 Cool. Yeah, no, so I'm Tim Panson. I'm the CTO at Pipe and This is a little bit different in that like everybody else has been super deep techie really kind of This is a little bit more user focused and maybe tiny bit less more aspirational. I don't know anyway So I'm going to show you how to build a simple secure private webcam with WebRTC on a cheap device Because well, why not? So but first but first but first Congratulations WebRTC is five. It's it's actually like I didn't say this enough I always get up here and grumble about things that are missing but actually really it is fantastic We've achieved a big success billions of endpoints high quality good security Standards are nearly there. So it's actually, you know It's something to be pleased about but you know, there are things that could be easier and and they're working on them, but There are still things that could be easier anyway So the feature of the story today for those of you who want a little nap before the The reception is Then you read this and you'll know what I'm doing it's just going to build use WebRTC to build a webcam on a Raspberry Pi and The net result will be there will be no open ports on this webcam. I say webcam. Actually, it's an IP camera It's like a classic mistake everybody makes but I'm just going to keep making it because everyone does So there are no open ports There'll be a minimal central service and they will use no passwords And I will do a brief code walkthrough that you can sleep through so it's fine You're going to DDoS it for me It can still DDoS you but it's not the other way around anyway So How did I get started on this? Well, I'd like a lot of my life. It's kind of accidental. I There was a hackathon challenge a couple of years ago in Paris which The parrot guys were offering quite a nice prize. It was like 600 euros worth of drones for the first person who could make what could control one of their Rolly drones with WebRTC and we kind of Neil and I talked about it and and we didn't do it because we were busy and then nobody else did it So they re-ran the competition two months later and Neil and I looked at each other and said we've got to do this So we sat down and spent about a week and we wrote this thing That controlled one of their Rolly drones over WebRTC And it looked like this and if you can see that diagram. Yeah, probably So it we took the the meet echo Janus Gateway and we embedded We took the plug-in that they had already that handle G streamer and we kind of did stuff to it so that it instead of talking to a file it talked to the AR SDK which comes from from parrot and that generates a stream of Let's you control the drone, but it also generates an MJPEG stream, which we then fed into G streamer pushed up Out into VP8 pushed that back up into the Janus Gateway and then Communicated that out over the web to a WebRTC browser and it actually works surprisingly well I mean wasn't desperately stable But anyway, we won and I now have a drone at home, which I actually don't know what to do with but there you go so the thing is We did this and I published a Blog about it, which you can see the link to there And I got a bunch of people who would email me on a fairly regular basis Can I say we're building something a bit like that like how? How about we use your code? How was this work? Can you help us this kind of stuff? and I had very interesting conversations with them over email and voice and video and whatever and I Realized that actually what we'd built was totally atypical of what you would expect in a real real device And the big thing is It's to do with the fact that I'm an old guy who has who's old enough to have a slash 24 rooted to his house Right, so I have IP addresses to spare. I have public IP addresses to spare And I have a bunch of old stuff lying around so it's no diff not difficult for me to scare up a machine with a you know enough CPU to do the transcoding and Yes, if it gets well, you know, that's kind of thing I do and spinning up a web service no big deal and you know another Wi-Fi card No big deal But when you look at that and you say that's the bill of materials for my IOT gateway It stops making any sense like you can't expect any of those attributes for the gateway to your Washing machine your webcam any of those things that it's just not gonna happen. So What you find is the people who are building these things who talk to me go away and say well, we can't build that architecture That's just not something that practical, which is fine So what you find is the current best practice is it looks a lot like this. It's You root everything through the cloud you take your device you're everything up to the cloud You have a cloud service that does all this and then it roots it back down to the user And there's a variant of that where the cloud service is actually just a VPN. It doesn't have a huge amount of intelligence It just does some validation in terms of Authentication with keys or whatever, but basically that's the kind of classic and this is actually is best practice And the thing is that it's hugely costly for the vendor, right? Because in particularly for something like a webcam, they've got to support five years worth of video streaming They're gonna build that into their budget the bandwidth for five years worth of video streaming And they're gonna run this cloud service for five years or however long they think the life of this devices And you've got a budget for that so it's kind of scary thing to do and then the vendor has to hold all the auth keys Now that doesn't sound like a big burden except that particularly in Europe There are privacy regulation, which means that when they lose them they get slapped with fines So they actually have to have an ongoing defensive strategy to try and Protect the auth keys and what's more all the traffic is going through their service And it's probably not encrypted end-to-end so they're actually they've got a effectively got a webcam into your kids bedroom or whatever And that's kind of that's an expensive thing to to protect yourself You know the lawsuits that you might get if that went wrong quite expensive and The whole thing is completely useless if the cloud service goes down, right cloud service goes down you're done And you end up with a high latency because it's going through the cloud and it may not need to and There's