Follow these best practices for maintaining security in your app.
TokBox recognizes that security is an essential consideration for any business interested in integrating real time communications into its website, app or service. The OpenTok platform is a reliable and secure platform on which you can build applications that meet your company, industry or client security needs.
This page includes the following sections:
Yes, all media traffic is encrypted no matter the endpoint you use (web or mobile) or the session setup you choose (P2P or multiparty). That means that you are safe when using OpenTok solution even if use it in an open public hotspot.
Note that in an upcoming release of Google Chrome, publishing will only be supported on HTTPS pages. See this announcement.
No, we don't believe in proprietary solutions when we talk about security. OpenTok is fully based on proven standards, written by industry experts, and used for years in commercial products. The core protocols providing WebRTC OpenTok security are SRTP for media traffic encryption and DTLS-SRTP for key negotiation, which are defined by the IETF.
OpenTok WebRTC-compatible endpoints use the AES cipher with 128-bit keys to encrypt audio and video, and HMAC-SHA1 to verify data integrity.
AES-256 encryption is available on supported clients for enterprise partners or as an add-on feature.
The endpoints generate random keys at the beginning of the session and in addition they change periodically during the conversation to make it even safer.
No, everything happens under the hood without any interaction with the user.
No, the OpenTok API doesn't change. The OpenTok API does not expose these low-level details to developers.
It has, but very low. It increases the length of each audio and video packet by 8 bytes, but that is less than 1% of the typical bitrate of a OpenTok session. Regarding the delay, the SRTP encryption framework was designed specifically for real-time applications, and the impact is not noticeable at all.
Yes, but the cost of encoding and decoding audio and video is significantly higher than the cost of encrypting and decrypting.
Whether you're new to the OpenTok platform, or have years of experience, here is a useful set of best practices you can employ when developing with OpenTok to help you build a secure application.
In an upcoming release of Google Chrome, publishing will only be supported on HTTPS pages. See this announcement.
The API key and secret are used to create tokens that grant access to sessions, retrieve archive metadata and change archive storage credentials, as well as other administrative operations on your account.
To avoid compromising your credentials, you should always keep your API secret private. Some key measures you can take:
You need to generate a session ID to initiate a call. The tokens that enable the participants to join are unique to a session ID. The tokens have an expiry but it may be longer than the duration of your call. Therefore, if you have consecutive meetings using the same session ID, earlier users may still be able to connect to the new meeting.
To avoid this:
It is important to place the server generating the token behind an authenticated endpoint because anyone with access to that server could end up generating new tokens and could abuse the app to generate usage.
Don't use personal information in token data.
The token data is a string containing metadata describing the connection. However, this data is passed to all users in the session and is also readable through the OpenTok client logs. This means you should never use unencrypted sensitive or personal information in the token data. See this topic on how to add data to your tokens.
During a routed session, media streams are temporarily decrypted while within the OpenTok Platform cloud servers and then immediately re-encrypted prior to being sent through the internet to the subscribing client. This decryption is necessary for managing group sessions, intelligent quality control, and archiving of sessions (if used). Using routed sessions, your media streams are never transmitted unencrypted on the open internet.
However, if your application requires uninterrupted end-to-end encryption of all media, you may choose to use relayed sessions. Be aware that you would not be able to use archiving, and performance will not be managed as well in low bandwidth / high packet loss networks or with groups.
TokBox provides a number of ways to ensure the security of your archived OpenTok sessions.
You can secure your archives in the following ways:
Turn off archive storage fallback — By default, TokBox stores an archive file on OpenTok servers if it was unable to upload the file to your specified Amazon S3 or Microsoft Azure server. To prevent this fallback storage, log in to your TokBox Account, select the project, and set the option to disable archive storage fallback.
Use OpenTok encryption — With encrypted archiving, video and audio data in an OpenTok archive is encrypted using a public key certificate you provide TokBox. This lets you to create OpenTok archives where the data is never at rest in an unencrypted state. Of the available methods of securing your OpenTok archives, this provides the highest level of security. This feature is available to enterprise partners or as an add-on feature. For more information, contact TokBox Sales.
An archive successfully uploaded to your storage will be automatically deleted from the OpenTok archiving server at the time of upload.
In case of failure to upload, OpenTok storage is provided as a default fallback option. This means the archive will be stored for 72 hours on the OpenTok server.
You will be alerted via email for every archive that fails to reach your storage. You can then use the REST API to download the archive from the archive URL.
Following the download, you can choose to immediately delete the archive to avoid it being on the OpenTok storage for the remainder of the fallback period.
To prevent this fallback storage, log in to your TokBox Account, select the project, and set the option to disable archive storage fallback.
See this topic for more information on how to delete an archive.
You can only archive a session using the REST API. To control who can initiate the archive, you can programmatically decide which view of the application includes the option to start archiving. Those unauthorized would have a limited view with no option to archive.
In addition to authenticating your own users, you should also consider a strategy for authorization. Once you know who a user is (authentication), and that they are in fact allowed to start an archive (authorization), you've reduced the risk of any unintended user from causing archives to be recorded.
The minimum set of permissions required to upload archives to our storage is discussed in this topic.
Partners should not provide any additional permissions for the credentials that they store with OpenTok.
In order to have more control over the number of people in a session, your application should limit the maximum number of users in a session. This could be useful if you're trying to limit your usage.
You may also wish to set up a subscriber count to display in your application. This is a useful way of knowing when a connection is subscribing but not publishing.
OpenTok platform provides the capability to remove a user from a session. For example, in case of violation of terms of services, you can enable the moderator in the session to remove the violating participant from the session via force disconnect or force unpublish. See this topic for more information.
In some use cases you may want to limit the number of people who can publish in a session. This is easily implemented by not extending publish permissions to every participant.
See this topic for generating tokens with the right roles.