Presentation is loading. Please wait.

Presentation is loading. Please wait.

TURN for webRTC Dr. Alex Gouaillard CTO, temasys Communications Singapore | Mountain view.

Published byKenna Price Modified over 9 years ago

Similar presentations

Presentation on theme: "TURN for webRTC Dr. Alex Gouaillard CTO, temasys Communications Singapore | Mountain view."— Presentation transcript:

1 TURN for webRTC Dr. Alex Gouaillard CTO, temasys Communications Singapore | Mountain view

2 webRTC – default For connection, NAT and firewall traversal, webRTC supports ICE/STUN/TURN BUT webRTC does NOT include the server/code Statistics show that around 15% of the call need to be relayed in general case, and more in enterprise environement

3 apprtc - the reference implementation by google
Apprtc let you pass a turn server address and password by URL with ts and tp respectively Note: the username needs to be included in ts It is passed as a configuration ot the PeerConnection API and webrtc handles communication with the turn server

4 apprtc - the reference implementation by google
Difficult to automate Credential are in plain text in the Javascript Open to abuses

5 How to make it better Dynamic credential Time limited credentials
Credential are created on demand by the webserver and provided to the webapp Time limited credentials Credential can only be used to connect a certain amount of time This is done using a shared secret between the webserver and the turn server, and by inserting a timestamp in the turn username

6 How to make it better use shared secret to not provide plain text password
2. WebServer computes a temp username: <user>_<timestamp> and the password base64(hmac-sha1(shared_secret, username) WS 3. Webserver serves a page to the user which includes the TURN credentials 5. The TURN server extract the timestamps and checks that the credential did not expire. It computes a password using the shared secret, and check against the password provided by the user. 1. User connects to a webpage 4. Webrtc takes care of the connection with TURN App TS 0. Both webserver and Turn Server are configured with a static shared secret. Turn server is configured with a time limit.

7 limitations Static shared secret (hacking target)
Single TURN server with address hardcoded in the web server (hacking target and no load balancing)

8 Static to Dynamic Shared secret
For higher security, shared secrets are stored in a DB, and can be accessed by external apps. You can revoke shared secrets, add new shared secrets and so on In our case, webserver and turn server need to be synchronized when this happen.

9 Load balancing by CEOD Pools of turn servers depending on location
Each turn server report load and shared secret Each pool as an active turn server accepting users On user request, the webserver fetch the active turn server in the same area as the user, compute credential and embed it in the webpage served to the user.

10 How to make it better COED load balancing
2. Choose pool depending on location, Compute credentials Asia TS 5 WS Always report Active 4 EU 3 TS 1 Active App USA TS TS In asia Active

11 How to make it better CEOD load balancing, the apprtc way
5. Choose pool depending on location, Compute credentials Asia TS 5 2. Gives CEOD URL (and key …) WS COED Always report Active WS apprtc 7 EU 4. Ajax 6 TS 3 1 http Active App USA TS TS In asia Active

Download ppt "TURN for webRTC Dr. Alex Gouaillard CTO, temasys Communications Singapore | Mountain view."

Similar presentations

Inter WISP WLAN roaming

Inter WISP WLAN roaming
Implementing Tableau Server in an Enterprise Environment

Implementing Tableau Server in an Enterprise Environment
Incident Handling & Log Analysis in a Web Driven World Manindra Kishore.

Incident Handling & Log Analysis in a Web Driven World Manindra Kishore.
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Presenter: James Huang Date: Sept. 29, 2014 1.  HTTP and WWW  Bottle Web Framework  Request Routing  Sending Static Files  Handling HTML  HTTP Errors.

Presenter: James Huang Date: Sept. 29,  HTTP and WWW  Bottle Web Framework  Request Routing  Sending Static Files  Handling HTML  HTTP Errors.
Capacity Planning and Predicting Growth for Vista Amy Edwards, Ezra Freeloe and George Hernandez University System of Georgia 2007.

Capacity Planning and Predicting Growth for Vista Amy Edwards, Ezra Freeloe and George Hernandez University System of Georgia 2007.
5 Copyright © 2006, Oracle. All rights reserved. Securing Grid Control.

5 Copyright © 2006, Oracle. All rights reserved. Securing Grid Control.
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.

It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
Electrical and Computer Engineering Vitaly Gordievsky Alex Trefonas Scott Richard Matt Beckford Final Project Review.

Electrical and Computer Engineering Vitaly Gordievsky Alex Trefonas Scott Richard Matt Beckford Final Project Review.
Email Extras Plus! Pepper. Objectives E-mail extra knowledge Cookies Picture handling when creating site.

Extras Plus! Pepper. Objectives extra knowledge Cookies Picture handling when creating site.
Dynamic Web Pages. Web Programming  All our web pages so far have been static pages. 1. We create a web page 2. We upload it to the web server 3. People.

Dynamic Web Pages. Web Programming  All our web pages so far have been static pages. 1. We create a web page 2. We upload it to the web server 3. People.
Design and Implementation of a Server Director Project for the LCCN Lab at the Technion.

Design and Implementation of a Server Director Project for the LCCN Lab at the Technion.
TRIRIGA Anywhere 10.4 Beta Registration Steps

TRIRIGA Anywhere 10.4 Beta Registration Steps
Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.

Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Web Proxy Server Anagh Pathak Jesus Cervantes Henry Tjhen Luis Luna.

Web Proxy Server Anagh Pathak Jesus Cervantes Henry Tjhen Luis Luna.
CLUSTER WEBLOGIC SERVER. 1.Creating clusters and understanding its concept GETTING STARTED.

CLUSTER WEBLOGIC SERVER. 1.Creating clusters and understanding its concept GETTING STARTED.
INTRO TO MAKING A WEBSITE Mark Zhang.  HTML  CSS  Javascript  PHP  MySQL  …That’s a lot of stuff!

INTRO TO MAKING A WEBSITE Mark Zhang.  HTML  CSS  Javascript  PHP  MySQL  …That’s a lot of stuff!
SE-2840 Dr. Mark L. Hornick1 Java Servlet-based web apps Servlet Architecture.

SE-2840 Dr. Mark L. Hornick1 Java Servlet-based web apps Servlet Architecture.
ODBC and JDBC What are they – libraries of function calls that support SQL statements Why do we need them –Provide a way for an application to communicate.

ODBC and JDBC What are they – libraries of function calls that support SQL statements Why do we need them –Provide a way for an application to communicate.

Similar presentations

Ads by Google