Abstract
Original language | English |
---|---|
Title of host publication | Proceedings of the Symposium on Applied Computing |
Publisher | Association of Computing Machinery |
Pages | 664-669 |
Publication status | Published - 2017 |
Fingerprint
Cite this
WebRTC: Your Privacy is at Risk. / Reiter, Andreas; Marsalek, Alexander.
Proceedings of the Symposium on Applied Computing. Association of Computing Machinery, 2017. p. 664-669.Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Research › peer-review
}
TY - GEN
T1 - WebRTC: Your Privacy is at Risk
AU - Reiter, Andreas
AU - Marsalek, Alexander
PY - 2017
Y1 - 2017
N2 - New web technologies are changing the way we interact with the web and with applications. They enable a whole new family of applications for desktop systems but also for mobile devices. The specification of HTML5 and related JavaScript APIs paved the way for rich applications backed by web technologies offering a comparable user experience to native interfaces. Web-based real-time communication (We- bRTC) is the next step towards the elimination of current browser limitations. It enables a direct browser-to-browser or device-to-device communication. In this paper, we are targeting the security and privacy implications imposed by this emerging technology. We developed several attacks on WebRTC, compromising user’s security and privacy, as well as the privacy of other devices in the same network. Our evaluation shows that even though WebRTC is based on a solid security basis, user’s privacy and communication se- curity can be compromised due to several design decisions. For each attack, mitigation strategies are defined where the operation and functionality ofWebRTC are still maintained and user’s privacy is protected.
AB - New web technologies are changing the way we interact with the web and with applications. They enable a whole new family of applications for desktop systems but also for mobile devices. The specification of HTML5 and related JavaScript APIs paved the way for rich applications backed by web technologies offering a comparable user experience to native interfaces. Web-based real-time communication (We- bRTC) is the next step towards the elimination of current browser limitations. It enables a direct browser-to-browser or device-to-device communication. In this paper, we are targeting the security and privacy implications imposed by this emerging technology. We developed several attacks on WebRTC, compromising user’s security and privacy, as well as the privacy of other devices in the same network. Our evaluation shows that even though WebRTC is based on a solid security basis, user’s privacy and communication se- curity can be compromised due to several design decisions. For each attack, mitigation strategies are defined where the operation and functionality ofWebRTC are still maintained and user’s privacy is protected.
M3 - Conference contribution
SP - 664
EP - 669
BT - Proceedings of the Symposium on Applied Computing
PB - Association of Computing Machinery
ER -