Securing a conference’s real-time media
The
BBM Enterprise
Conferencing solution is built upon industry standard WebRTC technology and SFU (Selective Forwarding Unit) model of media server. Not only does this model allow efficient processing, but it also offers greater security of a call because each video and audio stream is individually encrypted with unique, ephemeral, per-session encryption keys. This method of media conferencing achieves a high security standard and differentiates it from other similar solutions.Specifically, the
BBM Enterprise
Conferencing real-time media negotiation and encryption utilizes an industry standard protocol such as DTLS-SRTP with additional enhancements to provide identity assurance.Identity assertion during real-time media session establishment
To provide mutual identity assurance between a participant and media server and to prevent MITM (man-in-the-middle) attacks, the BBM Enterprise Conferencing server is used as a trusted proxy for the exchange of DTLS fingerprints of both parties, generated during DTLS channel establishment as per RFC5763.
Real-time encryption
AES-128 in CM mode with HMAC-SHA1-80 (BBM Enterprise app,
Google
Chrome
, Safari
, Chromium
based Microsoft Edge
and other Chromium
based browsers) or AES-128 in GCM mode with HMAC-SHA1-80 (Mozilla Firefox
).Real-time media stream encryption
As per the SRTP specification, each uplink and downlink video stream is encoded using unique keys exchanged between a given participant and the media server. The solution allows up to four downlink video streams per conference session, for efficiency and bandwidth preservation. Downlink audio from multiple participants is mixed into one stream for efficiency and optimization purposes.