this I mean this is arguable I had a long argument with a guy from as you're about this but but There's an argument particularly with the VPN version of this architecture that once you've broken one of these devices You're actually on the inside of the VPN to some extent and you've probably got an inside track into breaking the rest of them So it's a it's a scary architecture and it's expensive to maintain basically So what you find that that the the IP webcams do is they go the other way They have a local service that runs on the device and Then they use the router They either put the device onto onto the DMZ or use UPNP or somehow expose that Through to the IP they push the IP address up to dine DNS or somewhere like that. So it's findable There can be no certificate on that because it's like it probably doesn't have a domain name And or if it does it's well, it could be a certificate in possibly even with something like let's encrypt you could do it But generally they don't It has a local authentication running on on the device so your password is stored on the device And it works quite well on the land. I mean if you're on the same land you get the best possible performance But and this is the big but the ports are available to hackers. So you then have a device that has to be reasonably secure and There's also the problem that the user has put the password in and What's that or hasn't actually quite often so you end up with something that is got a weak password Or a default password How topical like so this thing right and you know we've actually you're on the wrong coast to have actually felt the pain of this but You know these webcams allegedly were Sufficiently involved in the attack the DDoS attack that the firm was shamed into recalling them Now that's a big moment because that's actual serious money. That's money. It's not just embarrassment It's actual money when you recall stuff Because your suppliers expect you to pay something. I mean, you know, you the people who are selling your your your devices Expect you to repay them the stuff that you've you've taken back So this is starting to become a commercial issue and not just a embarrassment or a security issue So what you actually want is a combination you want a combination such that you've got a Device service on the device That's cheap for the vendor So what you know is you run a little webRTC service on the device, but that it's reachable. It's findable It's it's there's a rendezvous server out on the big wide world sitting in in a cloud And you want to trust that as little as possible So you don't want it to do the oath, but you do want it to do just the kind of finding and joining things up and you want to make it so that You're using, you know ice to get through the router instead of you PMP because it's a much more one-way thing and Then you want to use detail SSRTP because you've then got an end-to-end encrypted thing and the vendor doesn't have to care about where they've got your secrets or not because they haven't and Ideally you want both the passwords and The ports to be closed so that They're less hackable at least you'll never get Perfect, but you can get better. So little history lesson here. Um, I Was involved I did a startup in 16 years ago Doing web security and it's actually just been sold. I got out a while back But it's just been sold to a big UK company And what we learned in that space was very similar, you know, the web original websites were all handcrafted And they were fantastically Insecure and then slowly because there aren't enough security trained engineers and they never will be right And then slowly what happened was that people published solution Solutions in the form of frameworks So you do there would be a framework that had the right security behaviors And if you use the framework then most of the common errors wouldn't happen Because you're using the framework that was reasonably well designed and then you'd have things like best practice guidance And then you'd have testing on the other side. So some of the vendors would have a You know, you you couldn't for example use credit cards on your site unless you passed a PCI test that kind of stuff So you have a level of testing and then what you ends up is you no longer need a security engineer to build this stuff You can use JavaScript engineers and there are many more JavaScript engineers and actually they tend to build Better more usable products in the sense that they're much closer to the user's mindset than the security engineers often are So it's it means that it's a win all round So that informs where I ended up with a pipe I mean, so we do kind of mooch through all this and I realized that actually there was a thing here that needed doing And that actually somebody might pay for So as an example of that I'm going to show you the code to build a See if we can get this into a mode where you can actually see what it's doing Presentation mode gone completely. Oh, there we go, right. So this is 60 lines of HTML and JavaScript, which is a complete webcam so We start off with You need a canvas you need somewhere to put this image at the end so we create a canvas of some size and We also create an image because we're going to store an image somewhere and do some manipulation on it and then Once the page is loaded we need to find out who we are So we go and ask the what actually will become called the pipe SDK, but at the moment it's called Ipsurama for historical reasons And once you know who you are You then go off and do something and what we do is do a little bit of setting up we associate We go and find a graphics context That's associated with this camera element we created down here and We store it and we associate also with the image when the onload comes we'll draw into that context that graphics context So we've done that now we'll go off and talk to the rendezvous server Just open a web socket to the one rendezvous server once we've got a rendezvous server. We go and talk to the Let's say pipe API and say hey, here's a here's your connection to the rendezvous server and this is my identity And then you ask it who are my friends now the nice thing is that my friends are stored locally I'm not asking the rendezvous server who my friends are I have stored them locally in the local DB So I can ask them privately who my friends are and having found