Neither Denied nor Exposed: Fixing WebRTC Privacy Leaks

To establish peer-to-peer connections and achieve realtime web-based communication, the WebRTC framework requires address information of the communicating peers. This means that users behind, say, NAT or firewalls normally rely on the ICE framework for the sake of negotiating information about the connection and media transferring. This typically involves STUN/TURN servers, which assist the peers discover each other's IP:port from a public perspective, and relay traffic if direct connection fails. Nevertheless, this IP:port private information can be easily captured by anyone who owns the corresponding STUN/TURN server. While this is acceptable for a user that deliberately initiates a WebRTC connection, it becomes a worrisome privacy issue for those being unaware that such a connection is attempted. Even though this problem is known in the related literature, no practical solution has been proposed so far. To this end, and for the sake of detecting and preventing in realtime the execution of STUN/TURN clandestine, privacy-invading requests, we introduce two different kinds of solutions (a) a browser extension, and (b) an HTTP gateway, implemented in both C++ and Golang. Both solutions detect any WebRTC API call before it happens and inform accordingly the end-user about the webpage's intentions. We meticulously evaluate the proposed schemes in terms of performance and demonstrate that even in the worst case, the latency introduced is tolerable.

FAKIS Alexandros;  KAROPOULOS Georgios;  KAMPOURAKIS Georgios; 

2020-05-25

Multidisciplinary Digital Publishing Institute (MDPI)

JRC120412

1999-5903 (online),   

https://www.mdpi.com/1999-5903/12/5/92,    https://publications.jrc.ec.europa.eu/repository/handle/JRC120412,   

10.3390/fi12050092 (online),