Title: WebRTC security measures and weaknesses

Authors: Ben Feher; Lior Sidi; Asaf Shabtai; Rami Puzis; Leonardas Marozas

Addresses: Faculty of Engineering Sciences, Department of Software and Information Systems Engineering, Ben-Gurion University of the Negev, P.O. Box 653, Beer-Sheva, 84105, Israel ' Faculty of Engineering Sciences, Department of Software and Information Systems Engineering, Ben-Gurion University of the Negev, P.O. Box 653, Beer-Sheva, 84105, Israel ' Faculty of Engineering Sciences, Department of Software and Information Systems Engineering, Ben-Gurion University of the Negev, P.O. Box 653, Beer-Sheva, 84105, Israel ' Faculty of Engineering Sciences, Department of Software and Information Systems Engineering, Ben-Gurion University of the Negev, P.O. Box 653, Beer-Sheva, 84105, Israel ' Faculty of Engineering Sciences, Department of Software and Information Systems Engineering, Ben-Gurion University of the Negev, P.O. Box 653, Beer-Sheva, 84105, Israel

Abstract: WebRTC is a technology that enables real-time communication between web browsers for information streaming, including text, sound or direct data transfer. WebRTC is supported by all major browsers and has a flexible underlying infrastructure. In this study, we review current state of WebRTC and analyse security shortcomings during acts of communication disruption, modification, and eavesdropping. In addition, we examine WebRTC security in experimental scenarios.

Keywords: web real-time communication; WebRTC; DTLS-SRTP; signalling; peer-to-peer; P2P; real-time communication; security.

DOI: 10.1504/IJITST.2018.092138

International Journal of Internet Technology and Secured Transactions, 2018 Vol.8 No.1, pp.78 - 102

Received: 17 Feb 2017
Accepted: 31 Aug 2017

Published online: 23 May 2018 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article