Abstract
Chord is an efficient and well-known way to create an overlay for a structured peer-to-peer network. We use Chord for a peer-to-peer network built on WebRTC, a set of protocols for direct connections between web browsers. However, Chord lacks mechanisms for authentication and end-to-end confidentiality. Thus, a man-in-the-middle attack could occur when two peers negotiate WebRTC parameters for a direct connection. We solve this security vulnerability with hybrid encryption: Each host generates a unique long-term asynchronous key pair for authentication and short-term asynchronous key pairs to establish synchronous secret keys. With these, peers can exchange WebRTC connection parameters via end-to-end authenticated and encrypted messages over multiple hops and thus establish a direct connection in a secure fashion.
Original language | English |
---|---|
Title of host publication | 2017 International Conference on Computational Science and Computational Intelligence (CSCI) |
Number of pages | 6 |
Publisher | IEEE |
Publication date | 01.12.2017 |
Pages | 19-24 |
ISBN (Print) | 978-1-5386-2653-5 |
ISBN (Electronic) | 978-1-5386-2652-8 |
DOIs | |
Publication status | Published - 01.12.2017 |
Event | 2017 International Conference on Computational Science and Computational Intelligence (CSCI) - Las Vegas, United States Duration: 14.12.2017 → 16.12.2017 |