KӃt luұn
ĈӅ WjLÿmWKӵc hiӋQÿѭӧc viӋc mô phӓng cuӝc gӑi hӝi nghӏ trӵc tuyӃn vӟi kiӃn trúc thông dөng hiӋn tҥi Vӟi mөFWLrXÿѭӧFÿӅ UDEDQÿҫu, luұQYăQÿmWKӵc hiӋn tích hӧp PmKyDÿҫu cuӕLÿӇ bҧo vӋ WtQKULrQJWѭFӫa cuӝc hӝi nghӏ trӵc tuyӃn
Bên cҥQKÿyÿӅ WjLFNJQJÿmWtFKKӧp ӭng dөng vӟi hӋ thӕng xác thӵFQJѭӡi dùng, giúp giҧi quyӃt mӝt sӕ SKѭѫQJSKiS[kPQKұp cӫa tin tһc Ngoài ra, luұQYăQFNJQJÿm tiӃQKjQKÿRÿҥc, tính toán chҩWOѭӧng dӏch vө cӫa hӝi nghӏ trӵc tuyӃn, ÿҧm bҧRÿѭӧc trҧi nghiӋm cӫDQJѭӡLGQJÿӕi vӟi ӭng dөng.
ѬXYjQKѭӧFÿLӇm cӫa luұQYăQ
HӋ thӕng có tính ӭng dөng cao vӅ mһWêWѭӣng và áp dөng, phù hӧp vӟi nhiӅu kiӃn trúc cӫa ӭng dөng hӝi nghӏ trӵc tuyӃn Ngoài ra, luұQYăQFNJQJ[HP[pWPӝt sӕ SKѭѫQJ pháp mà hӋ thӕng có thӇ bӏ tҩn công, tӯ ÿyÿѭDUDJLҧi pháp cө thӇ giúp giҧi quyӃt mӝt sӕ vҩQÿӅ quyӅQULrQJWѭÿDQJFҩp bách trong thӡi COVID-19 hiӋn tҥi LuұQYăQFNJQJ tính toán chҩWOѭӧng dӏch vө và so sánh vӟi tiêu chuҭQÿiQJWLQFұy, tӯ ÿyJL~SQJѭӡi GQJÿѭӧc bҧo vӋ WtQKULrQJWѭQKѭQJYүn sӱ dөng tӕt các chӭFQăQJFӫa ӭng dөng
Tuy mô hình có tính ӭng dөQJFDRQKѭQJYүn còn mӝt sӕ hҥn chӃ QKѭOXұQYăQ không phân tích hӃt tҩt cҧ SKѭѫQJWKӭc xâm nhұp hӋ thӕng cӫa kҿ WkQF{QJFNJQJQKѭ NK{QJÿLVkXYjRFiFEѭӟc cө thӇ kҿ xâm nhұp tҩn công hӋ thӕng Ngoài ra, vì tính chҩt cӫa hӋ thӕng, ӭng dөng hiӋn tҥi chӍ hӛ trӧ trình duyӋt Chrome và khó mӣ rӝng quy mô khi có nhiӅXQJѭӡi cùng sӱ dөng hӋ thӕng
Bên cҥQKÿyKӋ thӕQJFNJQJNK{QJWKӇ tránh khӓi mӝt sӕ JLiQÿRҥn trong hình ҧnh và âm thanh khi roomKey bӏ WKD\ÿәi, gây không thoҧi mái vӟLQJѭӡi dùng Các yӃu tӕ P{LWUѭӡQJNKiFQKѭÿѭӡng truyӅn, tӕFÿӝ xӱ lý cӫDPi\ôYүQFKѭDÿѭӧc xem xột hoàn chӍnh
KiӃn nghӏ
Mô hình ӭng dөQJÿѭDUDFiFWKLӃt kӃ khái niӋm cӫa viӋFPmKyDÿҫu cuӕi tích hӧp xác thӵFQJѭӡi dùng, các nӅn tҧng hӝi nghӏ trӵc tuyӃn hiӋn tҥi có thӇ ӭng dөng giҧi pháp ÿӇ WăQg thêm khҧ QăQJEҧo mұt cӫa hӋ thӕng Bên cҥQKÿyÿӇ ÿҧm bҧo chҩWOѭӧng cӫa ӭng dөQJÿѭӧc әQÿӏnh, cҫn nghiên cӭu thêm các yӃu tӕ P{LWUѭӡQJFNJQJQKѭFiF\Ӄu tӕ ngүXQKLrQOjPSKiWVLQKWiFÿӝng vào hӋ thӕng khi sӱ dөng Ngoài ra, cҫn xem xét thêm nhiӅu cách tҩQF{QJNKiFÿӇ WăQJFѭӡng an toàn trong hӝi nghӏ trӵc tuyӃQÿѭDUD các cҧi tiӃn giúp ӭng dөng hӝi nghӏ trӵc tuyӃQÿѭӧc an toàn và thân thiӋn vӟLQJѭӡi GQJKѫQJL~SQJѭӡLGQJÿҧm bҧo sӵ ULrQJWѭYjJL~SGRDQKQJKLӋSWăQJNKҧ QăQJ cҥnh tranh trong tình hình dӏch bӋnh ngày nay
DANH MӨC CÁC CÔNG TRÌNH KHOA HӐC
1 7UXRQJ1JX\HQ'X\.KDQJ'DQJ7UDQ.KDQKDQG1JX\HQ&RQJ$Q³On Using Cryptographic Technologies in Privacy Protection of Online Conferencing Systems´Communications in Computer and Information Science (CCIS), vol
Tóm tҳt bài báo: Do sӵ phә biӃn rӝng rãi cӫa COVID-19, hӝi nghӏ trӵc tuyӃn trӣ thành ӭng dөng phә biӃn nhҩt kӃt nӕi mӑLQJѭӡi trên toàn thӃ giӟi CuӝFÿXD giӳa các nӅn tҧng vӅ chҩWOѭӧng và tiӋn ích trӣ nên khӕc liӋWKѫQEDRJLӡ hӃt Tuy nhiên, các ӭng dөng hӝi nghӏ ҧo / trӵc tuyӃQQKѭYұy rҩt dӉ bӏ tҩn công Trong sӕ ÿyFiFYҩQÿӅ OLrQTXDQÿӃn quyӅQULrQJWѭFKѭDÿѭӧc coi trӑng, dүQÿӃn vҩQÿӅ xâm phҥm bí mұt và quyӅQULrQJWѭFӫDQJѭӡLGQJ%jLEiRQj\ÿѭӧc thiӃt kӃ ÿӇ cung cҩp mӝt mô hình thӵc dөng áp dөng công nghӋ mұt mã vào hӝi nghӏ trӵc tuyӃQÿӇ bҧo vӋ thông tin cӫDQJѭӡLGQJYjÿҧm bҧo chҩWOѭӧng dӏch vө cӫa hӝi nghӏ trӵc tuyӃn sau khi tích hӧp
On Using Cryptographic Technologies in Privacy Protection of Online
Nguyen Duy Khang Truong 1 , Tran Khanh Dang 1, () , and Cong An Nguyen 2
1 Ho Chi Minh City University of Technology (HCMUT), VNU-HCM, Vietnam
