For several Years now, CoSMo has been providing end-to-end encryption solutions, from clients to media servers and more, fully webrtc compliant, to many. The most famous customer is maybe Symphony Communications, using an early modified version of PERC called PERC-lite, but there are many more using the second generation version called SFrame co-developed originally by Google, including the real-time streaming platform MilliCast.com for the customers in need of something better than DRM. The full technical brief is here http://webrtcbydralex.com/index.php/2020/03/30/secure-frames-sframes-end-to-end-media-encryption-with-webrtc-now-in-chrome/
There was a catch though, it would not work in Browsers, one would have to go native only. Not a problem for most mobile apps, and DUO has been leveraging it for more than a year now, but still, less than ideal. Since last week, it is now possible to support SFrame in the browser. So the cat is out of the bag.
In this post we will give you some technical details about SFrame, how it is better than PERC’s double in terms of overhead, and provide a free, open-source working example, with an E2EE ready SFU! Obviously, it is nowhere close to the quality you can get from the full CoSMo E2EME packages, and don’t get me started on the key exchange, but it will illustrate the concept.
If you want to implement End to End Encryption look at https://cosmosoftware.io/products/
This post introduced end-to-end media encryption, and provided corresponding working examples, including an SFU. This is, however, but a piece of the puzzle.
For industrial-strength E2EE, the design of the key management, rotation and distribution is maybe even more important than the media encryption itself. After all, why using an armoured door with the most secure lock, if the key is under the mattress and a sign on the door says “the look is under the mattress” There, the most promising technology is MLS. However, with a limit at 50k participant, it might not be enough as-is for naive streaming platforms.