Photon Voice Encryption

AvikDas
AvikDas
in Photon Voice
In our application, we have rooms of people talking to each other, but the communication shouldn't leak outside of that room, including to external parties who might intercept the network data. I understand with PUN I can secure RPCs using RpcSecure, but what about the voice?

Thanks in advance.

Comments

  • JohnTube
    JohnTube ✭✭✭✭✭
    Hi @AvikDas,

    Thank you for choosing Photon!

    If you want to enable encryption for Photon Voice you need to change the code a bit:

    In "LoadBalancingPeer.cs": 
    public class RaiseEventOptions
{
    // code skipped
    public bool Encrypt; // UNCOMMENT THIS
}
public virtual bool OpRaiseEvent(byte eventCode, object customEventContent, bool sendReliable, RaiseEventOptions raiseEventOptions)
{
       // code skipped
       return this.OpCustom((byte) OperationCode.RaiseEvent, this.opParameters, sendReliable, raiseEventOptions.SequenceChannel, raiseEventOptions.Encrypt); // LAST PARAMETER UPDATED
}
    In "LoadBalancingFrontend.cs": 
    public void SendFrame(object content, int channelId, LocalVoice localVoice)
{                        
       var opt = new LoadBalancing.RaiseEventOptions();
       opt.Encrypt = true; // LINE ADDED
  • AvikDas
    AvikDas
    Thanks so much @JohnTube! This is very helpful! I'm going to test this out on my side and see how it goes.
  • AvikDas
    AvikDas
    @JohnTube: Implementing this change was easy, but how do I check if it's actually working? I've captured network traffic and viewed it using Wireshark, both before and after implementing the change. But, since the protocol isn't fully documented (only the high-level format is, as far as I can tell), I'm not sure if the encryption is working.

    Additonally, I'm not sure what to look out for in the voice data.

    Basically, we want to make sure no sensitive data is being sent unencrypted, specifically the RPC parameters. The fact that RPCs are being made, or the avatar position/rotation data is fine to send. (Also, we'd ideally not send the room name in cleartext either, but that can be worked around). What's the best way to check that this is the case?

    Thanks!
  • JohnTube
    JohnTube ✭✭✭✭✭
    edited June 2017
    Basically, we want to make sure no sensitive data is being sent unencrypted, specifically the RPC parameters. The fact that RPCs are being made, or the avatar position/rotation data is fine to send. (Also, we'd ideally not send the room name in cleartext either, but that can be worked around). What's the best way to check that this is the case?
    I see now! I thought you wanted to encrypt the voice stream/messages! That is what the code changes I suggested are about. But I think that you want to enable encryption for PUN's RPCs. The PhotonNetwork.RpcSecure methods are enough. You can also take a look at this discussion here.
  • AvikDas
    AvikDas
    edited June 2017
    @JohnTube:

    I thought you wanted to encrypt the voice stream/messages!


    I did, and I already used RpcSecure to encrypt the RPCs separately. However, now I want to make sure that the encryption actually had an effect, both for RPCs and for voice (after making the change you suggested above).

    Any way to verify that sensitive information is no longer being sent after using those two mechanisms (RpcSecure and the change you mentioned above)?

    Thanks.
  • JohnTube
    JohnTube ✭✭✭✭✭
    edited June 2017
    Hi @AvikDas,

    Well the wireshark stuff is tricky.

    Theoretically if you try to send same thing twice (once with encryption disabled and once enabled) and identify it (not obvious I know) each time and compare that should do it.
    Maybe easiest thing is to send plain "text" string.
    In any case maybe our internal serialization hides things and make it harder.

    Maybe @Tobias may have an idea here.
  • Tobias
    Tobias admin
    Sending some string in an RPC and tracing it with Wireshark is the simplest way in this case, yes.
    You want to confirm that the encryption is being applied and the only way that "guarantees" that, is to look at the sent data.
    You can simplify matters somewhat by doing a test client which sends the RPC on demand (key-press), so you know when it should show up in Wireshark. Compare it with an unencrypted RPC.
  • AvikDas
    AvikDas
    @Tobias: Thanks for the information. I've been looking at the traffic in Wireshark, and even in the unencrypted case, I wasn't able to pull out the plain strings. Plus, this doesn't help verify the voice encryption.

    For now, I'm happy to trust that the Photon code, when called correctly, will do the right thing. Thanks for all the help!
  • iruan0820
    iruan0820
    Hi,

    I used both PUN classic V1.92 and Photon Voice classic v1.15 in my Unity project. I want to enable encryption for my Photon Voice according to the method provided by JohnTube above. However I found 2 LoadBalancingPeer.cs scripts, one is in "Assets\Plugins\PhotonLoadbalancingApi" and the other is in "Assets\Photon Unity Networking\Plugins\PhotonNetwork", which one should I modify?

    Thanks.
  • JohnTube
    JohnTube ✭✭✭✭✭
    Hi @iruan0820,

    Thank you for choosing Photon!

    No need to modify anything if you want to encrypt voice streams.
    Latest Photon Voice classic version has encryption setting available out-of-the-box.
    In PhotonVoiceSettings component, added to the scene or via code set PhotonVoiceSettings.Instance.Encrypt to true or check/tick it from the inspector.

Cookies,
anyone?

We use cookies and related technologies to enhance your experience, show you personalised content and analyze performance and traffic on our website. By clicking on the „Accept All“ button you consent to the use of non-functional cookies and the subsequent processing of personal data to optimize our website and services as described in more detail in our Privacy and Cookie Policy.

By clicking on the „Customize or Deny all“ button you can decide otherwise. Clicking on the „Customize“ button will take you to a page where you can configure the usage of non-functional cookies (and related technologies) or deny all of them. You can access these settings at any time and also subsequently deselect cookies at any time in the footer area of our website.

ACCEPT ALL

Cookie Overview

We use the following categories of cookies and related technologies to enhance your experience, show you personalized content, and analyze performance and traffic on our website. We respect your right to privacy and accordingly you can chose to not allow some types of cookies (and related technologies). Click on the different category sliders and change our default settings to manage your cookie settings.

For more information on the specific cookies/related technologies we use and on how we use these, please see section 15 E. of our Privacy and Cookie Policy.

ABSOLUTELY NECESSARY

Authentication cookies we use are required to run our services … Cookies are required: Link

FUNCTIONAL AND MARKETING COOKIES

These cookies collect anonymous data and allow us to optimize our website and user experience. These cookies are listed here:

ANALYTICS

Help us to understand how visitors interact with our services, enables us to analyze and improve our services (also through third party analytics).