2 Social Insurance, Dong Nai Province, Vietnam {1870568,khanh}@hcmut.edu.vn, sisnetco@gmail.com
Abstract Due to the widespread of COVID-19, online conferencing turns into the most popular application that connects people all over the world The race between platforms in terms of quality and utilities becomes more intense than ever However, such virtual/online conferencing applications are vulnerable to multiple attacks Among them, privacy-related issues have not been taken seriously, leading to the problem of infringing upon users' confidentiality and privacy This paper is designed to provide a pragmatic model that applies cryptography technology to online conferencing to protect useUVả LQIRUPDWLRQ DQG JXDUDQWHH WKH VHUYLFH TXDOLW\ RI WKH RQOLQH conferencing after integration
Keywords: Online Conferencing, privacy protection, End-to-End
Encryption (E2EE), Time-based One Time Password (TOTP)
Nowadays, with the explosion of online conferencing platforms, practical functionalities have become one of the important criteria for businesses to compete with each other However, these practical functionalities turn out that there are a lot of security issues Online conferencing applications are called "privacy disasters" since user's conference data is handled and stored without permission [1]
Many applications now choose Secure Real-time Transport Protocol over Datagram Transport Layer Security (SRTP-DTLS) encryption to protect their online conferences over the end-to-end encryption methods like Teams, Zoom [2,3] In terms of encryption, SRTP-DTLS negotiation occurs between each peer endpoint and the selective forwarding unit (SFU) [4] This means that the SFU has access to unencrypted payloads and can eavesdrop or monitor online conversations This is needed for features like
=RRPảVUHFRUGLQJVHUYHU-side conversations, or for processing streams that need to be transcoded In some conference architectures, to merge the data before broadcasting or translated for a content delivery network, servers need to have the ability to access media data That means users need to trust the SFU or server to keep the stream private +RZHYHULQWHUPVRIVHFXULW\³=HUR-WUXVW´LVDOZD\VWKHEHst way to protect privacy
Thousands of online meeting records have been leaked to the public communication platform [5] These records have information about the meeting as well as information about participants
Besides, "Zoom-bombing" is a popular term during the current pandemic, in which intruders can attack uninvited online meeting rooms through shared links and ID of the conference These intruders can participate in conferences and disrupt meetings or steal confidential information Some automated tools give intruders opportunities to organize a brute-force attack to invade the meeting This evidence shows the vulnerability of the authentication in the online conference In addition, Zoom and several other online conferencing applications have been discovered that did not provide the encryption and privacy features as they claimed [6]
All of the above arguments lead to the consequences of reducing service quality, causing violation to user privacy, impacting customer satisfaction, and thereby, affecting the HQWHUSULVHVả UHSXWDWLRQ ,Q WKLV SDSHU ZH ZDQW WR UHVHDUFK DQG SURSRVH D VXLWDEOH encryption integration model to help to improve the quality of online applications