this list. I'm not actually Simplification I'm gonna say that I'm gonna speak to the last spoke last one. I added so end of the list because that's you know nice example, so I Mean done that and this is actually the most interesting line in the whole thing having done that we asked the pipe service to create me a link between here and The other guy with the attribute of a camera so what I'm saying is I want to talk to the camera on my Raspberry Pi and Having done that. I'm just going to send it a command which says read So I send it a read command when I get a message back. I'll pause it add a little bit of magic on the front which says that it's a JPEG and set it on the Set it on the image and then I'll go and ask for another one And that's it. That is a webcam So with any luck we can show you that If I can remember how to get out of this mode so So this is it running that page and with any luck. We are going. Yes, we're going to go through And there we go. We have a webcam. So this is very dark webcam somewhere Not Am I on the right? Yeah, I'm on the right. Let's do that again. Let's move this webcam so that it's not actually facing the lights I'm the wrong way up. There we go. Anyway, so we now have Raspberry Pi Doing it should be doing about four or five frames a second But it seems to be they seem to be on different networks So we're getting a bit of round tripping there. But anyway, so we have Have that on the on the webcam So What next? Oh, yes. Yes. Yes little cleanup So, oh, and I can show you what it looks like on the device as well. I think There we go so That's the so there's the Raspberry Pi in focus and I've just Just resetting it there. Okay. Cool. So Back to me, which is I am on That one there we go So so so so So you can see that actually there wasn't very much of that, right? It wasn't a hugely complicated Piece of code that some of you could get a JavaScript engineer to build and build a much better user interface around you much better user experience But actually entirely doable So what was it the other end as I say Raspberry Pi Pi cam the pipe software Which is our own lightweight data channel stack? data channel only stack which is I think less than a quarter of the size of the of the build that would be on arm and and Some scripts to generate the MJ pegs Which are just basically either AV com if you're using a classic webcam or Raspberry Pi vid if you're using the Raspberry Pi But webcam which I am here Now a little side thing there the pie is capable of doing h.264 but In the run-up to this I could not get the STP right like I got the whole of the rest of the stack, right? No problem. Got all that fine. I could not get the right STP incantation last week So it's not working yet. There's no reason why it shouldn't on the pie some devices won't have H.264 encoders on them this one actually does so in theory it should do h.264, but for the moment it doesn't So I said this was a secure thing, but you there wasn't any security in that show it's that bit at all I didn't mention it right and there's a reason for that. I mean our Users actually They generate to x509 rsa 2048 bit sh a 256 self-signed certificates they exchange them securely and They verify them by proximity and they create a persistent Distributed web of trust pki, which is kind of like the resurrected duckling paper, which was written by Ross Anderson And that sounds like a really tedious thing to do But actually it turns out you can do all of that just by scanning a single qr code when you take the box the device out of the Box, so I'll show you that I should add though at this point that This actually works much better on a mobile device than it does on Than it does on here That's not good My camera has not come on What's that bug? I'm not gonna be able to show you this my camera's not come on Let me do that just one more time No, I have a locked camera Yeah, well, so I'll do that at the end. I'll reboot it and do it at the end But I'm I'm not rebooting in the middle of the presentation. That's even I'm not that brave Right. So anyway, it turns out you can just do it by scanning this qr code And it immediately connects you. I will do that in a minute, right? So Um Actually Yes Right I'm gonna do this on a mobile. I have a We have we like a little peril don't we? Little mild peril right So you see there's the qr code and here is my Can you read that? Yeah, there's my phone So we do Claim a new device We show them to each other like that and We're connected that was doing the full pki exchange the whole thing these two now exchange certificates They know irretrievably about each other Right so what that's done is it's created a simple secure Private IOT pairing and transport which isn't just for webcams. You can do other things for there, right? The end the connections are e2 encrypted The author is distributed so each of these devices is its own off server, right? So you're not trusting something in the center and It's and it only just connects with its owners It's using standard web OTC. There's no magic here, right? That's a standard that was in Chrome And there's a minimal untrusted crowdserver you the cloud server you don't have to trust it It doesn't how hold your off keys. It doesn't have a picture of your child's bedroom The traffic is direct where possible because it's webRTC and this is stuff for webRTC does There are no passwords that that all of the auth is done with that key exchange. There's no passwords to set It's a strong auth based around x509 certificate exchange I'd say there are no open ports. It's ice. There are only open ports that on when it's necessary and they're created through ice and The code for this that webcam demo is is on github and pipe slash webcam. Let me put myself back to the To that one There we go. Yeah, so that's where the the code is So the API the magic of the API is really only that it creates a pipe from from one end to the other With a really simple API and the semantics of the pipes depends on the label that you give it So this particular one was just like a camera with mpeg with mjpeg But it could be our logo digital inputs and outputs from an iot device Or it could be a local socket so you could run some service on the device like a you know No js agent or a link to a bluetooth le or something and then it can proxy that up to your web browser You can access local data