Abstract
Chord is an efficient and well-known way to create an overlay for a structured peer-to-peer network. We use Chord for a peer-to-peer network built on WebRTC, a set of protocols for direct connections between web browsers. However, Chord lacks mechanisms for authentication and end-to-end confidentiality. Thus, a man-in-the-middle attack could occur when two peers negotiate WebRTC parameters for a direct connection. We solve this security vulnerability with hybrid encryption: Each host generates a unique long-term asynchronous key pair for authentication and short-term asynchronous key pairs to establish synchronous secret keys. With these, peers can exchange WebRTC connection parameters via end-to-end authenticated and encrypted messages over multiple hops and thus establish a direct connection in a secure fashion.
Originalsprache | Englisch |
---|---|
Titel | 2017 International Conference on Computational Science and Computational Intelligence (CSCI) |
Seitenumfang | 6 |
Herausgeber (Verlag) | IEEE |
Erscheinungsdatum | 01.12.2017 |
Seiten | 19-24 |
ISBN (Print) | 978-1-5386-2653-5 |
ISBN (elektronisch) | 978-1-5386-2652-8 |
DOIs | |
Publikationsstatus | Veröffentlicht - 01.12.2017 |
Veranstaltung | 2017 International Conference on Computational Science and Computational Intelligence (CSCI) - Las Vegas, USA / Vereinigte Staaten Dauer: 14.12.2017 → 16.12.2017 |