Secure Multimedia Communication
in Smart Devices
Reinforced by using One-Time Keys
Ömer Mert Candan
CS & Engineering, MSc. Thesis, 2017
Thesis Jury
Prof. Albert Levi (Thesis Supervisor)
Asst. Prof. Cengiz Toğay (Thesis Co-supervisor)
Assoc. Prof. Selim Balcısoy
Asst. Prof. Kamer Kaya
Prof. Erkay Savaş
Date & Time: 27th, July 2017 – 13:30 PM
Place: FENS 1040
Keywords : one-time key, multimedia communication, smart card, hash chain, security
Abstract
Recently, smart devices have become more and more prevalent in the daily life. The spread of these devices introduced various use cases; however, communication has always been their primary functionality. With the development of WebRTC (Web Real-Time Communication) and the availability of this technology on smart devices, applications offering real-time multimedia communication features will become more pervasive. Though WebRTC presents a promising set of standards and interfaces for the task of carrying data from one end to another, there are security issues that are left in the hands of the application developers. In this thesis, we aim to achieve secure multimedia communication by tackling the key generation and distribution issue of WebRTC platform using a smart card for secure storage and operations. We tested different cryptographic algorithms on smart cards, and resultantly we designed a mechanism based on hash chains. This mechanism allowed synchronous generation of keys at both sides. The mechanism was implemented and tested on different brands of Java Cards. The results of the tests indicate that it is possible to produce a key under one-second time. In addition, the results were analyzed to optimize generation times of particular keys by adjusting chain length parameter of the mechanism. Consequently, the key generation method was integrated into Media Security Platform of Netaş Telecommunications A.Ş., which is based on WebRTC. The integration was performed under the guidance of a signaling scheme drafted for the message traffic for the key agreement. In conclusion, the successful integration and better results indicate an improvement over previously used public key system.