This blog is about End to End Encryption.
Over the past decade greater adoption of the Cloud has made deploying conferencing solutions easier than ever. The move to the Cloud has been driven by the resulting reduction in workload and expense of not having to deal with the underlying physical machines, Virtual Machines, and Operating Systems. These factors have all lowered the adoption bar. Adding the wide adoption of Web Real Time Communication (WebRTC) protocol by all major browser vendors and the adoption bar is lowered further.
However, with the good news comes security concerns. Data is flowing through thirdparty machines, possibly in a way that is that is not fully encrypted and thus not totally secure.
While WebRTC is encrypted, the encryption only applies on the wire. In other terms, you can be sure your content is safe on peer-to-peer connections. But many services require intermediate (media) servers for scaling, distribution, or other reasons, often leaving your video and audio openly exposed on the server.
Yes, anybody who can access the media server can hear you and see your video just as if they were invited to your videoconference. And as such, the integrity of the information you exchange with your colleagues, investors, and customers… is comprised.
For most, this is unacceptable, and for a few, this is actually against regulations: Banks, MPAA, HIPAA, EU, Telco operators, …
(Do you want fast advice n End to End Encryption contact CoSMo now – use message button on page)
What has been done?
In 2016-2017, a group of the world’s top web engineers and scientists (*) came up withsolutions to achieve true end-to-end encryption, providing solutions that prevent the media passing through a third-party Media Server for ever being accessed – thus achieving End to End Encryption (E2EE).
(*) Privacy Enhanced RTP Conferencing, PERC in short, is a Working Group at the Internet Engineering Task Force (IETF). PERC has been responsible for creating E2EE protocols.
End to End Encryption Case Study – Symphony
Symphony (www.symphony.com) provides amongst other services a Secure Enterprise Collaboration Platform to Banks, Governments, and Institutions. Customers include BlackRock, Citi, JPMorgan, Morgan Stanley, HSBC and many more.
Historically the technical and communications network of Symphony Clients have not been friendly to the concept of Real Time Communications (RTC), yet Symphony wanted to adopt – and reap the benefits from – WebRTC. This presented a difficulty: Symphony clients demanded full E2EE.
Symphony and CoSMo
To achieve in the cloud the level of security required by Symphony in their highly regulated sector (end-to-end encryption of content and recording), Symphony contacted CoSMo to design a fully secured infrastructure and implement double media encryption for real-time audio/video using PERC. This solution has been developed to make a commercially available solution used by many major banks in the world.
What’s coming next ?
In 2019, CoSMo co-designed with Google a more performant technology to achieve true end-to-end media encryption for real-time content, known as S-frame. “SFrame is simultaneously more efficient, more flexible, more compatible and more deployable than PERC” summarized Bernard Aboba, Principal Architect for Skype/Teams at Microsoft.
Being used in production in Google Duo and some of CoSMo customers for more almost 2 years, S-frame is now being targeted by IETF as the future standard for E2EE.
Also at Cisco: “We are considering [implementing S-frame] for some projects at Cisco” Richard Barnes, Chief Security Architect for Collaboration, Cisco.
With recent headlines on security issues over videoconferencing, this is more than ever the hot topic followed by many.
Is WebRTC End to End Encryption Commercially available to other companies than Symphony?
A full WebRTC E2E Encryption package is available from CoSMo Software Pte Ltd using PERC or S-Frame.
Find more information here