You raise the issue of using flash in the browser. With the security point of view you find it insecure. It results in time to time pop-ups displaying usage security alerts. Although the security related concerns are more for potential adopters of the technology, moreover you are always asked to follow simple rules to be secure. Like, to keep the plugins and browsers updated, don’t download files that you’re not sure to trust on, avoid opening the email attachments if it seems weird or spam. Actually, these are the basic rules to avoid such intruders to your WebRTC application. But WebRTC is secure and totally encrypted, you just need to be aware of its security.

With the increase in WebRTC apps development, popularity and adoption of WebRTC have crossed miles. It’s quite hard to exactly measure the widespread adoption of WebRTC till now.​

According to MarketsandMarkets report, The WebRTC market is expected to reach $4.5 billion by 2020, amounting to a compound annual growth rate of 51% from 2015 to 2020. When we came across figures, we found that more than 40 mergers and acquisitions took place in 2015 with over $1 billion funding provided to WebRTC-based companies. In 2016, the funding was around three times to 2015 with the figure touching $2.7 billion. The number of mergers and acquisitions were 20.

But, popularity and adoption have raised concerns over security. So, it’s important to know the security issues of WebRTC and understand security protocols.

​For instance, you transferred any media without knowing that it was unencrypted. During the transfer, it got intercepted by the malefactor and other information also got extracted with the unencrypted media. You mainly use real-time applications for making business calls and organizing online business meetings or negotiations. If the same instance occurs while making business calls, you may face a big loss. While communicating using browsers, intruder can see the data you transfer to your colleagues. The possible undesirable consequences caused by insecure connections are avoided by WebRTC protocols.

We’ll help you walk through the security protocols in brief:

End-to-End Encryption - Encryption is a permanent feature and helps browser address all security concerns effectively. Despite any browser, you can be sure that your peer-to-peer connection is safe.

WebRTC SRTP Protocol - The SRTP (Secure Real-time Transport Protocol) guarantee you the secured media channels. When you use WebRTC apps to start calling procedure and send a request to the person SRTP makes sure that the connection is secure with the encryption keys.

It is mainly used in multiplexing media streams. The control congestion features are provided by SRTP. It helps to control the flow and ensures data delivery as expected and on the acceptable level. SRTP also provides you the data integrity protection feature. The feature controls the authenticity of the message and protects its integrity.

WebRTC TLS Features Support - The TLS (Transport Layer Security) provides the client-server application with data transmission protected from unauthorized access. To connect to a server you need to establish a secure connection. To do so, you have to provide a list of supported encryption algorithms, server chooses the most reliable one and informs you.

To authenticate, server sends a digital certificate. You need to check the validity of the certificate. Then, the session keys are generated to ensure connection security. To provide the acceptable level of security, WebRTC uses the DTLS protocol that is based on TLS.

WebRTC DTLS Protocol - The DTLS (Data Transport Layer Security) is used for data transfer security. The purpose of DTLS is to avoid information tampering and eavesdropping. You must be aware of the WebRTC security standards. According to the standards, the transmission done using WebRTC should be secured using DTLS with no exceptions. The protocol works for each browser supporting WebRTC. You don’t require any prior setup or check to see if it works.

This protocol works within each browser that supports WebRTC. It guarantees full encryption with data authentication, message authentication, and asymmetric cryptography methods. The DTLS protocol was designed upon the stream-oriented TLS. And it is also a derivative of SSL (Secure Sockets Layer). Thus, when you use WebRTC applications, you can be sure that all your data is as secure as if you use the SSL based connection.

This shows WebRTC has pretty strong security measures supporting browsers. The security measures start with enforcing encryption on the media. Recently, Google made a strict measure that WebRTC APIs will only run on HTTPS encrypted web pages.

Published On: April 14, 2017​