WebRtcEndpoint: improving establishment connection time IETF 96 - - PowerPoint PPT Presentation

webrtcendpoint improving establishment connection time
SMART_READER_LITE
LIVE PREVIEW

WebRtcEndpoint: improving establishment connection time IETF 96 - - PowerPoint PPT Presentation

Jan 15, 2024 276 likes •385 views

WebRtcEndpoint: improving establishment connection time IETF 96 Hackathon July 16-17, 2016 Berlin, Germany Miguel Pars mparisdiaz@gmail.com Who I am Miguel Pars Software Engineer T elematic Systems Master's Researcher at

slide-1
SLIDE 1

WebRtcEndpoint: improving establishment connection time

July 16-17, 2016 Berlin, Germany

IETF 96 Hackathon Miguel París

mparisdiaz@gmail.com

slide-2
SLIDE 2

2

Who I am

Miguel París

  • Software Engineer
  • T

elematic Systems Master's

  • Researcher at Universidad Rey

Juan Carlos (Madrid, Spain)

  • Kurento real-time responsible
  • mparisdiaz@gmail.com
  • T

witter: @mparisdiaz

slide-3
SLIDE 3

Goals

3

Support ECDSA in Kurento Media Server

[rtcweb] Security architecture: Making ECDSA mandatory

  • https://www.ietf.org/mail-archive/web/rtcweb/current/msg14754.html
  • Verifying DTLS handshake

Chrome – KMS

Firefox – KMS

KMS - KMS

  • Profjling

RSA vs ECDSA

Relate saved CPU to SRTP (protect/unprotect)

slide-4
SLIDE 4

Implementation

4

Use libssl 1.0.2d (OpenSSL)

Generate EC private key

Generate EC parameters from EC group

Generate self-signed certifjcate

  • Add confjguration to use RSA or ECDSA
slide-5
SLIDE 5

Verifying

5

At the beginning it didn't work because we missed the next line, but thanks to David Benjamin's help we could fjx it :D

  • Then everything worked fjne

Chrome – KMS

Firefox – KMS

KMS - KMS

EC_GROUP_set_asn1_flag (group, OPENSSL_EC_NAMED_CURVE);

slide-6
SLIDE 6

Profjling types

6

Only time

Could be indicative

But it is not a good idea for precise comparatives

Depends on the CPU load, locks, number of context switchings, etc.

  • CPU cycles per function

Deterministic measure

callgrind

slide-7
SLIDE 7

Profjling results

7 CPU cycles/call RSA ECDSA KEY GENERATION ~420M (RSA_generate_key) ~250k EC_GROUP_new_by_curve_name (110k) EC_KEY_generate_key (140k) SIGN ~12.9M (RSA_sign) ~400k (ECDSA_sign)

Key generation improvement: ~1680x

Sign improvement: ~32x

slide-8
SLIDE 8

Comparing to SRTP

8 CPU cycles/call RSA –> ECDSA (saving) SRTP audio SRTP video KEY GENERATION ~420M ~9k (150-200 Bytes/packet) ~22k (~1200 Bytes/packet) SIGN ~12.5M Number audio packets Audio seconds Number video packets Video (500kbps) seconds KEY GENERATION ~46.5k ~920 ~19k ~320 SIGN ~1400 ~30 ~570 ~10

slide-9
SLIDE 9

Future work

9

Finish landing this improvements into Kurento Media Server

Update KMS automatic profjling

  • Contribute to GStreamer community

gst-plugins-bad: dtlsenc/dtlsdec elements

Also used by OpenWebRTC (Ericsson)

Code review (Gerrit)

Continuous Integration verifying (Jenkins)

slide-10
SLIDE 10

Thank you

Miguel París mparisdiaz@gmail.com

http://www.kurento.org http://www.github.com/kurento info@kurento.org T witter: @kurentoms

http://www.nubomedia.eu http://www.fj-ware.org http://ec.europa.eu