How to make E2E data encryption for group conference

kimmerya89 · February 21, 2021, 12:52am

Security is the most important part of messaging or video conference applications. I am searching if end-to-end encryption is possible for such applications.

As far as I know endtoend encryption is performed between two endpoints ? And jitsi documented E2E encryption likr below.

"Jitsi meetings in general operate in 2 ways: peer-to-peer (P2P) or via the Jitsi Videobridge (JVB). This is transparent to the user. P2P mode is only used for 1-to-1 meetings. In this case, audio and video are encrypted using DTLS-SRTP all the way from the sender to the receiver, even if they traverse network components like TURN servers.

In the case of multiparty meetings all audio and video traffic is still encrypted on the network (again, using DTLS-SRTP). This outer layer of DTLS-SRTP encryption is removed while packets are traversing Jitsi Videobridge; however they are never stored to any persistent storage and only live in memory while being routed to other participants in the meeting.

It is very important to note that when packets are also end-to-end encrypted, this second layer of encryption is never removed (nor can it be)"

Is there a method for e2e encryption for multiparty call in terms of video conference there are more than 2 individials? Did anyone already implement before and how ?

I have two interrelated questions if it is possible:

How will end-to-end encryption impact meeting quality and performance? Of course, the recommended solution should ensure acceptable performance.
In accordance with the above question, how will this impact clients (mobile, desktop, web clients)?

Regards,

Arthur

Freddie · February 21, 2021, 1:56am

E2E encryption for group calls is already implemented in Jitsi. The only ‘absolute’ E2E encryption you can hope for is one that bypasses the bridge altogether. This happens in P2P calls. For group calls though, the Jitsi model right now is light years ahead of others. You turn on encryption and the bridge is blind to your media. There is no data persistence, so once your meeting is over, it’s like it never happened. I’m unaware of any videoconferencing platform out there that offers this level of privacy.

kimmerya89 · February 21, 2021, 11:42am

Hi Freddie.

p2p encryption is ok. But I just wonder how jitsi handles e2ee for multiparty video conference.

In theory in the case of multiparty meetings all audio and video traffic is still encrypted on the network (again, using[ DTLS-SRTP]. This outer layer of DTLS-SRTP encryption is removed while packets are traversing Jitsi Videobridge; however they are never stored to any persistent storage and only live in memory while being routed to other participants in the meeting.

But above solution doesn’t prevent subscribers from man in the middle attack. Actually Implementing end-to-end encryption in a messaging service means that the contents of any given message are only available to you (the sender) and your friend (the intended recipient). Without E2EE, your data may be encrypted while it’s being transmitted to the server, but the server might be able to read it. For example, some service providers might do this to generate ads that are more specific to a user.

So does jitsi offer a solution like above for group video conference ? I with rtp data isn’t decrypted in videobridge so data is not vulnerable to mitm attack.

If possible can you give me more detail. maybe call flow, topology, high or low level design docs.

Best Regards

damencho · February 21, 2021, 6:18pm

E2EE is implemented by double encrypting, the data is being encrypted in the client before being sent to the bridge over the dtls-srtp channel. More info at https://jitsi.org/e2ee/