Browser-based audio application security
Learn how to protect audio applications from potential security risks when using a web browser.
Audio streaming technologies that run on the browser use the WebRTC standard. Secure Real Time Protocol (SRTP) encryption and additional security standards are required for all WebRTC sessions. Creating and establishing unencrypted connections is not permitted in WebRTC, enforced by the Internet Engineering Task Force (IETF) standards.
WebRTC security has three required WebRTC encryption specifications: Secure Real Time Protocol (SRTP), secure encryption key exchange, and secure signaling. These three protocols ensure that all data is encrypted when sent through WebRTC. The protocols protect the encryption keys, and additionally ensure a secure web server connection. All of these encryption specifications are mandatory for every WebRTC session.
Together, these three specifications form the secure protocol layer for communications over WebRTC.
Further, the SRTP (Secure Real-time Transport Protocol) encrypts all data sent through the communication channel. This protects your WebRTC connection from man-in-the-middle attacks. The protocol for secure encryption key exchange is DTLS-SRTP, which requires that the encryption keys are transmitted directly via peer to peer. No other encryption key exchange protocols are permitted and are in fact explicitly forbidden in WebRTC communications: because other exchange protocols are not secure enough.
WebRTC encryption is designed to protect your WebRTC communication and media sessions.