  • 19. @steely_glint - Westhawk Ltd Javascript walkthrough Dummy offer to find it at start-up Phono.sdp.js parse SDP to extract fingerprint (open source - thanks tropo) Ipseorama to set up DataChannel via Fingersmith generateCertificate + IndexDB to make firefox use stable identity
  • 20. @steely_glint - Westhawk Ltd Device Code options Javascript Use google’s webrtc wrapped in node C/C++ Use Janus codebase etc…. Java DIY
  • 21. @steely_glint - Westhawk Ltd Yep, you guessed it, I took the Java way. STUN/TURN/ICE Ice4j - Jitsi DTLS BouncyCastle - Tropo (now Cisco) SCTP/DCEP in progress….
  • 22. @steely_glint - Westhawk Ltd Demo on Beaglebone Think of it as an American Pi :-) Typical of future devices Small footprint Low power Linux ARM (see Intel Edison)
  • 23. @steely_glint - Westhawk Ltd What, that’s not small enough Arm 9 300Mhz 64 Mb Linux
  • 24. @steely_glint - Westhawk Ltd Lego EV3 Lego EV3 Arm 9 300Mhz 64 Mb Linux LeJos Java ;-)
  • 26. @steely_glint - Westhawk Ltd By using webRTC data channel we have Standardized Secure Widely deployed Peer-to-Peer (NAT traversal) Realtime Strong on Identity management Mobile capable (and smaller) User-centric
  • 27. tldr; WebRTC isn’t just for video calls - it can solve Internet of Everything problems too. Tim Panton - Protocol Droid - Westhawk Ltd @steely_glint