A practical key agreement scheme for videoconferencing


TOĞAY C.

MULTIMEDIA TOOLS AND APPLICATIONS, vol.79, pp.23711-23728, 2020 (Peer-Reviewed Journal) identifier identifier

  • Publication Type: Article / Article
  • Volume: 79
  • Publication Date: 2020
  • Doi Number: 10.1007/s11042-020-09136-6
  • Journal Name: MULTIMEDIA TOOLS AND APPLICATIONS
  • Journal Indexes: Science Citation Index Expanded, Scopus, FRANCIS, ABI/INFORM, Applied Science & Technology Source, Compendex, Computer & Applied Sciences, INSPEC, zbMATH
  • Page Numbers: pp.23711-23728

Abstract

Recently, videoconferencing is becoming more and more pervasive as a consequence of new concerns about privacy and security. The media should be encrypted through the utilization of actual encryption algorithms and group key agreement schemes. In this study, a new key agreement scheme based on Java smart cards is proposed and applied on Web-based real-time communication (WebRTC)-based videoconferencing. In WebRTC, symmetric keys are generated using pseudorandom number generators and shared by two standard protocols, namely, Source Description RTCP Packet (SDES) and Datagram Transport Layer Security (DTLS), through a signaling server. In both methods, the key exchange is open to cryptanalytic attacks, and the administrator of the signaling server can compromise media. This qualitative study aims to investigate privacy during WebRTC-based videoconferencing with respect to symmetric encryption algorithm, randomness of the encryption key, overall security strength, key agreement scheme, and time required to start a conversation. Herein, a new key agreement scheme based on Java smart cards is proposed. The scheme utilizes AES-256 algorithm in GCM mode for media encryption. By means of this approach, the set-up time of a conference is reduced to 562 ms (compared to 1754 ms for the RSA-based approach) for 367 users, and the security strength is increased to 256-bit (as against 112-bit for RSA 2048-bit). A secure random key generator for smart cards is utilized for a key generation instead of pseudorandom number generators. The proposed approach also includes a safety mechanism for smart card failures. We utilize the AVISPA (The Automated Validation of Internet Security Protocols and Applications) tool to test the safety of the proposed scheme.