MSc. Thesis Defense:Ömer Mert Candan

MSc. Thesis Defense:Ömer Mert Candan

LISTEN

Secure Multimedia Communication

 in Smart Devices

Reinforced by using One-Time Keys

 

 

Ömer Mert Candan
CS & Engineering, MSc. Thesis, 2017

 

Thesis Jury

Prof. Albert Levi (Thesis Supervisor)

Asst. Prof. Cengiz Toğay (Thesis Co-supervisor)

Assoc. Prof. Selim Balcısoy

Asst. Prof. Kamer Kaya

Prof. Erkay Savaş

 

 

Date & Time: 27th, July 2017 –  13:30 PM

Place: FENS 1040

Keywords : one-time key, multimedia communication, smart card, hash chain, security

 

Abstract

 

 

Recently, smart devices have become more and more prevalent in the daily life. The spread of these devices introduced various use cases; however, communication has always been their primary functionality. With the development of WebRTC (Web Real-Time Communication) and the availability of this technology on smart devices, applications offering real-time multimedia communication features will become more pervasive. Though WebRTC presents a promising set of standards and interfaces for the task of carrying data from one end to another, there are security issues that are left in the hands of the application developers. In this thesis, we aim to achieve secure multimedia communication by tackling the key generation and distribution issue of WebRTC platform using a smart card for secure storage and operations. We tested different cryptographic algorithms on smart cards, and resultantly we designed a mechanism based on hash chains. This mechanism allowed synchronous generation of keys at both sides. The mechanism was implemented and tested on different brands of Java Cards. The results of the tests indicate that it is possible to produce a key under one-second time. In addition, the results were analyzed to optimize generation times of particular keys by adjusting chain length parameter of the mechanism. Consequently, the key generation method was integrated into Media Security Platform of Netaş Telecommunications A.Ş., which is based on WebRTC. The integration was performed under the guidance of a signaling scheme drafted for the message traffic for the key agreement. In conclusion, the successful integration and better results indicate an improvement over previously used public key system.