Secure videoconferencing system
TuX++ : Matěj Plch, Lukáš Toldy, Maroš Valter
PB173, fall 2014
Purpose
- provide communication to users
- be secure against 3-letter organizations
Characteristics of the system
- simple
- secure
- server can't see user communication
- Weak passwords? Let's just have no passwords!
Architecture
No CA
- certification authorities are problematic IRL
- web-of-trust works just fine
Server
- communication with server protected by SSL
- provides
- list of available users
- public keys of other users
- negotiation of connection between users
- doesn't see inside communicated user data
Client
- each user owns pair of keys
- public keys provided to server
- login by challenge-response protocol using user's public key
- communication realized as P2P
- server won't see data or used encryption key