Introduction to Security in Nabto WebRTC

WebRTC provides strong, built-in security that automatically handles encryption, key exchange and integrity protection for media and data streams. Nabto’s WebRTC platform works alongside this by managing signaling security and device authentication, ensuring that the secure connection process is fully supported from signaling through media transport.

As a result, most critical security functions are performed by the WebRTC protocol or the Nabto platform itself and not by the application. This section explains how these components work together, clarifies the limited security responsibilities of the application and outlines the mechanisms that ensure secure and authenticated connections by default.

Nabto WebRTC Signaling builds on the baseline security provided by standard WebRTC and standard TLS-protected connections to the Nabto WebRTC Signaling Service. Over these secure connections, Nabto WebRTC Signaling implements authentication of both peers and enforces authorization of clients attempting to connect to devices (cameras).

Cameras are authenticated towards the Nabto WebRTC Signaling Service using a public/private key scheme.

Two methods are available for authorization of clients towards cameras: Shared Secret Authentication and Centralized Authorization.

The terms authentication and authorization are used deliberately and differently in this documentation: In shared secret authentication, proving identity and gaining access are one and the same; if a client knows the secret, it is both authenticated and authorized. In the centralized model, the client’s identity is first authenticated, but access to a specific device must be granted separately through an explicit authorization step.