and you can write stuff to the screen And you can add custom extensions and it works on a beagle bone. It works on a pie It works on the r-ticket works on Edison and he I hope will work on this I haven't tried it on the chip yet, but I now have one so I can try it Anything close beta anyone wants to play with it be really happy to Particularly if you've got a raspberry pi you can just work through the instructions and try it out and see what you think Now I Have one more thing I need to do at this instant Two things actually First one is to turn that off and the other one Is to warn my friend that he's about to get a call okay, so That's all kind of cute and and but it's a little bit small right so this thing is a sculpture by a friend of mine Debbie Davis It's a 15-foot star with 700 le g's in it which are all individually controllable by a beagle bone And we put the pipe of what you see software in it mostly Because you can But actually practically it was kind of interesting because it gets to do remote monitoring right You know I can monitor that thing from my from my home I don't have to try go out to Reno to find out how it's getting on and in fact we had it in We had it in Burning Man as well I can remotely control it which hopefully touch something We'll do in a minute and I could do remote updates So when they built us they built the second one of these they put the stars in slightly different places And there were slightly different numbers of them So the software was wrong So I just remotely updated it from Five and a half thousand miles away, which is kind of fun so let me show you the ability to do So let's see which one so this guy that one there That was the one that went out to Burning Man And it's been sitting in my garden actually most of the summer collecting data from my solar panels So I'm gonna connect to it. It's now it's currently sitting at home On my desk, which is five plus thousand miles away, and I'm querying I'm doing doing about 300 database queries against a local Redis database that's storing That stores the historical data for and actually I'm asking for the whole of the month of June July July So in a second it will have finished that and it'll draw a graph and the point being that You don't have to know what it is you're going to ask the IOT device to get the API right You can just ask it kind of random questions in this case 300 random questions about what the voltage was on a given day as you can see Like there were days where it basically wasn't sunny in England Which is no surprise to anyone so So that but that actually turns out to be really useful, right? You can I can monitor that thing from wherever I am in the world and it's secure It's only going to talk to me. All right, it's not I don't have to log in and use it. It just knows so Now we're going to try and do something dangerous Let us see whether The man in Reno Is in the cold I need to be on Google's Wi-Fi for this to work. This is nerve-racking Right. Well whilst he doesn't answer we'll talk to the Device that's sitting on my wall. So I have the prototype sitting at home So well, let's look at that It's nothing like as pretty as the real thing, but it lets me test the software So There we go. So this is my this is the device sitting that's sitting on my wall at home Twinkling quietly It has about a tenth as many stars as the real device and what we're going to do is I'm going to talk to it from here and I'm going to ask it to change So I can send it a command from here To do its little dance. Oh, no, that's not the one I didn't mean that I Meant So if we click on that, I think we're getting Okay, so we've made a single star light up and it'll go back into its dance mode And again, that's from 6,000 miles away. So let's see if that's Andrew calling Yes, except where is the video? Why have I not got video doing what I wanted how frustrating One more time So why are there we go? Hey, we don't have audio. You're just gonna have to Turn it if you can turn us around and there we go Up a bit Yes, excellent right now so We move him over here. I redo this So let's connect to the correct one Which is that one So this thing is 15 foot high and this goes 700 LEDs and it's sitting in Reno. What's that? couple hundred miles away and I'm controlling it from here With any luck So one of them it's just stopped twinkling and one of those is lit pink and I cannot see which one it is Let's try that again. Anyone see the pink star No, I can't either Let's do that one more time Because we're supposed to be able to make it you see that it's definitely flashing. Yeah, there we go. Yeah, there it is got it Right, so I'm controlling this thing from 400 miles away. Yeah me so One more thing one more thing if we have a volunteer Who would like to make a wish and has an Android phone? They would like to come up and browse to that URL I Can give them access to it. So we got lend borrow semantics So we need a I need a foolish volunteer who will Will come and come and borrow a device Android phone Okay, so if you browse to that I Did actually think about bringing a physical web beacon so you could just like waft near it, but that's that's hard Okay, sorry. We have a we have a winner here. So with any luck I Just need to Hold it steady enough. Hang on. Let me actually let me can I show let people see what's going on because it's like It's otherwise. It's a bit bit confusing. So we'll do this and we'll do That one right so He's got a QR code which I am scanning on my phone or trying to oh Okay, you That's interesting. That's an interesting bug Huh, that's actually not gonna work because the edges are black There's not enough bevel on that That's funny. I Hadn't Okay It won't shrink it's not a bug of my phone. No, no, it's a bug. It's my bug. It's my bug. It's my bug. Whoa That's interesting. That's a good bug. Right. So that didn't work, but That's annoying It's not the size of the screen. The problem is that the black edges. It's not reading the QR because it's not seeing the edge That black edge All right, that'll do that'll do that would have done Okay No, my anyway, so In theory the lend borrow semantics work, but if I built the right web page But actually no, no mine. Okay, good I'm gonna hang up on Andrew because he's sitting in the cold there, but um and thank him Right. So there we go. So thank you for putting out with all that