Skip Navigation

Securing a conference’s real-time media

The
BBM Enterprise
Conferencing solution is built upon industry standard WebRTC technology and SFU (Selective Forwarding Unit) model of media server. Not only does this model allow efficient processing, but it also offers greater security of a call because each video and audio stream is individually encrypted with unique, ephemeral, per-session encryption keys. This method of media conferencing achieves a high security standard and differentiates it from other similar solutions.
Specifically, the
BBM Enterprise
Conferencing real-time media negotiation and encryption utilizes an industry standard protocol such as DTLS-SRTP with additional enhancements to provide identity assurance.

Identity assertion during real-time media session establishment

To provide mutual identity assurance between a participant and media server and to prevent MITM (man-in-the-middle) attacks, the BBM Enterprise Conferencing server is used as a trusted proxy for the exchange of DTLS fingerprints of both parties, generated during DTLS channel establishment as per RFC5763.

Real-time encryption

AES-128 in CM mode with HMAC-SHA1-80 (BBM Enterprise app,
Google Chrome
,
Safari
,
Chromium
based
Microsoft Edge
and other
Chromium
based browsers) or AES-128 in GCM mode with HMAC-SHA1-80 (
Mozilla Firefox
).

Real-time media stream encryption

As per the SRTP specification, each uplink and downlink video stream is encoded using unique keys exchanged between a given participant and the media server. The solution allows up to four downlink video streams per conference session, for efficiency and bandwidth preservation. Downlink audio from multiple participants is mixed into one stream for efficiency and optimization purposes.