Security Best Practices
Security is both critical and essential for building applications. Dolby is committed to building a best-in-class audio/visual communication experience on a reliable and secure platform, and constantly strives to improve product security.
This article describes various aspects of security features and best practices for the Interactivity API platform.
Each application, when created in the Dolby.io dashboard, has an application key (appKey) and a secret (appSecret). The appSecret is sensitive information and you must protect it from unauthorized access. A compromised appSecret can give unauthorized attackers access to everything related to your application, including listening into active conferences, downloading recordings, etc. Currently, you will have to create a new app if you believe the appSecret has been compromised.
The client SDKs provide two mechanisms to authenticate against the service, the initialize and initializeToken methods. The initialize method is provided only for testing the platform and is not recommended to use in a production application. Dolby will deprecate this API in the near future.
In order to protect the appSecret, the best practice is to build and maintain an authentication server, which has access to your appSecret, and can act as a proxy to retrieve an access token from the Interactivity API platform and return the token to the client application. The client application can use the initializeToken method to authenticate with the platform. As an Interactivity API customer, it is your responsibility to protect this authentication server from unauthorized access.
The access token has a default validity period; it can be customized to a shorter duration to further improve the security of the access token. For more information, refer to the latest Authentication API.
Currently there are a number of server side APIs such as conference control and streaming that still use Basic authentication. These APIs will evolve in the near future to token authentication similar to the Monitor API. The server side token authentication, currently supported by the Monitor API, also supports expiration customization to shorten the validity period of the access token.
The Dolby Interactivity API platform employs standard real-time media (audio, video, and screen-share) encryption technology from WebRTC. It uses AES-128 to encrypt media, and HMAC-SHA1 to verify data integrity. The media is transported over Secure Real-Time Protocol (SRTP) and the encryption keys are exchanged using the Datagram Transport Layer Security (DTLS) protocol.
The Interactivity API platform will temporarily decrypt the media when received from a client, and then immediately re-encrypt before sending to other clients in the conference. This short decryption/re-encryption process is necessary for managing the conference media routing, and also for supporting features such as recording and streaming. Your media is never transported over the Internet unencrypted.
Currently, the Interactivity API platform does not support end-to-end encryption.
All signaling communications, including both internal and external REST API calls and WebSocket connections from the client to the Interactivity APIs platform, are encrypted using the Transport Layer Security (TLS) protocol.
Certain mobile device platforms, such as Android 4 or iOS6, use proven insecure transport protocols such as TLS 1.0 and TLS 1.1. Dolby plans to discontinue the support for these TLS protocol versions in the near future. This means that customers using devices running older platforms will no longer be able to connect to the Interactivity APIs platform.
If your application uses the Interactivity API platform's recording functionality, your conference recording is saved on AWS S3 encrypted at rest.
To retrieve your conference recordings, you can either rely on the webhook notification, or use the Monitor API. In the case of the Monitor API, a short lived-signed URL is provided for you to retrieve the recording. Dolby recommends that you download and remove the recording from the Interactivity API immediately after it is generated.