Recent events have highlighted the importance of secure video meetings. Yet, delivering the required level of security is quite challenging. 8x8 Jitsi as a Service provides protection by using ephemeral rooms and passwords, so no one undesirable can join your meetings. Additionally, all information sent on the network is strongly encrypted using DTLS-SRTP so that should anyone intercept it, they will not be able to understand it.
To complete the security picture, DTLS-SRTP in WebRTC is strictly tied to a PeerConnection which means that, when using a video router, WebRTC and DTLS-SRTP can only provide hop-by-hop encryption. In such scenarios, 8x8 Jitsi as a service ends up establishing as many encrypted channels as there are participants. This is what protects all data on the network. In order for media from one participant to reach another however, it needs to be extracted from the sender’s crypto context and re-encrypted with the receiver’s.
The need to decrypt information while it traverses a video bridge technically provides whoever controls the video bridge machine with an opportunity to access the data enabling them to hear and see everyone on the meeting.
IETF’s PERC working group (Privacy Enhanced RTP Conferencing) developed a transport design that provides a path to end-to-end encryption (e2ee) in WebRTC conferences. The idea is that rather than try and tweak the existing DTLS-SRTP implementation, conferences can simply add the additional layer of e2e protection on top of the existing one.
To bring it to life, the Google WebRTC team added a new feature to the Chromium ecosystem known as Insertable Streams. The feature provides WebRTC apps with access to audio and video frames after they have been encoded but before they have been sent on the network.
The processes and controls protecting 8x8 Jitsi as a Service are fully NIST 800-53 and ISO 27001 compliant. We rely on multiple accredited third party firms to assess our controls and processes and then recommend enhancements that we roll into our continuous improvement process.
Browsers with support for insertable streams. Currently, this means any browser based on Chromium 83 and above, including Microsoft Edge, Google Chrome, Brave, and Opera.
