Chord is an efficient and well-known way to create an overlay for a structured peer-to-peer network. We use Chord for a peer-to-peer network built on WebRTC, a set of protocols for direct connections between web browsers. However, Chord lacks mechanisms for authentication and end-to-end confidentiality. Thus, a man-in-the-middle attack could occur when two peers negotiate WebRTC parameters for a direct connection. We solve this security vulnerability with hybrid encryption: Each host generates a unique long-term asynchronous key pair for authentication and short-term asynchronous key pairs to establish synchronous secret keys. With these, peers can exchange WebRTC connection parameters via end-to-end authenticated and encrypted messages over multiple hops and thus establish a direct connection in a secure fashion.
|Title of host publication||2017 International Conference on Computational Science and Computational Intelligence (CSCI)|
|Number of pages||6|
|Publication status||Published - 01.12.2017|
|Event||2017 International Conference on Computational Science and Computational Intelligence (CSCI) - Las Vegas, United States|
Duration: 14.12.2017 → 16.12.2017