Tim Panton builds a webRTC app that controls an IoT device from a chrome browser using a secure (QRcode based) proximity pairing protocol. (with added lego dog) https://www.youtube.com/watch?v=TLXmB2TZyZE
9. @steely_glint - Westhawk Ltd
Ideal Internet of everything
Protocol would be
Standardized
Secure
Widely deployed
Peer-to-Peer (NAT traversal)
Realtime
Strong on Identity management
Mobile capable (and smaller)
User-centric
10. @steely_glint - Westhawk Ltd
RTCweb Protocol is
Standardized
Secure
Widely deployed
Peer-to-Peer (NAT traversal)
Realtime
Strong on Identity management
Mobile capable (and smaller) ?
User-centric
11. @steely_glint - Westhawk Ltd
What we will build today
Realtime
Authenticated
P2P communication
Between a small device
and a webRTC browser
- using the DataChannel but no passwords.
12. @steely_glint - Westhawk Ltd
Components we need
WebRTC (datachannel) app in my smartphone
WebRTC (datachannel) embedded in a device
WebRTC service for rendevous
Some sort of pairing
13. @steely_glint - Westhawk Ltd
Components we will use
Chrome on android (well Mac - for easy AV)
Lightweight stack on device
Simple websockets message hub
(https://github.com/steely-glint/fingersmith)
QRcode pairing
14. @steely_glint - Westhawk Ltd
Duckling protocol
Described by Ross Anderson in
1990s
Device trusts first thing it sees
We flip this and the device shows
QRcode
Smartphone then calls this address
First to connect claims ownership
https://www.flickr.com/photos/bunnygoth/14021732859/
17. @steely_glint - Westhawk Ltd
Which address token?
WebRTC has no built in identity so …
Random key
Generated server side (like XMPP anon)
Generated client side and asserted to service
(As in Respoke, Twillio etc)
Exchanged over QR code at ‘hatching’
Stored locally and reused for ‘life’
18. @steely_glint - Westhawk Ltd
But wait…
Full disclosure:
this is such a good idea I filed a patent on it
Whats this fingerprint thing ?
Hash of the x509 cert used in DTLS exchange
Can we use that as an address ?
Yes - it means the duckling can tell that it is mommy calling
and ignore all other distractions.
More on this at IIT RTC conference in October…
19. @steely_glint - Westhawk Ltd
Javascript walkthrough
Dummy offer to find it at start-up
Phono.sdp.js parse SDP to extract fingerprint
(open source - thanks tropo)
Ipseorama to set up DataChannel
via Fingersmith
generateCertificate + IndexDB to make firefox use
stable identity
20. @steely_glint - Westhawk Ltd
Device Code options
Javascript
Use google’s webrtc wrapped in node
C/C++
Use Janus codebase etc….
Java
DIY
21. @steely_glint - Westhawk Ltd
Yep, you guessed it,
I took the Java way.
STUN/TURN/ICE
Ice4j - Jitsi
DTLS
BouncyCastle - Tropo (now Cisco)
SCTP/DCEP
in progress….
22. @steely_glint - Westhawk Ltd
Demo on Beaglebone
Think of it as an American Pi :-)
Typical of future devices
Small footprint
Low power
Linux
ARM (see Intel Edison)
26. @steely_glint - Westhawk Ltd
By using webRTC
data channel we have
Standardized
Secure
Widely deployed
Peer-to-Peer (NAT traversal)
Realtime
Strong on Identity management
Mobile capable (and smaller)
User-centric
27. tldr;
WebRTC isn’t just for video calls - it
can solve Internet of Everything
problems too.
Tim Panton - Protocol Droid - Westhawk Ltd
@steely_glint