Upload
tim-panton
View
951
Download
1
Embed Size (px)
Citation preview
@steely_glint - Westhawk Ltd
Ideal Internet of everything
Protocol would beStandardized
Secure
Widely deployed
Peer-to-Peer (NAT traversal)
Realtime
Strong on Identity management
Mobile capable (and smaller)
User-centric
@steely_glint - Westhawk Ltd
RTCweb Protocol is
Standardized
Secure
Widely deployed
Peer-to-Peer (NAT traversal)
Realtime
Strong on Identity management
Mobile capable (and smaller) ?
User-centric
@steely_glint - Westhawk Ltd
What we will build today
Realtime
Authenticated
P2P communication
Between a small device
and a webRTC browser
- using the DataChannel but no passwords.
@steely_glint - Westhawk Ltd
Components we need
WebRTC (datachannel) app in my smartphone
WebRTC (datachannel) embedded in a device
WebRTC service for rendevous
Some sort of pairing
@steely_glint - Westhawk Ltd
Components we will use
Chrome on android (well Mac - for easy AV)
Lightweight stack on device
Simple websockets message hub
(https://github.com/steely-glint/fingersmith)
QRcode pairing
@steely_glint - Westhawk Ltd
Duckling protocol
Described by Ross Anderson in
1990s
Device trusts first thing it sees
We flip this and the device shows
QRcode
Smartphone then calls this address
First to connect claims ownership
https://www.flickr.com/photos/bunnygoth/14021732859/
@steely_glint - Westhawk Ltd
Which address token?
WebRTC has no built in identity so …
Random key
Generated server side (like XMPP anon)
Generated client side and asserted to service
(As in Respoke, Twillio etc)
Exchanged over QR code at ‘hatching’
Stored locally and reused for ‘life’
@steely_glint - Westhawk Ltd
But wait…Full disclosure:
this is such a good idea I filed a patent on it
Whats this fingerprint thing ?
Hash of the x509 cert used in DTLS exchange
Can we use that as an address ?
Yes - it means the duckling can tell that it is mommy calling
and ignore all other distractions.
More on this at IIT RTC conference in October…
@steely_glint - Westhawk Ltd
Javascript walkthrough
Dummy offer to find it at start-up
Phono.sdp.js parse SDP to extract fingerprint
(open source - thanks tropo)
Ipseorama to set up DataChannel
via Fingersmith
generateCertificate + IndexDB to make firefox use
stable identity
@steely_glint - Westhawk Ltd
Device Code options
Javascript
Use google’s webrtc wrapped in node
C/C++
Use Janus codebase etc….
Java
DIY
@steely_glint - Westhawk Ltd
Yep, you guessed it,
I took the Java way.
STUN/TURN/ICE
Ice4j - Jitsi
DTLS
BouncyCastle - Tropo (now Cisco)
SCTP/DCEP
in progress….
@steely_glint - Westhawk Ltd
Demo on Beaglebone
Think of it as an American Pi :-)
Typical of future devices
Small footprint
Low power
Linux
ARM (see Intel Edison)
@steely_glint - Westhawk Ltd
By using webRTC
data channel we haveStandardized
Secure
Widely deployed
Peer-to-Peer (NAT traversal)
Realtime
Strong on Identity management
Mobile capable (and smaller)
User-centric