Securing Peer-to-Peer Connections

How Flottform Uses AES-GCM To Protect Your Connection
Published on 2025-03-05

Hello everyone!

When we set out to develop Flottform for peer-to-peer (P2P) data exchange, we knew security had to be a top priority. After all, the signaling server connecting the two devices temporarily holds sensitive data like ICE candidates and session details. Leaving that information in plain text is not ideal.

In our quest to protect our users, we explored various encryption methods. We considered both symmetric and asymmetric approaches, and today we're excited to share why we chose symmetric encryption AES-GCM (Advanced Encryption Standard in Galois/Counter Mode) with a key shared in the URL fragment.

Why Encrypt Data on the Signaling Server?

Even though the signaling server isn't handling your actual media streams, it plays a critical role in establishing a secure P2P connection. Without proper encryption, sensitive data stored temporarily on the server could be vulnerable to tampering or interception. That's why it's essential to ensure that signaling information is secured before it even leaves your device.

In short, encryption helps to:

  • Protect Confidentiality: Prevent unauthorized parties from reading session details.
  • Ensure Data Integrity: Detect any tampering with the data, thanks to features like authentication tags provided by the symmetric encryption method AES-GCM.
  • Limit Exposure: Even if intercepted, the encrypted data is useless without the key.

Innovative Solutions, Delivered by compose.us

At compose.us, our experienced developers turn your ideas into innovative solutions.

Launch your next project with us.

View Our Portfolio
Team

Exploring Our Encryption Options

Symmetric Encryption (AES-GCM)

In symmetric encryption, the same key is used for encryption and decryption.

How does it Work?

  1. Key Generation: A secure, random key is generated using the Web Crypto API.
  2. Key Sharing: The key is shared between peers by embedding it in the URL fragment.
  3. Data Encryption/Decryption: Both parties use the same key to encrypt and decrypt the signaling data.

Advantages

  • Simplicity & Efficiency: Implementation is straightforward using Web Crypto API., which keeps the processing overhead low.
  • Data Integrity: AES-GCM not only encrypts data but also adds an authentication tag to detect tampering.
  • URL Fragment Key Sharing: This ensures that the signaling server does not know about the encrypted key that the clients/peers share between each other.

Disadvantages

  • No Sender Authentication: Since both parties share the same key, it's not possible to verify which party sent a particular message.
  • Key Exposure Risk: If an attacker gains access to the URL (e.g., via a compromised device or through insecure sharing), they can potentially decrypt the data.

Symmetric Encryption in combination with a Key Agreement Protocol (ECDH + AES-GCM)

We use Elliptic Curve Diffie-Hellman (ECDH) key exchange to derive a shared secret, then both peers will use it for symmetric encryption.

How does it Work?

  1. Key Exchange: The peers use the key agreement protocol ECDH to derive a shared secret.
  2. Data Encryption/Decryption: The derived secret is then used with AES-GCM to encrypt and decrypt the data.

Advantages

  • Enhanced Security in Key Exchange: The key is never directly transmitted, which reduces the risk of interception.
  • Data Integrity: AES-GCM not only encrypts data but also adds an authentication tag to detect tampering.

Disadvantages

  • Performance Overhead: The process of generating key pairs and deriving the shared secret requires additional computational resources.
  • No Built-In Sender Authentication: Like the first encryption option, it still does not inherently prove the sender's identity.

Why We Chose Symmetric Encryption

After weighing both methods, we opted for symmetric encryption using AES-GCM for the following reasons:

  • Ease of Implementation: The symmetric approach is simpler to set up using the Web Crypto API, which is particularly important for a real-time application where performance is critical.
  • Enhanced Security Measures: While symmetric encryption does not inherently offer sender authentication, we mitigate this risk by implementing additional security layers. Specifically, we use an extra hostKey and clientKey on the server, which are distributed to clients by the signaling server. This setup ensures that only authenticated entities can engage in the communication process, combining confidentiality, data integrity, and a robust mechanism to counteract the lack of built-in sender authentication.

Implementation in a Nutshell

Key Generation

The host generates a secure, random symmetric key using the Web Crypto API.

async function generateKey(): Promise<CryptoKey> {
	return await crypto.subtle.generateKey(
		{
			name: 'AES-GCM',
			length: 256
		},
		true, // extractable
		['encrypt', 'decrypt']
	);
}
generateKey function

Key Sharing

The key is embedded in the URL fragment (e.g., https://yourapp.com#key=abc ), ensuring that it is never sent to the server. But first, it has to be transformed from a Crypto Key to an encryption key

async function cryptoKeyToEncryptionKey(key: CryptoKey) {
	// CryptoKey --> Exported bytes of the cryptoKey (i.e. the encryption key)
	return (await crypto.subtle.exportKey('jwk', key)).k;
}
cryptoKeyToEncryptionKey function

Client-Side Extraction

When a peer accesses the shared URL, the key is extracted from the URL fragment and is transformed back into a Crypto Key.

async function encryptionKeyToCryptoKey(encryptionKey: string) {
	// Create a complete JWK object structure
	const jwk = {
		kty: 'oct',
		k: encryptionKey,
		alg: 'A256GCM',
		ext: true,
		key_ops: ['encrypt', 'decrypt']
	};

	// Import the complete JWK
	return await crypto.subtle.importKey(
		'jwk',
		jwk,
		{
			name: 'AES-GCM',
			length: 256
		},
		true, // extractable
		['encrypt', 'decrypt']
	);
}
encryptionKeyToCryptoKey function

Encryption/Decryption

  • Encryption: Before sending the data (session details, ICE candidates) to the signaling server, it is encrypted using AES-GCM.
  • Decryption: Upon receipt, the data is decrypted using the same key. The built-in authentication tag of AES-GCM ensures that any tampering is immediately detected.

Conclusion

For Flottform, securing the signaling data is paramount. By encrypting session information stored on the signaling server, we protect sensitive details from unauthorized access and tampering. Although both encryption methods have their merits, the first approach using AES-GCM was chosen for its simplicity and efficiency. This choice meets our goal of providing robust security while maintaining a seamless user experience.

By following these design principles, our solution ensures that peer-to-peer connections are both secure and user-friendly, ultimately providing a solid foundation for secure file and text exchanges.

If you have feedback, ideas, or just want to share how you're using Flottform, connect with us on LinkedIn or Twitter / X . Your feedback helps shape our future developments.

Cheers,

Tamara Tamara and Jörn Jörn and Nidhal Nidhal

Newsletter Signup

Do you want to be notified when you can use Flottform yourself? Do you want to receive an e-mail whenever we post updates? Send an e-mail to newsletter@flottform.io to subscribe!

Subscribe me!