The objective of this paper is to set in the direction of solving the above problems but still ensures the quality of online conversations Therefore, this paper sets the goals to solve the above issues by applying end-to-end encryption and integrating user authentication After that, we measure some parameters of the call to ensure this solution does not impact the conference quality The scope of work is focusing on the website application of video conferencing, especially Chrome for Windows desktop as a typical test case Some assumptions have been made to limit the scope covered in this paper, specifically as follows: x Encrypted data cannot be decrypted without the appropriate key
60 x The encryption method is secure and cannot be attacked x Other systems such as email systems, etc are not attacked x The network transmission is secure and not attacked
In the scope of online conferencing, researchers focus on developing protocols and applications to increase security when performing online communication, including all aspects that impact the conference system Specifically, network layer security has been studied in [7] This study was extended and demonstrated the effectiveness of the SRTP protocol when using DTLS, thereby ensuring the security of real-time applications when data is moving and routing on the network
Some articles were interested in securing data from the server-side These articles offered suitable encryption algorithms for encrypting the media data when forwarding and storing on the server, especially when applying cloud computing to the system [8]
Focusing on the development and improvement of algorithms, researchers proposed the algorithm to encrypt video format, thereby improving the quality of the video on the transmission network [9]
Modern technologies have been applied to online conferencing, which provides ways to secure information based on the application of the Internet of Things The block-chain model was integrated into the multi-directional data transmission, ensuring security and integrity on the nature of the infrastructure [10]
With client-side security design, the article in [11] offered suitable end-to-end encryption methods and approaches when performing encryption from the client In addition, the strengths and weaknesses of each encryption methodology have been compared when applying encryption to multimedia data Based on this comparison, a suitable methodology has been proposed for conferencing applications [12]
3.1 Time-based One-Time Password (TOTP)
One-time password (OTP) is a password that is valid for only one login session or transaction [13] OTP avoids several shortcomings with static password-based authentication Several implementations also incorporate two-factor authentication by ensuring that the one-time password requires access to a device
However, OTP can be intercepted or rerouted [14], so it might have some solutions to prevent this drawback Various existing approaches for the generation of OTP, including the method of using a hash-based message authentication code (HMAC) This method is to prevent predicting the upcoming OTP, even if the previous OTP has already been obtained